Most of the media attention paid to the Investigatory Powers Bill, otherwise known as the Snooper’s Charter, has focused on whether the government should be able to have access to our personal data.
This is an important debate, but I think most of us already assumed that the government was able to read everything we do online. If GCHQ isn’t doing it, the NSA almost certainly is. We may not like it, but we have just accepted it as a reality of modern life.The Tory mantra of “if you have nothing to hide, you have nothing to fear”, has hit home with a lot of people, even if it is borrowed from Joseph Goebbels.
But does this mean that the snoopers charter is logical and rational step to protect Britain’s national security? Far from it. In fact, there are many real tangible risks of the government’s plan that are currently going underreported.
The main reason to fear the government’s plans is that they make all of us far more vulnerable to hacking.
The government’s plans would require tech firms to store customer data for a year.
This information includes what sites you’ve visited, where you were when you visited them, who you’ve called, who you’ve been called by and what social media you have used.
Although, as a general rule, the content of these exchanges will not be recorded, this can be accessed by police and security services. However, they will need an intercept warrant for this and the information is not admissible in court.
The danger here comes from how vulnerable this makes deeply personal information. You may not care about the government knowing what you’re up to online, but I wager you’d be a lot more averse to the entire world knowing what you’re up to.
This may sound like paranoia scaremongering, but tech firms are already struggling to protect customer data from hackers.
In October, a fifteen-year-old in Ireland managed to hack into Talk Talk and access the personal data of 157,000 customers. Customer data, including around 16,000 account numbers and sort codes, was available online for as little as £19.
This is by no means an isolated case.
In August, Ashley Madison was hacked and the personal information, including home addresses, real names, search history and credit card transactions, of 33 million users were released online, leading to at least two suicides and numerous divorces.
In 2014, Sony pictures was hacked and thousands of the company’s in house emails were leaked to the public, causing immense embarrassment to the company.
The government’s bill would require these already vulnerable companies to store huge quantities of user data for up to a year. A store of data like this will be catnip to a hacker and it is simply inevitable that the data would be accessed.
The bill would also potentially weaken the security of widely used communication services.
Theresa May has announced that she will not ban the encryption that enables services like Whatsapp and iMessage to function. However, she has also said that these firms will have to provide loopholes that allow security forces to more easily access metadata.
This will inevitably weaken security and increase vulnerability to hackers.
The Bill is limited in that it can only demand the data of firms based within Europe. This means that services like Google and Facebook will not really be affected by the law.
This will either harm British technology firms, or British technology firms will base themselves in countries that don’t require the costly expense of storing customer data for 12 months.
Either way, cutting out the overwhelming majority of digital communication services from the bill makes you wonder why it is being implemented in the first place.
Something the Tories are casually glossing over is just how expensive this bill will be to implement.
It will be very expensive for tech firms to store all this data. Not only will it take a lot of programming hours to organise, it will require immense hard drive space to store and process all this information.
There are two likely outcomes: firms will have to pay for this themselves, leading to some small tech firms being priced out of the market, or the government will compensate firms for the expense. Both of these options will be costly to the tax payer.
It’s an overreaction
The logic of this bill seems to be: let’s sacrifice our civil liberties before the terrorists can take them away from us.
This resonates with the Patriot Act introduced in the US in the wake of 9/11. However, Britain has not just seen a catastrophic terrorist attack. In fact, the odds of being killed by a terrorist are so low that you are more likely to be killed by almost anything else.
If Theresa May really wants to take extreme measures to save British lives, maybe she should focus on combating pollution. Afterall, British deaths to terrorism pale in comparison to the 30,000 preventable deaths that are caused each year by pollution in the UK.
Even if this weren’t the case and there was a real genuine major terrorist threat to the UK, bulk data collection has been shown to have no real impact on public safety.
In the US, the NSA has far more invasive powers than would be awarded to GCHQ with this bill, yet President Obama’s intelligence review commission said this bulk collection of data provided no noticeable increase in public safety.
It’s not all bad
Whatever side of the argument you’re on, it’s undeniable that digital surveillance legislation needs updating.
Currently, authorities are bound by the Regulation of Investigatory Powers Act (or RIPA). This bill was passed in 2000, years before Facebook, YouTube and Twitter were even born.
This has allowed authorities to very loosely interpret the act, as communication at the time RIPA was written bares almost no relation to modern digital communication and social media.
The introduction of judicial oversight, as proposed in the Investigatory Powers Bill, is demonstrably a good thing, but it only applies to the most extreme invasions of digital privacy – it takes the surveillance of your day to day online activity as a given.
This bill is at it’s early stages and will inevitably evolve over time, but it’s blatant security flaws mean that it is a danger to British security, rather than our saviour.