Beware Zombie Legislation

I’m pleased Nick Clegg has blocked the Communications Data Bill, but if we’re to avoid the same zombie bill coming back in the night for our brains we need to fill the vacuum it leaves. I explain more on ComputerWorldUK today.

It Would Be Funny If It Weren’t True

Demand A Proper Consultation

The UK’s Home Office continues to push for maximum surveillance powers with minimum accountability in the latest adjustments to the Communications Data Bill. I decided to find out just how much consultation with non-corporates there had been before the Bill was introduced originally.

See the FOI request I placed and the response I received – there were a total of four, and no meetings worth keeping records of the content were held.  Although the Parliamentary Joint Select Committee said consultation with civil society organisations was needed, by all accounts the meetings since then have been worthless too, with just notification and talk rather than true consultation. One small note for any BCS members listening to their claims they represent you; they are not listed in the response.

Open Rights Group now has a form for citizens to ask for a proper consultation to be held. They would welcome both individuals and organisations completing the form to show demand for a proper consultation.

CDB: Not Dead Yet

The Communications Data Bill may have come under heavy fire in Parliament, but it’s not dead yet – and it’s already cost us a fortune even without becoming law. Read more in ComputerWorldUK.

CDB Not Fit For Purpose

I felt the report from the UK’s Joint Select Committee investigating the draft Communications Data Bill (CDB) needed a tl;dr summary, so wrote one in ComputerWorldUK today.

Triangulation And Butter

Supermarket butterWhy should we care about protecting small items of personal data, such as our date of birth, parents’ names, post code and so on? Why does it matter when we’re asked for them by someone with no need to know them? What does it have to do with delicious butter?

The reason is those small piece of personal information can be used for triangulation. What does that mean? Here’s a (currently completely fictional) example to explain, taken from my presentation about the Communications Data Bill.

At some time in the near future, you are at the checkout in Safeway. They scan the stick of butter you want to buy, and then you hand over your Club Card and payment. The assistant looks at the screen, then reaches for the voucher printer and pulls a form from it.  He places it on the counter and gives you a pen. “Here, sign this.” You look at it in surprise. It is a liability waiver, with your name at the top. The text says “as someone potentially at risk from cholesterol issues, I absolve Safeway of all responsibility for my butter purchase”.

How did this happen? Safeway don’t know your health status; they just know it’s in their interested to get that waiver signed. Their insurance company has used your name and address from your Club Card account like a “shared key” to identify your health records, past purchases at other stores and other information about you. As a result of the data it discovered, a heuristic that’s been trained to identify people who might pose a risk of litigation against the company has flagged you to Safeway as waiver candidate. They get a discount on their liability insurance if they get waivers from all flagged customers, hence the waiver form. It’s not to protect me; it’s to protect them.

This is triangulation. No individual data item discloses private information I care about, but gathered together it can be used without my consent and against my interests. This is why the least authority principle should inform us everywhere in our lives, why we should support data protection laws and especially why we should resist the Communications Data Bill.

CDB: Not Dead Yet

tl;dr: This zombie bill no politician seems able to kill is a pandora’s box that will lead to a public panopticon.  

Since it’s still very much in play at the moment  I was invited to represent the Open Rights Group (together with Big Brother Watch) at a discussion of the pending Communications Data Bill (CDB) at the South-Central Liberal Democrat Regional Conference today.

My main point was that the Bill creates an unprecedented resource for the security services to “go fishing” in everyone’s private affairs. “Communications Data” means “everything that’s not the message” for every kind of internet use (e-mail, instant messaging, voice communication, streaming and so on), and collecting all of it from everyone in Britain on a rolling 12-month basis (with some information held indefinitely) offers a massive pool in which to use heuristics to pattern match answers to open questions.

Whatever boundaries may be placed on it now, it’s certain that its scope will creep once created, pushed one notch towards the public panopticon every time another panic-keyword-crisis occurs. Allowing CDB to proceed would be an enormous error and the thin end of a wedge that will permanently remove the assumption of privacy from all of us.

Here are the slides I used:

You can also find them at Speakerdeck; sadly, WordPress.Com doesn’t allow me to embed slides from that system, which I prefer. Let’s hope the Lib-Dems take this seriously and don’t treat it as another gaming chip like they did university fees…

%d bloggers like this: