Where do I start? This blog post has been simmering within me for ages, but I’m finally writing the thing up… I’ll try not to make it ramble too much.
- Ever since 11.09.2001 and, in the UK since 07.07.2005, new laws and initiatives curtailing freedoms and personal privacy have been flooding in;
- Specifically, UK Internet Service Providers have been coerced by the government into introducing routine monitoring of all network activity: including emails sent and received, web sites visited and so on, to be retained for a long period of time. That means that ISPs will be routinely monitoring and recording everyone’s traffic, not just people accused or even suspected of a crime. Everyone’s;
The latter means that the ISP and the government will be in a position to carry out data mining on your data under the guise of “Oh, this’ll help stop terrorism and it’ll help find paedophiles and …” Well, frankly, that’s bollocks. What’s worse, is that they know it too.
Imagine all this data collected and then tied in with your personal identity via the National ID Card Register… “I’m sorry, Sir, we can’t renew your medical insurance. I see that you have been ordering too many pizzas…”. Or, “I’m afraid I can’t let you on to this plane, Sir, I see you read the Wikipedia page about how to make a suitcase nuclear weapon last Tuesday.”
Here’s an interesting quote about behaviour of the government from twenty years ago:
“[Lord Whitelaw in the 1980s] boasted how after any security lapse, the police would come to beg for new and draconian powers. He laughed and sent them packing, saying only a bunch of softies would erode British liberty to give themselves an easier job. He said they laughed in return and remarked that “it was worth a try”.”
So by his reckoning that makes New Labour a bunch of softies. I won’t argue. However, one may argue “Hang on though, in the 1980s technology was very different, surely that explains why greater powers are needed?”. Well, no, I don’t think so. The current monitoring of all web and email traffic is equivalent to the recording of all telephone calls and the interception and copying of all post. That was never deemed necessary. In criminal investigations, warrants could be obtained to do the above for specific individuals. There was never any question that it should be done in any more widespread manner. And don’t forget that at that time, there was a genuine and on-going “terrorist” risk – the IRA bombing campaign affected far more people than more recent incidents.
Perhaps the reason is that now it is more technically feasible (i.e. cheaper) to do this. Essentially, it’s a power-grab. In other words, they’re not doing this because they should, but because they can. They also claim that they’re not recording the actual content of emails or the content of web pages, just the sender/recipient details plus web site addresses. Frankly I don’t buy that: they have the capability to record it all and disk space is cheap.
In fact, there are some entities who do look at the actual traffic. Some ISPs have signed up with an organisation called Phorm who are putting adverts on web pages, based on records of your web-browsing behaviour. I don’t really care about the adverts. However, the point is that in order to tailor the adverts to you, they need to have information about you. Your web traffic is intercepted and recorded, then analysed in order to determine which adverts to present to you. There are at least two problems with this:
- When the technology was being trialled, it was tested without anyone’s consent, meaning that a third-party was given access to the web-browsing records of ordinary people;
- Phorm, and the ISPs hoping to use this technology, have continually refused to consider making it “opt-in”. The closest I’ve heard is that Full user consent will be obtained and there will be the ability to opt-out. Erm, that’s not right: if “full user consent” is to be obtained, that means it’s opt-in, so there’s no question of needing to opt-out. My expectation is that they may implement it while making it very hard to opt-out
So, you may ask, what’s my real problem with all of this? I guess it boils down to the following:
- My email and web browsing history are private and none of your business. You don’t need to know about them;
- I don’t trust my ISP or the government or anyone working on their behalf not to lose this data or to pass it on to other entities. Data security is hard. The government don’t have a good track record with data security.
Would you like your web browsing history or email messages to be left on a laptop on a train somewhere, for example? No thanks.
I’d rather not give them the opportunity, so I have been putting in measures gradually to mean that this data simply cannot be collected from me, by my ISP. That is:
- I have set up a VPN which bypasses any attempts from my ISP to monitor my web traffic. See my HOWTO guide for rationale, setup and configuration ;
- Email messages will be encrypted whenever possible;
I feel the same as Tim Berners-Lee (inventor of the world-wide web) where he says:
“[My data and web history] is mine – you can’t have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I’m getting in return.”
So there you go. You can’t have it, ISP.