Today (Wednesday) the new version of the “Snoopers’ Charter” was revealed in the guise of the draft Investigatory Powers bill. It is a bill rife with obfuscation, weasel words and deceit. But look beyond the soundbites, spin and headline pullers and the truth begins to emerge. This is not to a watered-down, ‘post-Snowden’ version that the Government tries to sell to the British public, but adheres as close as it can to the original intent of the Snoopers Charter – the colloquial name for the draft Communications Data Bill that stalled as a consequence of parliamentary opposition. The new bill seeks to provide an array of powers for the police and security services, to enable them to exploit fully the vast resources long developed by GCHQ – in collaboration with the NSA – in that agency’s zeal for totalitarian surveillance. In short the draft legislation enshrines decades of bulk communications collection into law. Thus, the spectre of GCHQ, watching everyone’s moves and activities day-by-day, may well loom large over all our lives for the forseeable future.
By my read, #SnoopersCharter legitimizes mass surveillance. It is the most intrusive and least accountable surveillance regime in the West.
— Edward Snowden (@Snowden) November 4, 2015
Below, using a variety of sources – mostly revelations by Edward Snowden via article by Ryan Gallagher in The Intercept – is a mapping of what the draft bill is really about…
Note: for a more forensic analysis of the draft bill, see “Investigatory Powers Bill: The Juicy Bits”
Encryption will not be ‘banned’, as banking and other financial services depend on it. However, measures in the draft bill will require that tech firms and ISPs provide unencrypted communications to the police or spy agencies if requested through a warrant. These firms will not be able to comply with this requirement unless they provide encryption to their users that can be decrypted.
The new legislation will attempt to force companies outside the UK to adhere to this requirement, though even if this did not happen, according to one document the NSA’s troves of data are searched by GCHQ for data on British citizens anyway. Also, what Theresa May fails to understand is that there are a myriad of tools and applications that are outside the reach of UK legislation – consequently, GCHQ will end up mostly monitoring stuff about shopping habits (that may be of use to the capitalist establishment).
Note, too, that British police already have the power to compel someone, on penalty of imprisonment, to disclose cryptographic keys under RIPA (i.e., to compel decryption on the order of intelligence or police authorities – with no judicial or ministerial warrant required).
2. Web histories
The Government says that the bill will only allow for the retention of metadata, not web histories. But this is not the case: all ISPs and CSPs will be required by law to retain all web histories, as well as phone usage and social media usage of all users, for 12 months and to make these histories available to the authorities when a warrant is issued. Access to web histories (trawled by GCHQ) will be granted to the police, the National Crime Agency, the intelligence agencies and HM Revenue and Customs.
The bill will seek to legitimise the mass hacking activities of GCHQ, which, as anyone studying the revelations of Edward Snowden will know, has been operating bulk surveillance operations for many years. One example, according to Ryan Gallagher of The Intercept, is Karma Police, which was launched some seven years back. Another system “builds profiles showing people’s web browsing histories; another analyses instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps.”
A further example of data mining used by GCHQ is TEMPORA, which monitors emails, instant messages, voice calls and other communications and makes the data accessible through XKEYSCORE. According to The Intercept, as of September 2012, TEMPORA, which was first revealed by The Guardian in June 2013, was collecting “more than 40 billion pieces of content a day”.
GCHQ will continue with its blanket surveillance regime of monitioring everyone’s metadata. This metadata monitoring can be more powerful than simply monitoring web page activity. Metadata provides information about all sorts of things – who, where, what, why. Metadata can reveal networks of networks. It can reveal activities. Marry this information with the web histories (available via warrants) and the authories will have everything.
According to Edward Snowden, as of 2012, GCHQ was storing about 50 billion metadata records about online communications and web browsing activity every single day, with plans in place to boost capacity to 100 billion daily by the end of that year alone. The Intercept explains that data revealed by Snowden showed that between August 2007 and March 2009, GCHQ documents revealed an operation called Black Hole that was used to store more than 1.1 trillion “events” — a term GCHQ uses to refer to metadata records — with about 10 billion new entries added every day. By 2010, according to these documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion.
GCHQ has always maintained that authorisation to collect metadata is “not needed for individuals in the U.K.,” because metadata is “less intrusive than communications content.” A GCHQ document (see image below) lists the range of information it regards as metadata — location data, email data, instant messenger data, and social networking logs that show who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
The bill also requires that the mobile phone providers track location of every call made, to keep that data for a year and to provide that data in bulk to GCHQ. (Note: MI5 has subsequently admitted that it – presumably via GCHQ – has been logging all phone calls of everyone in the UK for the past 10 years.)
Under the draft Investigative Powers bill the practice of warrants being approved by the Home Secretary will continue – though additional ‘oversight’ (of procedure only) is to be provided by an investigatory powers commissioner (former Appeal Court judge, Sir Stanley Burnton) and seven judicial commissioners (also retired judges). This may seem like a concession, albeit a small one, but when one considers that the judicial commissioner will be handpicked (and that the majority of British judges are Tories from the shires)… Also, in the USA, all warrants are approved by judges, though less than 1% of warrants were rejected. So, hardly a panacea.
Note, too, that warrants will also be issued to enable police and the security services to legally access the communications data of journalists, lawyers or other legally privileged professions (but not MPs – the Wilson Doctrine is to be written into law). Further note, that the police already have access to bulk communications data under RiPA, with around 500,000 requests each year without judicial or ministerial approval (just the agreement of a senior officer)and this will continue.