Tag Archives: CCDP


Why Government Surveillance of Internet Communications is Damaging to Society

I was kindly invited to post the script of my recent Pod Delusion segment which appeared on the show on 13/04/12 – here it is.

In the past weeks, you may have seen news about the proposed ‘CCDP’, the Communications Capabilities Development Programme – a scheme through which the Home Office is requesting increased powers of surveillance over people’s online and phone communications. It’s a news story I found myself, almost accidentally, at the heart of.

The case the Home Office makes is that, with the increase in new communication technologies, criminals and terrorists are getting ahead of the security services by being able to communicate online. Our laws currently prevent blanket logging of online communications so, for security services to track down these bad guys, they want new legislation brought in.

So far so good, you might say – no-one wants the bad guys to get away, let’s give the security guys the technology they need.

…but that’s where the problems start, because this isn’t only a debate about technology, this is also a debate about society.

and we’re working with ministers who have difficulties understanding that subtlety – remember the kneejerk reaction of wanting to turn Twitter off during last summer’s riots?

It also brings in one of the favourite topics of listeners to this show – Evidence-based policy making – we know when considering new policy we need to explore the wider issues:

What’s the evidence this solution will solve our problem?
What other solutions are possible?
What other effects will this policy have?
Could we, in attempting to solve one problem, bring about others that are far worse?

Consider phone calls. Without knowing which of the millions of people talking to each other at any one time might be criminals, security services feel they need to log every single call that’s made. There’s no way the people of this great nation are going to let security services record the content of their phone calls as a matter of routine, what they can get hold of is what’s called communications data – that’s the facts of your communication, things like who talked to whom, for how long, where the call was made from.

For many calls these data are already recorded by our telecoms companies, we expect them to do that as part of our billing process, and police can get hold of that data with an appropriate warrant. I should point out that many pay-as-you-go phones don’t get tracked in this way and, as yet, we’ve not seen what the new proposals are for dealing with those.

Now imagine extending the collection of these data for all the different ways we communicate online: Skype calls, email, webmail, social networking, posts on discussion boards, avatars chatting in online games – and you start to see the scale of what might be proposed. And remember, the suggestion is that all this communication data is collected, not after suspicion has been raised about an individual through criminal behaviour, but collected about everyone, all the time.

There are many technical problems with this – not just the sheer scale of processing and data storage that’s involved. A message sent to you via a web-based service gets served to your PC looking just like any other webpage. Internet security advisors and experienced people working within the telecoms companies tell me they cannot identify which pages are messages, or separate the communications data, without having to sample content… and content sampling is completely unacceptable.

But, even if content is not sampled, do we really want our every online interaction logged and stored for government reference? It’s been described as the equivalent of being followed by a deaf private detective – they may not be able to hear what you say, but they know everyone you met with, how long you spoke to them for, where you were when you met them. A personal profile can be built up of you, your issues and your interests, through your online interactions – these same interactions which it is proposed to hold on a database for reference on demand by the authorities.

There are a lot of red herrings in this news story to watch out for – we are promised that information won’t be held in a monolithic central database at GCHQ. That’s true because it will be held in dispersed databases belonging to the telecoms companies – I’m afraid our concerns about incompetent data protection, malicious usage and hacking are increased rather than put to rest by the multiplicity of storage locations.

and whilst the current proposal may promise such data will be held securely and only released with a warrant, how might that evolve under a different government 5 or 10 years down the line? Remember these will be commercial companies holding a detailed profile of you built up through all your social interactions. They have no business need to collect or hold these third-party data, they would be doing so only because instructed by government and it would be an extremely significant overhead to their business processes.

So questions also need to be asked about who pays for this programme if it is implemented… and you can bet, one way or the other, it will be us who, either through our taxes or direct payment to these companies, are paying for our own intimate personal information to be harvested and stored.

And for all the promises of database security, accessible only by warrants, in the past we’ve seen personal details of 7 million families receiving child benefit released through lost copies of data CDs and, more worryingly, the content of police records maliciously altered.

So, to return to our evidence-based policy-making: What other effects could this policy have?

We’re familiar with the “chilling effect” that our libel laws have on debate – this would have a “chilling effect” on communication and web use.

What about the isolated gay teenager who wants to post for support on an internet discussion board – but knows that communication is being logged for government purposes? Someone seeking advice when they feel a complaint has been mishandled by the police – but knows a profile of their interactions is being built up?

Might databases be used for ‘fishing’ purposes, searching for patterns that identify classes of people, even when they are not individually suspected of crimes? – the phrases ‘false positive’ and ‘guilt by association’ rather spring to mind. Muslim friends tell me they already worry about phone logging for these reasons.

If our problem is crime and terrorism, will this solution fix it? Of course not – we may end up catching a few of the more clueless ones, but any serious player will work with encryption which limits tracking, despite the vast quantity of money the Government intends to throw at this technology.

Crime and terrorism are social problems, human problems, not technical ones. Real solutions require us to tackle the root causes in society – lack of social cohesion, poor education, the need for better rehabilitation. In fact, the solution lies in more fearless, more open communication, not in less.

This is a political issue, but it is not a single party one. Julian Huppert has been leading the fight from the Lib Dem benches and I set Lib Dem policy against this programme at our National Conference a few weeks ago. But we’ve also seen members of other parties speaking out against the CCDP proposals too.

If this is something you feel strongly about and if you want to prevent this becoming law, you can raise political awareness. Write to your MP explaining the wider implications of what, to them, may seem a rather confusing technical topic. Sign the online petitions as well, but remember MPs take note of personal letters and especially personal visits, so drop into their surgery to tell them why this is wrong. There are links to further details of the CCDP proposals and of a public conference on the topic on 20th April on the Pod Delusion website.

The Communications Capabilities Development Programme is not about technology, it’s about society. I don’t want us to live in a society where the default assumption is that everyone is under suspicion, where all the communication records of every innocent citizen are kept, just in case they do something wrong.

Help me build a better society – lets stop the CCDP together.

This is Jenny Woods, for the Pod Delusion.