Digital Britain requires encryption
Technology seems to mean political capital nowadays. Seemingly, if a politician talks about how a country’s digital infrastructure should be improved, or is heard of to be using a popular gadget or site, their popularity goes up. Obama had his BlackBerry, a few years back, HM Elizabeth II had her iPod, and more recently the British Government have been pushing into the idea of Digital Britain.
As well as being a paper produced a few weeks back (I might talk more about that in another post – there are some grumbles there), there are also the initiatives behind the legislative body to bring the UK’s woeful IT law up to scratch. Currently, forays into copyright infringement get charged as spurious items such as ‘Conspiracy to Defraud the Music Industry’. Forays into hacking get charged on the horrendously outdated Computer Misuse Act 1980. This needs to change. The entire idea of a risk society is that the law will, more often than not, be behind current affairs. This far behind is plain unacceptable.
But of course, when it comes to the limited budget of time for legislating for technology, the top priority is surveillance. The same thing happened back in 2000 when everyone realised that any company above man-in-van couldn’t be a real company without a website, and that over half the 16-50 population had access to at least dial-up. Back then, they only got as far as the Regulation of Investigatory Powers Act before more pressing (oppressing?) matters became more important. This act stated that any company with internal e-mail must retain it for a period of time in case the authorities want a nose through it, and other such draconian measures.
This time round, it’s the Communications Data Act. There’s an element here, as I recall, about making sure we comply with European minimum surveillance-ability requirements as laid out by the Data Retention Directive. But there’s more. the DRD only requires that providers supply, effectively:
- From who?
- To who?
- When?
- How?
It’s that last one that’s important. We’re not talking just phonecalls in surveillance any more. We’re talking about e-mails. And these communication logs have to be held for 6-24 months for the investigation of, and prosecution of serious crimes.
The Communications Data Act wanted to do more. Jacqui Smith has even gone so far as to delay the Bill in parliament so that she can find out how much she can get away with. She wants providers to retain a full log of pretty much everything. Phorm was bad. This is worse. Mrs Smith (that’s not a gender slight – I just don’t like how she spells Jackie) wants to record the lot. Everything you do online. It’ll be retained for the same period and used for the same means as the DRD, only there’ll be a lot more there about you. Assume for a moment that Jacqui went missing tomorrow – a quick scrape would bring me up as a suspect based on my published opinions, albeit a low-priority one. And that’s just plain wrong.
I’m not just grumbling about this from a personal perspective either. The old “I’m innocent so I have nothing to fear” can alleviate the worry slightly. More worrying is the sheer amount of information being stored and the administration cost behind capturing, storing, and indexing my pointless e-mails about going to the pub, and my Amazon shopping habits. I’d prefer to see that amount of money being spent on alleviating poverty.
If this comes in, someone’s going to make an absolute killing as the first provider to be able to offer affordable SSH / VPN with decent throughput. Count me in. Digital Britain requires encryption to dissuade the paranoid from wasting money on such rediculous exploits.
Update 03/06/09: Jacqui Smith has resigned from the cabinet. There’s a good chance this plan will go with her. If and when there’s more, I’ll update again…