So, that locking people up for no reason whenever the Home Secretary says so, eh? You won't be surprised to hear that, given my opinions of recent Home Secretaries, I'm not in favour of them giving themselves the power to put people in prison or under `control orders' (house arrest) purely on their own say-so; but of course in a civilised society nobody ought to have that power anyway.
Now, the usual way that we're supposed to deal with people planning criminal acts is:
- find out what they're planning;
- arrest them;
- try them; and, if they are found guilty beyond reasonable doubt,
- send them to prison.
Charles Clarke and his predecessor are very keen to skip step 3, which as you can imagine can be time-consuming and doesn't always work. Sure, it means abandoning habeas corpus, the right to a fair trial, etc. etc., but think how much easier life for the security services would be without having to try the people they catch. The time saved could be spent rounding up more suspects, thus allowing them to meet their targets more efficiently and fill out more of those all-important forms.
One argument against trying terrorist suspects such as those who are currently being held in Belmarsh is that the evidence against them chiefly comes from `sophisticated electronic surveillance techniques' or some other similar formula. If a trial were allowed, then these suspects would come to know something about these techniques (as well as other inconvenient secrets such as what they're being accused of). This is, bluntly, a silly argument. At the risk of offering aid and comfort to any of THE TERRORISTS who are to be found among my half-dozen readers, here is a quick guide to some of the sophisticated techniques the security services can use against you:
- they can listen to your phone calls;
- they can read your email; and
- they can follow you around and watch what you do.
So, now I've revealed that, there are no remaining reasons not to use surveillance evidence in terrorism trials. No secrets about surveillance will be revealed, the alleged terrorists in Belmarsh can be tried in a court of law; and we can abandon all this banana-republic nonsense of locking people up on the Home Secretary's whim. As a final act, Tony Blair can give me a knighthood for solving the problem of justice for terrorism suspects while preserving some of what's left of our civil liberties.
(Obviously that last bit was a joke. Tony Blair couldn't give a toss about our civil liberties.)
A cynic -- as never to be found on these pages, but humour me for a moment -- might suggest that the real reason that the government are not prepared to permit the use of surveillance evidence in trials of these terrorism suspects is that... the evidence is, in fact, rubbish. But what are the chances that the government would use dodgy intelligence evidence to support some improbable stunt in the ``war on terror''?
One might also interject here that, if these surveillance techniques were so good and so secret, revealing something about them might act as a deterrent to wrongdoers. For instance, if you knew that MI5 might be listening to your phone calls, you might be reluctant to call up Uncle Osama and ask him what he'd like you to blow up. And, indeed, the proposed `Control Orders' will give the Home Secretary the power to prohibit anyone he likes from using telephones or the internet. Of course, if THE TERRORISTS aren't ever on the phone to al Qaeda, we presumably won't ever be able to gather any evidence on what they're planning, but leave that aside for the moment. Indeed, for ever, probably, since I don't think this Government will answer that point.
To be fair, Charlie the Safety Elephant also argued on Today this morning that his job as Home Secretary is to ensure that the country remains safe, whereas the job of the courts is something tedious to do with enforcing justice and upholding people's rights and whatnot. And who could wish for better guardians of the safety of our country than these? I leave you with the words of Lord Hoffman:
The real threat to the life of the nation, in the sense of a people living in accordance with its traditional laws and political values, comes not from terrorism but from laws such as these.
Comments
Posted by wintermute, Tuesday, 22 February 2005 13:45 (link):
To be fair, I think the main thing that the Home Office doesn't want to be revealed in trials is evidence gained from informers. As you can imagine, if an IRA trial involves other members of the IRA giving evidence for the prosecution, then they might not live very long. Obviously, this needs to be addressed, and a way found to let people give ecidence anonymously without in being abusable by the police.
The other argument they use is that civilian judges don't have the security clearance to hear the evidence presented. This is ridiculous; vet some immediately, and keep a pool of cleared judges for just such trials. I would be a lot more willing to accept a trial behind closed doors than no trial at all.
Posted by Chris Lightfoot, Tuesday, 22 February 2005 15:48 (link):
As a brief reply and update: Charles Clarke has now presented his proposals to Parliament. No Hansard until tomorrow morning, but there are BBC reports about his announcement and describing the proposed restrictions in more detail.
Clarke has apparently said that (first BBC link),
which seems odd -- if they're not dangerous enough to need house arrest, why are they in prison? He has also
on the grounds that (a) it could endanger sources' lives; and (b) that it ``would not help bring extra prosecutions''. I confess to further puzzlement. Perhaps there is, in fact, no actual evidence that these people have done anything wrong?
I agree that the issue of informants' evidence in trials is a thorny one, but it's also not a new one. And I am very, very suspicious of the notion that only judges who have been specially trained (presumably by the security services) will be capable of making decisions based on evidence from phone taps. Here we have a special body of knowledge, jealously guarded by a priesthood of `intelligence' experts, who will suffer it to be used to prove others' guilt (or, perhaps, innocence) only by judges who have also been inducted into that priesthood. The possibilities for this to breed incompetence, corruption or groupthink are endless.
Personally I find it pretty hard to believe that these offences can't be tried in front of juries. The usual arguments against jury trials in certain circumstances are (a) that juries might be intimidated; or (b) that the offences are so complex that members of the jury, bless their little hearts, could not understand the evidence.
(a) is pretty unlikely here, I'd guess, unless Britain is completely awash with al Qaeda thugs ready to visit kneecappings on members of the public. And if that were true, we'd have seen some prosecutions, right? And as for (b), well, terrorism cases ought to be fairly simple: either the suspect is trying to blow something up (or whatever), or assisting others in doing so, or they're not. If this stuff is too complicated for juries to handle, we have worse problems than terrorism.
Posted by wintermute, Wednesday, 23 February 2005 19:32 (link):
Right.
The issues brought up by the Home Office all seem very flimsy, and easy to negate. A more suspicious man might think they just wanted a way to detain people without trial...
Posted by nick vale, Sunday, 27 February 2005 19:39 (link):
123 testing
Posted by Martin Keegan, Tuesday, 22 February 2005 15:17 (link):
Incidentally, I've had to strike Canada off the list on account of their own "control order"-style nonsense. So we're down to New Zealand and Australia.
Posted by Chris Lightfoot, Wednesday, 23 February 2005 11:23 (link):
India?
Posted by Roy Badami, Tuesday, 22 February 2005 22:50 (link):
they can read your email
Out of curiosity, how do they do that? I mean, I remember reading stuff about the NSA sticking black boxes in US ISPs that snooped data and alegedly did something useful with the results, and some fuss over hear about similar proposals...
But is this really practical? Where exactly do you put these boxes? What do you do with the data?
Do they have a box at Mythic? If they did, would you be allowed to admit it? (Actually, that would presumably be fairly pointless since you have a single upstream; they just need box(es) at IDnet.)
-roy
Posted by Chris Lightfoot, Wednesday, 23 February 2005 00:14 (link):
This stuff is in the RIP Act, isn't it? s. 12, dealing with `Interception capability and costs', looks like the relevant bit. The Home Secretary can impose on you, as an ISP (or telco or whatever), `such obligations as it appears to him reasonable to impose for the purpose of securing that it is and remains practicable for requirements to provide assistance in relation to interception warrants', which I think is Lawyer for `making you put a computer running tcpdump on your network'. You get to appeal to yet another of these funny kangaroo courts they keep inventing, in this case a `Technical Advisory Board'. You can claim for the expenses of doing MI5's dirty work for them. Under s.19 you are prohibited, under threat of five years' imprisonment, from telling anyone about the whole shebang.
For the record: they don't have a monitoring box at Mythic Beasts (that I know about, anyway, and I'd expect to...). Per the above, if they did, I couldn't tell you (though I could perhaps refuse to answer). I can't speak for IDNet, of course. (And, indeed, there are other points of attack; for instance, since our interlinks are managed by RedBus, an s.12 order could be served on them instead.)
Is all this nonsense practical? It depends, I guess. Traffic analysis could be really useful; actually grepping for strings in people's email seems like a short cut to nowhere. I heard on the radio earlier that the Americans are trying to use machine-translation to deal with the Ba'ath Party documents they've captured in Iraq; no doubt this will enable them to extract useful intelligence from them in their customary subtle and effective manner.
Posted by Roy Badami, Wednesday, 23 February 2005 00:42 (link):
Ah, thanks for the reference.
I'm more thinking, assume they've got a court order (or whatever substitutes for that these days) to tap my e-mail, how would they do it?
They could presumably program their packet-sniffing box at IDnet (if they have one) to snoop all SMTP connections to/from buffy. I vaguely recall reading a suggestion that that was how the US system (Carnivore, or is that something else?) was supposed to work...
But the question is, where do you put these boxes? There's unlikely to be a single place you can put a box to capture all traffic, so you probably need several, even for a modest-sized ISP.
Maybe you don't even bother to put boxes at IDnet, maybe you just put them at the bigger backbone ISPs, and figure that you stand a fair chance that a large proportion of my traffic is going to hit _one_ of their boxes somewhere in transit...
Of course, I'll attempt and accept STARTSSL with peers that support it (a fair number of senders do; relatively few recipients do since it involves configuring a cert) and that will defeat a passive attack, so they'll have to do an active man-in-the-middle attack in those cases. Most traffic is in the clear, of course...
Easiest would probably be to demand that you give them access to buffy so they can plant some kind of rootkit. Quite how they'd do it without shutting down the system (assuming I haven't screwed up somewhere) is an interesting question; could they insist that you claim you'd had a power cut? Hmm, thinks, you _did_ claim you had a power cut... :-)
-roy
Posted by Chris Lightfoot, Wednesday, 23 February 2005 01:08 (link):
Exactly how you accomplish this stuff, technically, is an interesting question. But I think the number of targets is likely to be small enough that it can be done on an ad-hoc basis, viz., knowing that we want to read Joe Bloggs's email, we issue a warrant to his ISP, and let their staff figure out what to do.
I don't know whether they have prescribed hardware which you're supposed to install. As you say, I believe that that US system did.
As for power cuts... well, there is some planned electrical maintenance coming up, I believe.
Posted by Roy Badami, Wednesday, 23 February 2005 01:19 (link):
Well, I guess it depends on how paranoid you are about people finding out about the surveilence.
If you have the boxes already there, everywhere, then you can switch them on as necessary completely undetected.
Posted by Roy Badami, Wednesday, 23 February 2005 00:47 (link):
Section 12 appears to require secondary legislation to implement it; I wonder if there is any...
Posted by Chris Lightfoot, Wednesday, 23 February 2005 01:03 (link):
Yes -- I think you enable things with secondary legislation then issue warrants to force actual surveillance to take place. A Google search for "regulation of investigatory powers" order +site:legislation.hmso.gov.uk finds a bunch of relevant Orders; for instance, this one which required telcos (with 10,000 or more customers) to maintain `a mechanism for implementing interceptions within one working day of the service provider being informed that the interception has been appropriately authorised'. And they must be able to,
So this capability is in place and can be switched on within one day on presentation of the appropriate warrant.
Posted by Roy Badami, Wednesday, 23 February 2005 01:20 (link):
Hmm, so as a small ISP (with presumably fewer than 10,000 customers) you are persumably a magnet for terrorists, who come to you for service safe in the knowledge that you are exempt from this particular provision... :-)
Posted by A. Terrorist, Thursday, 24 February 2005 12:37 (link):
This is certainly the reason why I'm switching my hosting to Mythic Beasts.
Posted by dsquared, Thursday, 24 February 2005 12:59 (link):
Could the terrorists not use PGP or GPG or whatever it is that nerds use those funny blocks of text at the end of their email signatures for? Do we think that the spies can crack that code - I dimly remember having it explained to me that there were mathematical reasons why they probably couldn't. I only ask because this would potentially be a legitimate reason for being cagey with your wiretap information - you might not want the terrorists to know that you'd got hold of their codebook.
Posted by Chris Lightfoot, Thursday, 24 February 2005 20:12 (link):
OK, this is the `the NSA/GCHQ can break codes that nobody else can, and we don't want anyone to know about that, because then they'd switch to using codes the spies can't break' argument. (It doesn't matter whether it's a public-key system like PGP or a symmetric cipher with shared keys for the purposes of argument, especially since the public-key protocols almost always work by using the -- slow and complicated -- public-key stuff to send a key for a normal symmetric cipher.)
Strictly this isn't an argument against the use of wiretap evidence in general but against revealing wiretap evidence in certain cases. But the problem of possessing evidence which you do not wish to be brought out at trial isn't a new one.
But, if THE TERRORISTS do always use encryption which they believe to be secure, and they use it competently, and they never leave evidence of their intentions other than through communications over an encrypted channel, and you can break the codes they use, then that would be an argument in favour of some kind of internment scheme, or secret trials or something. (Lots of arguments against remain, of course.)
Now, I have no deep knowledge of this field (when did that ever stop a web-logger...?) but I'd be very surprised if (a) all the conditions I describe above prevail in any practical cases; or (b) the NSA/GCHQ/whoever really can break those codes. The reason I don't think (b) is likely is this: there aren't all that many widely-used ciphers at the moment, and if THE TERRORISTS are using cryptography to hide their intentions, they may well be using the same, standard, cryptosystems that, e.g., your bank uses to talk to its cash machines, or you use to buy things from Amazon, or the government use to secure their communications networks. If one Large Secret Intelligence Agency can break those codes, the chances are that other Large Secret Intelligence Agencies could too.
So as the head of the LSIA you can choose either to reveal that some set of codes have been broken, and recommend that people shift to newer, safer ones -- incidentally tipping off THE TERRORISTS -- or, you have to accept that all your country's enemies will be able to read your mail, fuck up your banking infrastructure, hack into your computers, etc. Now, the latter might be the sensible decision if the stuff you're getting from your wiretaps was really, really valuable, but that seems a bit unlikely and anyway assumes that no-one anywhere else leaks the secret for any reason.
Posted by dsquared, Friday, 25 February 2005 10:03 (link):
I'm not so sure it's quite `the NSA/GCHQ can break codes that nobody else can, and we don't want anyone to know about that, because then they'd switch to using codes the spies can't break' argument. Wouldn't it work just as well if the TERRORISTS were using perfectly normal encryption which we were intercepting and decrypting because we had the keys and they didn't know that we had the keys?
Posted by Dave Ansell, Friday, 25 February 2005 12:34 (link):
Isn't there also the 'We are listening carefully to mobiles A,B,C' and don't want the terrorists to know about this, or we have a bug in terrorist D's house and this is still giving us useful information... Or even that some of the the terrorists very cryptographically competent, but could become much better at cryptography with encouragement...
It may justify parts of legal proceedings being in secret, and possibly not using jurys, but it definitley doesn't justify a polititian being able to lock people up arbitrarily...
Posted by Chris Lightfoot, Saturday, 26 February 2005 17:18 (link):
I don't see how any of these (either your or Daniel's examples) are special to the case of surveillance, though. You could make the same argument about any means of detection or investigation: speed cameras, police officers hiding in your neighbour's house, constables following you around, etc. Whenever you prosecute somebody you have to accept that some details of the investigation may be revealed....
(On the separate question of whether terrorists are rubbish at cryptographic procedure -- history teaches that almost everyone is, whether they're German harbourmasters transmitting the same ``all's well, heil Hitler'' message every morning, or usability guinea-pigs failing to send messages using PGP -- well, there are already plenty of cautionary examples of why procedure is important. Anyway, this seems a bit much of an assumption on which to pin the abandonment of [even parts of] our ancient liberties.)
Post a new comment.
Comments copyright (c) contributors and available under a Creative Commons License. See also the comments policy.