I have been working at Liberty to investigate and campaign against the use of facial recognition by UK police in public spaces.
I have been working at Liberty to investigate and campaign against the use of facial recognition by UK police in public spaces.
Originally published by Mashable, 18th February 2017
By Gianluca Mezzofiore
From the moment you set foot on British soil, your personal data could easily be accessed, or even hacked, by the government.
New invasive legislation has been dubbed by critics as one of the most extreme surveillance laws ever passed in a democracy.
The Snoopers’ Charter — aka the Investigatory Powers Act — was passed into law at the end of last year. It arguably removes your right to online privacy.
In short, it forces internet companies to keep bulk records of all the websites you visit for up to a year and allows the UK government to coerce tech companies to hand over your web history with a retention notice and remove encryption, upon request.
If you think all of this sounds rather alarming, it’s because it is.
So what happens if you’re an unsuspecting visitor blissfully unaware of mass surveillance in the UK? Here’s a provisional guide:
By Silkie Carlo
Originally published on The Huffington Post, 10 January 2017
Your visit to this website will be logged.
Since the Snoopers’ Charter – or Investigatory Powers Act – passed in November, everything you’ve done online, every phone call you’ve made, every text message you’ve sent, every place you’ve been with your phone has been stored in a database by order of the British Government. And it’s been made accessible to everyone from the taxman to the Department for Work and Pensions – as well as other governments, like that of the United States.
Under the new law, authorities have also been granted powers to hack thousands of devices at once – without any reason for suspicion – simply to make sure they can keep listening in on everything you do, all the time.
All this surveillance is supposed to keep us safe from terrorists who want to attack our democracy – but what could be more undemocratic, more dangerous, and more defeatist than treating all British citizens like suspects and tearing apart the freedoms that define us?
These are digital stop and search powers with unprecedented secrecy and sophistication – on steroids. The potential for discrimination, persecution and abuse is unthinkable.
President-elect Trump has already committed to using his arsenal of mass surveillance powers against all Muslims and anti-racism activists. What might the UK Government of today or moreover, tomorrow, do with such totalitarian-style powers?
We have long expected to be able to correspond, meet, telephone one another, read newspapers, enjoy radio and films, join political parties, explore faiths, visit libraries, travel, demonstrate, seek medical advice, take and share photographs, and express ourselves freely and without the watchful eye of the state. But with our daily lives increasingly digitised, pervasive surveillance under the Snoopers’ Charter rips those freedoms away and reshapes British values for the future, almost beyond recognition.
Ironically, the Snoopers’ Charter not only attacks our democratic values, but jeopardises our cybersecurity. The Government can now force tech companies like Apple to remove encryption and weaken the security of their own products in total secrecy. This means easy mass surveillance for the State, but an increased risk of criminal hacking for us.
Meanwhile, internet providers are now forced to create records of our every online move – what websites we visit on our computers, what apps we use on our phones – and store them, ready for the State to access. TalkTalk wasn’t even able to protect its customers’ credit card details from hacking last year.
So whose hands will your internet history end up in, exactly? If you thought the Ashley Madison hack was bad, I fear you’ve seen nothing yet.
If this worries you, you’re not alone. Since the Snoopers’ Charter was passed by Parliament in November, over 200,000 people have signed a petition calling for its repeal. The Government dismissed those who signed, refusing to debate the Act further.
But the Government cannot dismiss human rights. And the Government cannot dismiss 200,000 people with human rights law on their side.
Just before Christmas, Liberty and Tom Watson MP won a legal challenge against the Government’s previous surveillance law at the EU Court of Justice.
The Court declared that the mass hoarding of our communication logs and internet histories is unnecessary and “cannot be considered to be justified, within a democratic society” – rendering the Data Retention and Investigatory Powers Act unlawful. The Court also ruled that allowing the police to authorise their own access to our personal information, and to do so without any suspicion of a serious crime, was a breach of rights.
This was a massive victory for our civil liberties in the digital age.
The Snoopers’ Charter re-introduced the same powers that have just been declared illegal – and added new, even more intrusive, ones. But creating a new law for 2017 cannot let the Government circumvent the human rights law that protects us.
So today Liberty has launched The People vs the Snoopers’ Charter – a legal challenge against this authoritarian surveillance regime, backed by the ordinary people subjected to its gaze.
Liberty will be representing the many thousands of people who are determined to stand up for civil liberties. We’ll be challenging new powers to hack our devices en masse, to listen in on millions of innocent people’s communications, collect our phone records, and watch our every move online.
This is a rare chance to be part of a movement that defines our freedoms – not just today, but for the future. Liberty has defended human rights and civil liberties for 80 years, but we must all work together to keep defending them in the digital realm. This could be the beginning of the end for mass surveillance in the UK, The most authoritarian law ever passed in this country will be defeated by the people.
By Silkie Carlo
Originally published in WIRED World 2017 magazine and available online, 8th January 2017.
The new IP Act will turn us all into security experts this year.
Proud technophobes and self-confessed Luddites: if you care about protecting your communications, your time has come. In 2015, it was revealed in the course of court proceedings that UK intelligence agencies had been unlawfully monitoring conversations between lawyers and their clients in cases against the state. According to the Interception of Communications Commissioner’s Office, police spied on more than 100 journalists and almost 250 sources between 2011 and 2014.
The Government’s response is the Investigatory Powers (IP) Bill. Security services claim their powers from laws scattered around various antiquated statutes. Passed by MPs in March 2016, the Bill received Royal Assent after being passed by the House of Lords in November 2016, putting their activities on a statutory footing.
The IP Bill makes bulk interception – tapping and storage of phone calls, emails and other communications – explicitly legal. As security services increasingly cannot acquire the data they want through these methods – because messages on phones are more commonly encrypted – they will also be empowered to use a new method, “bulk equipment interference”, or hacking.
The IP Bill also contains another substantial new power. It requires internet service providers to store what are known as “internet connection records”. These records, designed for police rather than the security services, include each person’s browsing history, user names and passwords, location data, billing information, address, device identifiers and volumes of data exchanged – in short, everything you do online.
Whether this is workable is unclear. A similar initiative in Denmark was abandoned in 2014, after seven years in which it had helped with only a single investigation. There are also concerns over data security – what would happen if this vast database was subject to hacks? But the government wants to press ahead. The paradigm of surveillance has shifted. Whereas once it focused on specific threats, now it is speculative and suspicionless.
Which is why 2017 will be the year many people turn techie. They will have to. Without security, they will no longer be able to guarantee their privacy; or, in the case of journalists or lawyers, sources’ and clients’ anonymity.
Security can be achieved with hardware. Edward Snowden has co-designed an iPhone case that monitors cellular, GPS, Wi-Fi and Bluetooth, and shows when a device leaks data. A prototype should be ready in 2017.
More immediately, we are likely to see more web users turning to Tor, the free software for browsing the internet anonymously, especially as Tor is now available on smartphones. There’s Orbot for Android, and an iOS version is in development. We are likely to see this trend grow.
There are some obstacles to Tor’s growth. Email providers such as Gmail and security services such as CloudFlare make life difficult for Tor users, logging them out automatically or asking them to enter endless CAPTCHAs. But if the IP Bill pushes people towards anonymity, they will be forced to end their hostility. For many users, 2017 will be year the dark web becomes the web.
Silkie Carlo is technology policy officer at Liberty. She co-wrote Information Security for Journalists.
The WIRED World in 2017 is WIRED’s fifth annual trends briefing, predicting what’s coming next in the worlds of technology, science and design
By Silkie Carlo
Originally published on The Independent, 19 November 2016
The fact that you’re on this website is – potentially – state knowledge. Service providers must now store details of everything you do online for 12 months – and make it accessible to dozens of public authorities
This week a law was passed that silently rips privacy from the modern world. It’s called the Investigatory Powers Act.
Under the guise of counter-terrorism, the British state has achieved totalitarian-style surveillance powers – the most intrusive system of any democracy in history. It now has the ability to indiscriminately hack, intercept, record, and monitor the communications and internet use of the entire population.
The hundreds of chilling mass surveillance programmes revealed by Edward Snowden in 2013 were – we assumed – the result of a failure of the democratic process. Snowden’s bravery finally gave Parliament and the public the opportunity to scrutinise this industrial-scale spying and bring the state back into check.
But, in an environment of devastatingly poor political opposition, the Government has actually extended state spying powers beyond those exposed by Snowden – setting a “world-leading” precedent.
The fact that you’re on this website is – potentially – state knowledge. Service providers must now store details of everything you do online for 12 months – and make it accessible to dozens of public authorities.
What does your web history look like? Does it reveal your political interests? Social networks? Religious ideas? Medical concerns? Sexual interests? Pattern of life?
What might the last year of your internet use reveal?
Government agencies have even won powers to hack millions of computers, phones and tablets en masse, leaving them vulnerable to further criminal attacks.
You might think that you have nothing to hide, and therefore nothing to fear. In that case, you may as well post your email and social media login details in the comments below.
But I don’t think we do feel that blasé about our privacy – we cherish our civil liberties. Everyone has a stake in guarding our democracy, protecting minorities from suspicionless surveillance, defending protest rights, freedom of the press, and enjoying the freedom to explore and express oneself online. These freedoms allow our thoughts, opinions and personalities to flourish and develop – they are the very core of democracy.
Has any country in history given itself such extensive surveillance powers and remained a rights-respecting democracy? We need not look too far back – or overseas to see the risks of unbridled surveillance. In recent years, the British state has spied on law-abiding environmental activists, democratically elected politicians, victims of torture and police brutality, and hundreds of journalists.
In fact, as the Bill finally passed on Wednesday evening, I was training a group of British and American journalists in how to protect themselves from state surveillance – not just from Russia or Syria, but from their own countries.
When Edward Snowden courageously blew the whistle on mass surveillance he warned that, armed with such tools, a new leader might “say that ‘because of the crisis, because of the dangers we face in the world, some new and unpredicted threat, we need more authority, we need more power.’ And there will be nothing the people can do at that point to oppose it”.
The US finds itself with a President-elect who has committed to monitoring all mosques, banning all Muslims, investigating Black Lives Matter activists and deporting two to three million people. And with the ushering into law of the UK-US free trade in mass surveillance, MPs may have a lot to answer for.
Liberty and its members fought tooth and nail against this new law from its inception to the moment it was passed. That fight is not yet over. Our message to Government: see you in court.
Silkie Carlo is the policy officer at Liberty
Originally published on The Intercept, June 2016
By Ryan Gallagher.
A SECRET REPORT WARNED that British spies may have put lives at risk because their surveillance systems were sweeping up more data than could be analyzed, leading them to miss clues to possible security threats.
The concern was sent to top British government officials in an explosive classified document, which outlined methods being developed by the United Kingdom’s domestic intelligence agency to covertly monitor internet communications.
The Security Service, also known as MI5, had become the “principal collector and exploiter” of digital communications within the U.K., the eight-page report noted, but the agency’s surveillance capabilities had “grown significantly over the last few years.”
MI5 “can currently collect (whether itself or through partners …) significantly more than it is able to exploit fully,” the report warned. “This creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected.”
A draft copy of the report, obtained by The Intercept from National Security Agency whistleblower Edward Snowden, is marked with the classification “U.K. Secret” and dated February 12, 2010. It was prepared by British spy agency officials to brief the government’s Cabinet Office and Treasury Department about the U.K.’s surveillance capabilities.
Notably, three years after the report was authored, two Islamic extremists killed and attempted to decapitate a British soldier, Lee Rigby, on a London street. An investigation into the incident found that the two perpetrators were well-known to MI5, but the agency had missed significant warning signs about the men, including records of phone calls one of them had made to an al Qaeda-affiliated radical in Yemen, and an online message in which the same individual had discussed in graphic detail his intention to murder a soldier.
The new revelations raise questions about whether problems sifting through the troves of data collected by British spies may have been a factor in the failure to prevent the Rigby killing. But they are also of broader relevance to an ongoing debate in the U.K. about surveillance. In recent months, the British government has been trying to pass a new law, the Investigatory Powers Bill, which would grant MI5 and other agencies access to more data.
Silkie Carlo, a policy officer at the London-based human rights group Liberty, told The Intercept that the details contained in the secret report highlighted the need for a comprehensive independent review of the proposed new surveillance powers.
“Intelligence whistleblowers have warned that the agencies are drowning in data — and now we have it confirmed from the heart of the U.K. government,” Carlo said. “If our agencies have risked missing ‘life-saving intelligence’ by collecting ‘significantly’ more data than they can analyze, how can they justify casting the net yet wider in the toxic Investigatory Powers Bill?”
The British government’s Home Office, which handles media requests related to MI5, declined to comment for this story.
Originally published on Huffington Post, April 2016
By Silkie Carlo
There’s a reason most of us lock our phones with a passcode. We know they’ve become a window into our private lives, much more revealing than a rifle through our diaries or bedside drawers. They contain our contacts, banking details, confidential work emails and personal messages – highly valuable in the wrong hands.
So if a stranger approached you in the street and asked to see your browsing history or text messages, you’d naturally recoil. And that’s exactly how people responded when Liberty sent Olivia Lee out to do just that. Even Home Office staff couldn’t see why she should get to hoover up everybody’s communications data.
But under the Investigatory Powers Bill, the latest resurrection of the Snoopers’ Charter, we won’t get a choice.