Take back control of your personal data
11th Aug 2012 | 09:00
The government wants your data. Don't surrender it.
Take back control of your personal data
Despite the recent revolution in social networking, at heart we're still a very private nation. We enjoy the legal right not to have the government poke its nose into our lives without the say so of a judge, and certainly not without good reason.
From 2015, however, the UK government plans to listen in on all our online lives. That's the shock news coming from Whitehall as the coalition publishes plans to allow the security services to monitor details of our private electronic communications, and to mine the resulting mass of data for hidden connections that will apparently help them identify "criminals and terrorists".
This intelligence will be passed onto the UK's shadowy intelligence agencies, the police and a list of other, as yet undisclosed, interested parties.
There are concerns, as you might expect, from pressure groups: "The automatic recording and tracing of everything done online by anyone of almost all our communications and much of our personal lives - just in case it might come in useful to the authorities later - is beyond the dreams of any past totalitarian regime, and beyond the current capabilities of even the most oppressive states," says Guy Herbert of NO2ID.
His is not a lone voice; opposition from industry and even within the government is growing. Are we right to oppose the government's plans? To find out, we investigated why such a move is apparently needed, how terrorists currently communicate and how the security services plan to harvest and use our data in this exclusive report.
By the time of the last General Election in 2010, New Labour was trying to force us to all buy costly ID cards. It had also temporarily shelved a more controversial plan to monitor all our electronic communications after vocal opposition from pressure groups, as well as the Tories and Liberal Democrats.
It seemed for a while that the coalition government that emerged after New Labour's subsequent defeat were firmly on the side of privacy. Page 11 of the Coalition Agreement of May 2010 contains a statement pledging to "end the storage of internet and email records without good reason." A week later, deputy Prime Minister Nick Clegg said in a speech that, "We won't hold your internet and email records when there is just no reason to do so."
Apparently as good as their word, one of the first acts of the new government was to scrap ID cards, but according to the Open Rights Group, the same government was also drawing up plans to resurrect Labour's monitoring scheme.
As far back as July 2010, just two months after the coalition agreement and Mr Clegg's speech, the first inkling of the plan surfaced in an obscure Home Office discussion document (The PDF can be viewed here.). Not only that, but buried away in the government's Strategic Defence and Security Review of October 2010 is this statement: "We will introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain communication data and to intercept communications within the appropriate legal framework."
This is the Communications Capabilities Development Programme (CCDP), and it expands upon the previous Labour government's plans to implement mass digital surveillance. Despite this, David Cameron still apparently denied claims of a snooping database during Prime Minister's Questions on 27 October 2010: "We are not considering a central Government database to store all communications information," he said, "and we shall be working with the Information Commissioner's Office on anything we do in that area."
Security Minister, James Brokenshire also went on record to calm fears: "We absolutely get the need for appropriate safeguards," he said, "and for appropriate protections to be put in place around any changes that might come forward." He went further: "What this is not is the previous government's plan of creating some sort of great big 'Big Brother' database. That is precisely not what this is looking at."
In April this year, Nick Clegg was still claiming total opposition, and said so in a TV interview. "I am totally opposed, totally opposed, to the idea of governments reading people's emails at will or creating a totally new central government database," he insisted. "The point is we're not doing any of that and I wouldn't allow us to do any of that. I am totally opposed as a Liberal Democrat and as someone who believes in people's privacy and civil liberties."
However, none of these assurances tell the true story of the government's plans for us all.
Hints of what lie in store for us come from figures openly opposed to the programme within the coalition itself. "Every email to your friends; every phone call to your wife; every status update your child puts online. The Government want to monitor the lot, by forcing internet firms to hand over the details to bureaucrats on request," says David Davis, Conservative MP for Haltemprice and Howden and former Foreign Office minister.
The central argument for CCDP, of course, is that to carry on detecting serious threats to the nation, GCHQ now needs to harvest data about private electronic communications on a massive scale. The listeners in Cheltenham will sift the 'who, what and where' of every electronic communication and pass the distilled intelligence on to interested parties within the mesh of UK security agencies for analysis of the underlying threats.
The data to be distilled will include pretty much everything that doesn't need an explicit warrant to be read, including the websites we visit and our search histories. Not only that, but social networking sites, such as Facebook, LinkedIn and Twitter could also be ordered to provide information about their users.
It's not difficult to work out what information GCHQ will be able to extract from such a detailed view of us all, but the implications and capacity for miscarriages of justice are potentially immense if proper common sense isn't also applied, according to David Davis: "Of course governments should use the best tools at their disposal to tackle terrorism," he concedes.
"But we can do this under the current system. If they want to see all this information, they should be willing to put their case before a judge or magistrate. This will force them to focus on the real terrorists rather than turning Britain into a nation of suspects."
The whole idea of CCPD is "clueless", according to Ross Anderson. He's the Professor of Security Engineering at the University of Cambridge's Computer Laboratory. Anderson was speaking in April this year at the Scrambling for Safety 2012 conference held at the London School of Economics.
He was by no means the only critic of the government's plans. Sir Chris Fox, ex-head of the Association of Chief Police Officers, also spoke at the conference, claiming that CCDP "won't catch top-level criminals and terrorists." Anyone that is smart enough to form an organised crime ring or terrorist cell will simply find other more covert methods of communicating, he said.
Respected security researchers have also criticised CCDP for the apparent ease with which net-savvy terrorists could circumvent it. "If national governments and law enforcement organisations truly believe that online criminals and international terrorists don't know how to hide their online traces, then we have a bigger problem than we thought - sending an encrypted email with spoofed sender address from an Internet café is only lesson one."
So says Rik Ferguson, of Trend Micro. Current EU legislation means that your mobile phone network already collects extensive data about your calls and texts (though not their content). This data is stored for between six months and two years in case the police or security forces need it to support a conviction.
In future, this will form part of the mass of data processed by CCDP. However, it's the detail with which the security services will be able to snoop on us that comes as the biggest shock.
On the other hand, ISPs are not happy about the government's mass monitoring plans. Many ISPs only collect basic statistics about network and use it to help them plan ahead and cope with times of peak demand. Where individual users abuse their broadband service, ISPs can identify and throttle back their traffic and even terminate their connection as per their end user agreements.
For ISPs, it appears that CCDP is an unwelcome addition to their networks, because it will mean large amounts of work to implement and maintain. "What we do know," says Gus Hosein of Privacy International, "is that there have been secret briefings to MPs designed to scare them into compliance, and secret briefings to industry that were originally designed to calm their fears but in fact have only served to increase their outrage."
To understand how difficult it is to spot terrorists in a sea of 60 million people all enthusiastically chattering in cyberspace, it's necessary to understand something of how terrorists currently use the internet to communicate.
Jihadi73 killed you
Terrorists and serious, organised criminals use a variety of communications methods designed to avoid capture. However, the most dangerous terrorists of the type trained in Al-Qaeda-sponsored camps know that the authorities can already follow and otherwise monitor them under existing laws.
To continue to plot their evil deeds, they must find increasingly novel ways of passing information between each other. Massively multiplayer online role-playing (MMORPGs) and First person shooter (FPS) videogames offer unique opportunities for covert communications. Members of a conspiracy can easily purchase any number of videogames and meet up in a randomly chosen game to chat privately.
Security analysts at The Rand Corporation have also noted a disturbing development: Multiplayer videogames themselves can be a recruiting ground for extremists. The team combat nature of many such games and the popularity of player guilds in MMORPGs and clans or squads in FPS games naturally leads to close bonds forming between strangers. Simple games can lead to sharing of ideology and face-to-face meetings with willing players, it seems.
In a report (pages 13 to 15) the Rand boffins also claim that the open nature of games like Call of Duty make them potentially easy for the security services to monitor. The publishers of such videogames are also subject to current security legislation.
Another potential technique for communication is the 'dead letter box'. In many spy films, agents use these as a safe place to physically drop off and pick up secret messages. In the age of the internet, however, this technique has moved into cyberspace. Instead of sending incriminating emails, criminals can simply share login credentials for a single web mail account.
Person A logs into the account, writes a message for person B and saves it to the drafts folder. Person B then logs in, reads the message, leaves his reply and deletes the original message. Person A can then log in and read the reply. No mail is sent, so no headers are captured by CCDP.
The disadvantage is that if the security services are already monitoring the account, they can read the communication flowing between the two suspects, even if this doesn't reveal any extra email addresses to monitor.
In some of the most deprived areas of the UK during the mid 1990s, mobile phone shops began to thrive. This was despite handsets and calling charges still being prohibitively high for most people. It turns out that drug dealers were buying phones and using them to stay in touch with clients and upstream suppliers. If the police became aware of the existence of individual phones, they could simply be destroyed or 'burned'.
Because of how deeply mobile phone shops sometimes check personal details when registering a new handset, burners are still used. When glamorous Russian spy Anna Chapman realised that she had been unmasked in the US in 2010, she immediately bought a new phone under an assumed name, reportedly registering it to an address in "Fake Street".
Using a real identity when buying a burner can be as simple as rifling through your bins for utility bills and other forms of ID. This highlights the need to shred everything that can identify you before throwing it away.
Ultimately, avoiding modern communication techniques is the only safe way of staying out of the government's digital net. Talking face-to-face, passing messages through an intermediary and other techniques are called field craft. Public places, random bars, loud clubs and public gatherings are all used by criminals keen to avoid capture, but being public, these can also be infiltrated by the security services in the pursuit of evidence.
The security services can also obtain extensive warrants to bug buildings, and they even employ lip readers to analyse and transcribe footage of covert conversations.
There are also techniques that people have used for decades to hide messages in plain sight, such as steganography. Someone might hide a secret message in a JPG file by very subtly manipulating the values of individual pixels spread in a regular pattern throughout the file. To the casual observer, changes to the image are undetectable, but the right software, such as QuickStego, can store and retrieve the original message.
In its 2007 report (page 31), the Rand Corporation said that subversives currently do not tend to use steganography much, but that it would be prudent to monitor the technology in the face of growing threats. As this was a public report, it's equally prudent to also assume that the security services now actively check for messages encoded in image files.
So, things are getting tighter for terrorists, but ingenuity knows no bounds. The widespread use of software that recognises faces in crowds is troublesome for targets trying to remain undetected in built-up areas, but adopting outlandish makeup and haircuts could be one way to fool it.
For his Masters thesis in the Interactive Telecommunications Programme at New York University, Adam Harvey has developed a technique to camouflage people from Big Brother. Called CV Dazzle, the technique is similar to the bold asymmetrical camouflage found on battleships during World War II, designed to break up lines and confuse the enemy.
Sunglasses, moustaches and beards are easily taken into account in facial recognition, as are hats and hoodies. The software identifies faces from their symmetrical features (two eyes, nose, mouth placement, and so on in the usual configuration). Harvey's idea is to break up these recognisable features.
To do so, he experimented with asymmetrical fringes that flop into the eyes and bold streaks of black and white makeup across the cheeks. Provided the streaks are of different designs, it seem that the artificial intelligence becomes confused and fails to map out the face's features properly.
Harvey's CV Dazzle website gives plenty of examples, only leaving the problem of standing out in a crowd to any casual human observer. Unless, of course, it becomes a fashion statement of a new web-savvy generation keen to avoid detection by the authorities.
Keeping Governments transparent
So, the security services are already wise to the techniques of the terrorist, and the government says it only wants CCDP to target those with real evil intent. Politicians are also fond of saying that if you have nothing to hide, you have nothing to fear, but balanced against this increasingly empty platitude is the growing realisation that there are aspects to our online lives that can be either accidentally or deliberately misinterpreted.
Perhaps, for example, a long-term drinking buddy also spends his evenings writing a blog calling for the overthrow of the state. Is he just another armchair anarchist, or someone genuinely trying to bring about bloody insurrection?
Does your friendship mean that you too share his sympathies? Your surfing history reveals that you regularly read his blog, but what it doesn't reveal is your attitude to the content. Are you part of a subversive cell that regularly meets, or do you both simply share a taste for real ale, and enjoy chewing over why he's wrong?
Supposing you and a few friends hit upon an amazing idea for a product. You obviously need to keep it absolutely secret and vet all communications between each other until you can patent it, get financial backing and make your millions. You know that freelance hackers routinely sell industrial intelligence to the highest bidder, so you use the same secure communication techniques used by terrorists - and monitored by GCHQ. Could your need for secrecy turn you into government targets?
Just to see what all the fuss is about, you surf to inflammatory Islamic websites that advocate jihad against the West. Maybe you're writing an action novel and need an accurate description of such sites for authenticity. Does your surfing record mark you down as an al-Qaeda sympathiser?
Supposing your research also leads you to websites that show you how to improvise crude but effective bombs. Does simply knowing something constitute the intent to commit a crime?
Supposing you travel to the US for a holiday. On arrival, you discover you're on a watch list thanks to intelligence distilled from CCDP intercepts and shared by the UK. You're whisked away and interrogated by Homeland Security about relationships and activities, while your spouse and children fret for hours outside.
What if you decide to overtly show your opposition to the government's snooping laws by deliberately inserting key phrases into unencrypted emails sent between a mesh of email accounts. What then? Can your misguided attempts at protest end in you being required to prove yourself to a stony faced official trained to disbelieve you - possibly in a foreign country where human rights take a backseat in the war on terror?
To find out, we spoke exclusively to an ex-member of one of the UK's security agencies. Hearing the listener Tony (not his real name) worked for a UK intelligence service for ten years. During that time, he spent time debriefing military and NGO personnel about their time abroad in various hotspots and used intelligence coming from GCHQ.
"The CCDP is in many ways a reaction to the problems that we, and undoubtedly any of our sister agencies had," he told PC Plus. "Cheltenham are fantastic at what they do, collecting intelligence, but it's not their job to analyse it."
But is mass surveillance - basically an ongoing fishing expedition - really the best way of going about things?
"There's a growing shift in attitude on how we collect data for intelligence purposes," says Tony. "Historically we've always collected data with a target-driven approach but that is now seen as being redundant." According to Tony, the real problem is the growing mountain of data that has to be sifted for it to become usable intelligence.
"Channels of electronic communication are increasing at an almost exponential rate. There's a fear that without a 'wholesale capture' policy, something's going to be missed. I don't think anyone is trying to argue that the current quality of data is insufficient, rather that the net (excuse the pun) isn't wide enough."
Tony also advises against deliberately trying to be mistaken for a terrorist as a protest against the government's plans. Dropping deliberately provocative phrases into email and text messages or deliberately making repeated contact with jihadist websites and looking up bomb making instructions may get you pulled in for questioning, even if just to make you realise that it's not big and certainly not clever to waste valuable resources.
"Data forensics always have been and always will be an invaluable, if sometimes inarticulate, tool in the creation of intelligence," says Tony. "Certainly an individual's patterns of communication may come up for scrutiny should it be highlighted as a need to do so, but that's all. I think it's a long shot to say that if you communicate like a known terrorist then you'll be considered one. What we're looking at here is raw data; that data is going to be looked at in these cases, investigated, and a decision will then be made."
So, act naturally and the unblinking eye of Big Brother will pass you by unnoticed, it seems. Your casual acquaintances are not interesting, and the security services won't necessarily read anything into them, it seems.
But what about the issue of the security services sharing all their gathered intelligence with other foreign powers? "Historically we don't share 'raw data' - there's legislation to prevent that," insists Tony. "The intelligence that is created from it, however, is highly likely to be shared within the same circumstances as current intelligence is. I don't imagine there's going to be a distinction within any of the intelligence services that certain intelligence was created using CCDP gathered data or not."
So, why not just target social media instead of vacuuming up everything we do online? "While we are successful in our current operations, the growth of networked communications means that it's becoming increasingly difficult," Tony argues.
"Today's major changes may well just be Facebook and Twitter, but targeting social media platforms doesn't legislate for tomorrow's [changes in technology]. This really is intended as a 'Grab everything we can and work out what to do with it later' process. The biggest risk is that the data, and supporting (but possibly irrelevant) data is included with that intelligence and shared."
Eyes on your data
It's important to understand that if anyone currently wants to read beyond the headers of email or SMS messages, or to listen into phone calls, they require a warrant issued under the Regulation of Investigative Powers Act (RIPA), which was set up to strengthen terror laws and to ensure that snooping powers are not abused.
Because of the need for secrecy, total figures for the number of access requests are impossible to pin down, but Google's Transparency Report sheds some light on the situation. This details the total number of requests the search giant receives worldwide, including the numbers of users or accounts specified in the warrants and the number of requests complied with.
The latest figures are for the period January to June 2011. Not surprisingly, the US led the field with 5,950 requests for the content of emails sent and received by 11,057 individuals. Google complied with 93 per cent of these requests (a total of 10,293) either in part or in full.
The UK made 1,279 requests during the same period covering 1,444 individuals. Google complied with just 63 per cent of these (805 requests). The frequency of requests for access under RIPA and the range of groups with the authority to make them come as a shock to most people.
In 2008, the head of the Local Government Association, Sir Tony Milton had to tell local councils to reign in their investigators, who were using legislation to investigate cases of dog fouling and littering.
So, who will have access to the CCDP intelligence pouring out of GCHQ? The list of bodies that can request information through RIPA stretches from the Charities Commission to the General Pharmaceutical Council, which regulates dispensing chemists.
What worries opponents of CCDP is a potential scramble to register for access as there was under RIPA. "The new law does not focus on terrorists or criminals," says David Davis MP. "It would instead allow civil servants to monitor every innocent, ordinary person in Britain, and all without a warrant. This would be a massive, unnecessary extension of the State's power."
"All we're doing," insists Nick Clegg, "is updating the rules which currently apply to mobile telephone calls to allow the police and the security services to go after terrorists and serious criminals, and updating that to apply to new technology like Skype for instance, which is increasingly being used by people who want to make those calls and send those emails."
From this, we can see that the police will also be recipients of GCHQ's intelligence and that Skype will be monitored despite using secure 256-bit AES encryption end to end. Real-time access to conversations will still require a RIPA warrant, though how anyone will decrypt it without the correct keys remains a mystery.
We asked Tony whether it's possible that other bodies might also be given access to the intelligence extracted under CCDP. "The truth of the matter is that it's a certain possibility," he told us. "The legislation that is created to embody CCDP is going to need careful scrutiny and I would hope to see something a little tighter than [current legislation]."
According to Dr Todd Landman, Professor of Government and director of the Institute for Democracy and Conflict Resolution at the University of Essex, CCDP marks a continuation in the global scramble for data about private individuals. "There are huge implications to the government's proposals," he insists. "In the war on terror, governments around the world have sought to enhance their power to intercept, collect and use private information."
Professor Landman worries about the level of supervision under which those with access to CCDP intelligence will work. "The claim is that the government merely wants to collect information on senders, receivers, date, time and so on, from which they will then build a case for a judge to issue a warrant that then allows access to full content of correspondence. The key question is the degree of judicial - or parliamentary - oversight that is built into the system to prevent the unaccountable use of the new power."
There's also the issue of intelligence being shared across international borders. "The problem is that international law tends to be about the relationship between a state and its citizens, but [the law] is not clear about sharing data between states," warns Professor Landman. "There are also EU directives about data protection that will be undermined by this new proposal."
"The whole plan needs parliamentary oversight," concludes Landman. "Regular reports from intelligence agencies on the use of the power and a special committee to oversee its use. That solution is paramount and it is up to the Lib Dems and Labour to do it, although Labour would have passed the same stuff."
Criticism of CCDP also extends to the technological challenges of simply processing so much information about a population of over 60 million people. Is it true that every telecommunications company and ISP will be forced to install some kind of 'black box' on its backbone to perform deep packet inspection? And how will the mass of gathered data be kept secure from hackers while being accessible by GCHQ.
"As far as my understanding has it," says Tony, "under CCDP there would be no 'black boxes' - the data gets sent to Cheltenham almost immediately, or at least routinely. The EU Data Retention Directive is currently worming itself into our legislation and requires that ISPs keep records for however long it is. There's no word as yet as far as I'm aware that CCDP would require them to keep it also after having passed it on."
Home Secretary Teresa May also seems to confirm that there will be no centralised database. Writing in The Sun recently, she said: "There are no plans for any big Government database. No one is going to be looking through ordinary people's emails or Facebook posts. Only suspected terrorists, paedophiles or serious criminals will be investigated."
So, reading between the lines, it seems that there will be a process of temporarily gathering data and sending it to GCHQ, who will extract intelligence in real time before deleting the data to make room for new stuff. If there's no storage involved, the politicians aren't lying when they claim that they're not building a database about us.
The UK's security agencies undoubtedly face a tough job keeping us safe from future terrorist atrocities. How this situation came about is debatable, but what's clear is that we're at a point where difficult decisions need to be made about the balance between privacy and public safety.
The problem is, without clear information about what it is the security services are trying to do, and because slippery politicians are involved in pushing through legislation, public cynicism is high. Perhaps most worrying aspect the government's proposals is that we still don't know exactly who will have access to CCDP intelligence, and to what uses those bodies will try to put it. If RIPA shows us anything, it's that people will keep pushing the envelope of acceptable use until a scandal breaks.
Then there's the Data Protection Act, which says that personal data can only be used for the purpose for which it was collected, and that it must be deleted when that use comes to an end. But do current data retention laws also cover intelligence derived from the original data?
Balanced against these questions is the fact that a tiny fraction of our fellow countrymen actively want to commit murder on as large a scale as possible. Identifying them in a sea of 60 million people is something that will soon affect us all. How much it affects us, however, is something we still have a chance to shape.