The securocrats win again! The securocrats win again!
Last week, as you might have missed and in what was either an example of serendipity, good fortune, or grotesque cynicism, also saw the intelligence agencies come out from the shadows as never before. The Times was given unprecedented access to GCHQ's "doughnut" home in Cheltenham, hacks apparently free to poke around, ask questions and see how there's absolutely nothing to be suspicious about when it comes to our friends intercepting and sifting through bulk data. Not quite as unprecedented but still relatively novel was a further speech by head of MI5 Andrew Parker, again making clear just how we have nothing to fear from his organisation's request for the laws governing his operation to be updated, sentiments reminiscent of his live interview on the Today programme a month previous. This charm offensive, very different to the previous attempt at one which rather fell at the first hurdle when the new head of GCHQ essentially said that the major internet firms were just as bad as the terrorists, has continued up to and including today. Despite GCHQ coming round and smashing up the Guardian's hard drive with the Snowden files on it, the paper has found space for a senior GCHQ officer called "Peter" to correct some unfortunate "myths" that have arisen. He concludes, obligatorily, with a reference to Bletchley Park.
The publication today of the draft Investigatory Powers Bill would never had occurred had it not been for Snowden's revelations, something that Theresa May and the government would rather chew glass than recognise. Then again, it's almost as if Snowden didn't happen anyway. Despite today's bill outlining precisely what GCHQ especially and the security services as a whole were getting up to, as it had to thanks to the government recognising that RIPA was no longer fit for purpose, the change is now everything will be totally above board rather than hidden behind layers of secrecy and obfuscation. The bulk interception via Tempora, the hacking and breaking into of servers and the computers of targets, the gathering, both overt and covert of "bulk personal datasets", it all remains, despite any cautious remarks made by David Anderson in his report. The other innovations are those to oversight, with the creation of a single commissioner to act as reviewer of terrorism legislation and effective spook watchdog, and the "double lock", whereby ministers will need to also have the OK of a "judicial commissioner" to authorise an interception warrant.
Considering the major spin operation that went before the publication of this bill, with myriad leaks and hacks invited in for high-level briefings, just how quickly the new "double lock" has unravelled is something to behold. David Davis and others have realised that rather than it being a case of the "judicial commissioners" reviewing the evidence, as the minister will have before granting permission, all they'll essentially be doing is examining whether the correct protocol has been followed. Barring an alteration, they will be little more than a rubber stamp. This is in line with the Intelligence and Security Committee report and sort of follows the compromise outlined in the RUSI report, but is in contradiction of Anderson who advised full judicial oversight. Now that the bill has finally been published, beyond outlining his role Anderson seems to be taking a step back, leaving parliament to make its decision.
Whether that's entirely wise when Andy Burnham before even seeing the full bill declared that it wasn't a return of the snoopers' charter, wasn't an act authorising mass surveillance is very much open to question. Nick Clegg, who blocked the attempt back in 2012 to ram through this bill's predecessor was also apparently mollified. And indeed, it would be churlish to deny that the government hasn't been forced by the work of Anderson and others to justify exactly what powers it wants and set out its case: the documents published alongside the bill are voluminous, to the point where anyone trying to make sense of them has been all but crushed under the digital weight of all the PDFs.
Key to the most controversial new measure, the requirement for ISPs to retain 12 months worth of data on which sites and services every one of us use, accessible without a warrant to the police, security services and everyone except your local councillor Tom Cobley, is the operational case (PDF). Provided within are examples of just what the authorities are currently unable to do due to their current powers; there is not a single case study provided relating to terrorism. Instead it focuses on the other standard justification, preventing or investigating child sexual exploitation, with a couple of other examples concerning organised crime and fraud tacked on at the end. As the police cannot simply ask Facebook, Google or Twitter on the off chance if the person they are investigating on the basis of the communications data they have obtained under the current laws also used their services, as this would not be "proportional" or meet the current necessity tests, the only alternative seemingly is to get ISPs to retain the IP addresses visited instead.
If it doesn't immediately follow how if the former is not proportional wholesale retention is, the answer fairly obviously is that going through the same hoops is rather tiresome for the police and others. That, and since the Snowden revelations cooperation with overseas based service operators have been grudging at best, it's the obvious recourse: go after the organ grinders, not the monkeys. If it still doesn't make sense that this data will be available to the police without a warrant given the potential for abuse, nor that a whole year's worth of data will be expected to be retained, data that ISPs currently do not retain, then sadly the answer seems to be the point is this is all about the potential for fishing expeditions. Related in the operational case is that of 6025 referrals to the National Centre for Missing and Exploited Children, 14% or 862 could have been taken forward if ICR data had been retained. More pertinent however is that 3470 referrals contained both fixed and dynamic IP data. As it is not clear whether these referrals would also contain the specific time one of these IPs accessed the indecent images in the referral, the government appears to be proposing the police have the capability to go through the whole log for that IP. The potential is there for the police not just to act on that specific referral, but also on any other "illegal" or questionable websites that have been visited. There are plenty of examples of individuals being arrested for one offence, only for that to be dropped and then charges to be brought over "extreme pornography" following searches of seized devices, including in cases where the evidence has been highly questionable or where they were extenuating circumstances.
And then, of course, there's the potential for this cache of data to be misused, abused or hacked. Despite Theresa May claiming the police would not be able to make a request to find out if someone visited a specific website, Adam Banks points out the bill and fact sheets suggest the powers are far broader than that. The analogy made to an itemised phone bill is a nonsense: phone numbers are just that, numbers. We share things with our ISPs that we would have never have done previously with our mere phone provider: the URLs up to the first slash we visit might not reveal entirely our darkest secrets, desires, fears, but they most certainly give more than an inkling. This is the data that the government thinks should be made accessible to state bodies, excluding local authorities, without a warrant. If this isn't a mass surveillance programme, then what on earth would amount to one?
Except, typically, today's new power won't affect the terrorists and the more teched up crims. They'll already be using Tor or other darknets, sat behind proxies or VPNs. That the operational case doesn't mention terrorism is the giveaway: those who really do have something to hide know that the authorities are out to get them and act accordingly. Those caught up will be the curious, the idiots, those who previously would have been detected anyway, if slightly further down the line. Anyone who wasn't aware of what's on the cards now will be, further reducing the efficacy of the new law.
Ministers seem to be relying on how as a nation we have always been far less concerned about privacy and the actions of our intelligence agencies than either the Americans, aware of the scandals involving the FBI and CIA, or the Germans, living with the legacy of the Nazis and then the Stasi. It is Bletchley Park, Alan Turing, Enigma, Bond, rather than Peter Wright, the infiltration of groups on the left, the remaining questions over collusion in Northern Ireland, the refusal until very recently to operate in so much as half light, let alone be as open as the security services can be. As David Allan Green has identified, the strategy has been to try and buy off those most likely to make a fuss. The Wilson doctrine might have been declared illegal, but a judge and the prime minister will have to sign off before any MP can have their communications intercepted. The media meanwhile can be reassured that their sources have been given more protection than has been the case, not that the press other than the usual coalition of Guardian, Independent and FT was likely to say anything in opposition anyway. When it comes to ordinary folk, those with the most to lose from these plans, only the traditional voices, those derided and ignored before, are speaking up. Judicial oversight of warrants might yet be tightened, but the securocrats have played a blinder on everything else. Once again, they've won.