This piece runs in today’s FT:
Beware the unholy alliance of state and internet
By Evgeny Morozov
Surveillance means safety. This is the argument wherever and whenever governments seek new powers to monitor their citizens. Proposed legislation in the UK to enable police and intelligence services to access emails, Skype calls and Facebook messages is another such example. It is also another case of the unnecessary and dangerous expansion of state power, in collaboration with companies, into our online – and offline – lives.
The UK government has said that without a warrant it could only get “who, when and where” forms of data – times, dates, numbers and addresses of communications – not the content of emails, chat messages or Skype calls. The latter would still require a warrant, according to the government. Some critics are sceptical, and rightly so.
However, the controversy over warrants is not the only problem. The authorities may finally get real-time access to communication channels that are currently off-limits. The most straightforward way to do this would be to force technology companies to build “back doors” into their services, making it possible to “wiretap” an online exchange as if it was a conversation via telephone.
Nick Clegg, UK deputy prime minister, hints at this in his justification for the law: “All we are doing is updating the rules which currently apply to mobile telephone calls to allow the police and security services to go after terrorists and serious criminals and updating that to apply to technology like Skype.” This suggests Skype would need to build a “back door” to allow intelligence services to track who is talking to whom and, provided they have a warrant, to eavesdrop on the content of those conversations.
The problem here is that a third party might also be abusing such “back doors” without anyone noticing. In Greece, for almost six months between 2004 and 2005, someone was secretly wiretapping more than 100 senior officials by exploiting vulnerabilities in Vodafone’s network. The procession of phone-hacking cases involving News International and the accompanying failure of the police suggest Britain should be especially concerned about such developments.
The fear, according to intelligence agencies in the US and UK, is that the internet has put them on the verge of “going dark”, the term used by the FBI and others to describe losing access to information on suspects who are hiding online.
However, this “going dark” argument is untenable, for it doesn’t accurately describe the internet. When a growing number of users are lured into disclosing their location via smartphones, when all of their friends are listed on Facebook, when browsing history can tell companies about a teenager’s pregnancy before her parents, it’s hard to believe the state is short-changed by the net.
Take the case of grassroots privacy campaigner Max Schrems. In June 2011 the 24-year-old filed a complaint with the Irish data regulator and used a provision in Irish law to ask Facebook to send him everything it knew about him. He received a file 1,200 pages long. “Going dark” is a myth; we live in a golden age of surveillance. Intelligence services have access to more data than ever before – it just happens to be gathered by the private sector.
Instead of granting intelligence services more power, we need to worry about the coming convergence of the data-gathering demands of the state and the business imperatives of internet companies. Take a recent example: a few weeks ago, Google was granted a patent that would potentially allow it to use our phones to study the environment around us – to record noise levels, lighting conditions, temperature – and customise adverts accordingly. It’s easy to imagine that the folks at intelligence agencies would be quite delighted if Google developed this idea – at the very least, it would save them money on wiretaps.
Google has an interest in keeping some of its stored data unencrypted. As Vint Cerf, the company’s “chief internet evangelist”, said in 2011: “We couldn’t run our system if everything in it were encrypted because then we wouldn’t know which ads to show you.”
This is unfortunate. If encrypted, stored data would be out of reach for most governments. Imagine what this means in the context of Google’s highly anticipated self-driving cars. Will the route of the car be automatically recorded and stored on Google’s servers? If so, the police and intelligence agencies don’t need to install GPS trackers on suspects’ cars; Google would have us record all of this information voluntarily. The state could just ask for it.
The idea that we need to make it easier for governments to do this, in the UK and elsewhere, is ludicrous. We need to be doing the exact opposite. It is only by anticipating the consequences of this coming unholy alliance between internet companies and intelligence agencies that our freedoms can be defended.
The writer is author of ‘The Net Delusion: How Not to Liberate the World’