As the government defends plans for wider state access to our email and digital communications, one expert tells Channel 4 News it could dissuade cyber start-up businesses from coming to Britain.
Despite the fact that exact plans have not yet been published – we can expect something more concrete in the Queen’s speech – there has been a backlash against the ideas thought to underpin the proposed legislation which it is believed would allow the government to monitor telephone, web and email conversations as they happen.
What little is known of the potential law seems to indicate a broadening of existing laws. Channel 4 News’ technology producer Geoff White says the proposed ‘communications capability development programme’ (CCDP) appears likely to include the following: metadata will need to be kept for twice as long as the current 12 months limit. Content (ie what is said within a given communication) will not be included in the legislation, just details about the time, duration and respective identities of participants.
Defending the plan in a statement, the Home Office said: “It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public. We need to take action to maintain the continued availability of communications data as technology changes.”
But there have been plenty of organisations and experts who think the idea has serious flaws.
Chris Soghoian, graduate fellow at the Center for Applied Cyber Security Research at the University of Indiana, told Channel 4 News the plan could scupper the government’s plans to encourage cyber start-up companies to operate in the UK: “David Cameron wants to encourage Silicon Valley-type start-ups but I think they’re going to be put off by the prospect of the British government potentially having unfettered access to their customers’ data.
“Britain is very well connected, companies could have meetings in the UK quite easily without having to be actually based there. No-one wants to be faced with a breach of privacy, especially if it’s by the state.”
In a briefing note, the Lib Dems say the police or government intelligence agencies will not be able to access communications data without an “intercept warrant” which would be issued by the home secretary.
Chris Soghoian thinks the law would be difficult to operate effectively without the co-operation of the United States which is the home to many of the social media and email companies which would be the target of surveillance: “Because Google has an office in the UK, the British government can bully Google.
“However, consumers are increasingly using services which are based outside the UK (often American companies) that have no UK presence. As such, without the assistance of the US government, this proposed wiretapping law is simply not going to be effective.
“We Americans seem to believe in a double standard – our government wants unfettered access to the private data of everyone else in the world, but at the same time, we’ll scream bloody murder if any foreign government gets access to the data of US citizens or our government.
“And to be honest, as long as everyone in the world relies on services provided by American internet companies, this double standard will continue.”
And Professor Peter Sommer from the London School of Economics told Channel 4 News he thinks the proposals do not appear too different from those presented by the last Labour government which were abandoned after intense opposition.
He says there could be a problem defining what is “content” and what is “communication”. Broadly, the information after the back slash of ‘http:/’ counts as content, with all that precedes classed as “communication”.
“This content / communication issue means that for example, an internet service provider would have to write filtering code for each webmail page – eg hotmail – so that only the communication rather than the content is visible. I think this would prove to be quite expensive to do.”
He also thinks the plans appear to be an expensive move which web users could quite easily circumvent: “There are at least four ways you can do that: 1. You can buy a SIM for your tablet or phone, using cash and then use your phone on that which would not be traceable to you. 2. You could use an internet cafe – even if they take your name there, what level of accuracy can you expect from a place where they charge 50p / hour? 3. You could use an unsecured wi-fi connection 4. Increasingly websites are using encryption by default – ‘https’ – they then have the same high level of encryption you get on e-commerce and bank sites.
“There are rumours this protocol can be cracked now but it would still be costly to do.”
Until the plans are published, no-one can say what will be their impact but the responses to the initial idea will no doubt help shape whatever eventually appears when the queen speaks next month.