Another terrorist attack, another assault on our freedoms

Published on Liberty’s blog, 31 March 2017

By Silkie Carlo.

Last week’s terrorist attack was horrifying. From our office in Westminster, the sudden sound of sirens, racing police cars and then helicopters was chilling. As news came in of the lives lost, London was stunned to a sort of silence.

But the aftermath is characterised by the solidarity and British resilience we rely on for national healing.

The Prime Minister’s defiant statement reminded us that Parliament was targeted because of the values it represents: “democracy, freedom, human rights, the rule of law”. She reassured us in no uncertain terms: “any attempt to defeat those values through violence and terror is doomed to failure”.

But it wasn’t long before those values were put at risk.

The Home Secretary’s assault on WhatsApp in the wake of this appalling terrorist attack is draconian and misguided in equal measure

Last weekend, Home Secretary Amber Rudd proffered yet another enlargement of the surveillance state, branding secure messengers like WhatsApp “completely unacceptable”. She called any messenger that gives users privacy a “hiding place for terrorists” – apparently forgetting that she uses one herself.

Continue reading

Advertisements

Join Our Legal Challenge Against Our Authoritarian Surveillance Regime

By Silkie Carlo

Originally published on The Huffington Post, 10 January 2017

Your visit to this website will be logged.

Since the Snoopers’ Charter – or Investigatory Powers Act – passed in November, everything you’ve done online, every phone call you’ve made, every text message you’ve sent, every place you’ve been with your phone has been stored in a database by order of the British Government. And it’s been made accessible to everyone from the taxman to the Department for Work and Pensions – as well as other governments, like that of the United States.

Under the new law, authorities have also been granted powers to hack thousands of devices at once – without any reason for suspicion – simply to make sure they can keep listening in on everything you do, all the time.

All this surveillance is supposed to keep us safe from terrorists who want to attack our democracy – but what could be more undemocratic, more dangerous, and more defeatist than treating all British citizens like suspects and tearing apart the freedoms that define us?

These are digital stop and search powers with unprecedented secrecy and sophistication – on steroids. The potential for discrimination, persecution and abuse is unthinkable.

President-elect Trump has already committed to using his arsenal of mass surveillance powers against all Muslims and anti-racism activists. What might the UK Government of today or moreover, tomorrow, do with such totalitarian-style powers?

We have long expected to be able to correspond, meet, telephone one another, read newspapers, enjoy radio and films, join political parties, explore faiths, visit libraries, travel, demonstrate, seek medical advice, take and share photographs, and express ourselves freely and without the watchful eye of the state. But with our daily lives increasingly digitised, pervasive surveillance under the Snoopers’ Charter rips those freedoms away and reshapes British values for the future, almost beyond recognition.

Ironically, the Snoopers’ Charter not only attacks our democratic values, but jeopardises our cybersecurity. The Government can now force tech companies like Apple to remove encryption and weaken the security of their own products in total secrecy. This means easy mass surveillance for the State, but an increased risk of criminal hacking for us.

Meanwhile, internet providers are now forced to create records of our every online move – what websites we visit on our computers, what apps we use on our phones – and store them, ready for the State to access. TalkTalk wasn’t even able to protect its customers’ credit card details from hacking last year.

So whose hands will your internet history end up in, exactly? If you thought the Ashley Madison hack was bad, I fear you’ve seen nothing yet.

If this worries you, you’re not alone. Since the Snoopers’ Charter was passed by Parliament in November, over 200,000 people have signed a petition calling for its repeal. The Government dismissed those who signed, refusing to debate the Act further.

But the Government cannot dismiss human rights. And the Government cannot dismiss 200,000 people with human rights law on their side.

Just before Christmas, Liberty and Tom Watson MP won a legal challenge against the Government’s previous surveillance law at the EU Court of Justice.

The Court declared that the mass hoarding of our communication logs and internet histories is unnecessary and “cannot be considered to be justified, within a democratic society” – rendering the Data Retention and Investigatory Powers Act unlawful. The Court also ruled that allowing the police to authorise their own access to our personal information, and to do so without any suspicion of a serious crime, was a breach of rights.

This was a massive victory for our civil liberties in the digital age.

The Snoopers’ Charter re-introduced the same powers that have just been declared illegal – and added new, even more intrusive, ones. But creating a new law for 2017 cannot let the Government circumvent the human rights law that protects us.

So today Liberty has launched The People vs the Snoopers’ Charter – a legal challenge against this authoritarian surveillance regime, backed by the ordinary people subjected to its gaze.

Liberty will be representing the many thousands of people who are determined to stand up for civil liberties. We’ll be challenging new powers to hack our devices en masse, to listen in on millions of innocent people’s communications, collect our phone records, and watch our every move online.

This is a rare chance to be part of a movement that defines our freedoms – not just today, but for the future. Liberty has defended human rights and civil liberties for 80 years, but we must all work together to keep defending them in the digital realm. This could be the beginning of the end for mass surveillance in the UK, The most authoritarian law ever passed in this country will be defeated by the people.

Protect your privacy by moving to the dark web

By Silkie Carlo

Originally published in WIRED World 2017 magazine and available online, 8th January 2017.

The new IP Act will turn us all into security experts this year.

Proud technophobes and self-confessed Luddites: if you care about protecting your communications, your time has come. In 2015, it was revealed in the course of court proceedings that UK intelligence agencies had been unlawfully monitoring conversations between lawyers and their clients in cases against the state. According to the Interception of Communications Commissioner’s Office, police spied on more than 100 journalists and almost 250 sources between 2011 and 2014.

The Government’s response is the Investigatory Powers (IP) Bill. Security services claim their powers from laws scattered around various antiquated statutes. Passed by MPs in March 2016, the Bill received Royal Assent after being passed by the House of Lords in November 2016, putting their activities on a statutory footing.

The IP Bill makes bulk interception – tapping and storage of phone calls, emails and other communications – explicitly legal. As security services increasingly cannot acquire the data they want through these methods – because messages on phones are more commonly encrypted – they will also be empowered to use a new method, “bulk equipment interference”, or hacking.

The IP Bill also contains another substantial new power. It requires internet service providers to store what are known as “internet connection records”. These records, designed for police rather than the security services, include each person’s browsing history, user names and passwords, location data, billing information, address, device identifiers and volumes of data exchanged – in short, everything you do online.

Whether this is workable is unclear. A similar initiative in Denmark was abandoned in 2014, after seven years in which it had helped with only a single investigation. There are also concerns over data security – what would happen if this vast database was subject to hacks? But the government wants to press ahead. The paradigm of surveillance has shifted. Whereas once it focused on specific threats, now it is speculative and suspicionless.

Which is why 2017 will be the year many people turn techie. They will have to. Without security, they will no longer be able to guarantee their privacy; or, in the case of journalists or lawyers, sources’ and clients’ anonymity.

Security can be achieved with hardware. Edward Snowden has co-designed an iPhone case that monitors cellular, GPS, Wi-Fi and Bluetooth, and shows when a device leaks data. A prototype should be ready in 2017.

More immediately, we are likely to see more web users turning to Tor, the free software for browsing the internet anonymously, especially as Tor is now available on smartphones. There’s Orbot for Android, and an iOS version is in development. We are likely to see this trend grow.

There are some obstacles to Tor’s growth. Email providers such as Gmail and security services such as CloudFlare make life difficult for Tor users, logging them out automatically or asking them to enter endless CAPTCHAs. But if the IP Bill pushes people towards anonymity, they will be forced to end their hostility. For many users, 2017 will be year the dark web becomes the web.

Silkie Carlo is technology policy officer at Liberty. She co-wrote Information Security for Journalists.

The WIRED World in 2017 is WIRED’s fifth annual trends briefing, predicting what’s coming next in the worlds of technology, science and design

Why journalists should be thinking about information security and source protection

Originally published on journalism.co.uk, August 2016

Silkie Carlo, policy officer at Liberty, explains the importance of security for journalists, and what the introduction of the Investigatory Powers Bill means for them

By Caroline Scott

The Investigatory Powers Bill, introduced to the House of Commons on 1 March 2016, has provided a new framework to “govern the use and oversight of investigatory powers by law enforcement and the security and intelligence agencies,” but what does this mean for the work of investigative journalists?

Silkie Carlo, policy officer at Liberty and co-author of Information Security for Journalists, told Journalism.co.uk that reporters should be prepared for the changing working environment in the UK that comes with the update in the law.

“Journalists have to be aware that if they are doing any stories that could be of interest to the police or the security agencies, they do face a real risk of being intercepted, and that’s all made possible by this new piece of legislation that’s going through at the moment,” she said.

As the Investigatory Powers Bill can give the police and security services the ability to legally access journalists’ work, Carlo noted that sources may become aware that they are not communicating with the journalists in full confidentiality.

Recent research from the University of Sussex has found the current surveillance threats to journalists “may all but eliminate” confidential sources for investigative reporting.

Continue reading

Nothing to hide, nothing to fear? Think again.

This curious aphorism has, at times, threatened to deaden the debate on privacy that arose since Snowden blew the whistle on transnational mass surveillance. The submissive posture of ‘I have nothing to hide and therefore nothing to fear’ is a popular resort for those avoidant of critical thought – perhaps due to their subjection to a surveillance system so powerful, so omniscient, so secret, and so unknowingly invading their world, that it had only been encountered, until now, as a fearful thought experiment in dystopian fiction. Some, not least the political class, seem unable to deal with the reality.

Accordingly, ‘nothing to hide, nothing to fear’ is the kind of eerie statement you would expect to hear only in a totalitarian regime, and perhaps obediently echoed by its brainwashed subjects who you, as the privileged, educated, and valued citizen of a Western democracy, would pity. “We” have had our debates on individual liberty, privacy, democratic practices and balances of governmental power. We have responded to tyrannical tragedies of political history, we have evolved with robust constitutions, we have proudly committed to human rights acts, and we have expected them to be followed closely.

But it seems that with the birth of the New World, the digital world, we will see the same struggle between power and liberty that the Old World has endured for all civilisation. The New World seems to be a tabula rasa, with the hard lessons gained about power, politics and human nature momentarily forgotten and constitutional values trampled in the race to dominate and exploit the new abstract terrain.

A person parroting that they have ‘nothing to hide’ and therefore ‘nothing to fear’ is saying something so void, that it doesn’t necessarily mean they are pro-mass surveillance. It means that they are not anti-mass surveillance. It means that, realizing it has been imposed on their life, the lives of all those they love and care about, and the lives of people further afar who they may never meet, they consider themselves not personally at risk and therefore have abstained from further critical analysis. Effectively, they are proclaiming a commitment to unconditionally submit.

Let’s respond to the ‘nothing to hide’ aphorism in the following ten points.

Continue reading

Just published: ‘Information Security for Journalists’

I have recently written Information Security for Journalists which is available freely here: http://tcij.org/resources/handbooks/infosec This handbook, commissioned and now published by the Centre for Investigative Journalism, is designed to educate serious investigative journalists in the largely invisible risks to the security of their information and communications. It offers comprehensive step-by-step instructions in measures one can take to defend against these threats, for different levels of risk. It is irresponsible if not impossible to conduct serious investigative journalism without an awareness of information security. I hope that you find this handbook useful, or can share it with those who might. A second edition will follow soon as we work on new ‘infosec’ strategies and respond to public feedback. The handbook is also being translated into Arabic, Chinese, French, German, Portugese, Spanish, and other languages. I am aware of various high risk groups of sources courageously speaking out now or considering speaking out – particularly in areas where official channels consistently fail. Journalists (and indeed a select few politicians) working on these cases absolutely must protect their sources, their stories, and themselves. Getting in touch It is my pleasure to offer confidential, voluntary support to the great journalists and sources who need it most. You are most welcome to get in touch with me at silkiecarlo@gmail.com – I will do my best to help. I use email encryption and you can find my key here (updated Oct 2014) or on the public keyserver. Should anyone who is not currently using encryption wish to get in touch anonymously, you can download the anonymising Tor browser, and use that browser to start up an anonymous email account (with a provider who does not require a phone number or similar for verification – try Yandex or GMX).