01:27 PM

U.K. 'Big Brother' Bill Blocked -- For Now

Deputy Prime Minister Clegg kills so-called "snooper's charter" bill, which would allow broad government monitoring of private communications. But is the bill really dead?

An unpopular communications monitoring bill some critics called a "snooper's charter" has been thrown out by part of the very same administration that introduced it last June.

Clearly there is some politicking going on, with Deputy Prime Minister Nick Clegg, who leads the smaller Liberal Democrat party declaring on Friday that the Communications Data Bill is toast.

Clegg wrote in The Daily Telegraph that the bill's plan to allow the state to monitor electronic communications fails the test by allowing authorities to increase storage of personal data without solid justification for doing so. Under the bill, British-based ISPs and telcos would have been obliged to keep a record of every website a customer visited, who they communicated with on social networking sites, every voicemail made on Skype, and all emails and texts for a 12-month period.

[ Do you worry about how your personal information is used? You're not alone. Read Consumers Concerned About Online Data Privacy. ]

According to Clegg, such blanket retention of everyone's data goes too far. His party, he stated, cannot permit a significant reduction in personal privacy, based on proposals where the workability remains in question. "There is a careful balance to be struck between security and individual liberty -- a classic dilemma for all governments," he wrote. "But this Bill does not get that balance right."

Clegg contends that the impetus behind the Bill is the right one: How does Britain equip its security agencies to catch criminals populating new technologies? After all, he acknowledged, "the first duty of any government, including this one, is to keep people safe." But it seems practicality as much as political philosophies were at work in the derailing of the legislation, as Clegg pointed out: In practice, such powers would be easily avoided by the tech-savvy criminal.

He also pointed out that U.S. Internet firms like Facebook, Google, Yahoo, Twitter and Microsoft "will not readily accept laws which seemingly give us jurisdiction over their activities abroad." Clegg said these tech firms' legitimate fear is that other countries will seek to do the same as Britain under these proposals, including those less scrupulous in their use of citizens' data. Clegg added that Wikipedia has already promised that, should the changes go through, it would begin encrypting data to protect its U.K. customers. "Far better we focus our time and energy on the sensible and proportionate measures that help keep people safe," Clegg concluded.

Clegg offered an even sharper critique on his weekly London radio broadcast, describing the bill as "neither workable nor proportionate" and stating that the changes "certainly [aren't] going to happen with Liberal Democrats in government."

Other opponents of the bill praised its abandonment. Big Brother Watch claimed the legislation would have made Britain a "less attractive place to start a company and put British companies in the position of being paid by the government to spy on their customers, something that oppressive regimes around the world would have quickly copied."

Getting back to politics, however, the bill might not die in end -- it might instead just be radically altered.

The Prime Minister's office told The Financial Times Friday that internal cabinet discussions are continuing over how to best equip the state to intercept cybercrime and terrorism: "The reality is that the technology changes fast and that issue has not gone away. There are sensitive issues around this; discussions are continuing on how progress is to be made."

So was the bill's rejection a rebellion by a freedom-loving junior coalition party -- or a bit of clever PR to mask a tactical retreat? Probably a bit of both. At least some observers are predicting the return of the bill very soon, albeit in modified form.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Michael Endler
Michael Endler,
User Rank: Apprentice
4/28/2013 | 8:50:01 PM
re: U.K. 'Big Brother' Bill Blocked -- For Now
"Those who would trade essential liberty to obtain a little temporary safety, deserve neither liberty nor safety" is one of the most commonly quoted versions. There are a lot of slight variations, and some disagreement regarding when the sentiment was originally expressed (but as far as I know, there isn't much disagreement that Franklin originated the saying).

A government's ability to monitor citizens is an interesting and important question, no matter whether we're talking US, UK, or any other nation. A lot of our notions about liberty were established in a dramatically different technological era-- long before concepts like cyber-terrorism, hacking, dirty bombs, nuclear arms races, and the like could have been foreseen. There have always been terrorists and tyrants, but their ability to inflict damage has increased exponentially over time. Their ability to do so discretely has also increased in some ways, though intelligence technology has compensated to an extent. Does this mean we hold true to Franklin's words? Or does this mean we need to make some concessions in light of current threats? Can such concessions be made without sending society down a slippery and dangerous slope? It's a complicated problem. and not one that gets debated appropriately.

Many U.S. media personalities and politicians, for example, respond much differently to domestic terrorists (who are statistically more likely to kill you) than to foreign terrorists, making clear the extent to which national security conversations are muddied by other agendas and trends. Whenever something happens, xenophobia and racism square off against political correctness and anti-colonialism. It happens in lots of ways: immigration policy debates encroach on our analysis of terrorism responses; economic motives obfuscate where the military industrial complex and corporate interests end and where necessary protections for individual citizens begin; etc. And then there's the ratings/ sensationalism issue for the media, and the "tell my constituency what it wants to hear, even if I know it's wrong" attitude from politicians. It's hard for regular people to be responsible citizens when the core issue - already complicated - get diluted by all this other stuff.

You can throw a lack of government transparency in the trouble, too. Federal-level government stonewalling is somewhat easier to justify than media responses and Congressional grandstanding, I suppose (there are instances - a clear danger to the public, for example - in which the public still has a right to know, just not a right to know RIGHT NOW). But even so, so much stuff still gets sloppily thrown under the "classified for reasons of national security" catch-all.

The point of all that? It's a mess. Times change, and that might mean a pragmatic and thorough approach to national security has to change too. But we're not having reasonable debates about what our rights are expected to be, what they actually are in the government's eyes, and what they need to be. It's all obfuscated by tangential chatter. In some cases, such chatter is unavoidable because the topic is complicated. In many cases, though, the chatter emerges because someone is trying to hijack debate to serve a special interest. If you want to know why so many people are either political militants or so disenchanted that they just don't engage with the process at all-- just look to the system I'm describing. It cultivates feuding polarities, but not helpful conversations about the real problems.
User Rank: Apprentice
4/28/2013 | 12:43:06 AM
re: U.K. 'Big Brother' Bill Blocked -- For Now
Don't you think that this 'Big Brother' thing is becoming a worldwide phenomenon? I hate to put my conspiracy theorists' hat here.. but I'm sure we'll see more efforts in the future to take control of the big data out there... because whoever does will have tremendous power on their hands.
User Rank: Apprentice
4/27/2013 | 12:52:35 PM
re: U.K. 'Big Brother' Bill Blocked -- For Now
not discussed was an apparent 'mandate' for ALL ISP's to purchase the drives for the storage -- possibly a trillion trillion bytes when you cover all of the sites over the world, and including all the spam.

Of course, CISPA in the USA would have the government doing all the storing but otherwise covers the same intrusive actions -- which clearly violate the Constitution - not that our Congress cares much about that, nor does the military, as they already admit to storing data that crosses the border.
User Rank: Apprentice
4/27/2013 | 12:11:09 PM
re: U.K. 'Big Brother' Bill Blocked -- For Now
Ben Franklin said something to the effect that wanting security at the expense of liberty results in having neither. It all sounds like a good idea but just wait ... Gestapo? KGB?
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-06-19
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
PUBLISHED: 2018-06-19
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
PUBLISHED: 2018-06-19
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
PUBLISHED: 2018-06-19
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
PUBLISHED: 2018-06-19
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.