The draft Investigatory Powers Bill was published at the beginning of November. Its a huge document and the Government promised there would be ample time for scrutiny before MPs start the formal legislative process next year. Unfortunately, some are suggesting it now be rushed through in the wake of the Paris attacks.
That this is being suggested is a concern, because experts are coming forward to explain that the Bill is technically illiterate. Glyn Moody at Ars Technica reports on the testimony of Adrian Kennard, head of the UK Internet Service Provider Andrews & Arnold, who has been delivering internet services, and writing code for those services, for almost two decades. Moody writes:
Kennard’s written evidence is extremely valuable for providing detailed, expert commentary on the Investigatory Powers Bill’s measures. It confirms that the UK government literally does not understand how the Internet works, and that its latest attempt to bring in a Snooper’s Charter is not just dangerous and misguided but fundamentally unworkable.
Adrian Kennard’s letter to the Bill committee [PDF] is quite readable in itself, and exposes many flaws in the Bill.
Not Not Notifying…
One major concern with the draft Investigatory Powers Bill is the requirements placed on ISPs to collect data, and their obligation to keep secret the fact that they are spying on their clients on behalf of the government. I wonder if the Bill, with its technically illiteracy, will allow room for civic-minded ISPs to find a way to be more honest with their customers?
Last week, while down a rabbit hole of followed internet links (we’ve all been there) I came across this innovation, devised by Jessamyn Charity West, a librarian and blogger from the USA.
‘Wired’ described her as ‘on the front lines in battling the USA PATRIOT Act,’ particularly the provisions that allow warrantless searches of library records. The act not only prohibits libraries from notifying the subjects of such searches, it prohibits them from disclosing to the public whether any such searches have been made. In protest, West created a number of notices that libraries can post which she suggests are ‘technically legal.’ One of them, for example, reads: ‘The FBI has not been here. Watch very closely for the removal of this sign.’ The Vermont Library Association provided copies of this sign to every public library in Vermont.
I wonder whether ISPs could provide similar signs to their customers? Alternatively, perhaps I could set up a Dead Man’s Switch arrangement with my ISP, where they agree to send me a monthly message telling me that they have not had any requests for my Internet records. And then, if, one fine morning, the expected message does not arrive… at no point will my ISP have notified me about any invasion of my privacy.