By Silkie Carlo
Originally published in WIRED World 2017 magazine and available online, 8th January 2017.
The new IP Act will turn us all into security experts this year.
Proud technophobes and self-confessed Luddites: if you care about protecting your communications, your time has come. In 2015, it was revealed in the course of court proceedings that UK intelligence agencies had been unlawfully monitoring conversations between lawyers and their clients in cases against the state. According to the Interception of Communications Commissioner’s Office, police spied on more than 100 journalists and almost 250 sources between 2011 and 2014.
The Government’s response is the Investigatory Powers (IP) Bill. Security services claim their powers from laws scattered around various antiquated statutes. Passed by MPs in March 2016, the Bill received Royal Assent after being passed by the House of Lords in November 2016, putting their activities on a statutory footing.
The IP Bill makes bulk interception – tapping and storage of phone calls, emails and other communications – explicitly legal. As security services increasingly cannot acquire the data they want through these methods – because messages on phones are more commonly encrypted – they will also be empowered to use a new method, “bulk equipment interference”, or hacking.
The IP Bill also contains another substantial new power. It requires internet service providers to store what are known as “internet connection records”. These records, designed for police rather than the security services, include each person’s browsing history, user names and passwords, location data, billing information, address, device identifiers and volumes of data exchanged – in short, everything you do online.
Whether this is workable is unclear. A similar initiative in Denmark was abandoned in 2014, after seven years in which it had helped with only a single investigation. There are also concerns over data security – what would happen if this vast database was subject to hacks? But the government wants to press ahead. The paradigm of surveillance has shifted. Whereas once it focused on specific threats, now it is speculative and suspicionless.
Which is why 2017 will be the year many people turn techie. They will have to. Without security, they will no longer be able to guarantee their privacy; or, in the case of journalists or lawyers, sources’ and clients’ anonymity.
Security can be achieved with hardware. Edward Snowden has co-designed an iPhone case that monitors cellular, GPS, Wi-Fi and Bluetooth, and shows when a device leaks data. A prototype should be ready in 2017.
More immediately, we are likely to see more web users turning to Tor, the free software for browsing the internet anonymously, especially as Tor is now available on smartphones. There’s Orbot for Android, and an iOS version is in development. We are likely to see this trend grow.
There are some obstacles to Tor’s growth. Email providers such as Gmail and security services such as CloudFlare make life difficult for Tor users, logging them out automatically or asking them to enter endless CAPTCHAs. But if the IP Bill pushes people towards anonymity, they will be forced to end their hostility. For many users, 2017 will be year the dark web becomes the web.
Silkie Carlo is technology policy officer at Liberty. She co-wrote Information Security for Journalists.
The WIRED World in 2017 is WIRED’s fifth annual trends briefing, predicting what’s coming next in the worlds of technology, science and design