I asked this question over on Hacker News, as well as Quora, but I thought I’d also ask it here…

The UK plans to intercept all electronic communication. They currently don’t plan to snoop on content, but as noted elsewhere connection data is just as invasive.

To me this is both a civil liberties and business risk problem. I view my list of business contacts as confidential information and I don’t trust the government not to leave this information on a train somewhere.

Legal solutions are one thing, but the snoops keep raising their heads, so my feeling is that we need to actually find a way to make this sort of thing technically impossible.

Content encryption is already largely solved, although for email we still need a critical mass of people using PGP or similar.

VPNs just seems to push the problem to another jurisdiction, and if this is an agenda all governments will one day pursue, this will become decreasingly useful.

What can an individual do to protect content and connection data? Onion routing for mail servers? Do technical solutions rely on everyone doing it and so are unlikely to get much traction?

So what are your thoughts? What can we build?

I suppose it shouldn’t come as any surprise that a government goes back on its word once they get to power, but it nonetheless disappoints to discover that LibCons have resurrected Labour’s batshit insane Intercept Modernisation Programme.

Now called the Communications Capabilities Development Programme and containing a few superficial tweaks (namely dispensing with a centralised database), it is still the same impractical authoritarian mass surveillance nightmare that Labour tried to push through before they were rightfully ousted at the last election – hopefully never to return.

As with IMP, the CCCP CCDP plans to record details of phone calls, text messages, location, emails, IMs and social network activity.

As with IMP the content of messages isn’t to be recorded – just when, where, from and to whom. I suspect this concession was down to data processing limitations more than anything else, but as I’ve remarked on before this actually makes it a whole lot worse as it introduces the very easy to fall victim of guilt by association fallacy.

Consider the following situations:

  1. I am so incensed by RabidManWithAHookForAHand’s views that I email him to say he’s an idiot. He replies and a flame war ensues.
  2. I meet someone at a party, we get chatting and I add them as a friend on Facebook and we exchange a few IMs. Later they turn out to be a animal rights activist.

Without context, both these situations would likely flag me up as a person of interest.

Content or no, the deluge of irrelevant data this sort of mass surveillance would produce must surely make it harder to spot the anything that is important. The signal to noise ratio must be particularly poor.

Blanket surveillance such as this sacrifices much and gains little, lets the government go on “fishing expeditions” and will do very little to protect us from terrorists (if you accept the government’s assertion that the barbarians are at the gate, which personally I doubt very much).

Historically of course the biggest threat to life and liberty a population has faced has nearly always been posed by their own government.