Guardian article

The Guardian’s Comment is Free site published a short version of my critiques of RIPA today… you can read it here.

 

Or the full version prior to editing is here:

A little-known tribunal is meeting this week to consider a case a case of wrongful surveillance. The case brought by Jenny Paton and Tim Joyce against Poole District Council in the Regulation of Investigatory Powers Tribunal concerns the local authority’s targeted surveillance measures against the couple and their children in an investigation of their application for school places. Among other activities, council employees trailed the family and interrogated neighbours.

The case comes in the same week that the government issued its response to a consultation process on the reform of the law which the tribunal oversees: the Regulation of Investigatory Powers Act (RIPA) (2000). RIPA has proved controversial as it seems to give many different public bodies new powers of surveillance, but that isn’t entirely true: as many local council officials admit, much of this was going on before 2000, but RIPA regulates and restricts it – in fact, it restricts it too much to some of the published responses to the consultation process. It is, however, almost impossible to determine whether RIPA has increased or decreased surveillance of this kind as no consistent records were kept prior to RIPA’s introduction. What is certainly the case is that the public is now more aware of the use of surveillance powers by agencies they had never realized were allowed to do such things.

Surveys have found that only 9% of RIPA authorizations resulted in either prosecution of enforcement action. In Australia, earlier this year, when only 28% of the use of targeted surveillance (in that case by police) resulted in prosecutions, their law was denounced as an excuse for ‘fishing expeditions.’ So what does a 9% rate indicate for Britain? Desperation perhaps? Or at least that RIPA was being massively overused for trivial issues. The House of Lords Constitution Committee report, Surveillance: Citizens and the State, certainly thought so, arguing not only that the inadequate administrative procedures should be reviewed but also that the government should think again about the whole business of allowing Local Authorities police powers, and that in any case, these powers “should only be available for the investigation of serious criminal offences which would attract a custodial sentence of at least two years.”

The government has failed to take heed of these recommendations. Ok, so they have agreed to restrict the authorization of covert surveillance under RIPA to ‘Director, Head of Service, Service Manager or equivalent’, and that Local Authorities should designate compliance officers so there will be no more junior officers deciding to play James Bond, as in the Poole case. However, by going to a ‘consultation’ whose respondents were dominated by Local Authorities and other RIPA-enabled agencies, they have managed to avoid doing anything particularly radical. This started from limiting the scope of the review through the questions they asked in the consultation.

For example, by asking which covert investigatory techniques specifically should be removed (and discounting any views that said ‘all of them’) they managed to get a mixed set of answers that failed to produced a clear vote against any one technique. Result: no techniques get removed and in fact some of the existing allowed techniques get extended to yet more agencies, for example the new Child Maintenance and Enforcement Commission (the replacement for the Child Support Agency). In particular, this extension of powers covers telecommunications data, whose keeping by the state has of course increased since RIPA was proposed. Now RIPA will be used to allow new bodies access to this data.

A curious note throughout the response by the government is the insistence on using an idea of non-interference with law-enforcement as a reason for not allowing elected officials any more than strategic scrutiny over the actions their own officials take under RIPA. This matters because RIPA is just one of many ways in which law-enforcement is not spreading as a function to increasing numbers of agencies beyond the police and judiciary. This seems to be general position that New Labour has taken – although it hasn’t always got its way – does anyone remember the dropped proposals to allow any ‘responsible people’ to levy on the spot fines?

And the government response seems to take a bullish delight in attacking those who have criticized the surveillance society. They insist, for example – and despite all the evidence to suggest that such interventions have limited effectiveness – that Local Authorities should make more use of overt, mass surveillance, like CCTV, instead of using RIPA. They are creating a binary choice, which seems to say assume that some kind of surveillance should be used: which do you choose, overt or covert? But, of course, that shouldn’t be the choice at all. They are also trying to have their cake and eat it on CCTV: the response to the consultation dismisses those consultees who brought up the subject of CCTV – which is not covered by RIPA – but feel quite able themselves to recommend its extended use in their own response. This of course also ignores the perfectly legitimate feeling amongst many that it is about CCTV was brought under proper control and a reformed RIPA might well be the place to do it.

Then there are things missing: notably, the concentration on Local Authorities, which for the most part has completely obscured the use of covert surveillance by central government departments and arms-length agencies including the Department for Environment, Food and Rural Affairs (Defra), the NHS and the Environment Agency, all of which have been criticized in the past by the Surveillance Commissioner.  Nothing seems to be proposed to increase the visibility of the RIPA Tribunal which is, just for now, in the news. The Lords described it as all but invisible and weak. Nor do the government propose to do anything to strengthen training or the Code of Practice, and in any case, there has been a huge over reliance on such self-regulation for matters which should have more formal control; this is also how CCTV and the security industry is largely – and incredibly ineffectively – regulated in the UK.

Pretty much anyone could have predicted this limp response from the Home Office to some rather serious problems. They don’t read their own research, they don’t do consultation in a meaningful manner, and then, surprise, surprise, they conclude that there really isn’t very much wrong after all. Jenny Paton and Tim Joyce may well disagree, and let us hope that the RIPA Tribunal do too.

RIPA to be limited

The UK Home Office is finally publishing plans to reform the Regulation of Investigatory Powers Act (RIPA) which defined in law the surveillance powers open to hundreds of government bodies. You can see what I have previously said about the consultation here. The consultation on RIPA actually had 7 major questions. The Home Office has now responded to all the opinions offered during the consultation. In more detail, this is what was said:

1.    Taking into account the reasons for requiring the use of covert investigatory techniques under RIPA set out for each public authority, should any of them nevertheless be removed from the RIPA framework?

Response: basically, none should be removed. Although the Home Office noted that many respondents had objections, they didn’t feel they added up. Indeed this section also seems to include extensions of the powers (or clarifications that act effectively as extensions) for example the ability of the Child Maintenance and Enforcement Commission (the replacement for the Child Support Agency), to have access to telecommunications data to investigate fathers required to pay child support. These extensions may be warranted or not, but they show the tendency for what Gary Marx long ago called ’surveillance creep’ to occur – the saving of telecommunications data has increased since RIPA was proposed and now RIPA will be used to allow new agencies access to this data.

They also note that they will not be returning any of these investigatory functions to the police. This is interesting because later they use the reason of non-interference in law-enforcement for denying elected councillors detailed oversight. So this confirms a trend to less and less accountable law enforcement.

2. If any public authorities should be removed from the RIPA framework, what, if any, alternative tools should they be given to enable them to do their jobs?

Response: given the previous response, it is not surprising that no real change is proposed here. The Home Office in fact insists that more emphasis should be placed on overt surveillance by local authorities (like CCTV) in order to reduce the need to resort to RIPA’s covert surveillance!

3.    What more should we do to reduce bureaucracy for the police so they can use RIPA more easily to protect the public against criminals?

This wasn’t a question that I ever noticed critics of RIPA asking. Some agencies seem to have objected to the amount of paperwork around RIPA and The Home Office “agrees that it is in no-one’s interests for documentation to be unnecessarily time-consuming” and they, for once, insist on a proper auditable trail that can help protect privacy. They say in any case, applications are already down massively.

There is an interesting note that suggests the increasing use of RIPA for counter-terrorism activities which is left rather open – “the Government is facilitating the work of police collaborative units, such as the regional counter-terrorist units… This means officers seeking to use techniques under RIPA will be able to apply to authorising officers in different forces, where the Chief Officers have made a collaboration agreement that permits this”, in other words that RIPA might be used for massive, blanket undercover surveillance operations. Now that certain wasn’t what the government has recently claimed it was intended for – although of course, as anyone with any kind of memory will recall, it was exactly the justification used for passing it.

4.    Should the rank at which local authorities authorise the use of covert investigatory techniques be raised to senior executive?

Response: The media reports thus far have focused on the plan to limit the authorisation of such practices to council chief executives and directors – a recommendation made by the House of Lords Constitution Committee – what the Home Office actually recommends is to restrict the decision to a rather wider set: ‘Director, Head of Service, Service Manager or equivalent’. So, no junior officers any more, which is good, but not necessarily senior managers only. They also recommend having a compliance officer designated, which is good if they genuinely work on active and ethical compliance rather than thinking of excuses in retrospect.

5. Should elected councillors be given a role in overseeing the way local authorities use covert investigatory techniques?

Response: yes they should, but it should be ’strategic’ and limited to once a year setting of policy and strategy with quarterly oversight meetings. They argue, as I mentioned earlier, that non-interference in law-enforcement is a good reason for keeping elected officials away from the details… Councillors in the UK have been increasingly hamstrung in the way that they can oversee their supposed bureaucracy, even to the point where they have been fined and suspended for criticising their own officers. Some real control would be welcome (after all, that is what the purpose of local democracy should be).

6. Are the Government’s other proposed changes in the Consolidating Orders appropriate?

Response: the Home Office basically rejected all the respondents’ comments on the proposals.

7.    Do the revised Codes of Practice provide sufficient clarity on when it is necessary and proportionate to use techniques regulated in RIPA?

Response: the codes of practice will be made clearer. No more guidance will be given. The Guardian says that the proposals will ‘ban’ the use of RIPA for ‘minor matters’ but I can’t really see that they do this, and the points of such codes is usually to avoid recourse to the law by encouraging a voluntary self-regulation; it is how CCTV is largely – and incredibly ineffectively – regulated in the UK too.

Europe’s Surveillance State

The Open Europe report

I have just got hold of a new report by UK-eurosceptic think-tank, Open Europe, called How the EU is Watching You: the Rise of Europe’s Surveillance State, which whilst it isn’t as startling as the NeoConPanopticon report from the Trilateral Institute and Statewatch, does some to collect some useful information together in one place. Crucially the report points out the same thing as Will Webster and I did in our paper in JCER a couple of months ago, that this isn’t just a case of ‘European’ bad practice being imposed on the UK, but just as much UK bad practice being exported and generalised throughout Europe.

One interesting footnote is how the discourse of opposition and analysis is changing. A few years ago, and still in academia, the idea of the ’surveillance society’ was the dominant way of describing the situation, but now there is once again an increasing focus on the ’surveillance state’ or the ‘database state’.  This is partly, I think because there are an increasing number of right-libertarian and anti-state or small-state groupings openly opposing increasing surveillance – for example, the new Big Brother Watch in the UK, and they tend to emphasise the state’s role (or in this case, the role of an organisation they regard as an unaccountable superstate). This also reflects the growing opposition from the UK in particular. This is particularly interesting because in the past, the idea of the ’surveillance state’ was mainly a historical term to do with the development of repressive political policing, especially that involved in colonial counter-insurgency – see, for example, Alfred McCoy’s new book, Policing America’s Empire, on the role of the US occupation of the Philippines in the co-evolution of US and Filipino state surveillance practices – or in the totalitarian regimes of the former Eastern Bloc.

The landscape today is much less obviously one of state control. Indeed one could see these developments as a result of the retreat of the power of the individual state and an attempted reconfiguration of state-power of a new kind at a supranational level. And, this power is crucially dependent, as it has been since the end of WW2 on the private sector. The military-industrial complex is now a security-industrial complex and security is no longer anywhere near being simply state business.

The Biggest Database in the World

James Bamford has a superb review of the new book by Matthew Aid about the US National Security Agency (NSA) in the New York Review of Books this month. What seems to be causing a stir around the intelligence research (and computing) community is the reference to a report by the MITRE corporation into a the information needs of the NSA in relation to new central NSA data repository being constructed in the deserts of Utah. The report, which is being rather speculative, says that IF the trend for increasing numbers of sensors collecting all kinds of information continues, then the kind of storage capacity required would be in the range of yottabytes by 2015 – as CrunchGear blog points out: there are “a thousand gigabytes in a terabyte, a thousand terabytes in a petabyte, a thousand petabytes in an exabyte, a thousand exabytes in a zettabyte, and a thousand zettabytes in a yottabyte. In other words, a yottabyte is 1,000,000,000,000,000GB.” However CrunchGear misses the ‘ifs’ in the report as some of the comments on the story point out. There is no doubt however, that the NSA will have some technical capabilities that are way beyond what the ordinary commercial market currently provides and it’s probably useless to speculate just how far beyond. Perhaps more important in any case, are the technologies and techniques required to sort such a huge amount of information into usable data and to create meaningful categories and profiles from it – that is where the cutting edge is. The size of storage units is not really even that interesting… The other interesting thing here is the hint of competition within US intelligence that never seems to stop: just a few months back, the FBI was revealed to have its Investigative Data Warehouse (IDW) plan. Data Warehouses or repositories seem to be the current fashion in intelligence: whilst the whole rest of the world moves more towards ‘cloud computing’ and more open systems, they collect it all and lock it down.

Information-rich animals

Iris scanning has been proposed for horse by a company called Global Animal Management (GAM) Inc. As bloodstock is a huge and lucrative business – feeding everything from the private obsessions of the super-rich through the horseracing industry to the dreams of teenage horse-enthusiasts – it is not surprising to see such investment in biometrics. Racehorses were, after all, the first living creatures to be regularly microchipped. Vets seem sceptical about the idea, but surely members of the medical profession would be more enthusiastic about non-invasive replacements for invasive identification techniques like RFID?

Ironically, support for the scepticism comes form GAM’s own website, where a very interesting short video shows just how comprehensive the surveillance of animals through RFID chips has become. RFID chips do not just identify, they carry whole life-cycle information on origins, movements, health and disease and legal compliances. And because of the chips this information is carried with the animal not simply associated with it via a distant database as the result of an occasional scan. The system creates what GAM calls ‘information-rich animals’, which presumably is what makes GAM – and it hopes, its customers – cash-rich too…

(thanks to Aaron Martin, whose reading now seems to include Horse and Hound magazine…)