Bills like this worry me greatly as an advocate for internet freedoms and because of a desire to a right to privacy.
When I discuss government plans for the internet with non-technical people it worries me even more that they aren't at all concerned about it. I hear arguments like 'I have nothing to hide' and 'If it stops terrorism, why not'.
I try to tell people that they should demand a right to privacy from the state, but I find it hard to not come across as a tin foil hat wearing goverment-skeptic. What arguments do you use with people that don't understand the web all that well to get them to care about this stuff?
I usually go with "The problem isn't the current government, the problem is what might be in the future. The Netherlands stored data about their citizens' religious affiliation. The Nazis really appreciated that when they came and rounded up the Jews."
It's tricky because people find it hard to see the big systematic picture, and "respectable" people like to assume that the police are the good guys and anyone they oppose must be a bad guy. Your best bet is to find something where they disagree with the government or officialdom and build out from there. The "council uses RIPA surveillance to catch woman sending child to school in different catchment area" story is a good one here; almost everyone thinks that councils are officious busybodies.
Health records privacy is another good one. "Do you think the government should track all your alcohol purchases?"
(I wrote in a previous comment with a US context:
- legal. It's against the law; there are strong 1st and 4th arguments against surveillance, and 5th and 6th amendment arguments as well. Some people have even tried to argue that if encryption is a munition the 2nd amendment applies. The "we could stop bad people" argument applies especially to the 4th.
Similar legal protections exist in Europe, although not generally as strong (article 8).
- practical: either a system is secure or it isn't. Handing it over to anyone increases the risk of compromise. Bans on effective encryption are self-defeating.
- collateral damage: US intelligence agencies have a track record of killing innocent people themselves (e.g. drone strikes), supporting murderous governments (CIA in south america), funding terrorism and failing to prosecute the guilty (Iran-contra), use of intelligence for domestic immoral politics (Watergate, FBI vs MLK). Handing over data about your e.g. Chilean users to the CIA may result in them being murdered.
- international hypocrisy: saying that mass surveillance is OK says it's OK for other governments too. Do you support Chinese interception against their adversaries? Are you happy to turn over your entire email history on entering a country?
- finally, I'm going to question how much it does help. The Paris terrorists were known to the police, as was the killer of Lee Rigby. Intercept evidence is generally not used in trials. Nobody is presenting a cache of encrypted emails found on a computer used by the Parisian terrorists and saying "if we'd decrypted this we could have prevented it".
"It fundamentally changes the relationship between people and state." is the most ironclad argument I've heard. Albeit a bit of a cliché these days.
There's some advantage to the tin foil hat, too. It's probably fine for now if you're not Muslim, but if you are then your associations and visited websites could be used to put you somewhere very uncomfortable without a trial. Say if libertarians or socialists or christian conservatives started carrying out attacks, your political and personal affiliations could make life very uncomfortable.
Those arguments often represent a symptom of an underlying belief about "the government". I find that many people view "the government" as this monolithic, do-gooding entity. One useful approach is to redefine it - government isn't a benevolent entity, it's a huge group of people with varying goals and beliefs, who wield lots of power over your life. Do you want those people to have that sort of access?
A conservative friend of mine was really bothered by the recent IRS targeting of conservative groups' applications for tax-exempt status. I think this is a great example of how even our modern day, relatively ethical governments can and do abuse their power and discriminate along political lines - and against a groups you would normally think have some protections higher up.
I’ve worried for years about a terrible and under-appreciated danger of privacy intrusion, which in a recent post I characterized as a chilling effect upon the exercise of ordinary freedoms. When government — or an organization such as your employer, your insurer, etc. — watches you closely, it can be dangerous to deviate from the norm. Even the slightest non-conformity could have serious consequences. I wish that were an exaggeration; let’s explore why it isn’t.
I like to remind people that they do not decide themselves if what they do is ok or not, it's the people interpreting the collected data. In that regard, I read a good illustration (invented I guess): imagine a guy that does to a shop buy an alarm clock, then going to buy a barrel, and after that going to buy chemicals in a third shop. Wouldn't this guy seem suspect from the data collected? It was a teacher preparing a chemistry lesson, buying a barrel to collect rain water in his garden, and replacing his old alarm clock. He might have nothing to hide, but that's not a reason why his acts can't be misinterpreted....
I always found it odd that people seem to consider the national census as an invasive nuisance but have no problem with much more insidious micro-snooping in to their everyday lives. It makes me sad, after they inevitably discontinue it, that there won't be any reliable historical record of families living in the UK.
It's been taken every 10 years, recording the names of occupants since 1841. Access is protected for 100 years to give people a chance to die off. It's the only record you're required to be on in the UK and I don't really have a problem with that.
The fundamental reason is that most people see the state as a protective entity. People don't give their information to someone they don't trust (at least not for free). But they fundamentally trust the government as a whole, even if they may mistrust individual parts of it [1].
This is a hard notion to combat because the government is a protective entity. It's arguably the most important function of any government: protecting its citizens. Even corrupt and dysfunctional governments can still protect their citizens from external threats.
In Western nations, one of the biggest threats to the average citizen, particularly his or her rights, is the government itself. Separation of powers is supposed to keep it in check, but at least in the U.S., the slow and steady increase in the power of the executive branch in the past century combined with technological developments has meant that it now has the potential to exercise tyrannical levels of power over virtually any person or class of person.
People don't need to understand the web or even how the technology of mass surveillance works. Citizens as a whole don't make political decisions based on detailed information anyway. Surveillance reform can only be accomplished by getting a large enough people to distrust the government itself. Skepticism won't be enough--fear of being vulnerable to terrorists (or any of the other usual fears like child pornographers and such) will trump skepticism.
In the U.S., the constitution is a document which gives limited powers to the federal government and justifies each of them. People today generally think of government power in opposite terms: it gets power by default and only has to give it up if that power later proves to be unnecessary. This is the real change that needs to be made, one of mentality not just of laws. The laws will follow if the mentality of the citizenry as a whole changes. The great deal of skepticism that younger Americans show towards government compared to their elders is encouraging, but that will only lead to change in the long run. I'm not sure what the sitution in the UK is like.
The basic problem with the main media narratives surrounding surveillance is that most (but not all) look at mass surveillance by the government and only conclude (correctly) that mass surveillance is bad and that the government better have very good reasons for doing it. Government fearmongering follows, placating the skepticism.
Mass surveillance needs to be seen for what it really is: the signature of an embryonic tyranny. Even if we presently have saint-like politicians who will only use such power for good, our government was set up so that we would not, and indeed should not, need to trust it.
[1] The surveys that regularly show high public disapproval of Congress come to mind.
If they have nothing to hide, why not live with all doors and windows unlocked and wide open, round the clock? Why not permanently leave their keys in the ignition of their vehicles? Why not post their login info on their homepages or walls or whatever?
I tell people nothing is free, and the freer something appears, the greater the inevitable cost. And when the cost involves rights, being innocent while being on the defensive is never ever a fun ordeal.
Your obtrusive and underhanded domestic spying law gets shot down by a democratic procedure?
No problem! Just tack it onto a bill already being considered by the House of Lords and sidestep the whole pesky review process.
Happens in the US all the time, too. It's the very thing that makes the line-item veto so controversial. I want someone to be able to knock down pork (or worse, like this) added to non-related bills, at the last minute, in the middle of the night, with no debate. But do I want that power to always exist?
Edit: happened like 5 times just last month and could have shut down the government. Now Dodd-Frank is all but dead, campaign donation limits are up from $92k to $777k, the EPA is further defunded, and more - all last minute riders with almost zero debate.
The Lords are actually more often known for stopping the passing of bills that sail through Parliament and really, really shouldn't have.
Is this a deliberate attempt by the Lords to sabotage the passing of the main bill, by putting in something they know the coalition partners the Lib Dems already voted down? Seeing who tabled it, maybe not, but we need to be alert that the latest fight for our liberties won't just start at the next election.
One of the lords responsible is Ian Blair, the former Met Police commissioner. The one in charge at the time of the De Menezes shooting. The one who was a close friend of the News of the World at the time all the hacking was going on.
Democracy at work here - an unelected group of bureaucrats, mostly party donors (i.e. people who have bribed government for the privilege of being made a Lord) definitely seem like the right people to be making these calls on liberty and having the ability to change the law.
This could happen in the U.S. as well. Our esteemed politicians and federal police have proposed a new law with exactly the same approach. I disclosed some of these efforts in this 2012 article:
"The FBI general counsel's office has drafted a proposed law...requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly. 'If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding'"http://www.cnet.com/news/fbi-we-need-wiretap-ready-web-sites...
Here's another article from 2006 talking about Rep. Diana DeGette (D-Colorado). She had originally proposed legislation imposing data retention requirements on ISPs, but then wanted to extend it to Facebook, Xanga, MySpace, etc. (to be fair, Rs have made similar proposals):
http://news.cnet.com/Congress-targets-social-networking-site...
I can't easily find the link to another piece I wrote, but DOJ/FBI reps have also talked about including photo-sharing sites. This is in addition to the FBI wanting to force ISPs to keep track of every web site that customers visit (not just IPs assigned):
http://www.cnet.com/news/fbi-wants-records-kept-of-web-sites...
So far these proposals have not become law, meaning that the types of companies well-represented here on HN don't have to keep records of their users' activities for future police access. I've been critical of AT&T/VZ/Comcast/etc. over surveillance here before, but I'll give them credit for this: Those of us working on social/email/etc. startups aren't targeted by all these regulations today because of ISPs' defensive DC efforts over many years. They're doing it because of self-interest, true, but the spillover effect is real.
The west has pursued an industrialisation path that allows for the privatisation of wealth from the commons, along with the criminalisation of commons rights of the public, as well as the externalisation of all true costs. [...] Our entire commercial, diplomatic, and informational systems are now cancerous. - Robert David Steele, The Guardian, 2014-06-19
I hope if something like this gets passed, there will be a massive protest, not just in the streets, but everyone starting to use Tor, TextSecure and other such apps they are most worried about.
Sadly there have been times recently, especially under the Blair government, when the Lords stopped the Commons for doing illiberal things. Including watering down some of the previous surveillance bills.
Obviously it's a system that nobody would design, but the fact that they're still there is more of a symptom of inegalitarianism running deep than a cause of it.
[+] [-] jblok|11 years ago|reply
When I discuss government plans for the internet with non-technical people it worries me even more that they aren't at all concerned about it. I hear arguments like 'I have nothing to hide' and 'If it stops terrorism, why not'.
I try to tell people that they should demand a right to privacy from the state, but I find it hard to not come across as a tin foil hat wearing goverment-skeptic. What arguments do you use with people that don't understand the web all that well to get them to care about this stuff?
[+] [-] pgeorgi|11 years ago|reply
[+] [-] pjc50|11 years ago|reply
Health records privacy is another good one. "Do you think the government should track all your alcohol purchases?"
(I wrote in a previous comment with a US context:
- legal. It's against the law; there are strong 1st and 4th arguments against surveillance, and 5th and 6th amendment arguments as well. Some people have even tried to argue that if encryption is a munition the 2nd amendment applies. The "we could stop bad people" argument applies especially to the 4th.
Similar legal protections exist in Europe, although not generally as strong (article 8).
- practical: either a system is secure or it isn't. Handing it over to anyone increases the risk of compromise. Bans on effective encryption are self-defeating.
- collateral damage: US intelligence agencies have a track record of killing innocent people themselves (e.g. drone strikes), supporting murderous governments (CIA in south america), funding terrorism and failing to prosecute the guilty (Iran-contra), use of intelligence for domestic immoral politics (Watergate, FBI vs MLK). Handing over data about your e.g. Chilean users to the CIA may result in them being murdered.
- international hypocrisy: saying that mass surveillance is OK says it's OK for other governments too. Do you support Chinese interception against their adversaries? Are you happy to turn over your entire email history on entering a country?
- finally, I'm going to question how much it does help. The Paris terrorists were known to the police, as was the killer of Lee Rigby. Intercept evidence is generally not used in trials. Nobody is presenting a cache of encrypted emails found on a computer used by the Parisian terrorists and saying "if we'd decrypted this we could have prevented it".
Edit: see also on HN today https://www.eff.org/deeplinks/2015/01/british-spy-agency-con...
[+] [-] JimmyM|11 years ago|reply
There's some advantage to the tin foil hat, too. It's probably fine for now if you're not Muslim, but if you are then your associations and visited websites could be used to put you somewhere very uncomfortable without a trial. Say if libertarians or socialists or christian conservatives started carrying out attacks, your political and personal affiliations could make life very uncomfortable.
[+] [-] Clanan|11 years ago|reply
[+] [-] flatline|11 years ago|reply
[+] [-] CurtMonash|11 years ago|reply
I’ve worried for years about a terrible and under-appreciated danger of privacy intrusion, which in a recent post I characterized as a chilling effect upon the exercise of ordinary freedoms. When government — or an organization such as your employer, your insurer, etc. — watches you closely, it can be dangerous to deviate from the norm. Even the slightest non-conformity could have serious consequences. I wish that were an exaggeration; let’s explore why it isn’t.
[+] [-] raphinou|11 years ago|reply
[+] [-] nly|11 years ago|reply
It's been taken every 10 years, recording the names of occupants since 1841. Access is protected for 100 years to give people a chance to die off. It's the only record you're required to be on in the UK and I don't really have a problem with that.
[+] [-] SagelyGuru|11 years ago|reply
[+] [-] chrismcb|11 years ago|reply
[+] [-] neuronic|11 years ago|reply
[+] [-] john_b|11 years ago|reply
This is a hard notion to combat because the government is a protective entity. It's arguably the most important function of any government: protecting its citizens. Even corrupt and dysfunctional governments can still protect their citizens from external threats.
In Western nations, one of the biggest threats to the average citizen, particularly his or her rights, is the government itself. Separation of powers is supposed to keep it in check, but at least in the U.S., the slow and steady increase in the power of the executive branch in the past century combined with technological developments has meant that it now has the potential to exercise tyrannical levels of power over virtually any person or class of person.
People don't need to understand the web or even how the technology of mass surveillance works. Citizens as a whole don't make political decisions based on detailed information anyway. Surveillance reform can only be accomplished by getting a large enough people to distrust the government itself. Skepticism won't be enough--fear of being vulnerable to terrorists (or any of the other usual fears like child pornographers and such) will trump skepticism.
In the U.S., the constitution is a document which gives limited powers to the federal government and justifies each of them. People today generally think of government power in opposite terms: it gets power by default and only has to give it up if that power later proves to be unnecessary. This is the real change that needs to be made, one of mentality not just of laws. The laws will follow if the mentality of the citizenry as a whole changes. The great deal of skepticism that younger Americans show towards government compared to their elders is encouraging, but that will only lead to change in the long run. I'm not sure what the sitution in the UK is like.
The basic problem with the main media narratives surrounding surveillance is that most (but not all) look at mass surveillance by the government and only conclude (correctly) that mass surveillance is bad and that the government better have very good reasons for doing it. Government fearmongering follows, placating the skepticism.
Mass surveillance needs to be seen for what it really is: the signature of an embryonic tyranny. Even if we presently have saint-like politicians who will only use such power for good, our government was set up so that we would not, and indeed should not, need to trust it.
[1] The surveys that regularly show high public disapproval of Congress come to mind.
[+] [-] skidoo|11 years ago|reply
I tell people nothing is free, and the freer something appears, the greater the inevitable cost. And when the cost involves rights, being innocent while being on the defensive is never ever a fun ordeal.
[+] [-] tomtoise|11 years ago|reply
[+] [-] themartorana|11 years ago|reply
Edit: happened like 5 times just last month and could have shut down the government. Now Dodd-Frank is all but dead, campaign donation limits are up from $92k to $777k, the EPA is further defunded, and more - all last minute riders with almost zero debate.
http://www.newsweek.com/what-did-congress-sneak-last-minute-...
[+] [-] AlyssaRowan|11 years ago|reply
Is this a deliberate attempt by the Lords to sabotage the passing of the main bill, by putting in something they know the coalition partners the Lib Dems already voted down? Seeing who tabled it, maybe not, but we need to be alert that the latest fight for our liberties won't just start at the next election.
Better make sure the Lib Dems know. Ugh.
[+] [-] pjc50|11 years ago|reply
This guy:
http://www.theguardian.com/politics/2008/aug/20/ian.blair.pr... http://www.theguardian.com/uk-news/2013/aug/26/lord-blair-la...
[+] [-] andy_ppp|11 years ago|reply
[+] [-] declan|11 years ago|reply
"The FBI general counsel's office has drafted a proposed law...requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly. 'If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding'" http://www.cnet.com/news/fbi-we-need-wiretap-ready-web-sites...
Here's another article from 2006 talking about Rep. Diana DeGette (D-Colorado). She had originally proposed legislation imposing data retention requirements on ISPs, but then wanted to extend it to Facebook, Xanga, MySpace, etc. (to be fair, Rs have made similar proposals): http://news.cnet.com/Congress-targets-social-networking-site...
I can't easily find the link to another piece I wrote, but DOJ/FBI reps have also talked about including photo-sharing sites. This is in addition to the FBI wanting to force ISPs to keep track of every web site that customers visit (not just IPs assigned): http://www.cnet.com/news/fbi-wants-records-kept-of-web-sites...
So far these proposals have not become law, meaning that the types of companies well-represented here on HN don't have to keep records of their users' activities for future police access. I've been critical of AT&T/VZ/Comcast/etc. over surveillance here before, but I'll give them credit for this: Those of us working on social/email/etc. startups aren't targeted by all these regulations today because of ISPs' defensive DC efforts over many years. They're doing it because of self-interest, true, but the spillover effect is real.
[+] [-] contingencies|11 years ago|reply
[+] [-] ComputerGuru|11 years ago|reply
[+] [-] disputin|11 years ago|reply
[+] [-] higherpurpose|11 years ago|reply
[+] [-] goombastic|11 years ago|reply
[+] [-] iopq|11 years ago|reply
[+] [-] pjc50|11 years ago|reply
Obviously it's a system that nobody would design, but the fact that they're still there is more of a symptom of inegalitarianism running deep than a cause of it.
[+] [-] SideburnsOfDoom|11 years ago|reply
Why would the House of Lords stop existing? Not changing things is a tradition.
[+] [-] unknown|11 years ago|reply
[deleted]