May’s call for more control of internet misleading and misguided

Karlin Lillington: The UK already has the draconian Investigatory Powers Act, which hands sweeping powers of surveillance to government agencies

On Sunday British Prime Minister Theresa May demanded greater regulation of the internet. Photograph: Leon Neal/Getty Images
On Sunday British Prime Minister Theresa May demanded greater regulation of the internet. Photograph: Leon Neal/Getty Images

Once again, in the wake of a dreadful terrorist attack, authorities swiftly called for more control of the internet, a pattern so common now that internet and privacy activists expect it.

Sure enough, on Sunday British Prime Minister Theresa May demanded greater regulation of the internet and more action by the big social media and technology companies to limit what can be posted and shared.

“We cannot allow [EXTREMIST]ideology the safe space it needs to breed, yet that is precisely what the internet, and the big companies that provide internet-based services provide,” she said.

“We need to work with allied democratic governments to reach international agreements to regulate cyberspace to prevent the spread of extremist and terrorism planning,” she said. Regulation and more action form technology companies would “deprive the extremists of their safe spaces online.”

READ MORE

Investigatory Powers Act

These are not new suggestions, incidentally, but reiterate proposals in the Conservative Party election manifesto.

They are also misleading and misguided. Misleading because the UK, under the Conservatives, has already recently passed the draconian Investigatory Powers Act, which hands sweeping powers of oversight and surveillance to the government and its agencies.

Under its provisions, the entire browsing history of everyone in the UK must be retained for a year and may be accessed by police and various state agencies

Under its provisions, the entire browsing history of everyone in the UK must be retained for a year and may be accessed by police and various state agencies. Surveillance agencies have new powers to hack computers and devices, including to conduct secret bulk surveillance on populations outside of the UK.

The government also has the right to demand tech companies insert weaknesses, known as backdoors, into devices and software to enable law enforcement to access data. In addition, encryption on messaging services such as WhatsApp can be removed on government request.

It isn’t clear what further regulation the Prime Minister wants, given that the IP Act already stands as one of the most invasive pieces of legislation ever passed in a democracy.

The Act also faces a court challenge and clearly violates European data protection laws. Brexit won't magically remove that difficulty, either, unless the UK is willing to give up doing business with all of Europe, as it must meet EU data protection standards in order for business-enabling data transfers to continue.

International cooperation

Ms May did for the first time, however, argue on Sunday for international cooperation in more widely enacting such snooping powers. This seems an unachievable goal, given political, judicial and/or civil society opposition in most countries to the kind of “regulation” already contained in the IP Act.

She also states that she wants the government to control what extremists and their potential converts see, hear and read online, especially on social media. Unfortunately, that means what everyone else does online also must fall under government oversight - but that, too is part of the Conservative manifesto.

Without irony, the manifesto states that the UK should become the ultimate nanny and surveillance state

Without irony, the manifesto states that the UK should become the ultimate nanny and surveillance state, “the global leader in the regulation of the use of personal data and the internet.”

While there's plenty of evidence that use of social media has enabled jihadists - and for that matter, extremists of all sorts - to preach their ideology, sow fear and gain new followers (see this insightful story from last year in Wired, for example), tracking and analysing such public accounts also has been a useful law enforcement surveillance tool.

Forcing the big companies to shut down such accounts and tighten controls on them - which the big companies already do, to some extent - has already led many extremists and recruits to go underground, to encrypted social and communication networks that cannot be surveilled as easily.

Encryption

So while such a proposal might limit some of the reach of jihadist propaganda, it also pushes groups and their adherents further into the shadows, even to the extent of creating, as ISIS has, an encrypted messaging app of its own. While governments might be able to police companies and products, they cannot totally control general access to and use of encryption algorithms nor the creation of code.

But the main problem with such policies is that if governments mandate the weakening of technologies so that they can gain ever more data from suspected terrorists, they also irrevocably damage the very technologies that make the internet secure for businesses, citizens, and indeed, for governments and critical national and global infrastructure. The recent WannaCry hack gives a sobering reminder of the potentially catastrophic reach of any weaknesses in code.

Backdoors are a disaster waiting to happen. There is no way to poke a deliberate hole in technologies for any purpose, that doesn’t also leave an exploitable hole there that can be discovered by, or leaked to, others.

And while the opportunistic rhetoric of regulation, control and greater surveillance might sound strong and stable to some ears, the end goal -more data to analyse - just promises more ineffective data chaos.

We already know authorities for years seemingly failed to heed numerous direct warnings from religious leaders and teachers about Manchester bomber Salman Abedi, leading MI5 to conduct two urgent reviews.

Even more “regulation” and surveillance, producing ever more unmediated digital data to sift through, is not the answer.