If you're in the UK then you should contact your MP about this to let them know what you think. And you need to do it now - the vote is on Monday.
Perhaps if they realise what people think about this they might reconsider.
I never know what tone to take with writing letters to MPs. I don't want to waste a load of time on polite and subtly persuasive when they might be more influenced by the generic "angry voter". Equally, if I received some angry voter letter, I'd be inclined to vote against them just because I don't like angry people.
This time I think I went too angry, because last time I think I was too polite:
Dear MP,
I sincerely hope you will be voting against the ridiculous "Emergency phone and internet data storage law" on Monday. Blanket surveillance of millions of innocent civilians is short sighted, reckless and dangerous. I am well aware that the excuse is to prevent terrorism, but is there any evidence at all that it will be key in terrorism prevention? We seem to be doing a pretty good job of preventing terrorism already, and any extra (possibly non existent) benefit this may bring is certainly not worth the MASSIVE loss of liberty of the people.
I am disgusted and horrified that so many intelligent people in Westminster are so short sighted to think that surveillance, with is horrific brutal history, is going to "work this time".
I hope you will be voting against the emergency legislation being forced through parliament on Monday to make phone and internet companies log all information.
As a software professional with over a decade's experience in the industry, I can tell you that logging all such data in this manner is not just an obvious abuse of UK citizen's rights, and most likely of citizens of other countries - it is also dangerous in it's own right.
Specific questions need to be answered before any kind of mass storage of information such as this can take place. Things such as:
- which "named" people will be responsible for collating
this data at which companies?
- where will this data be stored?
- what are the security arrangements around this?
- what are the repercussions for breaches of security?
... to name a few.
Do not just assume that these questions have all been answered by the appropriate "techy", it is YOUR responsiblity to ask these questions and vote against any policy that does not provide appropriate answers.
I quote the following examples of cases where proper consideration was not taken. These are from my personal experiences:
- finding my National Insurance number and name in an "anonymised" freely available government dataset. And the NI of a friend.
- working at a large blue chip company that required me to be escorted in and out of the server room and taken to a specific server, only for the person doing the escorting to get bored and prop the door open with some wood and say, "don't tell anyone".
- being given elevated priviledges to a network simply to "get something done". (This one happens more than you'd think).
- being asked for information for a security check by the Police only for the email to include private information such as the requester's ID code.
>We seem to be doing a pretty good job of preventing terrorism already //
The problem I see with your letter is that it may well be assumed [by your MP] that this law is merely codifying current covert practices in order to be able to force parties who have perhaps recently reneged on past agreements to allow "monitoring". In that case your statement makes a tacit approval of such codification.
Also, we mortals don't necessarily have inside information of the current surveillance that is working, and so appealing to [recent] history can again seem to be an appeal founded on successful covert surveillance.
in order to be able to force parties who have perhaps recently reneged on past agreements to allow "monitoring"
I'm not clear what this refers to?
inside information of the current surveillance that is working
This is a serious problem with the whole thing. It's very difficult to bring under democratic control because it's not public. There are a few convictions, but overall we have no idea how real the threat is. Some of us fear we're being sold the proverbial tiger-repelling rock.
Then there's the abuses. Mostly these come out thirty years later, but there are currently questions of torture, of feeding data to the drone strike programme, of targeting nonviolent left wing protestors, etc.
Then there's the apparent failure to prosecute serious crimes by members of the establishment, of which the latest is the alleged missing paedophile dossier that passed across Leon Brittan's desk.
I'm not sure most MPs give a shit about this. From experience, having written to a few over similar issues going back to the original RIPA, a blanket "there there terrorism bad m'kay" reply is about all you'll get back.
The only chance for a resolution is to vote a minority party in with a decent privacy manifesto and hope the hell they stick to it.
Unfortunately any chance of a change to our ward based voting scam is at the mercy of the majority populous of moronic slop thoroughly invested in "anyone different is bad" and "support our boys in their imperialist rampage" driven by the community hate machines of the Sun and the Daily Mail[1], so we're fucked.
[1] I've tamed this down from some of the horrific things I've seen posted on Facebook which make me very embarrassed to be associated to this nation. The same people moaning about extremism, then within 2 minutes calling for the heads of everyone to be removed. Actually perhaps this is why we need surveillance. Should I support the bill because everyone has gone batshit? It's utterly sickening.
Put down the "corporations" outrage and realise that this is a case in which the "corporations" are on the losing side: ISPs obliged to retain data at their own expense in order to satisfy law enforcement.
Elections still work provided that you can get people to agree with you. It's an uphill struggle on complex issues but it's far better than a violent alternative.
You're looking at the wrong corporations. ISPs are fairly small game in the corporate hierarchy. They've become low ranking gatekeepers unexpectedly which is why they're targeted.
What you need to look at is high finance, defence and global infrastructure corporations.
I'd be a noisy activist but I'd rather subvert the system silently and educate my children to be ethical, upstanding and to quietly have zero respect for implied authority. Better a grey man[1] than a dead man walking.
[1] from the survivalist wingnuts, but a valid philosophy: "Grey man - an individual who possesses the skills, ability and intent to blend into any situation or surrounding without standing out, concealing his or her true skills, ability, and intent from others."
By all means write to your MP, call me a pessimist but I doubt it will do much good. This government has shown no interest in listening to what the public think. We as a nation are expending all peaceful means of discourse (letters, petitions, protests, marches) on a range of topics like the sell-off of the NHS, real-terms pay cuts for public sector workers, cuts to vital services and critical welfare; and the result is no change. Even in the face of incontrovertible evidence and testimony from legions of industry experts (from all political leanings) does not sway whatever agenda the current government have.
Personally I have written to my MP several times in several different constituencies only to receive back the same cookie cutter party line on the subject and addresses none of the valid concerns I raise, I hear this same from others about their MPs.
It depends a lot on who your MP is. If your MP is in a safe seat (a little under two thirds of them), they have no reason to do any more than post back the party response. If your MP is a government minister, they cannot do any more than this on any national issue which is outside their personal portfolio.
If you live in a contested constituency and your MP is not a minister, you are likely to receive a more substantive response. However you should not expect them to have access to a subject-matter expert; an MP is one person with a staff of around four or five office workers.
This bill[1] is of direct interest to non-UK people, because it 'clarifies' that the requests to intercept or for communications metadata are enforceable on companies outside the UK, and on ""internet based services, such as webmail" [2, paras 27,71].
Giving a speech to the House of Commons today, the UK Home Secretary, Theresa May, made it clear that, in her view, the powers in the new legislation are still inadequate — saying they “will not tackle the wider problem of declining communications data capability” – bringing back the specter of a more wide-ranging ‘Snoopers’ Charter’ being introduced by a future Tory government.
Look forward to the argument "this bill just lets the security services keep doing what they're already doing" when this bill has to be renewed after the sunset date.
Even during an interview on BBC Radio 4 on Wednesday evening a government minister slipped in that the government need to keep an eye on catching paedophiles and serious organised crime. So this clearly isn't just for an immediate terrorist threat, they're just going through all the legislation that's been going a bit stale and rushing it through whilst the opinion polls don't really matter and all under false pretences or half truths.
It's not even for paedophiles or serious organised crime either. As with all other new police capabilities, 90% of this will be used for the drug war and the remainder is split between a bunch of lowlevel crimes such as theft or harassment .
There is data from Austrias data retention laws here:
So, is your contention that because data was only used to catch regular criminals - drug dealers, robbers, stalkers, fraudsters and the like - that we should find that a bad thing.
It's just prima facie it sounds quite good to me that criminals who might not have otherwise been convicted or discovered in their actions can now be so. All at the cost of the police knowing what my ISP [and GCHQ] knows about me already.
I really don't care to have this conversation right now. It's been discussed over and over, and the feigned ignorance is insulting.
The point here is that if you are going to use this to catch petty criminals, you have to market it as such to the public. Instead, we have politicians conjuring up the image of imminent terrorist attacks and national security. It is a simple lie.
Don't start a conversation and then say you don't want to talk about it, just don't join in.
I'm not now expecting an answer but your second para sounds like you only have a problem with the fact that the use of the data isn't explicitly laid out in advance. Even if it's set up to combat terrorism and other crimes being noticed are a side-effect; you'd be happy as long as it's mentioned that other crimes discovered will also be prosecuted?
Your comment sold such police powers well, I'd imagine most of the electorate reading that using this technology has and will continue to catch the perpetrators of the crimes you list would find it positive. Other than expanding the people that know inane trivia about me I find it hard to see what liberties are really given up.
Problem is, the law is being rushed in without checking or debate because of the stated purpose, however it would benefit from a debate if it being used for other purposes. That's the lie.
As I understand it this law (passed or not) makes no difference to GCHQ who are probably collecting as much of this data as they can; and have exemptions written into existing laws; and etc etc.
Yes, this is separate from whatever GCHQ are doing.
GCHQ are (I assume) intercepting data out in the wild wherever they can then storing and analysing that themselves. This is apparently covered under other laws, but certainly isn't affected by this.
This law, and the one it's replacing, is about obligations on phone companies and ISPs to retain traffic data themselves. This data can then be used by the police and other agencies when they need it.
I wouldn't be surprised if GCHQ had access to this but I doubt that it makes a big difference to their capabilities. I'd expect that they can do far more than this regardless.
Mmm... no, I don't actually think GCHQ trust the Plods anywhere near that much (i.e. they are not cleared for relevant SCI; usually not even TS, just C or S!). If they do (and they might, these are just my impressions) I'd be quite surprised.
The NSA definitely work closely, frequently and directly with the FBI, DEA, CIA, and many other US Government agencies, especially since 9/11 and all that "fusion center" business. We know that. They're quite proud about it.
But the old boys from Cheltenham are very conservative indeed, and though they work frequently with The Security Service (MI5) and the Secret Intelligence Service (MI6), I think they rely on the intelligence agencies to do liaison with any law enforcement (notably MI5 with certain branches of the Metropolitan Police) and that only happens in pretty rare cases, nearly all of which are espionage-related or terrorism cases that I'm aware of (drugs are considered a Police problem, not an MI5 problem - we have no DEA analogue).
It's nowhere near as connected as you have over there, and that's for cultural/service-rivalry reasons as well as operational (budgetary? They're not as flush with cash as NSA are) and trust ones.
The Police and their powers under RIPA are more often on their own with that kind of thing. That's why the Government is pushing the whole emergency data retention thing - those powers are more frequently used by law enforcement (but RIPA doesn't really affect GCHQ at all).
I don't think the new "National Crime Agency" has actually changed that setup much, if at all; GCHQ seem to hold them in low regard. Old boys versus new pups, and all that.
4 Extra-territoriality in Part 1 of RIPA
(1) Part 1 of the Regulation of Investigatory Powers Act 2000
(communications) is amended as follows.
(2) In section 11 (implementation of interception warrants), after
subsection (2) insert –
- (2A) A copy of a warrant may be served under subsection (2) on a person
outside the United Kingdom (and may relate to conduct outside the
United Kingdom).
(3) In subsection (4) of that section, after "that person" insert
"(whether or not the person is in the United Kingdom)".
(5) In subsection (8) of that section, after "enforceable" insert
"(including in the case of a person outside the United Kingdom)".
(6) In section 12 (maintenance of interception capability), after subsection
(3) insert –
- (3A) An obligation may be imposed in accordance with an order under
this section on, and a notice under subsection (2) given to,
persons outside the United Kingdom (and may be so imposed or
given in relation to conduct outside the United Kingdom).
I did some snipping to get rid of admin stuff, but those terms extend the authority of the UK home secretary to give him jurisdiction on ordering wiretapping outside of the UK. Section 11 of RIPA is about wiretaps, section 12 is about ensuring the ability to have wiretaps.
If this passes, the following will be law in the UK:
(4) Where a copy of an interception warrant has been served by or on behalf
of the person to whom it is addressed on—
(a) a person who provides a postal service,
(b) a person who provides a public telecommunications service, or
(c) a person not falling within paragraph (b) who has control of the
whole or any part of a telecommunication system located wholly or
partly in the United Kingdom,it shall (subject to subsection (5))
be the duty of that person (whether or not the person is in the
United Kingdom) to take all such steps for giving effect to the
warrant as are notified to him by or on behalf of the person to
whom the warrant is addressed.
(8) A person’s duty under subsection (4) to take steps for giving effect to
a warrant shall be enforceable (including in the case of a person
outside the United Kingdom) by civil proceedings by the Secretary of
State for an injunction, or for specific performance of a statutory duty
under section 45 of the Court of Session Act 1988, or for any other
appropriate relief.
To put it plainly, this act, if it passes, will allow the UK to seek civil redress against companies that have no link to the United Kingdom if they refuse to spy on their users, so long as they can argue that some part of the communications system is in the UK. To me, that reads like it will be valid if there are users in the UK.
> To me, that reads like it will be valid if there are users in the UK.
There's even better: applying it if the company's packets ever transit through the UK (since that means "[some] part of a telecommunication system partly in the United Kingdom").
And IIRC it just happens that most of the backbone capacity between US and EU goes through the UK.
Yeah, there's a clever trick hidden in there. You can be liable if you control part of a system that is partially located in the UK. It doesn't actually say you have to control the part located in the UK.
>will allow the UK to seek civil redress against companies that have no link to the United Kingdom //
No, not "no link" as you assert. Instead the S8 you quote says they must have whole or partial control of a telecoms system located at least partially in the UK. [There's clearly no point in having powers over those who don't control the system as they're useless in getting information/control from that system.]
It's right that a company acting in the UK - eg offering a service to users, those users being in the UK - should come under UK law IMO, that's sovereignty.
I'm not comment on the other aspects only the jurisdiction aspect here.
offering a service to users, those users being in the UK should come under UK law
This is an attractively simple but terrible line of thinking. It implies that everyone is e.g. obliged either to block Chinese users or obey Chinese censorship (and infosurveillance) law.
Global jurisdiction is bad enough when it's just the US. If every country's jurisdiction extends to every website, that's a disaster. It's entirely possible for countries to have laws that are completely incompatible: http://blogs.msdn.com/b/oldnewthing/archive/2003/08/22/54679...
I actually don't have a problem with those things mentioned in the MSDN article. If you want to do business in different countries I think you should expect to make some effort to abide by the laws and customs of those countries. If India, for example, want to block your software because it shows a particular border then why should "but we made it in USA" make any difference at all - India is a democratic sovereign nation, no?
A mere informational website? Well it's a problem, if you simply off-shore a news server to by-pass reporting restrictions and such that clearly makes a mockery of the legal system and those it's seeking to protect. To me it's fine to serve up that news if you don't undergo business in the country in which the legal blocks have been put in place.
If you expect anyone to abide by any laws online then how are you going to square this except by user origin, where the actions become realised.
There's an interesting way of interpreting the definitions here.
See (4)(b) in the parent comment, where it says "a person who provides a public telecommunications service"?
The definition of "public telecommunications service" is found in s2(1) of RIPA. Selected elements are cut'n'pasted below:
"public telecommunications service" means any telecommunications service which is offered or provided to, or to a substantial section of, the public in any one or more parts of the United Kingdom";
"telecommunications service" means any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service) [amended by this new Bill to include] "any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system"
"telecommunication system" means any system (including the apparatus comprised in it) which exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy.
IANAL, but the inclusion "or elsewhere" in that last paragraph suggests to me that it doesn't matter where the system is based.
I'm imagining that the use case scenario for this would be where the UK authorities have identified a terrorist suspect who they think might be communicating with his fellow terrorists via an SSL-enabled website (for the sake of argument, let's call it PuffinParty.com) that's based overseas, with no offices, employees or other presence in the UK. The terrorist suspect's laptop has rock-solid security, preventing endpoint interception and/or a MITM attack.
Let's say PuffinParty.com, like most websites, offers its services to anyone with a valid credit card - i.e. it offers a service to the public in the United Kingdom. That makes it a "public telecommunications service".
Let's say PuffinParty.com users can send private messages to one another. That makes it a "telecommunications service" and its back-end is a "telecommunications system".
So, it looks like this law would allow the UK authorities to serve an interception warrant on PuffinParty.com's CEO. If the CEO ignores the warrant, the Secretary of State could seek an injunction. If the CEO ignored the injunction, that could presumably result in him being held in "contempt of court", leading to the issuance of a warrant for his arrest, which could be exercised the next time they visit or pass through the UK?
I'm always a fan of "emergency powers" that infringe on the public's rights because they are "necessary" for "public safety". I'm sure the expiration time and a powerless oversight board will make all the difference, especially if you put a bunch of people on it that totally agree that the government have access to all things. No way this could ever lead to abuse. This is how the star power game is played[1].
> Prime Minister David Cameron and his Lib Dem Deputy Prime Minister Nick Clegg will tell a special cabinet meeting on Thursday that emergency legislation is necessary to keep the country safe.
The truth of course it that lots of MPs do understand how people interpret this kind of thing. Truth is, most MPs are intelligent, reasonable people. Sadly they are often judged for the actions of the few reprehensible MPs that more often than not make it to the front benches.
Pedophiles; radicals; criminals; terrorists; industrial, military and state criminal exploitation of communications networks, espionage organised criminal gangs; the threat from all sorts of criminals whose work is made easier by cyber-technology. (Theresa May) [1]
Basically, everything, because of how broad the act is.
From the BBC's coverage of the announcement yesterday: "PM asks if we want paedophiles and extremists to communicate without it being possible to intercept communications".
I read that the EU ruled a similar EU wide law unlawful recently. Can they not do the same here? I always thought that although the UK can make it's own laws it couldn't override EU rulings.
That's why this law is being brought in. It's not an overnight thing to invalidate a law, if they change it slightly they get another period of doing evil until they're ordered to stop again.
It may be slightly more clever than that. David Allen Green suggests[1] that this moves the legislation so that it is directly implemented by UK law rather than as a result of an EU law.
This means that the current court ruling wouldn't apply and that it would be almost impossible to mount a similar court challenge in future.
He's not to my reading saying it would be 'almost impossible' to mount a similar challenge in the future.
The "DRIP Bill" (thanks, that's a great term) is fairly obviously taking the piss with the ECJ ruling, considering it contains a big slice of the "Snoopers' Charter" and is going in exactly the wrong direction.
It would, however, require a new legal challenge to the Supreme Court or the ECJ/ECHR to fight this, and they probably think that will take somewhat longer than 2 years, 2 years during which they get more retention, after which they'll probably either renew it or change it a bit again, probably for the worse because some of the Tories like Theresa May and Cameron don't even think this went far enough (wtf?!), and reset the clock again... maybe I'm being cynical, but I think my cynicism is well-earned here.
It's not, really. The question as to whether something is legal if the EU says it isn't but the UK says it is is not entirely clear even given Factortame.
The law itself contains a signifigant expansion of the powers, in particular imposing legal obligations on non-UK persons and also allowing the Secretary of State to write new regulations and statutory instruments.
> "[E]mergency legislation is necessary to keep the country safe"
After the number of times US and UK spy agencies have been caught red-handed, do people really still buy this? Because that'd be the saddest part of all.
Also, to be fair, if you're an average white guy who doesn't get involved in politics, you're not likely to have surveillance used against you. It's a police state in potential, a "fleet in being" that has not put to sea.
The country where 1984 was written seems determined to make it factual history. Once a government decides it's fine and dandy to spy on its own (and others) it's unlikely to ever go backwards.
It is completely different to the CDB; this is a rewrite of a law that already existed and which was successfully challenged in the ECJ. The rewrite is supposed to fix the issues raised by the ECJ; whether it actually does is unclear, but it is likely to place the law beyond the jurisdiction of the ECJ.
Contacting your MP is easy using https://www.writetothem.com/ or the dedicated anti-DRIP page at ORG https://www.openrightsgroup.org/campaigns/no-emergency-stop-...