HPR1057: OggCamp 2012: Simon Phipps: mini-intro to the CDB

Summary: Be Very Afraid! In this mini-interview Simon gives a quick introduction to the Communications Data Bill, recently introduced to the UK Parliament, which proposes to establish a nation-wide database of all citizens' text and email communications, and explains the problems with the proposals, notably the lack of judicial oversight and the massive potential for mission creep. Transcript: doubi: We're here at OggCamp 2012 at John Moores University in Liverpool and I'm here with Simon Phipps who's going to be giving a talk tomorrow on behalf of the Open Rights Group. Simon, what will your talk be about? Simon Phipps: I'm going to be talking about the Communications Data Bill, which is a piece of legislation that's just about to go through Parliament, and has very worrying consequences for people's civil liberties on the internet. doubi: Right, "Communications Data" maybe doesn't sound like it's to do with people's civil liberties, so what's it all about? Simon: Well, this is a Bill that solves a problem for the security services in the UK, in particular the secret service that we have over here, and the police forces. They're very worried that they can't see what's going on inside your email, and inside your text messaging, and inside your other online communications. They have for a long time been trying to get a succession of governments to put into law rules that allow them to snoop on all of your communications. They tried to do it under [the previous Labour Party government], and it didn't quite work out because there was an outcry in civil society about it, and it's now happening under the Tories and Liberal Democrats. So this is not a partisan issue at all. This is an activity that is arising out of the Cheltenham data centre that is used by the intelligence services and arising out of the police forces, who are all very worried that they can't read your email. doubi: Now, I've heard a little bit about this and I've heard it pitched in terms of, "This is the security services just trying to keep up with changing technology." What do you say to that, because people obviously people are using different forms of communication now; is there anything legitimate in the security services needing to "keep up" with that? Simon: I think it's legitimate for them to need to "keep up" but that is not a good excuse for them to do what they're doing here, because what they're doing is creating a right to ask every internet service provider to keep, for twelve months, all of your traffic on the internet, so they can analyse it off-line. That gives them plenty of time to crack SSH, to crack SSL keys, to crack any encryption that's going on. The big problem is that this right is being created fresh, it's being created without any right for you to know that it's happening, it's being created without any judicial oversight, so that the police can just decide to ask for your material to be created. It's also being created in such a way that should the police choose to they could create a central database of all this information that could then be casually searched. By "casually searched", I mean it could be searched, for example, by organisations enforcing family law disputes, organisations enforcing defaults on mortgage payments, organisations who are looking into whether you have renewed the MOT [annual road-worthiness test] on your car. All of those would be the sort of excuses to go dipping in on a fishing expedition on your perso