Living with terror: Security or privacy - do we have to choose?
As the threat escalates, David Cameron wants to compel data companies to share their files with the state
We are clueless, let’s face it. Most of us skip innocently through cyberspace like Red Riding Hood in the deep, dark forest, picking flowers in the company of wolves. We stick to the paths we know – Facebook, Twitter, Snapchat and so on – believing that, because they protect our privacy, we will be safe from the evil that may lurk elsewhere.
But now it turns out that the terrorists are hiding among us like the wolf dressed in Granny’s nightgown – at least, according to the Prime Minister.
He says that terrorists like those who carried out the attacks in Paris are increasingly turning away from phone calls, texts and social media in favour of popular online messenger services that lock up all private correspondence using encryption.
So David Cameron wants to bring in a new law that will force the companies concerned to share their electronic keys with the British security services or else face being banned from the country.
He is just back from Washington, energised by the warmth of President Obama, who apparently calls Dave “bro” and regards him as a good friend. They pledged to play cyber war games together to learn how to beat jihadi hackers, but the Prime Minister also wants help in leaning on the internet giants such as Google and Facebook.
“We need to be able, in extremis, to interrupt the contacts between terrorists, whether they are using fixed phones, mobile phones or the internet,” he said. “We need to work with these big companies to make sure we keep people safe.”
But things are not that simple. They never are with Mr Cameron and the internet. His attempts to introduce porn filters have not really worked, and this new crackdown on Snapchat terrorism is not going to start tomorrow, even though the Home Secretary says delay will put lives in danger.
So what exactly is the Prime Minister proposing? Why are the other parties against him? And why can’t we just send in James Bond?
If this were a movie, Bond would be able to follow a terrorist’s every move, tracking his phone signal and hacking into calls and messages. The French were able to do this following the Paris attacks, because they allow complete electronic surveillance. The same tactics seem to have been used on Friday in Belgium, where gunmen were intercepted before their planned killings.
British spies need the permission of the Home Secretary to tap phones and steam envelopes, but in such a case they would have had what they needed. They can also look at records of calls, texts and internet searches, all of which have to be kept for a year by telephone companies and service providers as a result of an Act of Parliament rushed through last year.
This is data such as where and when calls were made and to whom – not what was said, nor any degree of content at all.
The Government is also seeking to add an extra power: the right to match up internet protocol addresses, revealing which site a computer visited and when. This is contained in the Counter-Terrorism and Security Bill, which goes to the committee stage in the House of Lords on Tuesday.
Our spies are officially sunk, though, if the terrorists decide to swap images on Snapchat or trade ideas on WhatsApp, which is owned by Facebook. These, and other services, use algorithms to lock the messages with a code, so that they can be seen only by the sender and the person they are sent to – and the company, which promises not to share that information.
We are told that British spies are being shut out of using such services to track terrorists because they have neither the key to the encryption nor the legal right in this country to ask for it.
Then again, we are also asked to believe that they do not hack their way into the messages anyway. This is despite evidence to the contrary in documents leaked by the whistleblower Edward Snowden, which showed that both the British intelligence gathering unit GCHQ and the National Security Agency in the US spend hundreds of millions of dollars a year trying to access encrypted files.
Snowden’s leaks suggest GCHQ is already doing in secret what the Prime Minister wants it to do in public, and that the new law is actually aimed at making it more convenient, as well as legal. But that is not Mr Cameron’s line.
Speaking the day after last week’s huge march in Paris (in which he stood with world leaders and declared his passion for free speech), he posed a question: “In our country, do we want to allow a means of communication between people which, even in extremis, with a signed warrant from the Home Secretary personally, we cannot read? Up until now, governments of this country have said no.”
If he wins a majority at the next election, Mr Cameron will introduce a new law that “makes sure we do not allow terrorists safe space to communicate with each other”.
The need is urgent, according to the Home Secretary, Theresa May, who says “the capabilities of the people who keep us safe” are diminishing with every day that passes without a new law. “As those capabilities diminish, more people find themselves in danger,” she told the Commons on Wednesday. “And, yes, crimes will go unpunished and innocent lives will be put at risk.”
She has already tried to rectify this once. The new measure is likely to be based on the Draft Communications Data Bill of 2012, which demanded that companies store for a year at a time the records of all emails, social media activity, voice calls online and messages passed during games, by everyone in the country.
Critics called it the Snoopers’ Charter. Technology experts said it was unworkable, because the storage space required would be too vast and the security services would not have the capacity to sift the data, let alone undo encryption.
The Liberal Democrats refused to back the original proposals, which were defeated, and Nick Clegg stated his position again last week: “Let me be really clear, we have every right to invade the privacy of terrorists and those we think want to do us harm – but we should not equate that with invading the privacy of every single person in the UK.”
Senior Conservatives say he can forget about another coalition after the next election unless he is prepared to change his mind. But there is a good chance the issue will not arise, of course.
As for the Labour leader, Ed Miliband, he says he will take a “cautious and considered” approach to any proposed change.
The civil rights campaign group Liberty is firmly opposed to what Mr Cameron wants to do, saying blanket surveillance like that would just create a huge “haystack” of data and make it even more difficult to monitor real suspects properly.
“The Snoopers’ Charter would sacrifice our privacy and our free expression without making us any safer,” said Isabella Sankey, director of policy for Liberty. “It would turn us all into suspects, wasting huge resources monitoring the activity of everyone, man, woman and child in the country. It would make us all less free, but no safer – not much of a trade-off.”
There are several other obvious problems with what Mr Cameron proposes. One is that the French police had all the powers they could possibly want and still could not stop the shootings.
The next is that the security services cannot afford to keep tabs of every terror suspect and so, after a while, those deemed too old or too full of hot air to be a threat are left alone. That is what happened to the Kouachi brothers, who went on to slaughter the staff of Charlie Hebdo.
The third and by far the biggest problem for Mr Cameron is that the companies whose help he needs are unlikely to comply. For one thing, they are mostly based in the US, so making demands is tricky, even with the new transatlantic love-in.
The trouble is that Google, Apple and Facebook are pushing in the opposite direction, working towards offering total privacy and encrypting every message when it leaves the sender, then again when it reaches the recipient.
“The pendulum swung the other way,” says Howard Schmidt, a former cyber security expert for the Obama administration, who believes attitudes changed after Edward Snowden’s revelations. “The American public generally says, ‘Listen, we really want the ability, as a private citizen, not committing any crimes, to be able to encrypt our data.’”
That puts them in conflict with governments on both sides of the Atlantic. Facebook founder Mark Zuckerberg has declared himself “confused and frustrated” by the American security services hacking into encrypted Facebook files. “When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”
In this country, the pendulum is still swinging. Do we want to give our security services everything they need to stop a massacre like Paris happening here? Yes, indeed! Thank you! But do we want the Secret Intelligence Service to have access to our private lives in a way that could make George Orwell’s surveillance nightmare Nineteen Eighty-Four seem like a fairy tale with a happy ending? No way! Boo!
The pendulum may swing decisively one way or another after the election. But in the meantime, most of us have no choice but to go on skipping along our own paths through the forest, ignoring the darkness and its countless, hungry eyes….