Categories
End User Regs surveillance & privacy

PRISM and the currently shelved Draft Communications Data Bill

PortcullisThere’s been a lot of noise about the PRISM surveillance program (American spelling because it’s American). There’s a ton of stuff about it on Wikipedia.

A few people asked whether I was going to write a blog post about it. I wasn’t. Lots of people earn their living just looking at this kind of stuff.

There is one thing worth considering though that particularly springs to the forefront of my mind and that relates to the Draft Communications Data Bill that was recently dropped by the Government from the Queen’s Speech.

Without understanding fully what PRISM actually does and what data it accesses I imagine that the capability is pretty similar to what might have been demanded of the ISP industry by the Comms Data Bill.

My biggest objection to that Bill was that it was a serious threat to the personal privacy of every individual in the country because of all the data that would have been gathered. Availability of the data = inevitability that the data would have been leaked. The only way to not have that data leaked would be by not gathering it in the first place.

History shows that the most likely source of such a leak is internal to an organisation, be that within the ISP storing the data or from the negligence (laptop left in taxi etc) of the civil servant or member of the security forces looking after said data.

Well the fuss about PRISM has demonstrated that this is exactly so. Important information was leaked from within the US security establishment by an insider, Edward Snowden. The same can be said of Bradley Manning and Wikileaks.

The only way of not having the data in the public domain is not to keep it in the first place.  I’m not going into a lengthy debate re the rights or wrongs of what the USA is actually doing with PRISM. Just that we should bear that in mind whenever the next attempt to introduce the Draft Communications Data Bill comes along, as it inevitably will.

Categories
Business Regs surveillance & privacy

Draft Comms Data Bill Select Committee appearance for oral evidence #ccdp

portcullisYesterday I gave oral evidence to the Draft Communications Data Bill Joint Select Committee1. It’s the first time I have been asked to give evidence like this and something one has to take very seriously.

I was with three others: Caspar Bowden who is a colleague on the ICO Technology Reference Panel, Dr Gus Hosein of Privacy International and David Walker, a security consultant. The committee has been seeing groups according to their rough views on the draft Bill and readers of this blog will not be surprised to hear2 that this cohort was one that had concerns.

The afternoon’s evidence sessions were reported by the Beeb.

I’m sure that I will already have mentioned that the potential consequences of this Bill becoming Law are so great that it merits the most comprehensive discussion before hand. Today is the last day of evidence sessions with the Home secretary Theresa May being up before the committee.

I don’t have access to the inner thoughts of the committee but I did get a sense of the following:

  1. the fact that many communications use encrypted traffic and that this is likely to cause problems is recognised
  2. the issue of dealing with overseas providers is not likely to be an easy one
  3. the process of oversight of the RIPA system notices needs overhauling, especially if the Bill proceeds
I’m also hoping that the message got  through that nothing can ever be totally secure and that any data gathered under this Bill/Act would eventually make its way into the public domain with disastrous consequences.
I don’t have a handle of the timetable for the rest of this process (enlightenment anyone?) but it wouldn’t surprise me to see the Bill move forward in some reduced form. In the meantime we have to keep up the pressure. More in the fullness of time, a week is a long time in politics etc etc etc.

1 bit of a mouthful/oral evidence/geddit?

2 some previous posts include this one

Categories
Business online safety Regs

More Draft Comms Data Bill analysis & Gary McKinnon

blogspot broken link landing pageGary McKinnon has been in the news this week. Unless you have just surfaced for internet air you will remember that he is the guy with Aspergers who hacked into the Pentagon computer and who the marshalls Feds in US of A wanted to extradite so that they could extract revenge.

This post is not about Gary McKinnon or the rights and wrongs of his case. It is about the fact that he was able to hack into what must surely be one of the most secure computer systems in the world (wide web).

Next up is the breach of Google’s webmail service in December 2009.