Security services take big step closer to full State surveillance

The government has quietly agreed to European measures that will open the gates to full-scale surveillance by the State. The current Communications and Data Bill now going through Parliament won’t, according to the Home Office, allow access to the content of phone calls, emails, texts or social media, but the government has at the same time now accepted new procedures proposed by the European Telecommunications Standards Institute (ETSI) which will enable MI5/MI6 to intercept online communications.

These ETSI measures allow the monitoring of ‘nomadic access’ (i.e. whether an individual is using a home computer, mobile or internet cafe’), and to achieve this service providers must implement a CLIF (Cloud Lawful Interception Function) which could mean installing a new monitoring interface or more likely ensuring that information is presented in a format recognisable to interception mechanisms.

This is a huge extension of State surveillance. The Home Office is lying (or perhaps being economic with the truth) when it says its sole interest if communications data. Their real objective lies in the fact if the ETSI infrastructure is built, they will be able to use it for interception, not just for selected individuals but for everybody.

British officials have been at work in Europe securing agreement to measures to force service providers take the necessary steps to ensure that their systems can be easily tapped into. What is even more sinister is that Commons committee scrutinising the bill have not been told about the ETSI standards, even though they were one of the safeguards introduced after initial opposition to the bill.

A second example of the government’s laxity or insouciance about privacy has also recently surfaced. NHS health records are to be made available for the purposes of research in public databases protected by the principle of anonymisation (i.e. people’s names are deleted). When this was earlier proposed in the 1990s and the BMA objected, the then government passed the Data Protection Act in 1998, but it contained a huge loophole: database operators can pretend the data are anonymous if they can’t re-identify the records, even though others can.

The Information Commissioner has now proposed an anonymisation code designed to protect firms from liability. It suggests that GP surgeries and supermarkets could share an encryption key for a common pseudonym from names and addresses so that, for example, patients’ diabetic condition could be correlated with supermarket purchases.

This is almost incredible. GPs are supposed under this scheme to make sensitive information available without consent to local stores who can then re-identify diabetic patients who are their employees or who have a loyalty card!   The Orwelliam world takes another step closer.