by
Glyn Moody
Rick
Falkvinge has another of his fascinating posts up on his Web site, but
this one's slightly different from his usual insights into the
dysfunctional nature of copyright and patents. It concerns some
little-known (to me, at least) history of
how Sweden went from being a beacon of freedom to a country under comprehensive surveillance.
As Falkvinge explains, things began with what seemed at the time a very minor matter:
the FRA [a Swedish security agency] had used a
loophole in the law since 1976 that allowed it (maybe) to wiretap all
phonecalls that were routed over satellites, by erecting their own
receiver dishes next to the telco ones. This allowed them to receive all
the satellite signals, in identical copies to what the intended
receiver dish did. The law they used to justify this behavior was one
that said that privacy cannot be expected over radio waves, and that
anybody may listen to anything sent over radio -- which makes sense with
shortwave-type radio amateur equipment, but not necessarily with
satellite links: when you pick up the phone, you expect privacy,
regardless of the technical route of the phonecall.
The key thing to note here is that there is a distinction being made
between the vast majority of phone calls, and the special class of phone
calls made over satellites. That meant that this was not a general
spying capability, but a very limited one that only affected a class of
users. Falkvinge goes on:
Fiber optics in the ground gradually replaced satellites
as the preferred method of transmission, and the FRA complained to the
administrative departments that it had lost its ability to wiretap, and
wanted an amendment to the law that would -- in their own words -- just
"compensate for technical developments".
So the logic here is that the security services were beginning to lose a
very limited capability for spying on a special class of user. But
note what it demanded as a consequence:
What they asked for was a requirement for every owner of
fiberoptics crossing the border to send a mandatory realtime traffic
copy to the FRA. They demanded to wiretap everybody, all the time, if
your phonecall or internet traffic happened to cross one of these
checkpoints (which you can’t tell if it does or not).
So the FRA went from "using a possible loophole in the law to eavesdrop
on satellites" to "demanding exactly everything all the time". This was a
little bit more than just an update for technical progress; this was a
huge difference in scale and a near-complete abolition of the right to
privacy.
The key trick employed here was to claim that the change was just to
"compensate for technical developments", and that there was some kind of
equivalence between the eavesdropping on phone calls via satellites and
those made via fiber optics. And it's true that fiber optics largely
took over from satellites, but that does not make them equivalent. They
are quite different technologies, and spying on one is not the same as
spying on the other -- this was not truly about "preserving" a limited
spying capability, it was taking advantage of the fact that it was now
possible to spy on
everyone in the same way, thanks to new technology.
Significantly, this is exactly the same argument that the UK government is making with what it calls its "
Communications Capabilities Development Programme" (pdf):
Communications data -- information such as who
called whom and at what time -- is vital to law enforcement, especially
when dealing with organised crime gangs, paedophile rings and terrorist
groups. It has played a role in every major Security Service
counter-terrorism operation and in 95 per cent of all serious organised
crime investigations. Communications data can and is regularly used by
the Crown Prosecution Service as evidence in court.
But communications technology is changing fast, and criminals and
terrorists are increasingly moving away from landline and mobile
telephones to communications on the internet, including voice over
internet services, like Skype, and instant messaging services. Data from
these technologies is not as accessible as data from older
communications systems which means the police and Security Service are
finding it increasingly hard to investigate very serious criminality and
terrorism. We estimate that we are now only able to access some
75% of the total communications data generated in this country,
compared with 90% in 2006. Given the pace of technological change, the
rate of degradation could increase, making our future capability very
uncertain.
That is why, in the Government’s Strategic Defense and Security Review,
published in 2010, we said we would "introduce a programme to preserve
the ability of the security, intelligence and law enforcement agencies
to obtain data and to intercept communications within the appropriate
legal framework."
Notice this is couched in terms of "preserving the ability" of security
agencies to spy just as they did in the past. In other words, the UK
government would have us believe that this is simply preserving the
status quo. But as in Sweden, that's not the case here:
We therefore propose to require internet companies to
collect and store certain additional information, like who an individual
has contacted and when, which they may not collect at present. The
information will show the context -- but not the content -- of
communications. So we will have for internet-based communications what
we already have for mobile and landline telephone calls.
It's still not entirely clear what the UK government wants to gather --
it has been understandably evasive on this front -- but it would seem to
include things like recipients of emails, Skype contacts and addresses
of Web sites visited (possibly even full URLs, which will point to very
specific content.) But the details don't really matter, because this is
actually a question of principle.
The UK government, like the Swedish government before it, is trying to
set up a false equivalence between monitoring communications before the
Internet became a mass medium, and after. But the intrusiveness of such
surveillance before the Internet, and before computing power was
available to analyze the data gathered, was limited. Back then, working
out the network of contacts of a person of interest could be done, but
with effort, and at some cost. This ensured that only the potentially
most serious threats were investigated.
But once again, Moore's Law has changed everything. What the UK
government wishes to gather would allow the entire social graph of
everyone in the UK to be calculated in near real-time. It would mean
that their every move online could be watched as it happened, and
cross-referenced with their past communications history. As Falkvinge
points out in another recent post,
what has really changed is not so much the ability to spy, but the cost of doing so.
Today, thanks to our networked lives and the plummeting cost of
hardware, national governments can monitor everything we do online for
the same outlay as the much more limited surveillance of yesteryear. So
what is really being preserved is not some supposedly circumscribed
spying capability, but the orders-of-magnitude cost. By keeping that
cost constant, governments can increase the scope of their spying
hugely.
But just because the technology makes it possible, and the economics
makes it feasible, doesn't mean governments ought to go ahead and do it.
They may claim that they are simply "compensating for technical
developments", but really they are trying to
exploit those
developments to go way beyond what was agreed before as socially
acceptable, and to do so without any consultation on how much online
surveillance should be permitted in a free society.
And as to the UK government's argument that "we are now only able to
access some 75% of the total communications data generated in this
country, compared with 90% in 2006", this conveniently skates over the
fact that the quantity of such communications data has probably doubled
in that time, since
IP traffic is currently growing at around 32% annually:
in absolute terms, more data is available than ever. This is not about
preserving capabilities in order to stand still, it's about running
ever faster into a world of total surveillance.
[SOURCE]
Follow me @glynmoody on
Twitter or
identi.ca, and on
Google+
