THERE is one thing to be said for Theresa May’s proposals this week, contained in her Investigatory Powers Bill, to make the UK “the most intrusive and least accountable surveillance regime in the West” (tweets Edward Snowden).
At least the argument is now firmly in the wide open spaces of public debate. We don’t need to wait for a Bond movie to ponder the perennial question of “who watches the watchmen”: that is, how we, the people consciously permit our security to be defended.
The technology in question isn’t invisible Aston Martins or exploding watches. It’s the Tory Government’s attempt to use the all-pervading social presence of the internet, and turn it into the ultimate “dragnet”.
Loading article content
Snowden famously let us know that all our “private” cyber-interactions were being traced, searched and read by GCHQ and other US agencies. May accepts all that – and now wants to be able to pursue it to the max, under some process of judicial and political permission.
I know. It’s hard to separate our heads and hearts from the horror of a Daesh beheading video. Or from the vast shadowy bulks of superpowers like China and Russia, moving purposefully behind the veil of the foreign news pages. How will their actions reframe reality today, tomorrow? Who will protect us from all this?
But we must try to be citizens, and at least deal with the polity that we can directly affect. We can think through the question of how our open digital society relates to the demands of national security. And we can think of it as indy-minded Scots, as well as reluctant Brits.
Take the idea that commercial digital companies should allow the UK Government to build a “back door” into all encrypted software – to be opened only in extremis, of course. There has already been much informed pushback.
Encrypted data is coded by senders in a way that means only receivers can “unlock” what has been sent to them. Nowadays, encryption tools are incredibly powerful. Indeed, some of the most powerful, like Tor, were originally devised by the US Navy. As an openly available resource, Tor doesn’t just enable US spying, but also the activism and plotting of all kinds of radicals – and there seems to be no “back door” installable.
The spectre of Islamist or anti-Western radicals using cryptography to coordinate their attacks is thus enabled, like many other of their angry threats, by our own actions and interventions. A lasting and painful irony.
Cryptography is also pretty banal and high-street these days. Many non-baddies who provide secure online services – like banking, or health, or many of our streamed online entertainments – are just straightforwardly alarmed at how this measure would evaporate their customers’ trust.
But even on their own security terms, the simplest knock-down of the Tories’ scheme would seem to be this. If we let this government, or any government, hold an encryption “mega-key” (the code that unlocks any and all back doors), then what happens if the key falls into the wrong, or at least the alternatively motivated hands?
This would make the principled whistleblowing of Manning or Snowden, never mind the tawdry data-hacking of commercial service providers like TalkTalk or the dating site Ashley Madison, look like minor street scuffles. Data access, for the ill-intentioned, would be total.
Could this happen? Consider our leak-ridden culture: what do you think? The ex-Lib Dem MP Julian Huppert, now teaching at Oxford University, gives a simple example of what could go wrong. (In case you hear “Lib Dem” and switch off ... while in the Coalition, Huppert was instrumental in blocking the last Tory attempt at state cyber control, known then as the “Snoopers Charter”).
Huppert recently wrote about the clumsy pratfall of the Transport Security Administration in the US. In response to passengers who feared their suitcases might be susceptible to interference by random handlers in airports, the TSA created approved luggage locks which only TSA keys were able to open.
Unfortunately, in a Washington Post article praising the initiative, someone in the accompanying photo posed with a set of the master keys clearly visible. The photo had enough resolution to enable people to copy the keys and make 3D copies. The TSA scheme is now utterly useless.
Scale that up to the level of a busy, and ever more digitally reliant society. One all-too-human slip, and the government encryption back door could make us all hugely more vulnerable to cyber-violation – not less.
The question of what security arrangements we would make in an independent Scotland hovers over all of this. Our current situation is a curious mix of the passive and the misguided.
The passive element continues to be the inability for Scots to put some distance between themselves and the interventionist belligerence of Westminster – whether it’s Middle-East raids, or defying nuclear non-proliferation with Trident renewal, or indeed an illiberal and intrusive cyber-surveillance. We wave our fists, then watch them act.
This networked planet is a flow of overt communication and images, as well as covert messages – a realm of “soft power”, as the diplomats call it. An independent Scotland could use its distinct security arrangements as a soft power strategy.
We would tell the world we are a non-nuclear nation, with a humanitarian-only defence force, actively seeking to be involved in conflict prevention and mediation, and committed to transparency and accountability to the greatest possible extent.
Independence would let the frustrated and alienated of the planet know of our good intent, which we’d be wise to follow up with consistent actions. Given how easily anyone’s malevolence can reach anywhere through global network, this may be our ultimate safety strategy.
However, we are where we are. It’s frustrating enough that an aggressive cyber-policy is largely led from the south of England – the major data cables come in to the UK at Bude, Cornwall, and Cheltenham’s GCHQ is the obvious behemoth driving all surveillance.
But even within our narrow powers, I don’t think we’re doing ourselves any favours (the misguided bit).
The world-class computing science departments of Scottish universities would be a research asset to a fledgling nation-state, trying to figure out how to get the cyber-security balance right.
However, as far as I can see, there is already a huge amount of Scots integration with the US/UK security state.
Take Edinburgh University’s Academic Research Institute, which actively works with GCHQ. Or Police Scotland, inviting the FBI over to a cybercrime conference this coming December.
Police Scotland might also be part of the problem in another way. There is a consistent retort to the idea that the internet should simply become a “dragnet” of information, wide open for security forces to freely navigate. The retort is we could be wasting time, technology and resources making sense of an unfathomably giant mountain of data.
“We are unnecessarily expanding the haystacks while we search for the needles”, said one National Security Agency insider this year.
Many experts say that if domestic terrorism and crime is our biggest threat, then it’s the police and security force’s strong social relations with the wider community – and the trust that people place in it – that brings the best results.
Can we say that Police Scotland – centralised away from its localities, strutting its paramilitary uniforms through our high streets and stop-and-searching with impunity, enthusiastically promoting advanced CCTV – is really on a mission to build up trust with the various communities of Scotland?
And as for the real James Bonds … It’s worth noting that the current Spectre movie is, to say the least, thoroughly sceptical about the powers of an all-seeing digital security system.
Entrusting our national security to misogynistic killers like 007? Probably not. And in any case, it still matters precisely what nation we’re talking about.
Pat Kane is a musician and writer (www.patkane.today)