Activists called for another web blackout in protest against the Cyber Intelligence Sharing and Protection Act (CISPA) passed by the US House of Representatives, similar to last January’s action by Wikipedia, Reddit, Google, Mozilla and others, while UK internet security experts have written to the PM to object to the “Snooper’s Charter” Communications Data Bill.
The experts say:
Dear Prime Minister,
One year ago, we learned that the Home Secretary intended to resurrect plans to monitor every British person’s Internet activity. One year on, the plans remain as naïve and technically dangerous as when they were floated by the last Government. Parliament does not have a good track record in legislating for the Internet. The most recent foray, the Digital Economy Act, has proven both unworkable and unhelpful, while more feasible alternatives were ignored and taxpayers’ money was poured into a technically inept political totem.
It seems that government has not learned the lessons of that ill-fated legislation and is intent on trying to foist onto the Internet a surveillance system designed for landline telephones. Many of the technical experts consulted are people that will profit from the plans, whether they succeed or fail. Outside independent experts have not been meaningfully involved in any way. There is little evidence justifying existing EU requirements for Internet Service Providers (ISPs) to retain records about use of their own services, according to studies by the Max Planck Institute, Germany’s Federal Criminal Police Office, and the Dutch Erasmus University.
Consumer confidence in network security is an essential foundation of the digital economy and the trend is towards encrypted communications to large websites. The Communications Data Bill cannot do anything effective about this shift. The provisions to force ISPs to monitor how customers use third party services will be expensive, will hinder innovation and will undermine the privacy of citizens visiting specialist websites (such as advice on pregnancy, HIV and mental health) without giving the police any new effective tools to monitor criminals who chat via social media. The bill combines high financial and privacy costs with low benefits for real police work. The money would be better spent on more police officers, on improving our police forces’ computer forensic capabilities, and on international collaboration to tackle cybercrime, than on yet another IT project that already shows the classic symptoms of becoming a failure. While putting the UK’s internet-based business community at a significant competitive disadvantage, the Bill will be copied by less-democratic regimes around the world, undermining decades of British foreign policy.
We the undersigned urge the Government to abandon the Communications Data Bill and to
work with the technical community and the police to meet the real challenges of law
enforcement in a connected world, rather than imposing a policy that poses a significant risk
the UK’s economic and political interests.
Ross Anderson, professor of security engineering at Cambridge University’s computer laboratory, Angela Sasse, professor of human-centred technology at UCL, Ian Brown, a senior research fellow at the Oxford Internet Institute and others