David Cameron has announced that major ISPs are to censor all our internet connections, unless we opt out, to prevent us from seeing bad things on the web. Many people have written about why they think this is an awful idea in principal and I’ve been retweeting articles like mad all day [1]. This afternoon I recalled and tweeted Cory Doctorow’s point about censorship (of the internet) being inseparable from surveillance:
Internet connections can’t be censored without also being surveilled. Default-on filters mean default-on monitoring of all your web usage.
โ Richard King (@graphiclunarkid) July 22, 2013
I’d accepted this argument without considering it in very much detail. Doctorow’s point seemed sound, he’s someone I agree with a lot, and it made intuitive sense in my mind. Confirmation bias? Probably. I’d missed something though: a couple of people were kind enough to point out that while a censorship algorithm needs to monitor requests so that it can decide what to block, it doesn’t need to record anything to do so.
@graphiclunarkid @guy_herbert Only to work the filter. Doesn’t mean records need to be kept, eh? Like phone cos “surveille” to connect you.
โ Rob Findlay (@capnbobski) July 22, 2013
@graphiclunarkid so you/your host/your isp don’t run a spam filter on your email? watchout! it’s reading all your email!
โ Paul Harrap (@pharrap) July 22, 2013
While ISPs will have to monitor all traffic to sort the good requests from the bad and block the latter, the question is whether this is sinister, or in other words whether the surveillance matters.
Cameron is pushing for ‘voluntary’ filtering arrangements with providers. His approach is to tell them that he won’t legislate so long as they do what he wants. The implication is that if he’s forced to legislate, the ISPs won’t like that one bit, so they’re better off capitulating now. It’s a tactic the Government has used before, however it’s problematic for consumers because if there’s to be no legislation, there will be few opportunities for public or political scrutiny of the measures ISPs are to introduce. No legislation means no enforcement of consumer protections such as choice, transparency of operation, regulatory oversight, standards, or (pertinent to the question above) the preclusion of logging.
Each ISP will be free to filter in whatever manner seems best to them. They may choose to build the cheapest in-house solution that meets the letter of the Government’s demands (which don’t mention privacy). They could decide to outsource to a third party (who might then get to see all their subscribers’ traffic). There are no rules to prevent the collection, analysis, exploitation or sale of any logs their systems may produce – and no requirement on the ISPs to reveal what their systems are doing. ISPs could use the filter logs to find subscribers who hit a large number of blocked sites (perhaps because some authority asks them to), for example, or to profile what sites people are visiting in order to target adverts at them. (See also: Phorm!)
Since the filters will operate at the network-level, and I’m guessing no ISP will be offering subscribers a choice of filter provider because that would cost them more, the marketplace for filtering solutions will reduce to the marketplace for ISPs. This makes it difficult for consumers to exercise any choice about the technology or methods used for filtering – especially since ISPs are unlikely to make these transparent. Cameron is insisting the filters be on by default (though he’s embroiled in a semantic argument that clouds whether this will actually be the case) so subscribers will either have to accept a filtering system they can’t inspect or change, and therefore have to just trust it will preserve their privacy, or they must opt out by asking to join a little list of dissenters their ISP will be maintaining…
In this environment I can’t see how consumers can tell whether the surveillance of their connections matters or not. And I think that does matter.
1. News and comment round-up on this story:
- Index on Censorship: David Cameron’s King Canute moment
- Telegraph: David Cameron can’t protect us from child porn because he doesn’t understand the internet, David Cameron’s internet porn war won’t put women off watching it
- Conservative Home: Claire Perry’s porn filter is fantasy policy-making, and it’s coming unstuck
- ZDNet: The key to cleaning up the internet is tackling the darknets, not letting censorship in by the back door
- Paul Bernal: 10 questions about Cameron’s ‘new’ porn-blocking
- Another angry woman: Not that porn-blocking bollocks again
- Scriptonite Daily: Cameron’s phoney war on porn is actually a war on privacy
- Milena Popova: Porn blocking – a survivor’s perspective (TRIGGER WARNING: Child sexual abuse)
- panGloss: Porn-blocking season is here again
- Girl on the Net: On why we need stricter controls on literature
- Open Rights Group: Questions ISPs must answer about Internet filtering, Cameron demands action on child abuse images, David Cameron is issuing bad advice to parents
Please link to further coverage in the comments!
I think that phrase recently rising in popularity (or recently created?) of “turnkey tyranny” encapsulates well the general principle I’ve read on security blogs in one form or another for some time now – that one should be incredibly wary of implementing technologies that would greatly ease the introduction of a fascist police state.
Not that I think that that’s particularly likely with the current government, but we must remember that the laws introduced by one government may be bent and twisted as far as possible in unexpected directions by the government after that, or the government after that, or the government after that…
(How are the BNP doing in the polls these days…?)
Absolutely. I believe Bruce Schneier has described the practice as “poor civic hygiene” – a phrase which sums up the problem nicely in my mind.