It's been a while since GreenNet last updated our members on our legal case against the British Government and UK Government Communications Headquarters (GCHQ) in the Investigatory Powers Tribunal (IPT), but things have been proceeding at a typical speed for such detailed legal judgements. Meanwhile, there have been three official reports into surveillance and interception by the secret services and police, several changes to the law, several admissions that extreme (and in many cases likely illegal) powers have been used by the secret services, and one huge proposed "draft Investigatory Powers bill" (DIPB), that by some reckoning includes the fifth attempt at a "Snooper's Charter", the zombie legislation that will not die, and looked at by four (inevitably underinformed) Parliamentary committees.
The structure of the new draft is a bit of a pot-pourri: roughly part 1 of RIPA, which prevents things like the newspaper phone hacking, is swapped in; followed by part 2 allowing interception by agencies and the police, and part 3 which allows law enforcement to request communications data without a warrant; and it's not until part 4 where we get effectively the whole "Snooper's Charter" draft bill from 2012, this time with Deep Packet Inspection (DPI) disguised as "Internet Connection Records" (there are no such things; we should know), and a massively powerful search of all individuals called the "Request Filter". Then part 5 makes explicit how the Intelligence Services Act has been used for targeted hacking; part 6 and 7 explicitly permit even greater powers for mass cracking, interception and access to stored data; and part 8 includes the safeguards, one commissioner instead of the current three. It's been described as a list of Christmas presents for the police (and other investigating agencies such as Ofcom and the Department of Work and Pensions).
On 1-4 December 2015, there were public hearings of the main evidence in the IPT case (there are also "closed" hearings where the real facts can be discussed between the government and the panel of judges, but no one else is allowed to know what's happening.) See Privacy International's update including the outline arguments put cogently on behalf of us and progressive ISPs outside the UK by Blackstone Chambers and Bhatt Murphy. The Government is making panicked moves, apparently realising the secret services have been doing things that are incompatible with human rights or even the terms of legislation establishing the intelligence services themselves. As one example, if GCHQ interfered with GreenNet equipment off their own bat (rather than for MI5), it could be illegal because they are confined to signals intelligence outside the UK; the new draft bill contains a small amendment to legalise this. The crucial amendment to the Computer Misuse Act this year that made an exception so that government agencies could hack passed without a word of debate in Parliament.
much of the debate for the last 15 years appears to have been a charade about data that the government very likely already held. It is also clear that the legislation that the government relied upon was being interpreted in ways that Parliament never imagined
David Davis MP in an article by Duncan Campbell about PRESTON
GCHQ, by a twisted and unforeseeable interpretation of the law, have claimed scary powers to interfere with any digital device in the UK or abroad. We also know they spied on Amnesty International illegally, and if they are so opaque, we cannot know if they are interpreting 'national security' in a political way. Now the police want access to these powers. If they play fast and loose in this way with existing law, who knows what they'll make of the new Investigatory Powers bill? The right to privacy isn't something we can leave up to ministers and judges operating in secret - it's something necessary to us all as human beings and to society, and we should all be involved in the discussion.
Encryption alone is unlikely to completely remove the threat of mass surveillance, although Ed Snowden and other whistleblowers have made us all more paranoid about security in general, and rightly so. There are lots of good tools for routine encryption and anonymisation: for instance we're now using Tox as an instant messenger, and Enigmail to apply OpenPGP encryption to email. One thing we would like to organise in the new year is a "cryptobuffet" to demonstrate and discuss some of these tools. For more advanced users, including those working in hostile regimes, the Centre for Investigative Journalism produces an up-to-date guide to computer security. Another possible response is activists networking offline and locally, as described in a fascinating piece by Paul Mobbs in the Ecologist.
Among other related policy things we've been up to in 2015, we've been at a conference on Digital Citizenship and Surveillance organised by Cardiff University's school of journalism and media, and contributed to their report on online policing of "Domestic Extremism" (a term that has included journalists and comedians as well as ordinary activists, such as "non-violent extremists" who are a bit extreme in their non-violence.) If you're confused about the various post-Snowden cases, there's a list here.
We look forward to the IPT's judgement in the new year, and hope for some moves towards transparency and accountability at the very least. Please do contact us if you have any questions.