Thursday, 4 February 2010

Open Rights Group campaign

The Open Rights Group have a campaign against the Intercept Modernisation Programme. I reproduce a 'model' letter that they suggest you can use to write to your MP. It sums up the issues neatly.

I am writing to express my concern at the proposed Intercept Modernisation Programme. I understand this may contain plans to collect details of who I send emails to and the people I contact via Facebook and other social networking sites.

I understand that there are also discussions around centralising all internet traffic data in a series of databases accessible by the government, thereby gaining permanent easy access to the data being held by Internet Service Providers.

I believe this is likely to be an expensive waste of time, and a gross invasion of citizens’ privacy. There will be serious risks if a large number of civil servants can access extremely personal information, such as who someone contacts by email or Facebook message. Although I presume there would continue to be legal barriers, in practice we all know that it is possible, once information is made accessible, for information to be wrongly accessed, distributed or lost.

I am also convinced that any serious criminal or terrorist will not use normal email or social networking sites to plan and communicate about their activities. Collection of information will, however, make it much more routine to use anonymisation and encryption technologies to hide their activities. This will mean the proposals will make it harder, not easier, to get evidence.

At the same time, It is possible that legitimate protesters and campaigners will use normal electronic communications, which puts these people carrying out legal activities at risk of abuse.

I am also concerned about the possibility that such information will be analysed for suspicious patterns, in processes called ‘data mining’. This would put many innocent people under scrutiny. As Bruce Schneier, the renowned security expert says:

“Terrorist plots are different … attacks are very rare. This means that even very accurate systems will be so flooded with false alarms that they will be useless: millions of false alarms for every one real attack, even assuming unrealistically accurate systems.”See here.

Fundamentally, ‘traffic data’ is an integral and private part of any communication, as the European Court of Human Rights has already agreed. Collecting it, storing it and analysing it must be done only to address very serious concerns of public safety, targeted at individuals, not in order to carry out mass surveillance.

I urge you to bring these concerns to the light of the Home Secretary.

1 comment:

Will Dwinnell said...

I think that there are two distinct issues here: First, who has access to what data, and Second, What they can do with it. In my opinion, the bulwark of privacy must be built when answering the first question.

To be clear, "data mining" is a sophisticated statistical analysis of data, not data collection itself. I argue that Schneier's assertions regarding data mining are faulty. See, for instance:

Data Mining and Terrorism... Counterpoint