Government Internet Snooping

I just filled in 38 Degrees’ email form against the UK government’s internet monitoring plans and would encourage you to do the same.

“Why should I be opposed to the authorities being able to track down criminals?” you might ask. “I’ve got nothing to hide, so I don’t care about being monitored”.

The 38 Degrees form letter includes the following point: “The government doesn’t track our letters or face-to-face meetings. Why should it assume the right to track us online?”. I think this is key. The latest proposals would involve keeping a record of every email sent and every website visited, ready for the authorities to sift through at will. Nothing on this scale has been proposed for monitoring people’s real life movements or snail mail communications, so why should the internet be any different? What is the justification for this extreme level of surveillance?

Is it because people can commit much more heinous crimes online than they can in real life, therefore a proportionately higher level of monitoring is called for? Well, no. Whilst it’s certainly possible to commit certain crimes online, the majority of the most serious criminal acts (murder, rape, acts of terrorism, assault, armed robbery, etc.) can only happen in the real, physical world. You might be able to use the internet to help organise such an atrocity, but at the end of the day you’re not going to be able to stick a knife in someone/point a gun at a bank teller/fly a plane into a building unless you venture out from behind your computer at some point.

Despite all the hysteria being stirred up about the big scary internet by some elements of the mainstream media practically from day one, it’s a far safer place than good old reality has ever been. Sure, someone might swipe your credit card details and yes, that’s bad, but surely it’s not as bad as if they beat you up in a dark alley and ran off with your entire wallet and anything else valuable you happened to be carrying. Some people might look at illegal pornography online, and yes, that’s bad as well, but surely it’s not as bad as going out and dragging people off the street to abuse. Some people bully online, but a lot of people bully in real life too… at least online you can block their emails, delete them from Facebook and stop reading what they write, an option you don’t generally have when you’re surrounded in the school playground. I’m not trying to minimise any horrible online experiences people might have had. I just think it’s important to get a sense of perspective and not to fear things disproportionately just because they’re newer and stranger and more hi-tech.

Ok, so maybe online crimes aren’t more serious than real life ones. But maybe they’re much harder to police? That could also justify a higher level of surveillance. I’m sceptical about this as well. Terrorism and paedophilia are the usual two reasons given for needing to clamp down on the internet, but terrorist acts remain (thankfully) extremely rare, and paedophiles seem to get rounded up often enough even with the powers police have at the moment if news reports are anything to go by. I’m not convinced any extra powers are really needed to deal with these threats. Any serious organised criminals will have already learnt how to cover their tracks pretty effectively, or they would have already been caught. Sure, you might catch a few more poor sods who thought the girl in that picture was 18, or bored teenagers who download bomb making manuals out of idle curiosity, but does that really warrant recording massive amounts of privacy-infringing information about every single person in the country? I don’t think it does.

In my opinion, the real reasons for this being introduced are a lot more flimsy and opportunistic:

1. In practise, monitoring everything everyone does in real life would be a stupendously huge undertaking, and probably impossible with current technology. You would need cameras literally everywhere, or else would need to tag everyone somehow and even then you’d still need tag readers everywhere. The cost would be astronomical. By contrast, internet access is relatively easy to monitor. It’s already in electronic form ready to be saved to disk, and almost all of it goes through a few large service providers. The cost of recording all traffic is still large but nowhere near as large as for monitoring everyone’s real life movements. So, I suspect the first reason they want to monitor all internet communications is simply “Because they can”.

2. The internet is still relatively new and so people will be more likely to accept the idea that it needs to be closely monitored… especially thanks to all the tabloid scaremongering that’s made it sound so threatening. The average person would (I hope!) not take kindly to being electronically tagged so that all their movements could be monitored, or to having cameras installed in their house so the police can watch what they do, but the internet still seems new and different enough that maybe it doesn’t have to be subject to the same rules. So the second reason is “Because the internet’s new enough and perceived as dangerous enough that many people will accept invasions of their privacy that they’d never accept in the physical world”.

3. If I was more paranoid, I’d add a third reason here, pointing out that governments and traditional media outlets have very good reasons to be scared of the internet (in terms of its ability to open them up to greater scrutiny in the first case, and make them increasingly irrelevant in the second) and so would have good reasons to try to assert control over it or make people afraid of it or afraid of using it for anything that might mark them out as somehow different. But I’ll leave it at that for now.

“If you’ve done nothing wrong, you’ve got nothing to fear”, according to a lot of people. Personally I prefer “If I’ve done nothing wrong, they’ve got no right to be spying on me”.

The bottom line is, police can still get a warrant if they need to investigate something happening online, and then they can start monitoring communications, just like they’ve always had to do. Maybe having to get a warrant makes it difficult for them to do their job. Good. I want it to be difficult for them. If it’s difficult, they will only investigate things that are actually serious enough to be worth investigating and will leave everyone else alone. If it’s easy, they will be tempted to trawl through everyone’s data looking for any minor infractions or slight deviations from the norm that they can find. And that’s not a direction I’d like this country to be going in :(.

On Internet Censorship

(This post is a bit different from my normal ones. Instead of talking about something from my own life I’m going to have a rant about something that annoyed me from the news. It’s pretty common for things in the news to annoy me, but what’s slightly more unusual is I actually feel somewhat qualified to rant about why I think it’s stupid this time).

So. The Pirate Bay is now blocked by the biggest ISPs in the UK. If, like me, you’re on Virgin Media, BT or one of the other big ones, that link won’t work… it will take you instead to a page explaining why that site’s blocked. (For those of you that didn’t know, The Pirate Bay is a site where you can search for torrent downloads of music, movies, TV shows, operating system ISO images and virtually anything else that can be represented as a chunk of bits).

The block itself won’t have much of an effect; there are a million and one ways round it, from using proxies in other countries to using Tor to using this address helpfully provided by the Pirate Party UK. But I still think the fact that they’ve done this brings up a number of interesting (and concerning to an internet user) issues.

First of all, the block is implemented using the BT CleanFeed system, which was first created only for blocking child porn sites. Most people didn’t have a problem with this originally, although some may have been concerned that it wouldn’t do much good or that there would be bad side effects. (My own personal view, shared by many computer professionals it would seem, is that the filter is so easy to get around as to be completely pointless, and that any small good effects that may come from it would be far outweighed by the problems – sites being wrongly blocked, for example). But at the time, some people voiced worries that this was just the first step and that the system would eventually be used to block other sites that those in power don’t like as well. No way, said the officials in charge. This is only for child porn, which is so abhorrent we have to make a special exception for it. They lied. Now that very same infrastructure is being used in an attempt to prevent copyright infringement as well. What might it be used for next? Blocking “hate speech” (which might sound appealing at first, but could have pretty far-reaching results when you consider how broad and subjective it can be)? Blocking political sites that the government of the day doesn’t approve of (again a matter of opinion)? Of course they’ll say that could never happen, and I hope they’re right. But then they’ve already lied about what it would be used for and gone far beyond their original mandate, so in my opinion they’ve demonstrated that they can’t be trusted with it. There is already a pretty questionable plan afoot to use it to block all “adult” material and make people opt in if they want it unblocked again.

“But”, you might say. “Copyright infringement is still illegal. OK, it’s not as serious as child porn, but it’s still wrong and still against the law, so what’s wrong with using the filter to block sites that allow it?”.

Lots of things, in my opinion. Firstly, The Pirate Bay (and torrent sites in general) do have legal, non-copyright-infringing uses. For example, the last time I downloaded a torrent, it was a new version of Xubuntu for my netbook, which is freely distributable. Torrents are generally faster for downloading these large files than using the normal web. I’ll freely admit that this probably only accounts for a small proportion of The Pirate Bay’s traffic and will be dwarfed by illegal downloading. But there are less clear cut examples. The filter is a blunt instrument – it blocks access to the entire Pirate Bay, not just the copyright-infringing portions. Any site that allows its users to upload their own content (YouTube, Facebook, Flickr, and countless others) is bound to have plenty of illegal stuff (copyrighted and worse) on there at any given time because people can upload it much faster than the sites can check it. Does that mean they should all be blocked as well, just in case?

Also I think the claim that all copyright infringement is wrong or harmful is highly questionable. If I download a torrent of an ancient TV show I used to like that isn’t available anywhere else, who’s been harmed? No-one lost out… I didn’t download it instead of buying the DVD because there IS no DVD to buy, even if I wanted one. This is still illegal but it doesn’t seem wrong to me. Even when it comes to music or films I could have bought instead, it’s still a grey area because there’s no guarantee I actually would have bought them, and therefore no guarantee that anyone’s lost money due to me downloading them. This argument has already been done to death all over the internet, but the copyright system as it stands was never really designed for the times we live in. It worked well back in the days when only large companies had the means to copy things, so it was only affecting large commercial competitors, and not really impinging on the rights of individuals, who mostly couldn’t copy books or records even if they wanted to. But these days everyone and their cat has PCs and smart phones that can effortlessly copy music and movies at the touch of a button, and we’re starting to see that copyright can’t really be enforced in this world without resorting to some quite oppressive measures. A lot of people are questioning whether copyright in its current form is actually worth all the trouble anymore.

You will have got the impression by now that I don’t think these filters are going to work. I don’t, and what’s more, I believe anyone who does expect them to be effective fundamentally misunderstands how the internet works (or else they themselves understand it perfectly well but they’re trying to exploit people who don’t into buying some useless snake-oil filtering product they’re selling). The filter, you see, is basically a blacklist. That means it has a list of “forbidden” sites and everything else is, by default, allowed. But given the vastness of the internet and the speed at which sites appear and disappear, any blacklist is doomed to be forever out of date. For example, there is nothing to stop me putting a copy of The Pirate Bay site up on the gcat.org.uk domain right now, and it would be accessible to everyone in the UK. The filter wouldn’t be able to prevent that because it has no idea of the existence of the gcat.org.uk copy of The Pirate Bay until someone updates its blacklist. By the time they get around to that, a hundred other mirror copies of the site might have sprung up in other places, still unfiltered until they also get found and added to the blacklist. Whatever authority is maintaining the list is reduced to playing a very large game of whack-a-mole that they can’t possibly win.

And that’s before even considering proxies (which allow you to access a blocked site by bouncing your connection off an intermediate server somewhere else, completely bypassing the filter), or more advanced solutions like Tor (which encrypts and anonymises all your communication, making it almost impossible for anyone watching your internet traffic to even tell what you’re accessing). There is pretty much no way around this problem unless you go down the road of having a “whitelist” instead, where people are only allowed to access a restricted list of sites that are known to be “safe”, and where all their communications are closely monitored to make sure they aren’t using any clever encryption or proxying to hide what they’re doing. If that were the case, it would completely change the internet as we know it. I wouldn’t have been able to set up this site the way I did, just buying a domain name, pointing it at my server and starting to write articles. I would have had to get government permission to do it, would have had to get the site vetted to make sure it’s not breaking any rules, possibly have to prove that I own the copyright of every last little thing I post (or even link to)… and presumably would have to be re-checked every time I added new content to make sure I was still worthy of the whitelist.

Even then, even with all the stupendous amount of effort it would take to police such a system, I actually doubt that it would remain water-tight for very long. Given a combination of clever tricks like steganography (hiding nefarious data within harmless looking data), and the security holes that plague virtually all new software, it would still be possible for enterprising people to share whatever they wanted. Or they could just ditch the “official” internet and setup a new one using cheap wireless comms technology, which is everywhere now.

Essentially, what I’m trying to say is that stopping the “free” internet now would be like shutting the stable door after the horse has not only bolted, but flipped the security guard the V sign, mooned the CCTV camera, set free all of the other horses and had a wild party with them, culminating in burning the entire stable block to the ground.

If it’s that futile, then why do politicians keep trying? Well, it’s mostly just posturing to try and look good, in my opinion. None of them is going to stand up in front of parents whose votes they want and say “sorry, but we can’t completely rid the internet of child porn”, or in front of corporations whose donations they want and say “sorry, we can’t completely stop people downloading your movies/software for free”. They’re going to keep up the tough talk about tackling the challenges of the internet, even if “tackling” them in this way makes about as much sense to anyone computer literate as investing in perpetual motion machines to solve the energy problem.

Summary: you won’t stop people using the internet to do Bad Things with a little bit of tweaking around the edges, only by tearing down the whole system and starting again (even then you still probably won’t succeed). And I don’t want you to do that. Please don’t.