Monday 3 August 2015

Surveillance after Snowden

Students of surveillance and counter terrorism have another (81 page) report to add to their summer reading list. The Henry Jackson Society has recently published "SurveillanceAfter Snowden: Effective Espionage in an Age of Transparency."

The report, written by Robin Simcox, looks at the ways the actions of Edward Snowden have impacted the US and the UK, particularly with regards to safeguarding national security.  As well as the usual sources (including me), a number of senior intelligence officers from both countries were interviewed, and the usual findings have emerged.

The main findings are that:
  • Terrorists and other criminals have benefited from Snowden’s actions. Some have altered their communication methods, while others have taken advantage of new encryption tools.
  • There is a fear that hostile states are increasingly deploying GCHQ’s or the NSA’s own cyber strategies against them.
  • Despite the Snowden allegations, US and UK intelligence agencies are legally intercepting communications on order to prevent attacks from terrorists, cyber criminals and a host of other state and non-state actors.

To my mind, the key conclusion is that, in future, intelligence agencies must aspire for translucency, not transparency. The report explains that: “States need secrets, for intelligence and military purposes, criminal investigations and a host of other reasons. Yet, they also need public consent in order to operate with credibility. This means agencies must open up further than they have in the past. Yet, it also means civil society accepting that unalloyed transparency is not a positive and that there are good reasons for state secrets.

Despite the damage that Snowden’s actions caused, the public expectation that intelligence agencies should stop terrorist attacks and serious crime remains. Yet, at the same time, there are calls for them to reform and be more transparent in order to rebuild trust. The intelligence agencies are in a particularly unenviable position: asked to be less intrusive; more transparent; and yet, just as effective.”

Quite how the new surveillance legislation, currently being developed by Home Office officials, will meet the tests of necessity, proportionality, public accountability and, most importantly, effectiveness, is an issue that can’t yet be addressed.

I gather that there are still major difficulties to be resolved between policy officials and various communication service providers about the effectiveness of some of the requirements that are being floated by the Home Office / law enforcement community. I’m looking forward with interest to a statement from the Home Secretary along the lines that “all providers have been fully engaged. They all know and are all willing to accept the technical and operational requirements that will be placed upon them.”

Following the Snowden disclosures, a significant gap has emerged between the government and some CSPs, who were outraged at the intelligence agencies’ ability to access their data.

US-based CSPs are now claiming that the UK has no jurisdiction over them and that they are bound by US law. Intelligence officials view the CSPs’ stance as being unreasonable, as other foreign companies wishing to deliver a service in the UK are obliged to comply with UK law. This was partially why the Data Retention and Investigatory Powers Act 2014 was introduced.

CSPs’ use of ubiquitous encryption has also increased exponentially since Snowden’s leaks, meaning that companies are automatically providing encryption for users, rather than the user having to encrypt the data themselves.

Robin Simcox considers that escalation is inevitable, as the NSA and GCHQ step up their efforts to break into these networks.

Politically, the Home Office’s problem is that whatever legislation is passed by the House of Commons, it also has to get through the House of Lords. And the privacy / human rights lobby is much stronger in this parliamentary chamber.

However, just as the Lords bowed to the will of the Government by reviewing the Data Retention & Investigatory Powers Bill in record time last year, perhaps the Peers will give the Government’s new surveillance legislation an easier passage than the Home Office currently fears.      

So, before the new legislation commences its passage through Parliament, I’m looking forward to an indication from the communication service providers that, technically, the proposals are (likely to be) fit for purpose.

But I’m not holding my breath.