Government calling for more powers. Why?

There is a lot of disquiet about the changes being proposed to the Regulatory Investigatory Powers Act (RIPA) currently going through the British parliament.

One article that recently appearing online titled "British Spies collecting phone data for 14 years (www.goo.gl/YnBkOC) would imply that they have all the powers they need, whether covered by law or not (why ask if you can do it anyway).

So why does the government need more powers when they don't worry about or use the ones they have today?

Watering down encryption

One part that I have particularly being hearing about is that it proposes to water down encryption. Some people are saying that the new amendments will require organizations to assist in bypassing encryption and therefore weaken encryption protocols.

However, this does not appear to stack up. The act, introduced in 2000 and having gone through four updates, already had the obligation on organizations to hand over decryption keys to law enforcement agencies or face a prison sentence.

The current draft amendments further say "will not impose any additional requirements in relation to encryption over and above the existing obligations in RIPA". So my understanding is nothing has changed here.

The draft also says that Communications Service Providers must retain the "ability to remove any encryption applied" by them. With the understanding that Communications Service Providers are primarily ISPs and Mobile phone providers then this implies that they simply must be able to decrypt messages they have encrypted as part of carrying or providing a communications related service.

So there does not appear to be any changes that I can immediately see.

The real concern

The biggest concern is that the draft changes will introduce new obligations on Communications Service Providers to retain records of activities we undertake online, especially websites visited.

It also calls on them to increase Communication Service Providers ability to collect and store data, some this almost permanently.

So why give them new powers and why force companies to collect and store even more data?

There is not a day that goes by that some company does not leak data most notably is TalkTalk and Vodafone has also had data stolen. These are ISPs and communications provider. If they cannot do what they need to do today to protect our data how can we trust them to protect even more data?

The same arguments

Also this debate has been going on for years and is not new. An interesting article by Schneier in 2007 referred to FBI Director Louis Freech who, in 1993, was using many of the same sort of arguments we hear today for why the government needs these (new) powers. Schneier called them the "Four Horsemen of the Information Apocalypse" which are terrorists, drug dealers, kidnappers and child pornographers.

So feels like the same arguments to continue to attack our privacy and increase opportunities for our private lives and information about us to be stolen, used to impersonate us (identify fraud for example) or to let criminals con us out of our money, especially the old and less technically savy out there who are losing their life savings, their pensions and more importantly their dignity

So why are we giving the government even more powers again?

Schneier, a prominent researcher and writer on security, advocates more investigation and less collecting of even more data. Information about what was about to happen on September 11th was held by law enforcement agencies already but they did not spot it. So maybe they need to spend more time on finding better ways of connecting the dots than trying to collect even more data about us all.

Would these changes have prevented, for example, the recent alleged bombing of the Russian flight from Egypt killing all on board? I do not know but my sense is no.

Let me know your thoughts. Do you agree or have a different take on all of this?

Comments

Popular posts from this blog

Invading neighbours privacy

Outlook tip for Calendar Management

Editing emails... after sending them