The #IPBill aka #Snooperscharter second letter


Here is my second letter to My MP. This is the important one as they rarely see your first letter.

Dear Alok Sharma,

I thank you for your reply to my letter (ref: CRM12097), while your response tries to clarify some aspects of this bill you fail to address any of this issues that I raised.

I would like to explain just a few of the issues I, an others in the Cyber Security community, have with the Investigatory Powers Bill. Firstly the bulk collection of data.

Bulk collection of data records “meta data” is not equivalent to a phone bill. This implies that it only relates to a small part of a citizens life and interactions. In the case of the Internet we are living our lives where all our actions and thoughts travel on the Internet in some form. And this is rapidly expanding, from smart phones reporting location, activity, and biomedical information to our homes becoming automated and reporting machines that we live in. The “meta-data” of these interactions is vast and detailed view of our lives.

If you want a simple parallel it is equivalent to the information collected by the East German Stasi, collected and stored, and could be searched and analysed.

It is amoral in a free society to collect and store this level of information on citizens, whatever the justification.

Secondly the the storage and analysis of this data does not help the police, or GCHQ in performing their roles. If this is to protect us against terrorism it will not work. All of the recent terrorist attacks have been performed by persons known to the police. No cases of terrorism have been identified from bulk analysis of data. If this data truly was able to do this then we should demand extraordinary proof that this is the case, and subject this to public scrutiny. Where the NSA has been challenged to do this they have failed to provide a single case where access to bulk data was instrumental.

The simple argument here is that if the terrorists of all previous actions were known to the police but they were unable to spot this from the data they have, how does adding more data to the pile help.

This collection will be expensive and hamper the development of businesses in the UK. The Snowden revaluations mainly reflected on the operation of the NSA, and those revelations had, and are having a major impact on US businesses that sell technology solutions, especially internationally. This bill will have an even worse impact on UK businesses than the current revelations have already had.

The collection of useful data is easily bypassed by citizens. The entertainment industry has been trying to detect and prosecute people for copyright infringing activities for 10 years. This has taught much of the population how to use technologies like VPNs, and TOR. When these are used data collected under these Bulk collection schemes is useless.

The collection of this data is probably illegal under the European Convention on Human Rights. The recent ruling on the data retention directive, should alert you the the fact that the basic human rights are being infringed by the current collection schemes, and so this will probably be illegal under a similar challenge when it eventually comes. It would certainly not be legal under the American constitution.

Next I would like to discuss encryption. In your letter you say that you do not want to break encryption, The point in my letter was specifically about end-to-end encryption. This is where the service provider is unable to decrypt messages. The Bill states that service provider must comply with a warrant, and provide decrypted information. So what does this mean for services where the service provider is unable to do this? This implies that you will ban such services. If you think that this will help catch criminals, and not seriously harm UK businesses you don’t understand the issues.

End-to-end encryption uses the same technologies that secure connections to services providers. These are widely available technologies in open source products. These will be used whatever the law states.

I hope that this will help you understand how deeply flawed this bill is and and convince you not to support this. I have only covered a couple of issues with this bill, there are many more that I have not covered here.

Yours sincerely,

Stuart Ward

Advertisements

One Response to The #IPBill aka #Snooperscharter second letter

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: