On Tuesday, Theresa May announced the Government’s new Investigatory Powers Bill. This Orwellian and massively unnerving prospect, aimed at increasing surveillance to counteract terrorism, will grant the government access to a year’s history of all online activity for every internet user in the UK. This is dangerous, not only for the individual civil liberties of every citizen in the UK, but also for that political buzz-phrase, “the digital economy”. Tech companies require strong encryption and privacy in order to protect against industrial espionage. Many companies have already publicly come out and said they will move away from the UK if this bill goes through.
Mandatory data retention is wrong for so many reasons. The government has repeatedly demonstrated its complete inability to safely retain data, and it really must be asked whether it’s acceptable for the government to mandate this. This bill also proposes to legally require companies in the UK to aid law enforcement agencies to hack into devices to acquire information.
There are ways however to deal – in part at least – with this frankly frightening nightmare of an Act. If you don’t want Theresa May to know the intimate details of your porn preferences, buy a VPN. If you don’t want your mate who’s now in the local police force searching your name for a laugh and finding out about that weird medical condition you have, buy a VPN. If you don’t want script kiddies using SQL injections to hack an ISP’s database and dump a list of all the websites you’ve visited on Pastebin, buy a VPN.
There are free VPN services out there. However, some free VPNs will log your traffic, they’re often very slow, and invariably they offset the cost of running their servers by selling usage data to the highest bidder. There are numerous VPNs out there which do not log your internet traffic, do not throttle based on your type of traffic and offer ridiculously fast speeds for the money. A top quality VPN costs as little as £2.50 a month. If you want to avoid government snooping, you may be interested in using Signal too, it’s an encrypted messaging platform that replaces your regular messaging app. It utilises end-to-end encryption and is the absolute gold standard for security right now.
Let’s make something clear though – it’s not like they aren’t already tracking your data. It’s now known that XKeyscore is being used in the UK – GCHQ has been invading British citizens’ privacy since the early 2000s and it’s only just becoming apparent the extent to which they systematically infiltrate devices, accessing both your webcams and microphones. And yes, there’s a very good chance they have pictures of you naked. (Search ‘GCHQ Optic Nerve’ if you don’t believe me). Bearing this in mind, imagine the lengths the intelligence services will go to when they will have the full extent of the law behind them.
Theresa May stressed in Parliament that the authorities would only be able to access “basic data – the modern equivalent of an an itemised phone bill”. This argument, that they’re only going to be able to see your metadata, thereby still protecting your privacy, is triple-filtered, bottled-at-source bullshit. Imagine the following scenario – Theresa May can see that you spent an hour on a website with information about herpes symptoms. They can then see that you looked up your GP’s surgery website. They can then see that you had a 10 minute phone call with that surgery. A lot of information can be gathered from ‘metadata’. Not to mention the fact that they’re not going to be stopping using illegal methods to monitor your web traffic more closely any time soon.
This bill also aims to weaken encryption, to allow the government ‘to better tackle the threat of terrorism.’ The bottom line is this – if encryption isn’t strong, then it’s not good encryption. Encryption with which the government – and any other semi-motivated attacker – can backdoor into your personal stuff is not encryption, it’s obfuscation. Obfuscation is not good security.