Plans to make it easier to snoop on emails and phone calls are causing a
furore in the UK. In SA, such methods are already in place -- and are
routinely abused. The Tory government's plans are outrageous, civil liberty organisations in the United Kingdom said this week.
Giving police and intelligence services sweeping powers to monitor which
websites people visit and intercept their emails, SMSs and virtually
any other electronic communications without real oversight would be a
recipe for disaster, they say, and once the machinery of surveillance is
in place, it will inevitably be subject to abuse. Andrew Lewman, the director of Tor -- the internet anonymity shield used
by activists in Iran and China -- warned that no matter how noble a
state's initial intentions were, such surveillance measures were a
slippery slope.
"Once the data is collected, regardless of the current intentions, it will be used for all sorts of reasons over time," Lewman told the Guardian
newspaper. "The number of crimes [investigated using such measures]
will expand to include all sorts of petty issues, political repression,
and restrictions on speech. Eventually someone will think they can
predict crime before it happens by using the data."
And that's just if the use of such protocols is above board. The risk of
abuse by state instruments is a more worrying concern -- and anyone
looking for case studies of how these increased surveillance measures
might play out need look no further than South Africa, where state
intelligence agencies can -- and do -- access citizens' private communications illegally.
Unwarranted surveillance
The newly revived British plan, confirmed by the government at the
weekend, would allow intelligence services and police access to what
South African legislation refers to as communication-related information
-- numbers phoned, the length of telephone conversations, who emails
whom, and what websites are visited -- retroactively, and without the
need for a warrant. Part of the proposal also involves the installation, at the cost of
service providers and carriers, equipment that would allow the real-time
monitoring of telephone calls and internet sessions, although that
would require a court order. Such information interception ability, the British government says, is vital for the investigation of terrorism and serious crimes. It is not yet clear how the proposed British system will get around the
problem of unregistered telephones or the use of public internet
terminals.
In South Africa, the solution was simple: it is illegal to own or issue a
SIM card for a cellphone that does not have the correct identity and
physical address of the owner registered, and it is illegal to provide a
telephone or internet service that cannot be intercepted nearly
instantaneously.
You Rica'd?
The 2002 Regulation of Interception of Communication Act (Rica) put in
place most of the measures now under discussion in Britain. Though it
requires interception directives to be issued by a magistrate or judge,
it also allows any law enforcement officer to bypass such requirements
on the grounds of urgency. Even those measures are routinely ignored, however, as the Mail & Guardian reported last year,
citing numerous sources within the state security agencies who claimed
illegal interceptions were a common occurrence, especially in police
crime intelligence. Even when surveillance is entirely legal, the sheer volume of such cases
is cause for serious concerns about the wisdom of allocating the
resources required. In South Africa, a staggering number of legal
interceptions has been carried out: over a four-year period up to 2010
-- before the most onerous requirements of Rica came into effect -- just
one of the state's eavesdropping centre had legally carried out three
million interceptions.
The most common justification for such mass government surveillance is
terrorism, despite the fact that there is no compelling evidence that
dragnet-type surveillance would impede terrorists in any way.
"The basic idea is to collect as much information as possible on
everyone, sift through it with massive computers, and uncover terrorist
plots. It's a compelling idea, and convinces many. But it's wrong," wrote US security analyst Bruce Schneier in 2006.
"We're not going to find terrorist plots through systems like this,
and we're going to waste valuable resources chasing down false alarms."
Spies, damned spies and statistics
The problem, in Schneier's view, is pure statistics. Gather enough
information and inevitably small errors become impossible to deal with,
even ignoring the privacy implications. No system that relies on a
combination of web-browsing habits and telephone calls to identify
threats is perfect. Assume that only one innocent citizen is incorrectly identified as a
possible terrorist out of every 10 000 who are subjected to automated
scrutiny, which would be an astoundingly low false-positive rate.
Assuming surveillance covers every South African, for instance, and that
would make for 4 900 people who would have to be investigated -- each
one of which would tie up resources that could be used in a far better
manner.
"Finding terrorism plots is not a problem that lends itself to data
mining," says Schneier. "It's a needle-in-a-haystack problem, and
throwing more hay on the pile doesn't make that problem any easier."
Except, of course, if monitoring capability put in place to gather
intelligence and evidence is put to use for both mass surveillance and
mass arrests.
"From now on, anyone who regularly consults websites that advocate
terrorism or that call for hatred and violence will be criminally
punished," said France's President Nicolas Sarkozy shortly after the
March shooting and siege in Toulouse.
Whether or not any such measure will actually be implemented once
France's presidential elections take place this month remains to be
seen.
Source: Mail & Guardian
No comments:
Post a Comment