The "snooper's charter" showed just what the Government is capable of

The proposed "Filter" programme would have been a vast step up in terms of the state's ability to spy on its citizens.

Surveillance technology is of two main types – equipment that keeps tabs on you in the physical world, and processes that track your activity “online” where computers keep a record of your communications and your financial activity.

The physical world is reasonably straightforward to understand. For instance, large numbers of CCTV cameras are installed in public and private spaces in the UK and recordings are kept of what they see. The cameras may be fixed, or a remote operator may be able to choose where they point and how much they zoom in. Newer systems can produce high quality material to enable precise identification of individuals and may also capture audio to accompany the pictures.

“Online” tracking can be equally revealing of people’s actions and movements. Mobile phones continuously interact with nearby cell towers so that incoming calls can be delivered. The phone companies are obliged to retain data about the location of a phone whenever a call is made or received, but if your phone is powered up then they have access to your location at all times and can provide this to law enforcement in real time if this is required.

The records that telephone companies (both fixed line and mobile) keep can be rapidly interrogated to provide lists of calls made from any particular phone, or to any particular phone. These lists will also include the duration of the call and the physical location of the endpoints. Call records can be identified either by the phone number or the phone's unique IMEI device identifier – permitting the tracing of phone activity even when the SIM has been changed.

When interaction is by email instead of by phone then the authorities can still get lists of who is communicating with whom. The email provider is obliged (if they are within the European Union) to keep records of who email was sent to or from, along with timestamp information and exactly how large each email was. Once again, law enforcement regularly requests lists of this email metadata, which can be indexed by sender or receiver.

So far, all of the surveillance and tracking systems have been considered in isolation. One of the provisions of the draft Communications Data Bill was the creation of a data correlation system dubbed a “Filter”. This system would combine enormous amounts of data from different systems, hoping to identify activity that would not have been apparent within a single system.

It is fundamentally inherent to this proposal that Filter data should be collected on everyone’s activity and that this data should be made available en masse from the private companies, the ISPs and telephone companies that provide services, to government systems for the correlation processing. The data won’t necessarily be physically combined on a single system (in fact it would be poor engineering to do this) but it will be logically combined. The original collectors of the data will not have any knowledge of what it is being used for, or possibly even how much data is being processed, so there will be no opportunity for whistle-blowing should excesses occur.

This integrated processing promises to make it much harder for criminals to communicate over a diversity of systems and thereby avoid being tracked – records of phone calls, emails and tweets could be easily combined. But the system’s capabilities go much further than that and the type of “big data” system envisaged will be capable of complex data mining tasks.

To take a fictional example from Charlie Brooker’s National Anthem, the source of a YouTube upload could be identified by the uniqueness of its size and timing; or, closer to real life, the source of an embarrassing leak could be identified by cross-correlating records to pick out exactly who in Whitehall sent out an email whose reception by a journalist triggered an immediate call to the relevant newspaper editor.

The trade-off for these new insights into criminal activity is that more information must be automatically collected about everyone (“just in case”), it must be stored for long periods, measured in years, and it must be handed over to the government operated filter for processing with the inherent assumption that the processing will be necessary, proportionate and authorised. There is tremendous scope for misusing such a system; a police state would relish the opportunity of correlating data on everyone out on the streets for a demonstration, everyone gathering in groups behind closed doors – or just collating a list of everyone who passed on an email containing a subversive joke. The complexity and secrecy of the proposed “Filter” system will make it extremely challenging to ensure that misuse, or just simple “mission creep”, does not occur.

This is an extract of a longer chapter on the technologies of surveillance in from Open Rights Group’s Digital Surveillance report which offers less intrusive alternatives to the Communications Data Bill, or "Snoopers’ Charter", which Nick Clegg blocked last week.

Photograph: Getty Images

Dr Richard Clayton is a security researcher at the University of Cambridge. He has acted as a specialist adviser for Select Committees of both the Lords and Commons in various inquiries into Internet security topics.

Photo: Getty
Show Hide image

Forget planning for no deal. The government isn't really planning for Brexit at all

The British government is simply not in a position to handle life after the EU.

No deal is better than a bad deal? That phrase has essentially vanished from Theresa May’s lips since the loss of her parliamentary majority in June, but it lives on in the minds of her boosters in the commentariat and the most committed parts of the Brexit press. In fact, they have a new meme: criticising the civil service and ministers who backed a Remain vote for “not preparing” for a no deal Brexit.

Leaving without a deal would mean, among other things, dropping out of the Open Skies agreement which allows British aeroplanes to fly to the United States and European Union. It would lead very quickly to food shortages and also mean that radioactive isotopes, used among other things for cancer treatment, wouldn’t be able to cross into the UK anymore. “Planning for no deal” actually means “making a deal”.  (Where the Brexit elite may have a point is that the consequences of no deal are sufficiently disruptive on both sides that the British government shouldn’t  worry too much about the two-year time frame set out in Article 50, as both sides have too big an incentive to always agree to extra time. I don’t think this is likely for political reasons but there is a good economic case for it.)

For the most part, you can’t really plan for no deal. There are however some things the government could prepare for. They could, for instance, start hiring additional staff for customs checks and investing in a bigger IT system to be able to handle the increased volume of work that would need to take place at the British border. It would need to begin issuing compulsory purchases to build new customs posts at ports, particularly along the 300-mile stretch of the Irish border – where Northern Ireland, outside the European Union, would immediately have a hard border with the Republic of Ireland, which would remain inside the bloc. But as Newsnight’s Christopher Cook details, the government is doing none of these things.

Now, in a way, you might say that this is a good decision on the government’s part. Frankly, these measures would only be about as useful as doing your seatbelt up before driving off the Grand Canyon. Buying up land and properties along the Irish border has the potential to cause political headaches that neither the British nor Irish governments need. However, as Cook notes, much of the government’s negotiating strategy seems to be based around convincing the EU27 that the United Kingdom might actually walk away without a deal, so not making even these inadequate plans makes a mockery of their own strategy. 

But the frothing about preparing for “no deal” ignores a far bigger problem: the government isn’t really preparing for any deal, and certainly not the one envisaged in May’s Lancaster House speech, where she set out the terms of Britain’s Brexit negotiations, or in her letter to the EU27 triggering Article 50. Just to reiterate: the government’s proposal is that the United Kingdom will leave both the single market and the customs union. Its regulations will no longer be set or enforced by the European Court of Justice or related bodies.

That means that, when Britain leaves the EU, it will need, at a minimum: to beef up the number of staff, the quality of its computer systems and the amount of physical space given over to customs checks and other assorted border work. It will need to hire its own food and standards inspectors to travel the globe checking the quality of products exported to the United Kingdom. It will need to increase the size of its own regulatory bodies.

The Foreign Office is doing some good and important work on preparing Britain’s re-entry into the World Trade Organisation as a nation with its own set of tariffs. But across the government, the level of preparation is simply not where it should be.

And all that’s assuming that May gets exactly what she wants. It’s not that the government isn’t preparing for no deal, or isn’t preparing for a bad deal. It can’t even be said to be preparing for what it believes is a great deal. 

Stephen Bush is special correspondent at the New Statesman. His daily briefing, Morning Call, provides a quick and essential guide to domestic and global politics.