Eric King, Privacy International, focuses on the intersection of human rights, privacy and technology. In a interview with Andrei Soldatov, Eric King talked about the latest developments in surveillance technology used by UK police during the recent violent protests.
By Andrei Soldatov
– We know from Cameron’s statements that London’s riots have a huge impact on government policy to prevent such events. Given surveillance technologies, how priorities are changing? Face recognition, interception of phone calls, monitoring of social networks, something else?
– There has been a lot of about turns in the last few months. Calls by MPs wanting to shut down phone networks during the riots disappeared as soon as the panic was over and GCHQ explained to them shutting them down wasn’t a smart move given all the intelligence the real-time interception material was providing them with. RIM, the makers of blackberry, and twitter were called into meet Cameron. The charge was that the new technology they brought was somehow aiding riots to take place, both companies made the case that they are just a communication medium and helped hose wishing to avoid the riots just as much as it helped the rioters (See PI press release). There was also significant outrage at the police request for CCTV footage from local shop overs and journalists. In many cases the people being interviewed were promised anonymity by journalists who were trying to better better understand why the riots were happening. The confidentiality of sources should not be able to be trampled so quickly.
– I’ve heard PI closely followed the usage of new surveillance technologies during London’s riots. Could you tell me what new you’ve spotted? Cellular phone interception, video tracing, anything else?
– The media was awash with talk during the riots about the impossibility of the police being able to gain access to BlackBerry messages (BBM’s) which were being used as the one-to-many communication platform of choice. It was referred to as this dark network, allowing rioters and god knows who else to talk to each other privately with the police unable to crack the encryption they used. The reality is that the BBM only uses strong encryption when deployed by business users on corporate networks. Everyone else who uses BBM is stuck using low-grade enciphering, which every blackberry can encode and decode. This meant that the police would have had no difficulty in intercepting and deciphering the messages in real time, allowing them to identify rioters and track their movements. This could be done in multiple ways, but one stands out as being a particularly useful tool to police in these situations.
IMSI Catchers are devices that are the size of a wallet, can run off batteries but allow the device controller to unmask everyone within a certain radius. These devices used to only be deployed during national security situations, but have become increasingly common place. You can quickly see that if used in a public order situation such as the student protests there is little chance of anonymity. More worryingly they do this in a way that has the technical potential for the controller to intercept the phone calls and text messages of those within a certain radius and listen in. The police have yet to acknowledge their use of these devices, but recently FOIA requests have uncovered police spending on “ICT Hardware” from a company that specialises in mobile monitoring and location tracking technology.
– In Russia, the government decided after the Arab spring to put more emphasis in developing technologies and legislation to control social networks like Facebook and national analogues, and in developing technologies to intercept Skype. What do you think, what technology is the most promising to the Western governments in this field? Is Skype already broken? How the Western secret services/law enforcement think to deal with Facebook in the nearest future?
The police reported that they were constantly monitoring social networks. Now, what their policies on that are we do not know. They have delayed and delayed attempts by Privacy International to gain access to their guidance on what is acceptable monitoring of social networks. Facebook internal policy on law enforcement requires that police do not create false accounts and trick people into thinking they are someone they are not. Yet a conversation with any protestor at #occupystpauls or earlier in the year during the student demonstrations will reveal that in the run up to any event they would receive multiple friend requests from people they did not know. This of course is not evidence that the police are doing it, but someone is, and it’s crucial we understand what it is he police are, and are not allowed to do in the course of the work.
The intelligence services are of course a different matter, and the level to which they have blanket access to facebook and other social media networks is unlikely to be revealed in our lifetime. While they have the technical capacity to do so, they are only supposed to exercise their powers in the interests of national security, the interests of the economic well-being of the UK, or in support of the prevention or detection of serious crime. Whether or not this means it is necessary to have blanket access to facebook is a matter for debate but there are many companies who sell the ability to do just this, companies who make a lot of money, and have their equipment deployed all over the world. It is up to us to scrutinize law enforcement in each country to ensure they are accountable and do not abuse their power. In relation to Skype, it is one of the most secure common methods of communication, but there are many concerns with it. PI issued a small report earlier this year on the state of skype security, but it boils down to the simple fact that if someone wants to listen to your skype calls they will be able to. Either by placing malware onto your computer to they have direct access to the microphone, or by simply bugging the office in which you make the majority of your skype calls .People often get bogged down in all of the technical details of how x service might be broken by y attack and forget about the old fashion tricks of the trade.
– The events during Arab spring showed that totalitarian states in the North Africa are very keen to use western surveillance technologies. Is there any international regulation or oversight of surveillance technologies sales around the world? What could be done in this field?
– Hundreds of western companies are now selling surveillance technology to the highest bidders. We have seen Syria and Iran running blanket surveillance operations that collect every voice call, email you make and every webpage you view. This is sophisticated equipment that in most cases could not be developed domestically. These countries rely on western companies who are more interested in profit than ethics. The project I run at Privacy International, Big Brother Inc, investigates those complicit in this trade and I have been staggered by the ease as which these companies can go out of their way to push this technology on some of the most oppressive regimes in the world. 3D CGI videos explain complicated interception equipment showing law enforcement watching over peoples skype conversations and reading their encrypted communications. We have been campaigning against this trade, asking the companies who have sold surveillance equipment to these regimes to come clean and pull out of their contracts. There has been an increased push for export controls at both the domestic and European level on these technologies in recognition of the fact that when surveillance technologies are all pervasive, constant and inescapable they are as dangerous as a weapon.
– In Russia the society is quite ignorant to the problem of privacy. Britain, at the same time, enjoys the most sophisticated surveillance state and the society greatly worried about it. What do you think, what proved to be the most sensitive of government/corporation surveillance efforts for the British population, prompting them to start a national debate on the issue?
– I think we’re the wrong people to ask! Simon Davies started campaigning against the introduction of CCTV in the UK in the early 90s and no-one was interested. Bit by bit, people realized how intrusive it was, realized how many were being put up and CCTV is now almost a by word for state intrusion of the private life. It’s impossible to go to a privacy conference without there being CCTV imagery plastered all over the place. When it was revealed that an average person in London is filmed by 200 cameras a day I think that stuck. Shortly after when the UK government introduced the ID card Privacy International had to fight hard to win the British public around. It took years for the balance to shift in our favour, and even then it was less about privacy and more about excessive government cost.