Notes on Digital Surveillance


Earlier this year, I attended a lecture given by Alan Rusbridger - the outgoing editor of The Guardian - entitled "The World After Snowden." Held at Oxford University, and attended by journalists, technologists, and former spies - it was an exceptionally interesting talk and provoked a lively debate over dinner.

In light of the publication of the disastrous Investigatory Powers Bill, I've decided to write up my notes.

Except for the opinions expressed in public, I've deliberately avoiding attributing any of the comments to individuals. As per my posts on Communist Robots and iPhone Slavery the points I make here aren't necessarily my own.

This is a series of observations and questions.


The lecture theatre is filling with greying hair - almost exclusively male. Beside me a couple of chaps with RAF pins on their lapels mutter darkly about how it wouldn't have been allowed in their day. The journalists in front of me are either tapping furiously on iPads or scribbling indecipherable shorthand.

Alan Rusbridger cuts an impressive figure as he carefully maps out the story of Snowden. Not the tawdry details of how documents were liberated from the US Government - but how the response from the press and lawmakers has been curiously subdued.

In the USA, there have been numerous reports, debates between lawmakers and the public, a strong response from the Intelligence Services. In the UK... Nothing. Labour have been terrified of being seen to be weak on security. While the Libertarian wing of the Tory party would normally support personal freedoms - they've been overruled by their hatred of the liberal media. The LibDems - bless 'em - don't have the clout to do much of anything.

The odd questioning of spooks and their nominal overseers has been lacklustre at best.

Unspoken in the room is the problem of collusion. The Guardian journalists are Oxford educated. The GCHQ chaps are Oxford chaps. The politicians - you guessed it - PPE from Oxford. There's a cosy club of perfectly decent fellows - and most of them are men - all gently assuming that the other is acting in the best interests of... society, one supposes.

This trick is working. The state is simply ignoring the argument - at all levels. Don't mistake it for a head-in-the-sand attitude - it's the sure-fire knowledge that wholesale surveillance is just too big for anyone to understand. And that makes it hard for people to care about. So it can be pushed aside. After a few years of intense non-debate, the establishment can state with confidence that "it's time to move on from Snowden."

Perhaps industry will pick up the fight? In the USA, we see companies aggressively promoting Privacy as a competitive advantage - yay capitalism. And in the UK? It's hard to find a significant industry player who has kicked up a stink about the pillaging of their customers' data. Say, I wonder where their CEOs went to school...?

At least the tech community is having a passionate debate. We're the ones busy fixing bugs, getting tools to those in needs. We're the ones doing the damned work, fighting the good fight, and still being ignored, belittled, and infiltrated.

Sat a little way ahead of me is a former Director of GCHQ. He writes exclusively in green ink. His hands trembles as he talks. And, boy, does he talk! He's a terribly reasonable. That's the worst thing about him. As he's telling the audience that mass surveillance of all citizens by the state really isn't that big a deal - I find it hard to disagree with him. Such a kindly old man couldn't be malicious, could he?

But when you listen to his words, it becomes clear that he's a trained liar. There's no way an honest man can say with a straight face that it is in no way intrusive for the police to have a list of every websites you've visited. Lawyers don't really need confidentiality with their clients.

There's a philosophical debate to be had. If a computer system snaffles up all your emails - but they're not read by a human - have they really been intercepted?

Above all, he asks, can we please be a little more respectful in our tone. It strikes me that it's not possible to have a polite conversation with a burglar. Especially while a theft is in progress.

The conversation is schizophrenic. When Sony was hacked - they were castigated for having such weak security. In the aftermath of the massacre at Charlie Hebdo, companies were criticised for being too secure. How can we track the enemies of freedom if we can't read everyone's emails?

There are protections - of course. Journalists - especially the decent sort - ought to be protected. That's what American law says anyhow. We're often asked "is blogging journalism" - perhaps we need to ask "why do journalists get protection from state intrusion when ordinary citizens don't?" But that's not quite so snappy, is it?

And snappiness is a problem. As well as the philosophical debates - there's the technological debate. And it's too hard for most people to follow. Half the MPs can't turn on a computer without an advisor pointing out where the switch is. How many of them do you think understand the intricacies of public key cryptography?

No, it's more fundamental than that. It's a public perception problem.

In the UK, we never had the KGB or the Stasi. We didn't have the FBI undermining our civil rights leaders. We didn't have that sonofabitch Nixon screwing everything up. We had Alan Turning single-handedly defeating the Nazis and James Bond keeping the British end up. Our guys are the goodies!

Which, of course, leads one old journalist to huff and puff that The Guardian really ought to have been more responsible and let the government see the stories before publication.

One of the journalists around the table likes this struggle to the fight against slavery. Not in terms of human pain and misery, but there are parallels to be drawn. This is a fight against huge economic resources, entrenched culture, and men who crave the power of life and death over other humans. They are fighting to keep the status quo. The fight against slavery took hundreds of years. It is all but eliminated and yet we're still living with the repercussions of such evil. That's the time scales we have to work on. A minimum of 50 years to change public and private opinion.

It will take a catastrophe to shake up the public. The leaking of everyone's medical details? Perhaps Facebook inadvertently shows who other than your wife have you been looking at? The end of a million marriages in one weekend, what would that do to the public's perception of data security? (This was all months before Ashley Madison. Sadly, that event seems to have failed to shift the public's attitude.)

Geeks have failed to realise that we are engaged in massively asymmetrical warfare. International standards bodies are corrupted by the state, trillions of dollars are directed towards total domination, human lives are collateral. We have GitHub, Tumblr, and the sainted BlockChain.

Where's the tipping point where geeks can freely admit that we lost and it's time to kowtow?

Our government wants to protect the Internet. They see it as an engine of massive growth. But they fear the ease with which criminals and ne'er-do-wells and use it. The gives the security services contradictory requirements.

Perhaps the only question we need to ask is "How do we reach a least worse local minimum?"

At the moment, there is the technical capability to store... everything. They can hold an infinite file on everyone for an indiscriminate period of time - then all they need to do is wait for the law to change and run a dragnet through all the data.

Your guilt is a quantum needle simultaneously popping in and out of multiple haystacks.

Finally - and it's been a long evening - how do we prepare for the next leak? Snowden won't be the last. The next might come from within industry, or a nation state, or a hacker who blags her way into a cache of juicy data? What are technologists doing to tighten up systems? What are legislators doing to ensure proper procedures are in place?

Our spies ought to be protecting us. But they're conflicted. Every flaw they fix means one less access point for criminals - and one less access point for the themselves.

We melt off into the night. This isn't even the end of the beginning - this is a culture war which can never be resolved as long as men desire each others' secrets.


Share this post on…

One thought on “Notes on Digital Surveillance”

  1. says:

    This is a good overview; but much of the current thinking and indeed much of the discussion is still rooted in how data is currently routed; ipv4 , its limitations, the client server architectures with firewalls and packet inspection at the edges; we have lost a battle in IPv4 but we are changing the address spaces, because we had too, and for a while we will all think old school We will think clients and servers because this is what IPv4 has pushed us into and it is what Govts like. But IPv6 is more than its change of address spaces , it is a change in our needs to 'pass through' something, IPv6 is an end to the need for central for many items of information. What do you do about privacy, about collection, about interception when the network is no longer top-down. The meme will change , information will not longer want to be free, it will want to be uninhibited.

    Reply

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">