Nothing to hide? But you may still have something to fear.

This morning’s Observer column:

When Edward Snowden first revealed the extent of government surveillance of our online lives, the then foreign secretary, William (now Lord) Hague, immediately trotted out the old chestnut: “If you have nothing to hide, then you have nothing to fear.” This prompted replies along the lines of: “Well then, foreign secretary, can we have that photograph of you shaving while naked?”, which made us laugh, perhaps, but rather diverted us from pondering the absurdity of Hague’s remark. Most people have nothing to hide, but that doesn’t give the state the right to see them as fair game for intrusive surveillance.

During the hoo-ha, one of the spooks with whom I discussed Snowden’s revelations waxed indignant about our coverage of the story. What bugged him (pardon the pun) was the unfairness of having state agencies pilloried, while firms such as Google and Facebook, which, in his opinion, conducted much more intensive surveillance than the NSA or GCHQ, got off scot free. His argument was that he and his colleagues were at least subject to some degree of democratic oversight, but the companies, whose business model is essentially “surveillance capitalism”, were entirely unregulated.

He was right…

Read on

Stuff happens, alas

The Investigatory Powers Act has passed through Parliament and will soon be law. It provides the UK intelligence agencies and police with what the Guardian‘s Ewen MacAskill described as “the most sweeping surveillance powers in the western world” and it passed into law with “barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside”. The Bill’s relatively serene passage through the legislature surprised many in government, and was probably partly due to the fact that the Labour party, under Jeremy Corbyn, seems largely uninterested in its responsibilities as the official opposition.

It’s not all bad news: the Act brings under explicit oversight a whole range of activities that were hitherto carried out under obscure, possibly dodgy, legal provisions and with totally inadequate oversight. So at least you could say that, at last, the activities of the secret state are all in a single piece of legislation.

On the other hand, the powers granted by the Act in relation to data retention are indeed sweeping, and include some new powers to conduct what is euphemistically termed ‘Equipment Interference’ — which is essentially legalised hacking; their inclusion in the Act is in effect an implicit admission that GCHQ and the security services have been doing this stuff anyway for some time.

The Act confirms that the British state’s appetite for fine-grained communications data seems insatiable and is destined to grow. Confronted with this new reality, one celebrated ex-spook once remarked that we are “a keystroke away from totalitarianism”. What he meant is that the information resources now available to states would be a godsend to an authoritarian regime that wasn’t restrained by constitutional niceties, civil liberties or human rights.

When one puts this point to spooks and government officials, however, their instinctive response is to pooh-pooh the idea. It may be technically true, they say, but — come on! — we live in a democracy and the chances of an authoritarian bully gaining power in such a polity are, well, infinitesimal.

Well, that was then and this is now. An authoritarian bully with no apparent respect for the rule of law will become president of the United States on January 20. Given that the British state has a long history of close co-operation with the US national security state, it’s possible that the new powers conferred on British agencies by the Investigatory Powers Act might mean that personal data on British subjects will be slipping noiselessly into the computerised maw of President Trump’s newly-energised security services. If this country had a functioning parliamentary opposition maybe Mrs May’s Bill would have had a rougher passage, and the Act would have been less sweeping. But the opportunity to rein in the surveillance state has been missed for a generation.

Snowden’s impact

Well, well. This from the Intercept:

THE DIRECTOR OF NATIONAL INTELLIGENCE on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption.

“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.

The shortened timeline has had “a profound effect on our ability to collect, particularly against terrorists,” he said.

When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. “The projected growth maturation and installation of commercially available encryption — what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.”

Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no.

“From our standpoint, it’s not … it’s not a good thing,” he said.

Living with the surveillance state

Point made well by Bill Keller in a thoughtful column:

The danger, it seems to me, is not surveillance per se. We have already decided, most of us, that life on the grid entails a certain amount of intrusion. Nor is the danger secrecy, which, as Posner notes, “is ubiquitous in a range of uncontroversial settings,” a promise the government makes to protect “taxpayers, inventors, whistle-blowers, informers, hospital patients, foreign diplomats, entrepreneurs, contractors, data suppliers and many others.”

The danger is the absence of rigorous, independent regulation and vigilant oversight to keep potential abuses of power from becoming a real menace to our freedom. The founders created a system of checks and balances, but the safeguards have not kept up with technology. Instead, we have an executive branch in a leak-hunting frenzy, a Congress that treats oversight as a form of partisan combat, a political climate that has made “regulation” an expletive and a public that feels a generalized, impotent uneasiness. I don’t think we’re on a slippery slope to a police state, but I think if we are too complacent about our civil liberties we could wake up one day and find them gone — not in a flash of nuclear terror but in a gradual, incremental surrender.