Draft Investigatory Powers Bill – Written Evidence

We are making this statement in the capacity of Scottish PEN, the Scottish centre of the world association of writers, PEN International. It is a charitable body for the advancement of the education of the public by the following means: i) The encouragement and promotion of writing in and about Scotland nationally and internationally; ii) […]

We are making this statement in the capacity of Scottish PEN, the Scottish centre of the world association of writers, PEN International. It is a charitable body for the advancement of the education of the public by the following means: i) The encouragement and promotion of writing in and about Scotland nationally and internationally; ii) The support of writers worldwide in the interest of freedom and artistic expression; iii) The fostering of international understanding through the appreciation of literature; iv) The attendance of Scottish PEN representatives at conferences, symposia and other meetings of writers worldwide; v) The organisation in Scotland of conferences and other literary events; vi) The undertaking of any legal activity to further these charitable objects provided that Scottish PEN shall in no circumstances engage in political activities.

INTRODUCTION

  1. As an organisation charged with representing writers to ensure the fundamental freedoms to write, read and share thoughts, there are a number of aspects of the draft Investigatory Powers Bill that could threaten these freedoms were they to be made into law.
  1. We have polled our membership of over 300 writers, including fiction, non-fiction, journalists and poets for their reactions to the enhanced surveillance proposals contained within the draft bill. The answers of the 22 respondents have informed this submission. The polling questions can be found in APPENDIX I (31-34)
  1. Further to the supplying answers to the questionnaire, Scottish PEN members were given the opportunity to present a statement in relation to the draft Investigatory Powers Bill (named or anonymous) these can be found in APPENDIX II (35-47)
  1. The three aspects within the bill that we are focusing on relate directly to the freedom of our membership and the broader writing community within Scotland to write and read. These aspects are: (1) the retention of Internet Connection Records (ICRs) by telecommunications providers of every British citizen for 12 months that can be accessed by public bodies; (2) Technical Capabilities Notices, that can give the Home Secretary increased capacity to pass on obligations to telecommunication providers. This is widely held to contain the obligation to build in backdoors to online communications platforms for the security services to collect user data, as well as the ability to decrypt data on demand; and (3) the prevalence of gag orders that restrict knowledge of the actions contained within the draft bill being shared with journalists, customers and the wider community. This can include the aforementioned technical capabilities notices (s.189); interception (s.43 (1-7)); equipment interference (s.148); and retaining communications data (s.77).

INTERNET CONNECTION RECORDS (ICR)

  1. The draft bill stipulates an obligation of telecommunications providers to hold for 12 months the ICRs of every British citizen for 12 months that can be accessed by public bodies without a warrant. This contains everything in a URL prior to the first forward slash.
  1. While this to protect against capturing ‘content’, many commentators and technical experts questions the ability to effectively make this distinction.
  1. Scottish PEN is deeply concerned about how this will enable the state and the security services to construct remote profiles of Internet users from their browsing history alone.
  1. Scottish PEN represents writers and readers who, at times, research and read challenging material that represents a broad and diverse set of values that do not at any given time fully or accurately represent their own personally held political, social or religious beliefs.
  1. Earlier this year, PEN International commissioned a study into the impact of mass surveillance on writers around the world. “The survey findings demonstrate that increasing levels of surveillance in democracies are seriously damaging freedom of expression and thought, the free flow of information, and creative freedom around the world.”[1]
  1. These findings supported the findings of the PEN American Center who commissioned a similar study of US based writers in 2013 who found that “1 in 6 writers has avoided writing or speaking on a topic they thought would subject them to surveillance” [2]
  1. In the polling of Scottish PEN members, over half of respondents answered that the retention of ICRs will change how they conduct their research and source information online.
  1. Encouraging writers and readers to engage in self-censorship to ‘escape’ surveillance cannot ensure the free expression that defines a modern democracy.
  1. Writers, readers and researchers require privacy to ensure they can complete their work free from undue attention or pressure that may hinder their freedom in fully exploring the issues they are focusing on.
  1. Requiring public bodies to seek approval through a communications data acquisition notice and not a warrant signed by a judge removes a much-needed level of oversight to ensure that they are independently judged to be acting in a “necessary and proportionate” manner. While the designated person is required to be independent from the investigative team requesting the notice, the fact that they are representing the same body raises key questions as to whether this amounts to independent scrutiny.
  1. Writers in Scotland have already experienced the dangers of unclear or vague oversight procedures through the highly publicised issue of Police Scotland ‘committing “multiple breaches” of a new code intended to guard against unlawful spying on journalists’[3] which, at the time of writing, is currently being investigating by the Interception of Communications Commissioner’s Office (IOCCO).

TECHNICAL CAPABILITIES NOTICES

  1. Section 189 (1) stipulates, “the Secretary of State may make regulations imposing specified obligations on relevant operators, or relevant operators of a specified description.”
  1. We are concerned about the vague nature of this section as it does not specify the limits to these actions, going on to state that “Regulations under this section may impose an obligation on any relevant operators only if the Secretary of State considers it is reasonable to do so.”
  1. Technical experts such as Glynn Moody at Ars Technica and George Danezis, an associate professor in security and privacy engineering at University College London have stated that this section may be used to empower telecommunications providers to build in backdoors in their software for the security services and decrypt data on demand.
  1. Further clarification is necessary to ensure that all actions that are contained within this section fully compile with all existing legislation.
  1. Backdoors in online platforms weaken the overall security of the platform opening up users to vulnerabilities that can be exploited by hackers and other third parties. This concern has been vocalised by Tim Cook, the CEO of Apple, who stated that: “You can’t have a back door in the software because you can’t have a back door that’s only for the good guys,” [4]
  1. This is of utmost importance to a wide range of writers in Scotland who require secure communications platforms to ensure they can communicate with a wide range of individuals and organisations including publishers, editors, agents and magazines.
  1. Assuming that the creation of backdoors into telecommunications services is included within s.189, 55% of Scottish PEN members who responded to the questionnaire responded that they would not continue to use a platform that had been compromised by the state.
  1. Further to this, over 60% of all respondents claimed that this infiltration of key services would either somewhat affect or seriously affect their communications with colleagues in the UK (63.4%); colleagues abroad (81%); friends & family (82%).
  1. The commercial importance of manuscripts and early drafts cannot be undervalued. As a result the intellectual property of the writers can be undermined if the security of the online platforms they use to communicate cannot be guaranteed.

GAG NOTICES

  1. Throughout the draft bill are a range of gag orders that restrict the ability of telecommunications providers, customers, journalists and civil society from being made aware of a number of the aspects contained within the bill.
  1. Glynn Moody and George Danezis have identified these notices throughout the bill: “interception (Section 43(1-7)); “equipment interference” (hacking€”Section 148); and retaining communications data (Section 77). Gag orders would also be in place for bulk communications data collection (Section 133).”[5]
  1. Scottish PEN condemns any actions that limit the free flow of information, restrict understanding and undermine debate on key issues surrounding freedom of expression.
  1. The inability of telecommunications providers to communicate actions carried out as part of this draft legislation makes it impossible for customers, including writers, readers and researchers, to make an informed decision as to whether to continue to use platforms that may have been compromised by the security services.
  1. These notices are punishable by up to 12 months imprisonment and/or fines and Scottish PEN is deeply concerned that the severity of these punishments will dissuade whistle-blowers and further limit the flow of information to the public.
  1. In the questionnaire to Scottish PEN members, respondents reacted to this breach of trust in a manner that significantly undermines their relationship with the state. When asked whether the inability of telecommunications providers or journalists to share information surrounding key aspects of the draft bill affected their trust of key bodies, 77% of respondents stated that they would severely distrust the UK government, 68% answered the same in regards to telecommunications providers and 59% said that they would severely distrust writers and journalists as a result of their inability to report accurately on the contents of the draft bill.

ANNEX I: Questionnaire to Scottish PEN Members

  1. The draft Investigatory Powers Bill includes a legal obligation of telecommunications services to hold Internet Connection Records of every British citizen for 12 month to be accessed by public bodies without a warrant. Will this change how you conduct your research and source information online?

Yes

No

Other

  1. If a platform that you use on a regular basis (such as social media platforms, emails, online shopping, banking…) had been compromised by the intelligence agencies, would you continue to use it?

Yes

No

Not sure

Other

  1. If your email platform had been compromised by the intelligence agencies, would this affect your communication with the following individuals or groups?

Publishers:

Colleagues in the UK:

Colleagues abroad:

Friends & Family:

  1. If the government was able to access private services (such as social media platforms, emails, online shopping, banking…) and journalists and the telecommunication providers themselves were unable to openly share information about this, how would this affect your trust in the following services?

UK Government:

Press & Journalists:

Service Providers:

 

APPENDIX II: Written Statements from Scottish PEN Members

  1. I am for the highest degree of openness and transparency compatible with safeguarding security. Public acknowledgment in due course by service providers of such intrusions should therefore be normal. –Professor Richard H. Roberts
  1. It is must be inferred that the encroachments proposed by the current government on public and private media, services, platforms and providers will do little to combat organized crime or terrorism. Any such offender with a smidgen of nous, and surely that means most, will keep abreast of developments of this kind and take appropriate measures to ensure safe passage and unobserved action. As the present government acts to reduce the range and volume of the state, layer by layer, what parts of it remain will become increasingly vulnerable to access by corporate interest, in other words by global companies whose command of advanced technology will eclipse anything the intelligence services, dependent on relatively small state budgets, will be able to muster. As that fulcrum is reached, all data previously encrypted by government services, as well as data the present government wishes to access and more, will be available for exploitation, including sell-on to interested parties. Not only the current capabilities and practices of specialized hackers but also the political history of our own era post-1933 already show that it is essential for the public to take special care to protect its data and ultimately personal safety as well as the existence of civil society in all its remaining forms against the actions of future (at present unimagined) governments, state and military agencies, and corporate interest. The present government believes it needs more information to fight our enemies. In fact, the opposite is true: the more information generated and retained, the more vulnerable our societies become. –Iain Galbraith
  1. I oppose any measures designed to limit the level of confidentiality between providers and users such as the Internet Connection Record. The test of reasonableness would need strict definition. My opposition applies to proposed measures emanating from both Westminster and Holyrood. –Anonymous
  1. Anyone who assumes privacy in cyberspace is a fool. It’s all compromised already. No I am not paranoid. I am a Computer Science academic. Anything digital can be seamlessly copied and transmitted. There is no encryption that can’t be broken. Really. If you need secrecy use the postal services. It takes far more human effort to open and read a letter than to scan a digital artefact. And after a letter is destroyed it can’t be copied. When you delete email what has actually been deleted? And from where? –Anonymous
  1. As I understand them, the provisions are so loosely defined that they invite abuse. The assumption that everyone has to be watched is very disturbing. –Anonymous
  1. I think it compromises citizens’ rights to free speech, free interchange of ideas, and private communication. I don’t want to live under surveillance, and I don’t believe it ultimately makes anyone any safer. –Anonymous
  1. The Bill is like using a sledgehammer to crack a marshmallow. –Anonymous
  1. The Bill extends powers to the State which are not obviously different from those in regimes recognised as repressive and are of a piece with current government encouragement to eg teachers to report ‘subversive’ activity or views among their pupils. Of course the state needs to protect its citizens but it is arguable that sufficient means to do that exist already. For instance the identities of the ringleaders of the recent Paris attacks were apparently known to the international police and the problem was a failure to act on information not a failure of surveillance. A key consideration with me is that however apparently benign the intention in setting up further and far-reaching means of surveillance, once such mechanisms are set up and accepted it is easy for them to be misused. It could be the first step to the UK becoming a police state. –Anonymous
  1. This doesn’t significantly change my view of the state nor will it significantly alter my behaviours. I have nothing to hide and know that openness is the best policy. I’m sure they would find most of my communications boring. –Anonymous
  1. This change to the law represents a major intrusion into civil liberties, and a huge addition to the powers of surveillance by the state. A writer’s thoughts and the ways he/she has to generate new work – and also the way he/she communicates, and who with – must be kept private in order to produce the work. I completely oppose this bill. –Anonymous
  1. I am very concerned about the undemocratic and sweeping nature of the powers this bill suggests. I am also extremely concerned about the appalling short time for its consideration. –Anonymous
  1. It’s an infringement of civil liberties, taking us back to feudal times. –Anonymous
  1. Targeted investigatory powers are essential in some cases but it is “overkill” to introduce such elastic and invasive powers for everyone. –A Connolly

[1]PEN INTERNATIONAL, 01/05/2015-last update, Global Chilling: The Impact of Mass Surveillance on International Writers. Available: https://www.pen.org/sites/default/files/globalchilling_2015.pdf [20/12/2015].

[2]PEN AMERICAN CENTER, 2014-last update, Chilling Effects: NSA Surveillance Drives Writers to Self-Censor. Available: http://www.pen-international.org/read-pen-american-centres-report-chilling-effects-nsa-surveillance-drives-writers-to-self-censor/ [20/12/2015].

[3]HALL, K., 2015.  Police Scotland fingered for breaching RIPA code ‘multiple’ times. http://www.theregister.co.uk/2015/09/21/police_scotland_broke_ripa_code_whistleblower_witchhunt_ban/ edn. The Register.

[4]NEWCOMER, E., 2015. Apple CEO Defends Encryption, Opposes Government Back Door. http://www.bloomberg.com/news/articles/2015-10-20/apple-ceo-defends-encryption-opposes-government-back-door edn. Bloomberg.

[5]MOODY, G., 2015. Snooper’s Charter: UK gov’t can demand backdoors, give prison sentences for disclosing them. http://arstechnica.co.uk/tech-policy/2015/11/snoopers-charter-uk-govt-can-demand-backdoors-give-prison-sentences-for-disclosing-them/ edn. Ars Technica.