Hope springs on communications data?
What are the Home Office to do?
The civil defenders of this great nation are consulting on what to do about protecting the public in the new age of Internet communications. They are deeply concerned about the use of Skype amongst terrorists, seriously organised criminals, and those putting their bins out early.
It's an issue. The good old fashioned PSTN is a nice black box in which records of who called whom sit around waiting for the police to come and find them when needed. Cue long list of criminals caught using this capability; first up Mr.Huntley. The Internet, however, is not a black box, and you're perfectly free to use applications - like Skype - that use encryption and can also hide the call destination. They are cross-border, and a new app can emerge and see wide adoption almost overnight, which is challenging. Just as an aside, methinks the security services doth protest too much about Skype encryption - "Terrorists can use Skype and we promise we cannot listen to it, scouts honour, what a pain it is for us yes deary me *cough* *cough*".
Despite my little quip about the bins at the start of this post, I think the intention behind this desire for new capability is entirely reasonable and legitimate. Here are a few statements I believe to be true:
- Existing record-keeping in the PSTN is very useful in some investigations
- The move to Internet communications will remove that capability by default
- The Police are basically on our side, and that if there is a reasonable and proportionate way for them to extend these powers onto the Internet then they should be considered
However, there are a number of potential problems as well:
- Can the balance be found between usefulness and invasiveness? Communication is embedded in the websites we visit, games we play, apps we use, and may be hard to extract, or hard to extract without great invasion of privacy
- Is it technically feasible to extend monitoring to everything from Facebook to World of Warcraft?
- What effect will this monitoring have on the users and designers of the applications? E.g. will we see increased use of encryption and obfuscation techniques?
- Will this capability end up being used for trivialities; how will the boundaries be set and enforced?
Every problem is an opportunity, but perhaps the questions above will provide some 'insoluble opportunities'. Perhaps not. The important thing at the moment is that the debate needs to be a sensible one, and the Home Office are listening. There will no doubt be efforts made at BCS to produce a response to this consultation. So in light of that, what do you think they need to hear?
Search this blog
Comments (5)
Leave CommentI like to think that the police are basically on our side, but it's that word 'basically' that can be the cause of worry for people... if we cannot guarantee 100% the morals of the people who can access data about us, either now or in the future, then it's quite a risk we're taking if we hand it over. Also, morals aside, can we 100% guarantee the skills of the data analysts tasked with analysing all this information?
Report Comment
I think it's remarkable the rate at which we seem to be 'handing over' our documentary proof for transactions both commercially and inter-personally. By this I mean we are losing our 'hard' evidence for many of life's necessities and opting instead for 'virtual' evidence on many of life's borders; be it banking, civil, commercial, relational... we're in a trend that hasn't found it's limits yet in our quest for paperless society and 'virtual' everything. The trouble is, it leaves many a deciding opportunity down to the mood and the evidence at the time - "there's no paper records anymore" ... and can we trust the electronic records to accurately portray events or what took place in any meeting or transaction? Anyway, perhaps a more broad issue or topic for debate than what this article addresses, but a visible trend nonetheless.
Report Comment
I personally have no issue with communication suppliers keeping records of who accessed what & when, or for our law enforcement to have access to those details. Surely a list of all communication suppliers could be kept and the police granted access to that data when justifiable, by means of a automated link system (it's not science fiction to be able to do this). The issues to overcome are a) the proof of justification, b) security of access to the multitudes of data sources and c) the accuracy of those data sources. ...................... What I do object to is the use of that information to bombard me with unwanted adverts. If I want something, I look for it. The use of any of this information for marketing purposes (I include cold calling on my phone, spam emails, pop up adverts on web pages not linked to that company, etc) should be banded. Similarly I have no issue with the UK Police keeping my DNA records or finger prints as long as they want. Provided the data kept is accurate and secure why should any reasonable minded person worry how long they keep it?
Report Comment
I totally agree with Alex. I have no issue about the data (and DNA) kept, it's how it's safely stored and justifiably used that are my concerns. Humans do not have a fantastic reputation for getting things right and perfect. How many times have we read politicians saying "Lessons have been learnt", "we won't loose another unencrypted laptop"? With regards technical feasible solutions...depends if the techies can keep on increasing the volume of storage solutions and reduce it's physical footprint and access time. There's going to be 99.999999% of everyday white noise amongst nuggets of terrorist activities - is it worth it? Who cares- the cost of storage resides with everyone else! I can't help thinking the information is only going to be useful after the crime has been commited - is MI5 going to sift through a vast amount of data to find a 0.000001% lead to a crime? I think I'm been generous with the percentages as well. It's more a case of "we have Fred in custody, let's see what he's been doing over the internet" and then justifying the need to keep everyones data.
Report Comment
You reference Skype, something that the police have clearly heard of because it is similar to existing technology. However on the other side of the internet -comms fence you have gamer voice-comms. You talk about World of Warcraft, these days few major groups actually converse in game by typing, everyone logs onto a voice comms app, like Ventrilo or teamspeak. The servers for these are supplied independently, and can be set up / created on a home PC, there is no logging of conversations and the servers can be password protected. So the question continues. How can the police effectively monitor internet communications, short answer is that they can't. They can monitor logged traffic, but any 'bad person' (tm) who decides to use the internet for comms can do so in a manner which is un-traceable with a few hours research and at a negligable, or zero cost.
Report Comment
Post a comment