01:27 PM

U.K. 'Big Brother' Bill Blocked -- For Now

Deputy Prime Minister Clegg kills so-called "snooper's charter" bill, which would allow broad government monitoring of private communications. But is the bill really dead?

An unpopular communications monitoring bill some critics called a "snooper's charter" has been thrown out by part of the very same administration that introduced it last June.

Clearly there is some politicking going on, with Deputy Prime Minister Nick Clegg, who leads the smaller Liberal Democrat party declaring on Friday that the Communications Data Bill is toast.

Clegg wrote in The Daily Telegraph that the bill's plan to allow the state to monitor electronic communications fails the test by allowing authorities to increase storage of personal data without solid justification for doing so. Under the bill, British-based ISPs and telcos would have been obliged to keep a record of every website a customer visited, who they communicated with on social networking sites, every voicemail made on Skype, and all emails and texts for a 12-month period.

[ Do you worry about how your personal information is used? You're not alone. Read Consumers Concerned About Online Data Privacy. ]

According to Clegg, such blanket retention of everyone's data goes too far. His party, he stated, cannot permit a significant reduction in personal privacy, based on proposals where the workability remains in question. "There is a careful balance to be struck between security and individual liberty -- a classic dilemma for all governments," he wrote. "But this Bill does not get that balance right."

Clegg contends that the impetus behind the Bill is the right one: How does Britain equip its security agencies to catch criminals populating new technologies? After all, he acknowledged, "the first duty of any government, including this one, is to keep people safe." But it seems practicality as much as political philosophies were at work in the derailing of the legislation, as Clegg pointed out: In practice, such powers would be easily avoided by the tech-savvy criminal.

He also pointed out that U.S. Internet firms like Facebook, Google, Yahoo, Twitter and Microsoft "will not readily accept laws which seemingly give us jurisdiction over their activities abroad." Clegg said these tech firms' legitimate fear is that other countries will seek to do the same as Britain under these proposals, including those less scrupulous in their use of citizens' data. Clegg added that Wikipedia has already promised that, should the changes go through, it would begin encrypting data to protect its U.K. customers. "Far better we focus our time and energy on the sensible and proportionate measures that help keep people safe," Clegg concluded.

Clegg offered an even sharper critique on his weekly London radio broadcast, describing the bill as "neither workable nor proportionate" and stating that the changes "certainly [aren't] going to happen with Liberal Democrats in government."

Other opponents of the bill praised its abandonment. Big Brother Watch claimed the legislation would have made Britain a "less attractive place to start a company and put British companies in the position of being paid by the government to spy on their customers, something that oppressive regimes around the world would have quickly copied."

Getting back to politics, however, the bill might not die in end -- it might instead just be radically altered.

The Prime Minister's office told The Financial Times Friday that internal cabinet discussions are continuing over how to best equip the state to intercept cybercrime and terrorism: "The reality is that the technology changes fast and that issue has not gone away. There are sensitive issues around this; discussions are continuing on how progress is to be made."

So was the bill's rejection a rebellion by a freedom-loving junior coalition party -- or a bit of clever PR to mask a tactical retreat? Probably a bit of both. At least some observers are predicting the return of the bill very soon, albeit in modified form.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
4/27/2013 | 12:11:09 PM
re: U.K. 'Big Brother' Bill Blocked -- For Now
Ben Franklin said something to the effect that wanting security at the expense of liberty results in having neither. It all sounds like a good idea but just wait ... Gestapo? KGB?
Michael Endler
Michael Endler,
User Rank: Apprentice
4/28/2013 | 8:50:01 PM
re: U.K. 'Big Brother' Bill Blocked -- For Now
"Those who would trade essential liberty to obtain a little temporary safety, deserve neither liberty nor safety" is one of the most commonly quoted versions. There are a lot of slight variations, and some disagreement regarding when the sentiment was originally expressed (but as far as I know, there isn't much disagreement that Franklin originated the saying).

A government's ability to monitor citizens is an interesting and important question, no matter whether we're talking US, UK, or any other nation. A lot of our notions about liberty were established in a dramatically different technological era-- long before concepts like cyber-terrorism, hacking, dirty bombs, nuclear arms races, and the like could have been foreseen. There have always been terrorists and tyrants, but their ability to inflict damage has increased exponentially over time. Their ability to do so discretely has also increased in some ways, though intelligence technology has compensated to an extent. Does this mean we hold true to Franklin's words? Or does this mean we need to make some concessions in light of current threats? Can such concessions be made without sending society down a slippery and dangerous slope? It's a complicated problem. and not one that gets debated appropriately.

Many U.S. media personalities and politicians, for example, respond much differently to domestic terrorists (who are statistically more likely to kill you) than to foreign terrorists, making clear the extent to which national security conversations are muddied by other agendas and trends. Whenever something happens, xenophobia and racism square off against political correctness and anti-colonialism. It happens in lots of ways: immigration policy debates encroach on our analysis of terrorism responses; economic motives obfuscate where the military industrial complex and corporate interests end and where necessary protections for individual citizens begin; etc. And then there's the ratings/ sensationalism issue for the media, and the "tell my constituency what it wants to hear, even if I know it's wrong" attitude from politicians. It's hard for regular people to be responsible citizens when the core issue - already complicated - get diluted by all this other stuff.

You can throw a lack of government transparency in the trouble, too. Federal-level government stonewalling is somewhat easier to justify than media responses and Congressional grandstanding, I suppose (there are instances - a clear danger to the public, for example - in which the public still has a right to know, just not a right to know RIGHT NOW). But even so, so much stuff still gets sloppily thrown under the "classified for reasons of national security" catch-all.

The point of all that? It's a mess. Times change, and that might mean a pragmatic and thorough approach to national security has to change too. But we're not having reasonable debates about what our rights are expected to be, what they actually are in the government's eyes, and what they need to be. It's all obfuscated by tangential chatter. In some cases, such chatter is unavoidable because the topic is complicated. In many cases, though, the chatter emerges because someone is trying to hijack debate to serve a special interest. If you want to know why so many people are either political militants or so disenchanted that they just don't engage with the process at all-- just look to the system I'm describing. It cultivates feuding polarities, but not helpful conversations about the real problems.
User Rank: Apprentice
4/27/2013 | 12:52:35 PM
re: U.K. 'Big Brother' Bill Blocked -- For Now
not discussed was an apparent 'mandate' for ALL ISP's to purchase the drives for the storage -- possibly a trillion trillion bytes when you cover all of the sites over the world, and including all the spam.

Of course, CISPA in the USA would have the government doing all the storing but otherwise covers the same intrusive actions -- which clearly violate the Constitution - not that our Congress cares much about that, nor does the military, as they already admit to storing data that crosses the border.
User Rank: Apprentice
4/28/2013 | 12:43:06 AM
re: U.K. 'Big Brother' Bill Blocked -- For Now
Don't you think that this 'Big Brother' thing is becoming a worldwide phenomenon? I hate to put my conspiracy theorists' hat here.. but I'm sure we'll see more efforts in the future to take control of the big data out there... because whoever does will have tremendous power on their hands.
Register for Dark Reading Newsletters
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.