How to end a democracy in just eight days

We had a span of eight days from announcement to parliamentary approval for UK’s Data Retention and Investigatory Powers (aka #Drip on Twitter). It’s now the law of the land, or whatever constitutes United Kingdom borders in telecommunications.

This is how liberty dies. Not with thunderous applause, but rather something on the order of less than 20 members of parliament bothering to stick around for a debate about it. (Skip to the end, to see what’s to be done.)

This was the height of the action during the debate over instant government access to your private communications. No cloaks of invisibility were used, it was reported.

What DRIP does: It mandates that service providers keep records and copies of your communications, and allows police or other government agencies access to them. This would be your phone calls, mobile texts, Facebook chats, emails, Skype calls, etc. If you do it with buttons and a screen, then anyone who answers to Theresa May gets BCCed. This happens before a warrant is needed. Before any guilt of a crime is alleged. It’s automatic and all the time to both British and non-British citizens.

If you think this is only about people “with something to hide” then you’re not thinking. Do you have curtains over your window? Do you have a pass code for your online banking? Do you trade family pictures of your children with other members of your family? When a stranger accesses these things, does it really matter if they work for GCHQ or not? The chances of your private information being misused doubles each time its copied onto a different system. Where is your data, really?

It was passed as emergency legislation. Were terrorists and paedophiles threatening to launch a joint attack on Hamleys? No. Is it Syria? No, people are going there to become militants, not here. What’s the emergency? The European Court of Justice ruled against it. Yes, it’s illegal for a European Union member government to require that service providers store customer data and surrender it on demand. How do you feel about being in the EU now?

In our post-Snowden world, a few ISPs are tepidly starting to baulk. Now there’s a court ruling to help them resist. That’s a huge emergency for the likes of the NSA and its intern, GCHQ.

What about when the threats are over? They’re never finished. We’re told this is a temporary measure. MPs like the Liberal Democrats’ own Julian Huppert  enthuse that DRIP will automatically expire at the close of 2016. It will also automatically be extended by a vote of parliament, as easy as they vote on their own pay raises.  Governments seldom reduce their own authority willingly; the tendency is to expand control.

It’s not unusual. Earlier this month in the U.S., President Obama’s appointed panel on mass surveillance gave the practices a civil liberties thumbs up. DRIP is keeping with the British government’s tradition of repeating what Washington D.C. does within a fortnight.  But these countries are far from alone.

Read John Schindler’s #EverybodyDoesSIGINT Twitter stream from earlier this week. Mass data collection policies and practices in India, China, Canada, North Korea, Austria, Iran, Russia, Israel, Cuba, France, etc. are all quite similar; invasiveness is kept in check by budget and capacity rather than a respect for citizens’ rights. Beating UK to making the U.S. happy by a week, Mexico passed an almost identical law.

People may be accustomed to the notion that North Korea or Iran would be spying on their own people, but the digital surveillance structures used in those countries is not so different from GCHQ, except that in the UK it’s more sophisticated… though still lagging behind in the overt displays of repression. On a long enough timeline, though, who’s to say what’s in store.

What’s it about? The first thing to remember is that this isn’t about safety, or security, at least for a population. Mass data collection is horrible at that.  It is about control, though not that kind. It’s about having data and access to it. It’s not about finding needles in haystacks as the old refrain went, but about being able to scrutinize and interrogate the hay. This is useful when you’re having a lot of social and economic problems that cause increased social unrest.

What’s to be done? Vote, sue, encrypt, repeat.

1) VOTE: I don’t hold much hope for political solutions, because politics is about power, which is about control and that’s what mass surveillance provides. Still, why not vote for candidates friendly to civil liberties and human rights and opposed to sweeping mass surveillance?  See what happens, I guess.

2) SUE: I’ve got moderately higher hopes for legal solutions, because the mechanism is still somewhat in citizens’ favour. Support Open Rights Group’s lawsuit against the UK government over DRIP.

3) ENCRYPT: For technology and habits, we’re in an area of haves and have-nots. Not everyone has the luxury of money or time or access to take the measures best suited for themselves. Good VPN costs money. Even the best free open source privacy software requires the time and awareness to learn and the dosh to afford the technology to run it on.  That said:

  • As much as possible, use internet services based in privacy-friendly countries such as Iceland.
  • When you access those services from UK, use strong proxy services like Tor or a good VPN.
  • Check out the Tails operating system, and novel uses of Tor, like Onionshare, to post a document to someone without it being nabbed by monitors in-between.
  • Use end-to-end encryption for communication in emails, chat and (to the extent possible) VOIP.
  • Use open source software that does the encryption on the client side (your machine).
  • Run Tor exit nodes and help make the system faster.
  • Attend and organise Cryptoparties to pass the knowledge on.
  • Support projects that enable whistle blowers and leaks in the public’s interest.

Make it more costly to see what you’re doing, and more problematic to hide what they’re doing. That’s how you protest.

Experiments in modern living