The Ecologist

 
Photo: Greg Lilly via Flickr (CC BY-NC).
Photo: Greg Lilly via Flickr (CC BY-NC).
More articles about
Related Articles

An activists' guide to the 'Snooper's Charter' - and what to do about it

Paul Mobbs

12th November 2015

The recently announced Snoopers Charter 2.0 gives the state enormous powers to delve into our lives, writes Paul Mobbs. And all the more so when combined with other data to which the government has access - by simply buying it from commercial providers. If you don't like the idea, it's time to get your systems secure and shrink your digital data trail.

Matching multiple data sources, metadata is a description of the intimate details of your life just like the content of messages. And that is what is available to the police without a warrant or judicial oversight.

The so called 'Snooper's Charter', the draft of which was introduced to Parliament by the Home Secretary on 4th November 2015, has created a media furore.

It may appear to be threatening, anti-democratic and downright repressive, especially if you use digital communications technology as a de-skilled 'consumer' - without questioning how it works or what private information you exchange when using it.

In practice, for those who have a working knowledge of communications technologies - certainly trained terrorists, organised criminals and fraudsters - many aspects of the draft bill are not threatening at all. If you use the technology in a certain way you can, to a certain extent, hide your on-line life from surveillance.

For me the problem with these proposals is not the technology - it is the assumptions which inform government policy, and what they entail for our democracy.

The 'Snooper's Charter' exemplifies Britain's democratic deficit

On polling day last May I gave a talk in Parliament Square on the theme of '800 years of activism'. While waiting around in Parliament Square to start the gig, I approached a man, standing opposite Parliament, who was browsing a smart phone.

I asked him if he'd stolen the phone. He said, defensively, that it was his. In which case, I enquired, in one of the most secure locations in Britain - where all mobile communications are filtered through 'Stingray' base stations to track individual users - what was the point of using a smart phone when wearing a Guy Fawkes mask?

In Britain, since Edward III formed the Order of the Garter in 1348, the motto of our state has been 'honi soit qui mal y pense', or 'evil to him who evil thinks'.

The idea that the state has the right to rule over anyone in this country, and anyone who doesn't like that is highly suspect, has been a core value of British governance for the last six centuries. That is the greater problem here - the technology involved is just a means to achieve that end.

Formalising mass surveillance

Since the 1960s successive governments have sought to increase their powers to stifle civil dissent.

For example, the 'common purpose principle', introduced in the mid-1990s, allows the police and security services to investigate everyone in a movement which may carrying out minor offences as if they were all 'serious organised criminals'. This was this legal justification used to take down the animal rights movement in Britain from the late 1990s - targeting the most innocent members of that movement as if they were the most militant.

This agenda continues today. For example, in the anti-fracking movement, activists are being labelled 'non-violent extremists'.

However, the government's surveillance proposals are something wholly different - and the state is not the only group we should be concerned about.

What is enabling the Government's agenda is the corporate collection and trading of personal data - otherwise these proposals would be unaffordable. And in reality what the 'Charter' enacts is, in some form, already practised by the state. The purpose of the bill is to make these practices retroactively legal:

  • In their launch of the draft bill, the Home Office had to own-up that they've been carrying out bulk data collection since 2001, using secret directives from the Government.

  • Police and security services will be given free reign to hack electronic devices and plant backdoor access mechanisms inside - which actually makes all our data less secure, especially from criminal abuse - extending the recent extension of their powers.

  • While reducing the ability of local authorities to abuse their power to snoop on people, the police can still access people's Internet browsing history without a warrant.

  • Though judicial oversight of intrusive surveillance is being introduced, that isn't going to prevent the widespread snooping of large groups of people because that oversight does not apply to the use of 'metadata'.


Metadata is 'content'

The Government always dismiss the metadata issue. They claim that having data about the communication cannot be considered to be as invasive as actually listening to or reading your communications. And, in isolation, that is pretty much right.

However, what we're taking about with the current proposals is the use of 'metadata in aggregate'. That is, the data produced by many different activities a person engages in during their everyday life. When put together, structured by computer algorithms, metadata becomes content - it becomes uniquely descriptive of a person's lifestyle, political or sexual preferences, their network of friends and associates, and patterns of daily movement and activity.

Matching multiple data sources, metadata is a description of the intimate details of your life just like the content of messages. And that is what is available to the police without a warrant or judicial oversight.

This same data is already used by corporations

Corporations and lobby groups have access to metadata on a commercial basis. It is an essential part of the income stream for services like Google and Facebook. It is used not only to target advertising, but also public relations and lobbying - in some circumstances, to target and counter the work of environmental and other progressive activists.

For example, TransCanada runs the pipelines that carry tar sands oil across Canada and to the USA. When they wanted to build an alternative to the Keystone XL pipeline it employed a US-based 'corporate strategy' company, Edelman, to investigate the potential opposition - targeting local activist groups (note that Edelman is also the organising force behind the industry-funded UK Task Force on Shale Gas).

A key factor in Edelman's strategy was the use of digital media, both to monitor the work of activists and co-ordinate responses to the activists' message. Edelman even produced a digital media strategy detailing how TransCanada should counter activist messages.

How could they do this?

From their US-based data centre Edelman had access to large amounts of data on the work of activist groups. Much of that data will have been legitimately bought from web companies, while more can be easily produced by monitoring activist web sites or social media.

The case is no different in Britain - these practices are happening today.

The business model of free Internet services is that they monetise the value of the personal data people willingly, though unwittingly give when using the service. And while data protection laws might restrict blatant abuses within Europe, companies can circumvent such restrictions by warehousing their data in off-shore subsidiary companies (as was the case when Edelman proposed to house TransCanada's data in the USA).

The 'free' web is based upon monitoring you

It's not a personal thing. You are not necessarily being monitored specifically. But in aggregate with those you work with, your collective digital footprint provides data that certain lobby groups and state security agencies have an interest in.

When the Internet was first used by activists, from the mid-1980s, it was by-and-large via subscription services. When the web came along in the mid-1990s, it was free, largely funded through the companies making paid-for hosting services available. That model imploded during the dot-com crash in 2001.

Next the Internet companies switched to advertising, and that model worked well up until the crash of 2007. Since then pretty much all the major on-line services, especially social media, have survived through selling large amounts of data about their user's habits.

When you download a web page you are also loading lots of 'beacons' from web tracking companies. These log not only the fact you accessed the page, but also data about your location, the machine you're using, as well as data about your recent browsing history.

The web service companies then slice and dice all this data and sell it on to advertisers and lobbying companies - including the likes of lobby/PR companies like Edelman. Governments also buy this data in order to augment their own surveillance capabilities, primarily because it's cheaper than undertaking these operations themselves.

Recently one US lobby group - with close links to the US government, military and political parties - proposed that technology companies should formally be brought into the US intelligence infrastructure because they work more efficiently than state agencies.

People may obsess about state surveillance but, from a purely technical critique, it is routine corporate data collection and data warehousing which provides much of the state's surveillance data.

Mobile communication makes matters worse

Dzhokhar Dudayev was a former Soviet air force general who led the breakaway of the Chechen Republic from Russia. He is also distinguished as being one of the first people to be demonstrably assassinated by his mobile phone - when two Russian laser guided bombs were dropped on the location designated by his mobile signal.

Today 'assassination by mobile' is a policy routinely carried out by the USA in the Middle East, Pakistan and Afghanistan, and by Israel. In Britain, mobile phones are routinely being tracked both for security and surveillance, and even by advertisers looking to pitch geographically-relevant adverts.

Every mobile device has a unique hardware identity (separate from the SIM card with account details) which can be used to track a person's movements. For example, the security services don't have to log who attends meetings any more - they just look to see whose mobile phones have been taken to the same location at the same time.

The Edward Snowden revelations show the extent to which the ubiquitous nature of mobile phone use has enabled a new generation of surveillance. Mobile phones don't just give away your activity at this moment.

For example, if you take a photo the metadata embedded in the picture can log the time, date and location where the image was taken. Publish that picture on-line without removing the metadata and anyone can tell where it came from.

OK, it's all scary - what can you do about it?

Understanding how technology functions entails far more than avoiding having your personal life tracked. Collectively our digital life has a large ecological footprint, with a noticeable effect on energy use and the climate. Simply encrypting all your communications to avoid surveillance will significantly worsen that footprint further.

The main defence we're talking about here is the one that many are unwilling to take - unplugging. It's precisely because digital services are free and/or convenient, that people are lulled into using them. Breaking away from that means changing habits, and that's not easy.

However, there are some straightforward things you can do:

  • Default passwords - Read the manual! Change default passwords on devices the moment you get them. If additional security features can be enabled, do so. Writing down passwords in a secure location is far more secure than not having any password, or not changing a default password.

  • Operating systems - The really big ask, stop using Windows! I'm always amazed that - given there is a free, co-operatively created operating system which is superior to Windows, called Linux - activists use Windows. Old equipment is no problem, as Linux often works better on old rather than new equipment, and it is compatible across all versions of the system. Linux is not only more secure than Windows, because its source code is open it's far harder to plant back-door access into the system.

  • Mobile devices - Turn off the mobile phone (better still, do without it). You can now buy shielded pouches to prevent the phone being able to send/receive signals when it's not in use (just because it looks turned off doesn't mean it is).

  • Metadata - Whether using a phone, computer, camera, etc., turn off geo-location services. If you publish pictures or documents on-line, use a program to scrub the metadata, or set the default values to blank to prevent its source being identified.

  • Unique identifiers - All surveillance requires a unique identifier - credit / debit card number, mobile hardware ID, internet IP addresses, phone numbers, account numbers, loyalty cards, etc. Avoid using these in contexts where you want to have privacy.

  • Inadvertent tracking - Don't use credit and debit cards for payment - take the money from an ATM and pay for things in cash. For example, when you buy a train ticket with a credit card the ticket number is logged with the credit card details. That same ticket (or Oyster Card) number is then logged with the location and time every time you feed it into a ticket barrier.

  • Web browsing - If you want to browse the web for sensitive research, use the Tor Browser. It's slower, because of the process of anonymizing the data takes a little time, but it prevents your unique address being revealed when using web sites.

  • Web searching - In addition to using a more anonymous browser, don't use the aggressively monitored Google search service. Use an anonymized alternative, such as Duckduckgo.

  • Cookies - Turn off the use of cookies on your web browser. These create unique identifiers which are used to track your use of web sites across the 'Net. If some essential sites demand cookies, enable cookies for just that site.

  • Ad blocking - Install an ad-blocking application, such as Ghostery, in your web browser to prevent web analytics companies collecting data about your on-line habits. It also reduces the amount of data downloaded, reducing the ecological impacts and the cost (if you pay for your data)

  • Email - Turn-off HTML formatting in email. HTML formatting allows images and web beacons to track your browsing of email, especially from email lists. Disabling HTML email also reduces the vulnerability of the computer to malware. Also use a quality subscription email service that does not routinely trade data about its users (I recommend GreenNet as they offer a good broadband package too). Or use a free on-line service that builds-in anonymity, such as Tor Mail, or services which do not log usage, such as Riseup.

  • Wifi / Bluetooth - Wireless internet broadcasts your data, allowing it to be intercepted and potentially cracked. Wireless connections use significantly more, sometimes ten times more energy than old-fashioned Ethernet cable connections. Likewise wireless keyboards and other devices broadcast your most secure data - such as passwords - allowing access to your equipment and on-line services if cracked. Turn off the wifi and plug in a cable instead!


Be aware of your technology - and use it wisely

Today, in the age of global corporate mass media, we no longer talk about civil liberties. Instead we talk of 'privacy'. In a world where we are ubiquitously surveilled, talk of democratic rights appears a little twee when you can never really have time on your own, or to share privately with others.

The whole business model of Facebook and others depends upon selling your data to anyone who will pay the going rate for it. For that reason asking them not to monitor you, or share that data, will make little difference.

In the end, we have to realise that digital communications technologies, while easy to use, are essentially a cage of our own making. It is our choice to use certain services, and sign away rights to our data in return for that service, which creates the infrastructure that the 'Snoopers Charter' seeks to utilise.

There's a really easy way to get around this issue - make activism direct. Do it in person, not virtually. And, most importantly, never do it in fear of the state. For if an idea really means that much to you, then why wouldn't you be willing to face the consequences of the actions you carry out to uphold that principle?

 


 

Paul Mobbs is the author of A Practical Guide to Sustainable ICT - available free on-line.

For a fully referenced version of this article goto the FRAW site.

 

Previous Articles...

ECOLOGIST COOKIES

Using this website means you agree to us using simple cookies.

More information here...

 

FOLLOW
THE ECOLOGIST