Archive for the 'Politics' Category

Back to Hobbes?

[link] Saturday, November 15th, 2014

At dinner in St John’s this evening after Timothy Garton-Ash’s Hinsley Memorial Lecture, a friend sitting across from me offered this thought. Politicians in liberal democracies have traditionally made promises of better economic futures when seeking election. But given that we now appear to be moving into an era when the economic prospects of children are, on average, worse than those of their parents, then that campaigning option will be closed off. In which case, what can politicians offer their electorates?

The obvious answer is: security. More and more ‘national security’.

Which brings us neatly back to Hobbes.

So is Internet surveillance effective?

[link] Friday, November 14th, 2014

I’d really like an informed, impartial answer to this question. To date, here’s is the best we can do:

“We have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack. And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. Even in that case, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program”.

This comes from the January 2014 report of the US Privacy and Civil Liberties Oversight Board, an independent bipartisan agency within the US government, which carried out an investigation into two NSA surveillance programmes in the wake of the Snowden revelations.

Our National Security state

[link] Monday, November 10th, 2014

From an extraordinary account of a walk around central London:

Suspicion is a global variable. Once triggered it bubbles upward through the entire system. Walking down Park Lane, I was accosted by a man in a suit who demanded to know what I was doing. He took out his mobile phone, pointed it at my face, told me he was going to “circulate my description”.
Shortly afterwards, a colleague of his physically restrained me and called the police. Both men worked at the Grosvenor House Hotel, whose cameras were among those which had been trained on me as I walked, and so are included in my documentation.

When they arrived, the police officers explained that carrying a camera in the vicinity of Central London was grounds for suspicion. I might be a terrorist who posed a threat to the good citizens of London – my own city. Equally I might be casing the joint for some future crime, studying its defences in order to circumvent them.

Carrying a camera thus justified the suspicion of the security guards who stopped me and performed a citizen’s arrest, detaining me until the arrival of the police. This suspicion in turn justified the actions of the police, who threatened me with arrest if I did not identify myself and explain my actions. For carrying a camera, I was told, I could be taken to the station and charged with “Going Equipped”, a provision of the 1968 Theft Act which determines the imprisonment for up to three years of anyone carrying equipment which may be used to commit a burglary.

I say Biggles, those ISIS fiends are devilishly clever

[link] Sunday, November 9th, 2014

GCHQ_headline

This morning’s Observer column:

A headline caught my eye last Tuesday morning. “Privacy not an absolute right, says GCHQ chief”, it read. Given that GCHQ bosses are normally sensibly taciturn types, it looked puzzling. But it turns out that Sir Iain Lobban has retired from GCHQ to spend more time with his pension, to be followed no doubt, after a discreet interval, with some lucrative non-exec directorships. His successor is a Foreign Office smoothie, name of Robert Hannigan, who obviously decided that the best form of defence against the Snowden revelations is attack, which he mounted via an op-ed piece in the Financial Times, in the course of which he wrote some very puzzling things…

LATER The Economist has a curiously wishy-washy piece about this. It recalls the row, many years ago, about the Clipper chip and points out that it isn’t just the GCHQ boss who is critical of the companies. Michael Roberts, the new NSA director, last week said much the same thing to an audience in Silicon Valley. As to what will happen, though, the Economist is uncharacteristially uncertain:

Although the shrill rhetoric on both sides suggests the opposite, it seems mostly a negotiating tactic. Mr Rogers’s speech in Silicon Valley was essentially an offer to talk. “I’m not one who jumps up and down and says either side is fundamentally wrong,” he said. “We have no choice but to come to an agreement,” says the boss of an American technology giant. A deal would be welcome, but only if the rules are transparent, enforceable—and apply not just to American agencies, but to the other members of the “Five Eyes”, the intelligence alliance which also includes Australia, Britain, Canada and New Zealand.

Will it happen? More likely, there will be muddling through—just like after the Clipper chip. Technology companies will negotiate some arrangement to satisfy information requests by governments. And intelligence services will try to exploit vulnerabilities in encryption technologies or create backdoors surreptitiously. Until, perhaps, another Snowden comes along.

Read on

RIPA, the super-elastic statute

[link] Thursday, November 6th, 2014

When RIPA was going through Parliament in 1999, one of the things critics pointed out was the latitude it provided for mission creep. And so it proved — to the point where local authorities were using it to snoop on parents who were suspected of not living in the catchment area of the schools to which they wanted to send their kids.

Now, more evidence of the extent of the mission creep: Documents released by human rights organisation, Reprieve show that GCHQ and MI5 staff were told they could target lawyers’ communications. This undermines legal privilege that ensures communications between lawyers and their clients are confidential.

The news that legal privilege is being violated comes weeks after it was revealed the Met police have used RIPA to circumvent journalistic privilege that protects journalists’ sources.

The only thing that remains is the (Catholic) Confessional.

Imaginative failure and Ebola

[link] Sunday, November 2nd, 2014

Like many people, I’m wondering what one could do to help the people dealing with Ebola on the ground in Africa. So far, the only answer I’ve come up with is to donate money to the Disasters Emergency Committee. But when I see the modelling predictions coming from the CDC in Atlanta — which predict that if things go on as they are, Ebola will be hitting the 1.4 million mark by January in those countries, I wonder whether most people in the UK or the US are aware of how serious this could be for the world.

Dave Winer pointed me to a must-read piece in Wired, which in turn pointed me to an extraordinary blog post by two risk-communication experts, Jody Lanard and Peter Sandman. They write:

The possibility of an Ebola pandemic throughout the developing world is the scenario that keeps us up nights. We think it must keep many infectious disease experts up as well. But few are sounding the alarm. The two of us are far less worried about sparks landing in Chicago or London than in Mumbai or Karachi. We wish Dallas had served as a teachable moment for what may be looming elsewhere in the world, instead of inspiring knee-jerk over-reassurance theater about our domestic ability to extinguish whatever Ebola sparks come our way. We are glad that Dallas at least led to improvements in CDC guidelines for personal protective equipment and contact tracing, and belatedly jump-started front-line medical and community planning and training. But it doesn’t seem to have sparked the broader concern that is so vitally needed.

Americans are having a failure of imagination – failing to imagine that the most serious Ebola threat to our country is not in Dallas, not in our country, not even on our borders. It is on the borders of other countries that lack our ability to extinguish sparks.

That metaphor of jumping sparks seems to me to be prophetic.

Here’s what they think would be necessary to stop Ebola becoming endemic. Call this the Optimistic Scenario:

The people of West Africa and the governments of West Africa rise to the occasion, radically altering deeply embedded cultural practices, from political corruption to the way they bury their dead.

The epidemic stops spreading exponentially, so the gap between needs and resources stops getting wider every day than the day before.

The world’s nations actually fill that gap, providing enough money, supplies, and people to outrace the epidemic.

Treatment, isolation, contact tracing, and contact monitoring reach the percentage of cases needed to “break the epidemic curve.”

Meanwhile the epidemic doesn’t cross into too many more countries. And all the sparks that land in other countries are extinguished with minimal collateral damage, as has been the case so far in Nigeria, Senegal, Spain, and the United States. (As of the evening of October 23, the U.S. now has a second index case to cope with.)

Fears that sparks will travel more widely and launch new epidemics in Asia, Latin America, and elsewhere prove unfounded.

Or, alternatively, a spectacularly successful vaccine is quickly discovered, tested, mass-produced, and mass-distributed.

Having read it, you can see why I call it the optimistic scenario. It looks implausible, I’m afraid. So what’s the outlook if it turns out to be indeed too optimistic?

What would it be like, Lanard and Sandman ask…

if there are dozens of sparks landing in the U.S. and other developed countries, not just from West Africa but from all over the world?

if healthcare workers won’t come to work?

if cancer patients and HIV-infected persons and children with asthma can’t get their medicines because 40 percent of generic drugs in the U.S. come from India, where production and shipping have halted?

if refugees, under pressure from civil unrest, insurrection, famine, and economic collapse, are pouring across every border – some sick, some healthy, some incubating?

if Ebola in the developing world launches the next Global Financial Crisis?

if the Holy Grail, the deus-ex-machina – a successful Ebola vaccine – cannot be developed, produced, and distributed before all this happens?

OK. So what would it be like? And might it be worth taking the threat more seriously than we are doing? You can see why the markets are spooked by Ebola.

And what are the pharmaceutical giants doing? They previously ignored Ebola because it was a disease that only affected poor people and therefore offered little prospect of commercial reward. (Not a criticism, just a fact.) Are the governments of the world now leaning on them?

Surveillance and its implications

[link] Sunday, November 2nd, 2014

Yesterday I participated in a panel discussion on surveillance in the Cambridge Festival of Ideas. My fellow-panellists were the anthropologist Caroline Humphrey, the computer scientist Jon Crowcroft and John Rust, the Director of the university’s Psychometrics Centre. The session was ably chaired by Charles Arthur, who until recently was the Technology Editor of the Guardian and still writes regularly for the paper.

We each gave a short talk and then there was a fairly lively Q&A session with a large audience. Here are the notes for my talk.

Although this is ostensibly about technology, in my opinion it is actually about politics, and therefore about democracy. Here’s why.

Whatever one thinks about Edward Snowden, he deserves respect for revealing to the general public the hidden reality of our networked age — which is that “surveillance is the business model of the Internet” as Bruce Schneier puts it. The spooks do intensive surveillance without our consent (and, until recently, without most of us knowing.) The companies (Google, Facebook et al ) claim that they do it with our consent (all those EULAs we clicked ‘Agree’ to in the distant past) in return for the ‘free’ services that they provide and we apparently crave. What Snowden has shown is the extent to which we have been sleepwalking into a nightmare.

Because I think that the problem is, ultimately, political in origin and nature, demonising the agencies doesn’t address the problem. If they are collecting the whole goddam haystack (and they are), then it’s because of the pressure placed on them by their political masters — the ‘war on terror’, the political pressure to ‘join the dots’ and the injunction (e.g. from Vice President Cheney after 9/11) to ensure that “this must never happen again”. In that sense, the NSA, GCHQ etc. are just rational actors trying to meet impossible political demands.

If there is going to be any way out of this nightmare, it is effective, muscular, publicly-credible, and technologically-informed democratic oversight. To date, all we have had since 9/11 is what I call oversight theatre. So the existential question for democracies is whether it is possible to do oversight properly and credibly?

One of the most striking aspects of this new ‘national security’ syndrome is the absence of any rational debate about both its effectiveness (Does all this haystack-collecting actually work in terms of preventing major terrorist outrages?) and its cost-effectiveness (Do we get value for money? And how would we know?). These questions seem to be currently off-limits in our democracies. So we have endless debates about the worth and cost-effectiveness of, say, the proposed High-Speed rail line from London to Birmingham, but no such debate about whether the huge sums spent on the NSA or GCHQ are actually delivering value for money. In that context, there’s an interesting paper from the CATO Institute which makes this point well. “Terrorism”, it says, “is a hazard to human life,

“and it should be dealt with in a manner similar to that applied to other hazards—albeit with an appreciation for the fact that terrorism often evokes extraordinary fear and anxiety. Although allowing emotion to overwhelm sensible analysis is both understandable and common among ordinary people, it is inappropriate for officials charged with keeping them safe. To do so is irresponsible, and it costs lives.

Risk analysis is an aid to responsible decision making that has been developed, codified, and applied over the past few decades—or in some respects centuries. We deal with four issues central to that approach and apply them to the hazard presented by terrorism: the cost per saved life, acceptable risk, cost–benefit analysis, and risk communication. We also assess the (very limited) degree to which risk analysis has been coherently applied to counterterrorism efforts by the U.S. government in making or evaluating decisions that have cost taxpayers hundreds of billions of dollars.

At present, the process encourages decision making that is exceptionally risk averse. In addition, decision makers appear to be overly fearful about negative reactions to any relaxations of security measures that fail to be cost-effective and also about the consequences of failing to overreact.

If other uses of the funds available would more effectively save lives, a government obliged to allocate money in a manner that best benefits public safety must explain why spending billions of dollars on security measures with very little proven benefit is something other than a reckless waste of resources.

Our governments have not done this and so far show no inclination to change their ways.

What are the long-term implications of comprehensive surveillance. What happens to human behaviour in a networked goldfish bowl? Psychologists have shown that people’s behaviour changes when they know they are being watched. What happens to entire societies when intensive surveillance becomes absolutely ubiquitous? Here the experience of East Germans or the wretched citizens of North Korea become relevant.

hen there’s the mystery of public acceptance of surveillance — at least in some societies. One of the things that really baffles me is why have the Snowden revelations not caused more disquiet? Which of course then raises the question of whether there is any real hope of ameliorating the situation in the absence of massive public disquiet? Democracies only change course when there’s public sense of a major crisis. My gloomy conclusion is that not much is going to change. Governments and the security services will see little reason for giving ground on this.

I am also puzzled about why there is not more scepticism of the philosophical underpinnings of the “if you have nothing to hide then you have nothing to fear” argument. This seems to me to be pure cant because what it means is that the State is asserting the right to surveill all of your communications. And the contention that bulk ‘collection’ does not infringe your privacy is bogus for the same reason that Google’s claim that it doesn’t read your mail is bogus: it overlooks the capabilities of the digital technology that both Google and the agencies employ. For without automated pattern-matching and machine learning the security agencies would not be be able to ‘select’ targets for what legal pedants regard as true ‘collection’, namely inspection by a human agent. Related to this is the fact that if, for perfectly legitimate reasons, you take positive steps to protect your communications from official (or any other kind of) snooping by encrypting your email or by using Tor for anonymous browsing, then that is seen as grounds for selecting you for further investigation. So protecting yourself from state surveillance for perfectly innocent reasons becomes grounds for suspicion. This not so much Orwellian as Kafkaesque.

Privacy is both an individual and a social good. Yet we treat it as if it were exclusively a private matter. So an individual can ‘trade’ some of her privacy to Google in return for ‘free’ services like Gmail. Gmail then (machine-) reads her mail in order to target ads at her. But if she writes to someone who has not signed up to Gmail and that person writes back, then his/her email is also read by Google, and his/her privacy has been eroded. Jon Crowcroft knows a researcher who will blacklist anybody who writes to him using a webmail address for that reason.

And then there’s the ultimate question: what will be the political response when, despite all the surveillance, the next terrorist outrage occurs? Because we will have other outrages: after all, the NSA and GCHQ did not see ISIS coming. What then? What will our politicians demand? Even more surveillance? It’s hard to see any logical end-point to this. Or at any rate, any end-point that looks good for democracy.

Forthcoming: Constitutional chaos

[link] Saturday, November 1st, 2014

Yesterday’s YouGov poll suggesting that Labour will lose 30 of the 40 Westminster seats that it currently holds in Scotland means that after the general election in May the balance of power in the UK will be held by UKIP and the Scottish National Party — i.e. two parties which do not accept the current constitutional settlement of the UK.

Interesting prospect.

After Snowden, what?

[link] Sunday, October 19th, 2014

This morning’s Observer column.

Many moons ago, shortly after Edward Snowden’s revelations about the NSA first appeared, I wrote a column which began, “Repeat after me: Edward Snowden is not the story”. I was infuriated by the way the mainstream media was focusing not on the import of what he had revealed, but on the trivia: Snowden’s personality, facial hair (or absence thereof), whereabouts, family background, girlfriend, etc. The usual crap, in other words. It was like having a chap tell us that the government was poisoning the water supply and concentrating instead on whom he had friended on Facebook.

Mercifully, we have moved on a bit since then. The important thing now, it seems to me, is to consider a new question: given what we now know, what should we do about it? What could we realistically do? Will we, in fact, do anything? And if the latter, where are we heading as democracies?

I tried to put some of these questions to Snowden at the Observer Ideas festival last Sunday via a Skype link that proved comically dysfunctional. The comedy in using a technology to which the NSA has a backdoor was not lost on the (large) audience — or on Snowden, who coped gracefully with it. But it was a bit like trying to have a philosophical discussion using smoke signals. So let’s have another go.

First, what could we do to curb comprehensive surveillance of the net?

Read on…

Value for money in the surveillance business

[link] Thursday, October 16th, 2014

Has anyone in government done a cost-benefit analysis on bulk surveillance? I mean to say, we’re spending fortunes on this stuff (in the US something like $100B a year ). Does anyone have any idea of whether it’s really worth it? Could we be spending all that dosh more wisely and getting better anti-terrorist results?

Which is why I found this exchange between a questioner and William Binney, the former Technical Director of the NSA fascinating.

Question: Other than making money off of like these NSA contracts, what capabilities do these companies [i.e. defence contractors like Booz Allen Hamilton -- Snowden's employers] *have, what other value are they generating for themselves?

William Binney: Nobody does return on investment at NSA. They don’t.

I mean, if they did return on investment, they would throw away everything except TRAFFICTHIEF and maybe some graphing programs out of MAINWAY– they’d throw all of this away. They wouldn’t have built Bluffdale [Utah], that $2.3B or whatever it is– facility to store data. This is all the data from PINWALE and MARINA and all that stuff is going out there, being stored. So they wouldn’t have to buy that at all. They’d be more effective, because they wouldn’t be buried. So at any rate, that’s what they’re doing.

The exchange comes from an absolutely riveting report of a presentation that Binney gave in which he explained some of the Snowden material.