Tuesday 17 April 2012

Back to the future?

One of the “joys” of getting older is the realisation that nothing is ever really new and that almost everything that happens is bound to come round again in your lifetime. The contribution of networked technology to this time-honoured process seems to be the speed with which, these days, history repeats itself. At the same time when the average person’s memory and attention span seems to be contracting due to the overload of information to which we are all exposed, fashions - of the clothing and political type - seem to be coming full circle more quickly than ever before.

While Matron could go on about the way in which our current government seems to be obsessed with re-enacting the 80s (Royal Wedding, check; riots in the streets, check; sending visible "goodwill" in the form of aircraft carriers to small islands near South America, check), or about the horror she feels when mint green dungarees are staring her in the face from the pages of the Observer off a Sunday morning, her most recent deja vu actually stems from something closer to her own heart. Namely, the outrage caused a few weeks ago by the governments “new” proposals for extending the police and security service’ powers to carry out surveillance of electronic communications.

Snappily dubbed the Communications Capabilities Development Programme (CCDP), it proposes – in a nutshell – the expansion of existing requirements for the retention of, and access to, communications data to data generated by social media services and others. As well informed observers and privacy obsessives of any kind quickly noted, there are uncanny similarities between this project and Labour’s doomed “Interception Modernisation Programme” which had to be dumped in 2009 in the face of mounting opposition, mounting costs and an increased understanding even by politicians that the technical difficulties that developers would have to overcome would not be would not be conquered any time soon. However, what the security services want, the security services eventually get, so Matron knows very few people who were really surprised when this particular ball was fetched from its hiding place in the long grass and kicked back into play.

As those who know Matron in the flesh are aware, when stories like these break, she tends to express a desire to move to a wood cabin in the Outer Hebrides, armed only with a sawn-off shotgun and a box full of beans. It was therefore not without a certain irony that the sofa in the holiday cottage where she watched the news reports about the CCDP had a view of the Western Isles. Alas, holidays end, and it’s still bl**dy cold up there in Northern Scotland, so until it warms up a bit, Matron has opted for adding her two cents’ worth.

There is very little to be said about the CCDP that has not already been said on ORG’s most excellent wiki on the subject. Others, like Paul Bernal, have analysed the likely attitudes of the UK political parties to renewed endeavours to push through this massive expansion of surveillance. Within a UK context, both sides are busy preparing for yet another big fight and the sound of sharpening knives on Matron’s Twitter feed is almost palpable.

Matron has no idea whether this (Coalition) government stands any realistic chance of getting a law adopted that managed to defeat the previous government while it had a substantial majority. She has to admit that she is not quite so pessimistic about this as Paul Bernal, who thinks that all three parties have good reasons to vote this through. Agreed, it will take a good hard fight to prevent it, long nights spent burning the midnight oil, hours of fruitless discussions and the likely disillusionment of yet another generation of campaigners for a free and open internet. However, the crux of the matter lies in the level of attention that this proposal currently attracts. And on that count, at least, the opponents have a slight advantage as tech and law journalists seem to choose to give this matter prominence. This may even be one of the increasingly rare cases where good journalism (rather than the kind that works off the press release) prevails.

However, what if we win this? Then what? Will that stop the government – and more importantly the security services – from craving the “precious”? Will it heck. And this is where Matron thinks that we could all do with revisiting history in an attempt to prevent its repeat. In particular, the CCDP should by no means be seen solely as a UK legislative project but should be put in context of developments currently going on at European level.

Connecting the dots

As many readers will be aware, the UK government is not the only actor currently on stage pensively staring at a skull. The DG Home of the European Commission is at this very moment engaged in an impact assessment of whether or not changes should be made to the EU Data Retention Directive and what, if any, those changes should be.

The Directive was pushed through the EU legislative process – almost as an emergency measure – in late 2005 on the basis of shortcuts, backroom deals and a blatant disregard for both popular opinion and fundamental human rights. Since then, the Directive and the national laws trying to implement it have encountered numerous hurdles in the form of constitutional court judgements questioning their compatibility with the right to privacy, national parliaments refusing to transpose all or part of the Directive and a more or less obstructive tech industry. What was meant to be adopted as a harmonising measure has led to some of the most fractured legal environment ever and one that is now actively threatening to impact on the online industry.

Matron has commented on these developments several times already, but with the CCDP now on the horizon, more needs to be said:

Timing

First, the timing of the publication of the CCDP proposals (the official "official announcement" is still expected for the Queen's Speech in May) is unlikely to be a coincidence. If, as rumour still has it, the EU Commission is going to adopt a proposal for a revised Data Retention Directive as early as September of this year, the CCDP could, and should, be seen as the UK both drawing a line in the sand early and setting out their shopping list.

As many others will remember, last time round, the Labour government - having already legislated for wide-ranging access provisions in the Regulation of Investigatory Powers Act 2000 - battled to get a mandatory communications data retention requirement adopted in the UK against considerable resistance by ISPs, the Lords and the media for almost four years before they quietly policy-laundered the whole shebang in Brussels.

The advantages of this approach are clear: the British media is notoriously focused on what is going on in Westminster and almost pathologically averse to reporting anything that happens in Brussels unless it is about something like the bad Europeans dictating the shape of “our” bananas. This may therefore well happen again.

Choice of options

Secondly, the Commission has allegedly already commissioned a study as part of its impact assessment for a revised DR Directive. Among the options said to be under consideration for a revised Directive is the option of "expanding the collection of communications data". This does not bode well. Although most of us will be hoping that the review will give effect to the various constitutional court decisions across the EU that criticised the current Directive, it is always dangerous to untie a legislative bundle. Stuff happens!

This makes it even more important that we finally get an ECJ decision on the Irish High Court reference which raises the human rights implications of the existing DR laws. Fortunately, it seems as if the High Court has now finally come out of its hiatus and made the reference in January. But given the ECJ timetable, this may yet be too late.

Political will and power

Thirdly, the hard core of opposition to the DR Directive, both within and outwith the political classes, currently comes from Germany, which is also - as we are frequently reminded - the EU's biggest economy and the member state (bar possibly Austria) with the biggest privacy chip on their shoulder. It is therefore likely that the German position on this – in the European Parliament and the Council – will be of the utmost importance when this is going to be decided.

Much of the political resistance rests on the shoulders of Justice Minister Leutheuser-Schnarrenberger, a declared opponent of DR who was one of the claimants in the by now famous German constitutional court challenge before her party joined the German coalition government, but who, to her credit, has continued to man the barricades after she was appointed to her current job. Alas, she is a Liberal Democrat MP and although Matron has not lived in the country for years, from what her German friends tell her, the German Lib Dem's chances of getting enough votes to even get back into the Bundestag come the next German election (October 2013) are as slim, if not slimmer, as those of their British counterparts. Word on the street has it, they may even go the way of the dodo.

While one should never pay too much homage to the power of one single person to change the ways of the world, one should also not underestimate the problems their absence can cause. Once Leutheuser-Schnarrenberger is gone, German political resistance to DR is likely mellow considerably. There is, of course, that constitutional court decision, but that will not protect us against the collection of new traffic data, it will merely provide an upper limit for retention periods and access safeguards - in Germany, not the UK!

Timing revisited

Similarly, if the speed with which the last DR Directive was pushed through is anything to go by, the final discussions/negotiations of a revised Directive may actually coincide with both the looming end of Commissioner Malstroem's period in office and the next European Parliament elections (summer/autumn 2014).

That is never a good thing as it tends to lead to "fire sales" in the corridors of power in Brussels. We've seen this with the Telecoms Package (where, oddly enough, it worked partly in our favour) and Commission employees Matron spoke to in Brussels in January already voiced this as a concern with regard to the new Data Protection Regulation which may face a similar challenge. So this is something that we need to bear in mind from a campaigning point of view.

Overall, it is therefore most important to remember that regardless of any political wrangling that we will have to go through in the UK (and it goes without saying that we should oppose this harebrained threat to civil liberty strenuously), we should bear in mind that with a reasonably vigilant British press, the House of Lords, loud-mouthed voters and stubborn, cost-averse ISPs, the government's chances of getting anything substantial past the UK Parliament are infinitely slimmer than their chances of "outsourcing" this to the EU in what may well turn out to be a parallel legislative process.

What is more, from a political point of view, the latter is a win-win. If loose here, but are successful in Brussels, they can then come back to Westminster with hangdog eyes and say, "So sorry, chaps, but we have to implement this now, Brussels told us so".

This may make Matron sound like a cynical and disillusioned old hag, but her guess would be that there is a plan to this effect somewhere in a drawer in Whitehall, even if it is marked "Plan B". The Home Office and the security services are used to playing the long game. The fact that those involved in the pushback will be roughly the same people (at civil society level) who are also going to be engaged in fighting on several other fronts (including trying to get a decent version of the Data Protection Regulation adopted) at roughly the same time, is not helping matters either. Most human brains only have so much capacity.

So nipping this in the bud over here would be great, but it won't be enough. We need more brains, we need a wider horizon and we need to build alliances in the EU on this and quickly. For that we need individuals in the UK (including lawyers, techies, journalists, campaigners) willing to spend some time and to get their head around rather complicated technologies, legal frameworks, lobbying strategies and political tactics.

On Thursday, 19 April, the good folks at Privacy International, ORG, fipr and the LSE are organising a workshop called “Scrambling for Safety” where many of these issues will be discussed. The line-up is stellar and the need to cooperate is clear. If you are at all interested in becoming involved please register here or follow it on Twitter (#sfs2012).

Matron may even see you there.

No comments:

Post a Comment