Theresa May has suggested she may reignite plans for a ‘snoopers’ charter’, in order to provide intelligence services with greater surveillance powers. She has called for new powers in order to respond to the terror threat from British jihadists returning from the Middle East. In September 2012, Nick Cohen explained in The Spectator why a communications data bill would be a dangerous thing:
Ever since the millennium, I have wondered how long the utopian faith in the emancipatory potential of the web will last. Of course, we know the new technologies give the citizen new powers to communicate and connect. We hear this praised so loudly and so often, how could we not know? But what benefits the individual also benefits the powerful, and gives states and corporations surveillance powers the secret police forces of the 20th century could only dream of.
If you doubt me, consider how today’s scandals are technologically enabled. The Telegraph’s publication of MPs’ expenses would have been impossible 30 years ago. The source would have had to photocopy hundreds of thousands of pieces of paper. Even if he could do it without his colleagues noticing, he would need a truck to move them past security guards. Now he can just put them on a memory stick and walk out of the office. The Leveson inquiry released embarrassingly intimate text messages between Rebekah Brooks and David Cameron that both must have assumed were for their eyes only. Meanwhile, the Murdoch newspapers that Brooks once ran have handed the police emails and expense claims that detectives can use in evidence against stunned reporters who never imagined that electronic records of their past could return to destroy their careers.
Moore’s Law holds that the number of transistors on integrated circuits doubles approximately every two years. One day Moore’s Law will run into the laws of physics, and the expansion will stall. Until it does, the costs of storing and retrieving data will remain trivial and what I will call Nelson’s Law will apply. Fraser Nelson, editor of this journal, noticed recently that when politicians want to say something private, they invariably write notes or whisper rather than email or text. ‘The delete button lies,’ the editor concluded. You can throw your mobile in a river, delete your emails or wipe your browsing history but a record of your activity survives. Readers may delight in fiddled expense claims humiliating MPs and forgotten emails allowing the cops to feel the collars of journalists. You are only flesh and blood, after all. But what if the same thing were to happen to you?
In the United States, there is bipartisan political pressure to protect the citizen from the surveillance boom. John Kerry and John McCain have co-sponsored a bill that requires all who collect information on the web to alert their customers and allow them to opt out if they don’t want their privacy infringed. Beyond isolated politicians, campaign groups and academics, there is no comparable level of concern about online privacy in Britain, which is a pity because we need concern now more than ever.
The Communications Data Bill currently before Parliament is extraordinary in several respects. It is extraordinary because the Conservatives and Liberal Democrats successfully opposed introducing a similar measure when Labour was in power. On arrival in office, they stood on their heads and advocated the very surveillance powers they once denounced. It is extraordinary because the coalition can perform its U-turn without significant public protest. But the most extraordinary aspect is the sweeping nature of the bill’s provisions. It would ‘ensure that communications data is available to be obtained from telecommunications operators’. Ever since the coalition published it, appalled telecommunications operators have been trying to work out what that means.
Labour invited the representatives of web companies into Downing Street before it attempted to monitor the internet, a leading industry figure told me in private. Not so the coalition. Instead, witnesses to a parliamentary committee scrutinising the bill are trying to map the future of the surveillance state. No one believes the Home Office story that the bill is merely a tidying up exercise that will allow the security services to respond to technological change. The Home Office wants every type of electronic communication stored and available for inspection. The bill is not a tweak to the existing law but a radical expansion of state power. As Malcolm Hutty, from the London Internet Exchange, told Parliament, the bill is ‘not merely changing the volume of data that is collected but also the nature and character of that data’.
The government attempts to reassure its critics by saying it just wants access to records of everyone’s data — lists of searches and of who emailed whom — not the content. But the distinction between the two has collapsed. In the last decade, campaigners for web privacy argued that if snoopers saw that a woman’s web browsing history included ‘google.com/search?q=pregnancy+test,’ they would learn a great deal about her. Data about the search was as good as content. The same applied to searches for political websites.
But in the 2010s these arguments have an almost antique feel, as online usage explodes. Ross Anderson, professor of security engineering at Cambridge University, tries to explain the irrelevance of old distinctions by imaging a tech-savvy consumer walking by a shop. The shop has a QR code offering 10 per cent off. ‘You scan the QR code with your mobile. You have gone to that website. As you walk around the street and interact with reality, your traffic data, your communications data, is not just a history of your location, through your cell site location history, it is also a history of your attention.’ Anderson says the Home Office’s technical papers suggest to him that it wants automatic access to every ‘service we use to communicate’. That means not just internet service providers, but Google and Facebook too. ‘If you get up in the morning and check your Facebook account from home and then on the Tube from your phone and then at work from your desktop, it is an awful lot easier to follow you through Facebook systems than it is to follow you through the systems of several different content service providers,’ he warns.
The scale of the government’s ambitions is evident in the amount of money it is prepared to spend on blanket surveillance. The Home Office estimates that the retention of information on everyone will cost at least £1.8 billion over the next decade — the Financial Times believes the true figure will be closer to £2.5 billion. Ryan Gallagher, a London-based technology correspondent, put the British state’s expenditure in a sobering context. Assad’s Syria spent $17.9 million on technology that gave it the ‘power to intercept, scan and catalogue virtually every email that flows through the country’. Gaddafi’s Libya spent $25 million. Iran paid $131 million as part of a contract for a mass monitoring system reportedly to ‘locate users, intercept their voice, text messages … emails, chat conversations or web access.’ Even the famed and feared great firewall of China is meant to have cost less than $1 billion.
You can look at the costs another way and note that British Venture Capital Association members invested £37 million in the internet industry last year. The association does not represent all investors by any means, but that statistic remains a telling one. The coalition is prepared to spend more — vastly more — on snooping on the web than on building technology firms that might help secure our economic future.
In private, tech executives say they are worried about Britain setting a lead which authoritarian states will follow. The Home Office wants to operate without borders. It will engage in the blanket monitoring of traffic to every country in the world. Why shouldn’t other countries follow suit? In public, Jimmy Wales, the co-founder of Wikipedia, told Parliament that if the bill became law, ‘we would immediately move to a default of encrypting all the connections to the UK so that the local ISP would be able to see only that you are speaking to Wikipedia and not what you are reading.’ His threat ought to cause a pained reappraisal. Britain — not Iran or China or Russia — may force Wikipedia to bring security precautions to protect us from our over-mighty state.
Any intelligent criminal would respond to the new police powers by opening free untraceable email accounts with a foreign company and encrypting his correspondence. What is the government going to do then? Engage in mass hacking?
The state has all kinds of arguments in its defence. The best was put by Sadie Creese, professor of cyber-security at Oxford University. The fears of the government’s critics, she implied, were almost paranoid. She had met many of the spies at GCHQ and found them to be decent people who only wanted to catch and stop criminals. ‘I have been impressed by their level of professionalism and the way in which they go about their job,’ she told Parliament. ‘I have no criticism to make whatsoever. Speaking personally, I trust not just in that organisation but in the United Kingdom and the way in which we go about governing ourselves.’
I am sure that is all true, but Professor Creese failed to ask herself why on the whole we can trust those who work for GCHQ and have confidence in ‘the way in which we go about governing ourselves’. The counter-intuitive answer is that for centuries, the British have treated politicians and bureaucrats who wish to expand the police powers of state with intense suspicion. Since the 18th century, we have compared our governments to the rulers of absolutist France, militarist Prussia, Nazi Germany and Communist Russia. The comparisons have invariably been wild and, indeed, paranoid. But suspicion kept the state in line.
As the price of liberty is perpetual hyperbole, let me end with the mandatory Orwell reference. Every reader of Nineteen Eighty-Four remembers the ‘telescreens’ the party installed, which had the potential to watch every movement and record every sound. Early in the novel, Winston Smith half-heartedly attempts the mandatory morning exercises. He assumes that no one is watching him, and allows his mind to wander, when: ‘“Smith!” screamed the shrewish voice from the telescreen. “6079 Smith W.! Yes, YOU! Bend lower, please! You can do better than that. You’re not trying. Lower, please! THAT’S better, comrade. Now stand at ease, the whole squad, and watch me.”’
Orwell did not understand that televisions would not be able to spy on the citizen. Computers and mobile phones can. They supply evidence it would have taken teams of Stasi officers to collect. New technologies ought to bring new protections. Yet the British government is offering no new safeguards to ensure that its mass collection of data does not infringe on the rights of the citizen. It is not proposing to grant additional powers of parliamentary or judicial oversight; or saying that any public servant who misuses information will face horrendous punishment. It has no answer to those who warn that the more confidential information the state collects, the more likely it is to leak. Its response to its critics is casual, almost contemptuous. In these circumstances, Parliament ought to press the delete button and hope that just for once Nelson’s Law does not apply and the erasure is final.
This article first appeared in the print edition of The Spectator magazine, dated 15 September 2012