I write with reference to the government’s proposed Communications Data
Firstly, a little about my background. I am a freelance computer
professional specialising in IT Architecture and IT Security. Over the
last fifteen years I have worked on systems and designs for many public
and private sector clients including <removed for personal privacy reasons>
. I have also been involved in the forensic analysis of data from computer systems.
I have serious concerns about the governments plans and it’s impact on
the individual’s freedoms and human rights. I also have concern about
the efficacy of this method of gathering information and the potential
for misuse of the data gathered, both legally and illegally.
People today have an intimate relationship with the Internet, in many
cases more intimate than relationships they have with other individuals.
For many the Internet is their first port of call if they have a
concern, for example, about a medical or personal problem. The internet
is used to communicate with like minded individuals, to access subject
matter of interest, even to persue someone’s deepest, most private
desires. An individual’s Internet usage therefore reflects their entire
life, even the most private of things like sexual preferences and other
private interests. Collecting data on Internet usage therefore has the
ability to expose an individuals private life in it’s entirety.
I believe data such as this should be private, safeguarded by the basic
human right to privacy that should be offered to every human being. It
is accepted that in society the Government, the Police and the Security
Services sometimes need to delve deeply into someone’s life for reasons
of crime prevention and national security. However, this intrusion must
be justified. Currently, the law provides this safeguard with the
requirement for a warrant to be obtained before this type of data can be
collected. In my view it is incredibly important that this safeguard to
our individual privacy is retained.
There is also a major security issue in collecting and retaining this
information. A leak of this information from an ISP could easily happen.
This could potentially put individuals, particularly those in the public
eye, in a situation where they could be blackmailed, threatened,
compromised or harmed. For ISPs to handle this sort of information,
there is also a wider issue here; should ISP staff be subject to
Security Clearance if they have the potential to access this sort of
sensitive information? Would it be appropriate for this information to
be officially classified as Confidential, Restricted, Secret or above?
Information that could be collected under the Communications Data Bill
will not be effective in fighting terrorism and organised crime as has
been stated by the government. I can think of many ways that an
individual could circumvent these measures. For an organised group the
possibilities to avoid detection are even greater. Instead, the data
generated will only really be useful for monitoring and profiling the
innocent. Fear of being caught for doing something that is completely
innocent could do the greatest harm, with individuals, particularly
young people, afraid of seeking information for fear of being
criminalised for it. Profiling in particular is also a major concern as
it effectively criminalises individuals or singles them out for special
attention based on probability. It is incredibly important to remember
that an individual is not a criminal unless they have actually broken
the law. It should also be noted that it would be easy for criminal
groups to resort to more traditional techniques of communication, thus
circumventing this proposed legislation entirely.
– From a technical perspective, the technical implementation of this
Bill runs the risk of harming the internet experience for many, causing
slowdown, breakages and difficulty in accessing sites, at least in the
beginning. The heavy technical requirements in terms of skill and
investment favours the very large ISPs and penalises smaller companies.
Some websites do not function correctly when used via an internet proxy
and some ISPs may not be able or willing to make the investment in
infrastructure required to provide a performant web proxy solution. I
worked on one of the UKs larger proxy deployments for the [removed for privacy reasons] and I can
assure you that the hardware and skill requirements to provide this type
of service are significant. Someone has to pay for this and this will
always be the public, either by increased internet costs, taxation or both.
This bill also preys on the public’s lack of understanding of the
technical issues surrounding this issue. Whilst saying these measures
will enable the Police and Security Services to catch more terrorists,
criminals and paedophiles is very emotive, in the real world I do not
expect a statistically significant increase in apprehension rates as a
direct result of this legislation. I therefore find it difficult to
accept the investment required as there is no real benefit to be gained
from it. I also find it impossible to justify this gross breach of
individual rights for so little gain. To me this Bill is little more
than policing by numbers; monitor enough people and eventually you’ll
find a criminal. This is not by any intelligent process but pure statistics.
I would therefore urge you to consider opposing the proposed
Communications Data Bill in its entirety.