How to be a suspected terrorist in a few clicks

I stopped by an”After Snowden” panel talk last week at the London School of Economics.  There are quite a few of these popping up these days. There’s this notion that we’re now in something that can be classified as a post-Snowden world, and such notions are ripe for academia plunder. This one stood out somewhat in that both the panel and audience contained a decent representation of folks at least mildly sympathetic to the data-snarfing projects, at least those run by The Good Guys™.

On the whole, it was a decent conversation, but what was interesting was this emerging faux consensus by all sides that states need spies and spies need regulation and oversight. It’s fake because only one side probably believed that oversight is presently in sorry shape. It’s the watchdogs who seem more eager to push surveillance technology well beyond the realm of rounding up a few Bad Guys®.

When a technology or ability is introduced, it’s use only expands.. It doesn’t retract or stay within limits. It finds new gaps or markets to fill.

Expansion of powers happens (retraction, not so much)…

This is why I find certain attitudes around the subject troubling. At the LSE talk Sir David Omand, a former Director of GCHQ, assured the audience that “if they knew the culture” inside his old SigInt agency, they wouldn’t lose any sleep over mass data collection. Such assurances were echoed in the Telegraphy by once-MI6 chief, Sir John Sawers. Omand also stated what Sawers said: “We cannot have no go areas in our communities where the police cannot go, because that just allows space room for the evil-doers to ply their trades.”

Two assertions are false…

  1. We have demonstrative evidence that blind trust can’t be given to automated, mass-intelligence gathering. It will be abused.
  2. There are as many “no go areas” on the internet as Fox News claimed their were in Britain; there aren’t any. It wasn’t mass-surveillance that brought down the online drug market Silk Road, but actual solid undercover and investigative practices.

A fascinating aside: Omand subscribes to the idea that if individuals are allowed to encrypt their communications, spies will be forced to be less ethical in how they monitor people.  “Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work.” All of this translates to: “You’re a bad guy if you’re encrypting.” It’s a bit like the excuse that starts with “she was asking for it because…”

There does exist a well-thought framework around all this that seems to never make it into any of these debates. Visit Necessary and Proportionate Dot Org and scroll down to “The Principles.” It was finalised May, 2014 and since then most advocates of the status quo like to pretend it doesn’t exist so they can continue saying their critics present no viable alternatives. It would be great if this was brought up more often to counter that assertion.

It’s the encryption, stupid…

Putting myths aside, there’s a government PR attack on encryption that’s emerging in the UK, the U.S. and elsewhere abroad. This isn’t about the technology’s criminal segment of users. It is about being able to evaluate larger swaths of the general population who are growing more sceptical about their own government’s activities.

The plan remains to capture “the whole haystack” of communications data, ostensibly to find those few terrorist needles. From a technical perspective, this is a horrible way of discovering needles. But it’s an excellent way of producing statistical data about populations, creating segments, and maybe later pulling out records on people who you want to intimidate. Strong encryption gets in the way of efficiently copying all that data in a cost effective manner. The government sees this as a procurement issue. Basic human rights is kind of an afterthought.

Omand described concern over mass surveillance as a “moral panic” of the citizenry that wasn’t really warranted. In fact, the panic attacks seem to be coming from halls of government. As a result, some very odd and unworkable potential laws are emerging.

What a panic looks like…

These are examples of people in power having a freak out. When a government sets out on a project to copy all of everyone’s communication, the correct adjective is paranoid.

Oldies don’t get tech…

It’s a generalisation I don’t quite agree with (more so as I get older) but the idea that old folks don’t understand how technology works does find its case studies in Congress and Parliament. Remember that no one in UK’s own supposed intelligence oversight process really understood how GCHQ worked or what it’s Tempora monitoring system did until the Guardian decided to tell everyone. The lack of understanding extends to those judging whether such programs should be legal (after they’re under way, of course).

There’s this idea that Western spies are somehow able to break the internet in ways their adversaries can’t That you can put a back door in encryption that only British or Americans (and the odd Canadian or Kiwi) will be able to access. Even if that were true (it’s not), it still doesn’t protect people from their own governments.

Unchecked domestic spying always leads to creepy things… always…

Technology is wonderfully easy to break. A 7-year-old girl hacked a public Wi-Fi network in 10 minutes using information found online. Anyone can DIY their own data snooping device if they want. And even supposed “experts” get caught by the most basic hacks out there.

Technology is advancing at a dreamy speed and new ways of connecting it to more people are popping out of everywhere. Broadband is growing, more mobiles can do niftier things online, we’ve got satellites, re-purposed weather balloons, drones, mesh-nets, and peer-to-peer connectivity putting internet access in more remote regions. Fabulous.

All these things need strong encryption or their users will be at unparalleled risk. Give a small, persecuted ethnic minority in Country X access to the internet that comes with serious security holes attached and you’re giving the group interested in wiping them out an access point to get on with it.

Yet when we see panic about technology illustrated in popular culture, it’s usually something like The Terminator or the latest version of it, Ex Machina. These films kind of echo the old “Watch the Skies” films of the 1940s and 50s, when aliens from other worlds always seemed to arrive with intentions fairly in line with the Red Scare propaganda of the day. I’ll leave the threats posed by strong AI to Stephen Hawking and his friends. More urgently, humans with a bit of power are a greater threat to humans.

We’re entering a world where governments want to consider it criminal for you to speak privately with someone else, and the technology to do just that is also getting easier to use. You can be on the Tor Network or within a VPN connection within three clicks, give or take. That’s about how much activity it could take to put you on a watch list should the trend continue.