Guest Post by Ben Ridley: Britain does look weak from abroad….on internet freedoms, not Syria

Did you know the collective term for a group of spies is a treachery?

Well, imagine if every day an almighty treachery of spooks left GCHQ to wander about your bank, your post office, your job – basically anywhere you might have private data stored or communicated through. Imagine that these spooks could – without a warrant or indeed any suspicions about you personally – rifle through your personal data and communications. Imagine they were doing this merely on the off-chance that they might, maybe, if they keep at it, find something sufficiently incriminating.  Imagine that they did this to the tune of 10, 800, 000, 000, 000* documents, each and every day. 

Would we consider this army of snoopers a proportionate response to supposed threats to our nation? Would we consider it an appropriate allocation of resources? Would we accept the alleged security it supposedly provides as a fair trade-off for the intrusion?

One might think that such a thing would ruffle a few feathers, no? Inspire a few questions in parliament? A few principled resignations? Public outrage? Because this is happening – in the form of Tempora in the UK – it’s just that it’s not flesh-and-blood spooks doing the searching but rather clandestine hardware and software (See here and here for an overview). I’m hoping the fact that the latter are less tangible, more ephemeral, explains why Edward Snowden’s revelations haven’t created more of a storm about Tempora in the UK specifically.

Maybe not - maybe I just don’t get it. Maybe people don’t care? If not, why not? And how much has the pitiful coverage contributed to this lack of reaction? I’m not currently based in the UK and I get my news from home via RSS and podcasts mainly, but I was surprised I wasn’t hearing more about this. Turns out, there was a reason: a D-Notice – an official but not legally binding request to keep quiet - was issued by the MoD in relation to reports about Tempora and PRISM. Even if you think Tempora and its ilk are okay – and I’ll see if I can convince you otherwise below - surely the act of leaning on outlets to silence debate, and the fact that those outlets appear to have gone along with it, is an equally worrying and separate issue? The BBC, for example, appears to be denying the D-notice’s existence, and argues it has given the story “the appropriate level of coverage”.    

So why should you care?

If you are innocent you have nothing to worry about, apparently. There seems to be two sides to this trope, one technical and the other more concerned with legality and morality. 1) The search techniques use “sophisticated filters” to remove uninteresting content and data, and most UK-UK traffic is removed anyway. Given that much UK-UK traffic will exit and re-enter via the ‘intercepted’ fibre-optics, it’s not clear how such traffic can be reliably differentiated from the general flow. 2) Only the guilty need be fearful. This trope requires that we accept that the terms of the ‘filters’ are set up in a way we would be happy with, and that any oversight in place is effective. Without debate or transparency, can we be sure about this? If the operation at the NSA is any clue, the agency decides what to share with its overseers. And GCHQ is apparently an attractive prospect as a partner in this kind of data gathering precisely because of its “light oversight regime compared with the US”. Even supposing the technology could do what is claimed, and the oversight was well-motivated and effective, are we really happy that any government organ has this power?

People roll their eyes at the “what if it’s abused in the future” argument, but governments and the times do change. Are you sure something like state-sponsored homophobia - as in Russia – couldn’t happen in your country? Even if that’s not a hot-button issue for you, take whatever group or set of beliefs you feel to be contrary to your own political perspective, your own take on what is and isn’t in the interests of your society. Are you certain that none of your data or online activities could become incriminating if their priorities and beliefs had unfettered dominion over the scope of those ‘sophisticated filters’, and had the right to decide what counts as ‘suspicious’?  

But it’s all legal, right? Reassured by the Intelligence and Security Committee’s whitewash? Note that what they concluded was that the law, such as it is, wasn’t broken. They did not rule on the appropriacy of the laws, nor whether they were fit for purpose. Also, who’s to say they have the full picture?  Worth remembering that the pattern of official responses to each new leak has been to argue that, basically, we should be happy the next worst thing isn’t being done to us.  Except, as time goes on it increasingly seems it actually is. NSA doesn’t monitor its own citizen’s data without a warrant? Yes they do. Government backdoors in programs and services we all use are a conspiracy nut’s fever dream? Apparently not. 

Would I prefer terrorist plots succeeded? This argument relies on the idea that the system is at least effective at what it was set up for – stopping terrorists – and that it is better than other methods. That’s certainly the claim of government on both sides of the Atlantic. Given the clandestine nature of the pursued and the pursuers it’s hard to verify this claim one way or another. However, it’s interesting that in the American context two senators who have served on the Senate Select Committee on Intelligence have publically contested the claim that Tempora-style spying has prevented ‘dozens’ of terrorist attacks. You can read about that here, in addition to research suggesting that most attacks have been thwarted due to routine police methods. If this is representative of the UK experience, one might question if the programme is even cost effective: a billion pound budget for results that could been achieved by less blanket methods?   

Okay, it’s bad but the information shouldn’t have been leaked this way. You think a challenge “within the system” would have been better? Thomas Drake, William Benny, J. Kirk Wiebe and Ed Loomis tried that in relation to the Trailblazer project - and were first ignored, then harassed, then prosecuted for their troubles.

But what can we do about it? Well, there are some tech and service choices you could make to reduce your data ‘shadow’ and potentially reduce your exposure to surveillance (see here, here and here). But given the resources of the organisations you’d be trying to thwart, and the cooperation – voluntary or not – of many tech companies’ means that for the average person tech fixes to this can’t be the whole solution. There needs to be parallel political pressure for there to be any movement on this. You could sign the petitions calling for an inquiry, here and here.  You could find, and then write to your MP and MEP. You can even write to GCHQ. You can contact the any of the news media you consume and ask why they haven’t been covering this issue appropriately (for the BBC look here). If you are outside the UK or the US, remember you are likely affected by this too ( such as this, this, this, this, this, this, or this), and it’s in your interests also to be pressuring your own representatives about these issues.

This isn’t about thoughtlessly bashing the countries involved or the intelligence services en masse. It’s not about denying the legitimacy of appropriately warranted and targeted surveillance of targets for which there is a basis for suspicion. It’s intended to spell out the contempt for the public evident in the attempt to avoid and stifle debate. It’s an attempt to argue that programs like  Tempora and the ways they’re being applied are more dangerous to the values of our society than the alleged benefit they deliver to law enforcement or the ‘war on terror’. It’s shocking and infuriating – precisely because of the high regard I have for my nation and its people.

*based on the 21.6 petabytes per day GCHQ potentially has access to via its cable intercepts – as reported here and here – divided by the 2 kilobytes that this and this say is the equivalent of a page of text. By the way, this is related to the information flowing through the fibre optic cables based in the UK. This figure doesn’t take into the account the other ways that recent revelations have suggested you online activities could run afoul of the NSA, GCHQ or other agencies and countries.