By Mike Rispoli
The response by world leaders to the horrific terrorist attacks in France earlier this month has been all too familiar. As officials rallied for freedom of expression, they called for increased vigilance against extremists by expanding government surveillance powers.
Leading the way is UK Prime Minister David Cameron, who has called for an end to “safe spaces” for extremists on the internet. When the Prime Minister says “safe space”, what he means is encryption, more specifically the popular secure communications services, like WhatsApp, SnapChat, and iMessage.
Cameron, in essence, is calling for an end to private communication. Encryption—the technology that makes our lives more secure, allowing us to communicate on social networks and messaging services, to do online banking, book holidays, and protect our health records—is now being put on the ever growing list of threats to national security, according to Cameron.
Fortunately, the UK government has no legal ground to force international companies to modify their services to suit the surveillance wishes of the British intelligence agency. Even if such a proposal were to pass, companies would be under no lawful obligation to comply with such demands.
Cameron’s proposal comes as no surprise. UK leaders over the past decade have repeatedly tried to introduce increased surveillance powers to spy on the public’s communications, including failed attempts to pass the Draft Communications Bill, dubbed the Snooper’s Charter. Whether the Snooper’s Charter or other bills increasing surveillance powers, these policies each time have encountered resistance by Parliament and the public.
Over the past few months, the UK government has re-introduced these failed policies and pushed them with renewed energy. During the quiet summer months, Parliament rammed through “emergency” surveillance legislation, the Data Retention and Investigatory Powers Act.
What was the emergency? The European Court of Justice ruled that the long-standing Data Retention Directive was incompatible with human rights—a welcomed decision that unequivocally stated that laws allowing for indiscriminate, blanket retention are unacceptable. Despite having months to address the ruling, MPs over a four-day period hastily passed a new law, without any adequate debate or amendments, showing a worrisome disregard for the democratic process and the rule of law.
The UK’s notoriously quiet security and intelligence organisation, the GCHQ—which still refuses to confirm or deny the surveillance programs revealed by Edward Snowden—broke their silence this autumn when a new boss, Robert Hannigan, took over. He quickly dashed hopes that the intelligence community would constructively engage in the public debate on snooping powers, writing an op-ed in which he claimed that the internet is the “command-and-control networks of choice for terrorists and criminals”, and attempting to shame technology companies into “cooperating” more with security and intelligence services.
Although it’s tempting to buy the argument that increasing surveillance would help prevent events like the Charlie Hebdo, there is little evidence to suggest this is true. Rather, analyses of the Paris attacks, the murder of Fusilier Lee Rigby in Woolwich, the attempted underwear-bombing in the US on Christmas 2009 have shown that the extremists involved were already under surveillance and on watch lists.
Governments have not made the case for expanding their spying powers—and in fact, as Edward Snowden has shown, many states already possess tremendous surveillance capabilities. They can indiscriminately intercept massive amounts of data on undersea cables, compel telecommunication companies to turn over customer information, tap directly into the servers of internet companies like Facebook and Google, and hack into almost any device.
But we now have more security options at our fingertips. Encryption tools are available to everyone and are driving the new innovations of today’s digital communications market. Industry, in the wake of Snowden’s revelations detailing mass surveillance by governments, have now begun to make privacy a selling point for their products. Apple, Google, and other companies are applying basic and essential security on mobile devices. Messaging services like WhatsApp are deploying end-to-end encryption.
The growing market for security tools shows that companies taking privacy seriously—and so are their customers. Every day, we face a diverse set of threats to our personal information—from criminals, hackers, companies, and governments. States should join industry in making it harder for malicious actors to break into our phones and computers, and exposing and stealing sensitive personal information.
Instead, law enforcement and the intelligence community argue that improved security for individuals should be restricted, despite the state’s already enormous surveillance powers. For years, officials have publicly said there was a risk of “going dark”, meaning that technologies that protect us from hackers and criminals have become so sophisticated that governments cannot monitor communications and protect public safety.
Yet the suggestion that communications must not be encrypted, or that intelligence agencies must have access, is the equivalent of outlawing locks on doors on houses so that Government can access anyone’s home at any time. We all know that it would not only be the police or state officials who would want to come in but also criminals and strangers as well. Such proposals would certainly make us less secure, not more.
No amount of surveillance powers will ensure that all acts of terrorism can be predicted or prevented. The real risk here is not of the state “going dark” but rather of the steady erosion of our civil rights in the name of protecting our freedoms.