Communications Bill draft

12 minutes estimated reading time

This is going to be a convoluted long post on the draft Communications Bill, so I just decided to pick a point and start.

The Draft Communications Bill, what is it?

The Draft Communications Bill is a piece of legislation that builds upon work done by the European Union and the previous Labour administration. It is designed (as the government sees it) to maintain capability of law enforcement to access communications. It builds on a number of different pieces of legislation.

Communications Data Bill 2008 – sought to built a database of connections:

  • Websites visited
  • Telephone numbers dialled
  • Email addresses contacted

This data would be collected by internet service providers. The current government had described these plans at the time as Orwellian.

Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or public communications networks and amending Directive 2002/58/EC – requires data retention to identify users and details of phone calls made and emails sent for a period between six months and two years. This information is to be  made available, on request, to law enforcement authorities to investigate and deal serious crime and terrorism.

The UK already has used non-legislative means to force 95 per cent of internet access through a filtered system, predominantly BT’s Cleanfeed which blogs blacklisted sites or pages. It has been used to filter child pornography, there were discussions about using it to block content that was deemed to glorify terrorism and has the potential to block content in a similar way to other more authoritarian nations. In a well-known case Cleanfeed had blocked a Wikipedia page on The Scorpions Virgin Killer album originally issued in 1976.

In addition, the UK government had evaluated (and rejected) internet connections being filtered for pornographic content by default – apparently due to a lack of appetite from parents for content filtering.

The Digital Economy Act of 2010 allowed sites to be blocked and allowed prosecution of consumers based on their IP address which was problematic.

So there is already a complex legal and regulatory environment that the Draft Communications Bill is likely to be part of.

In essence, the Draft Communications Bill gives the capability to build a database of everyone’s social graph. Everyone you have called, been in touch with or been in proximity to.  It requires:

  • A wide range of internet services, not just ISPs to keep a record of user data for 12 months
  • That retained data to be kept in safe and secure way; just like say credit card information or user names and passwords
  • The ability to search, filter and match data from different sources allowing a complex near-complete picture to be built up of our digital lives. Which would be of interest to hackers, criminals, private investigators or over-zealous journalists (a la the recent News International phone hacking scandals)

What the government have been keen to stress is that the process would not look at the content inside the communication. If we use the analogy of the postal service, recording all the external information on an envelope or parcel, but not peaking inside. The reason for this can be found in a successful case taken by Liberty and other organisations against the UK government in 2008. Article eight of the European Convention on Human Rights focuses on respect for private and family life, home and correspondence.

During the 1990s, the UK government had intercepted calls, faxes and electronic communication placed internationally by people in Ireland via a specially built microwave communications tower in Capenhurst. The Electronic Test Facility was uncovered by Richard Lamont in 1999 and was subsequently covered by Channel 4 news and The Independent.

Once the Electronic Test Facility came out into the public domain, the court case followed.

There are concerns about how this information can be used indiscriminately to build up a Stasi-like picture of the UK population. This is more sensitive given the controversial  black list provided to the construction industry by The Consulting Association. Latent public anxiety about commercial services like Facebook and behavioural advertising also contribute to this mindset.

Why all the power?

Modern police work and intelligence work doesn’t look like Spooks, James Bond or Starsky and Hutch. In reality, it looks more like The Wire. Investigations revolve around informants and painstaking investigation work.

A key part in this is network analysis. Understanding the structure of  relationships between participants allows them to be caught. A key part in the film The Battle of Algiers shows how French paratroopers looked to break suspects to find out the structure of their terrorist cells. If they can break them fast enough before conspirators flee, the French could roll up the terrorist infrastructure. The film’s main protagonist who instigates this policy is a portmanteau of numerous counterinsurgency specialists including Jacques Massu, Marcel Bigeard and Roger Trinquier, all of whom had been involved in the French counterinsurgency campaign from 1954 – 57 which had successfully  rolled up Algerian separatist networks in the capital Algiers.

Move forward five decades and the US counterinsurgency work in Afghanistan and Iraq puts a lot of focus on degree centrality and social network analysis as part of its efforts to dismantle al-Qaeda and other fellow travellers.

Secondly, good operational security techniques from the use of stenography or encryption of communications if implemented well can be difficult even for governments to crack. If you know the network structure, this gives you two options to gain information on the communications:

  • Look at the communications metadata: how much is going on, where is it being sent to, is the volume larger or less than normal. These can all be used as indicators that something maybe happening, changes in power within an organisation (who is giving the orders)
  • Focus resources on cracking communications that would be deemed important, for instance those to a particular number

The all-up data picture would be deemed important to provide a better picture of network analysis. When I think about myself for a minute:

I have a range of different online identities, many of which are due to the limitations of the service on which they are held or when I set them up.

I have one main UK mobile phone number, but I have had different ancillary ones:

  • Work phones
  • Temporary PAYG numbers to sell things on The Gumtree and Craigslist
  • SIMs that I have used for data only on my iPad and smartphones over the years

Now, let’s do a thought experiment, imagine a gang of drug dealers each with a set of pill boxes like old people have labelled up for each day of the week. In each section of the box would be a SIM card. They would then swap those SIMs in and out of their phones on a regular basis making their communications hard to track if you were just following one number. They could be using regularly changed secondhand mobile phones so that the IMEI number changes as well.

The SIMs could be untraceable, they could be bought and topped up for cash if they were bought outside the UK. I can go into my local convenience store here in Hong Kong and buy and top-up them up for cash or a pre-paid credit card with no one asking to see my ID.

Untraceable UK SIMs could be acquired along with bank accounts from students going home, paid off electronically, perhaps even with the debit cards attached to the accounts and the accounts topped up with ATM deposits.

But if you interrogate a database once you have one or more numbers and look for numbers that appear on a network in the same location immediately after the number you know disappears you are well on the way to tracking down more of the mobile graph of the drug dealers.

Now imagine the similar principles being applied to messaging clients, email addresses or social networking accounts in order to provide the complete network analysis of the gang of drug dealers created in the thought experiment.

How does this fit in with the people?

Under the previous Labour administration councils were given wide-ranging surveillance powers that were used to deal with incidents such as putting the wrong kind of materials in the recycling bins. This annoyed and educated British consumers on privacy. The Draft Communications Bill smacks to many as a similar kind of snoopers charter.

The internet itself, has been political and has become political. If one goes back to the roots of the early public internet, one can see the kind of libertarian themes running through it in a similar way to the back to the land efforts of the hippies which begat the modern environmental movement. This was about freedom in the same way the American pioneers could go west for physical freedom the internet opened up a new virtual frontier where one could make one’s own fate. It was no coincidence that people involved in ‘the hippy movement’ like Stewart Brand and Kevin Kelly were involved in setting the political tone of the internet.  Or that the Grateful Dead have had an online presence since 1995.

When these freedoms have been overly curtailed or threatened, internet users have struck back; sometimes unsuccessfully. The Pirate parties that sprang out of The Pirate Bay | copyright discussion have had limited political success, which has misled many to believe that the internet isn’t a political issue. What they managed to do is highlight the issue and their concerns to a wider range of people, in a similar way to how far right movements put immigration on mainstream political agendas across Europe.

It is also coupled with a decline in trust in authority, partly due to the financial crisis and the cosy relationship with the media which came to light during the phone hacking scandal.

Even The Economist realised that something was going on and called internet activism the new green. It takes mainstream political systems a while to adjust to new realities. It took at least two decades for green issues to become respectable amongst mainstream politicians and it seems to be even harder for them to grasp the abstract concepts behind the digital frontier.

The signs are all there for a change in the public’s attitude; when you have The Mail Online providing critical commentary of the Draft Communications Bill and providing recommendations of encryption software readers can use to keep their communications confidential you know that something has changed.

How does this differ from what companies can derive anyway?

This is probably where I think that things get the most interesting.

Network analysis tools are available off the shelf from the likes of Salesforce.com, IBM or SAS Institute. They have been deployed to look for fraudulent transactions, particularly on telecoms networks, and are also used to improve the quality of customer service. Many of them get inputs directly from social network such as Twitter and Facebook.

Deep packet inspection software and hardware again is available off the shelf from a number of suppliers. Companies like Narus and TopLayer Networks pioneered deep packet inspection for a wide range of reasons from surveillance to prioritising different types of network traffic. The security implications became more important (and lucrative) after 9/11; now the likes of Cisco and Huawei provide deep packet inspection products which are used for everything from securing corporate networks, preventing denial of service attacks and in the case of Phorm – behavioural advertising.

Skyhook Wireless and Google have location data that services can draw down on providing accurate information based on cell tower triangulation and a comprehensive map built-up of wi-fi hotspots.

Credit information can be obtained from numerous services, as can the electoral role. If this data is put together appropriately (which is the hard part), there is very little left of a life that would be private anyway.

Companies are trying to get to this understanding, or pretend that they are on the way there. Google’s Dashboard shows the consumer how much it infers about them and information that consumers freely give Facebook makes it an ideal platform for identity theft.

One of the most high-profile organisations to get close to this 360 view of the consumer is Delta Airlines who recently faced a backlash about it.

So what does this all mean?

We should operate on the basis that none of our electronic information is confidential. Technology that makes communication easier also diminishes privacy.  The problem isn’t the platforms per se but our behavioural adjustment to them.

More content related to telecoms related issues can be found here.

More information
Giant database plan Orwellian | BBC News
Directive 2006/24/EC (PDF)
Written answers on internet pornography – They Work For You
UK government rejects ‘opt in’ plans for internet porn – TechRadar
Internet Filtering: Implications of the “Cleanfeed” System School of Law, University of Edinburgh Third Year PhD Presentation Series TJ McIntyre Background Document for 12 November 2010 Presentation (PDF)
Councils’ surveillance powers curbed | The Guardian
The new politics of the internet Everything is connected | The Economist
Blacklist Blog | Hazards magazine
UK government plans to track ALL web use: MI5 to install ‘black box’ spy devices to monitor British internet traffic | Mail Online
Most UK citizens do not support draft Data Communications Bill, survey shows | Computer Weekly
How Britain eavesdropped on Dublin | The Independent
Cases, Materials, and Commentary on the European Convention on Human Rights By Alastair Mowbray
U.S. Army Counterinsurgency Handbook By U S Dept of the Army, Department of Defense
Draft Communications Data Bill – UK Parliament
Deep packet inspection (DPI) market a $2 billion opportunity by 2016 – Infonetics Research
Google Dashboard
Big Brother Unmasked… As Delta Airlines – smarter TRAVEL