UN Assault on the Open Internet and Privacy

As you may recall, terrorism was one of the primary justifications for bringing in the disproportionate Draft Communications Data Bill: communications data from new technologies is less available and often harder to access. Without action there...


As you may recall, terrorism was one of the primary justifications for bringing in the disproportionate Draft Communications Data Bill:

communications data from new technologies is less available and often harder to access. Without action there is a serious and growing risk that crimes enabled by email and the internet will go undetected and unpunished, that the vulnerable will not be protected and that terrorists and criminals will not be caught and prosecuted.

Naturally, the UK government would like to bolster that argument, but it's done so in a way that has rather taken me by surprise – by paying for a new report written for the United Nations Office on Drugs and Crime (UNOCD), with the title "The Use of the Internet for Terrorist Purposes" [.pdf].

That support is acknowledged early on:

UNODC is deeply grateful for the generous support of the Government of the United Kingdom of Great Britain and Northern Ireland, which made the publication of that work possible.

And the UK is allowed its own little foreword, wherein it notes:

The United Kingdom has pioneered legislation to counter use of the Internet for terrorist purposes over the past decade; we have had considerable success in tackling online terrorist activity within the country's borders, while doing our utmost to uphold freedoms and benefits that the Internet has brought to our citizens.

Upholding freedoms and benefits? Really? I must have blinked when that happened.

I'll charitably assume that despite being its sponsor, the UK government was not responsible for the extraordinarily naïve nonsense that goes to make up most of the report. Stuff like this:

The benefits of Internet technology are numerous, starting with its unique suitability for sharing information and ideas, which is recognized as a fundamental human right. It must also be recognized, however, that the same technology that facilitates such communication can also be exploited for the purposes of terrorism.

What, you mean a neutral technology can be used for both good and evil? Why didn't somebody tell us before?

But wait, it gets worse:

Instructional material available online includes tools to facilitate counter-intelligence and hacking activities and to improve the security of illicit communications and online activity through the use of available encryption tools and anonymizing techniques.

Yes, I'm sorry to have to break this to you, but there is indeed information about encryption tools on the Internet.

Or what about this amazing insight?

Many criminal justice practitioners have indicated that almost every case of terrorism prosecuted involved the use of Internet technology. In particular, planning an act of terrorism typically involves remote communication among several parties.

Extraordinary, eh? Who'd have thought that ruthless international terrorists might have thought of using the Internet to enable remote communication among several parties to take place? Obviously those carrier pigeons just didn't work out...

As you may have guessed by now, I don't think the UK government's money was particularly well spent here. The entire report is predicated on the idea that it is shocking and outrageous that terrorists should be using the Internet to be doing bad things – as if they don't already use the postal system, telephones, knives, guns and explosives to do exactly the same. Worse, the report wants something done something about it – which means, of course, more censorship, and more surveillance.

One of the interesting things that I did learn from the report is that the UK already has a law to censor any Web site, waiting in the wings:

In the United Kingdom, an innovative tool, available to authorities in dealing with cases involving potential acts of incitement over the Internet, is contained in section 3 of the Terrorism Act 2006, which provides police with the power to issue a "take down" notice to persons associated with operating websites or other Internet content.

Despite the availability of these "take down" notices as a preventive measure, in practice this power has not yet been used. In most cases, especially when the offending content was hosted on the websites of third parties, it tended to breach the terms and conditions of the service provider, and authorities were able to successfully negotiate the removal of the offending content.

In other words, pressure was put on ISPs to do something unofficially, without recourse to that tiresome old legal stuff – a really dangerous approach, because extrajudicial, and therefore not subject to any kind of checks and balances. Also worrying is the fact that it's enough to invoke "incitement of terrorism" in these cases, and the authorities get carte blanche to censor what they will. That's problematic because all kinds of legitimate protests are now being termed "terrorism" - which would therefore allow the use of this power to censor associated Web sites.

The UN report's suggestions for what should be done are mostly increased surveillance and storing yet more communications data (Teresa May will be pleased – what a coincidence, eh?):

ISPs may require users to provide identifying information prior to accessing Internet content and services. The collection and preservation of identifying information associated with Internet data, and the disclosure of such information, subject to the appropriate safeguards, could significantly assist investigative and prosecutorial proceedings. In particular, requiring registration for the use of Wi-Fi networks or cybercafes could provide an important data source for criminal investigations. While some countries, such as Egypt, have implemented legislation requiring ISPs to identify users before allowing them Internet access, similar measures may be undertaken by ISPs on a voluntary basis.

Data retention and informal relationships lie at the heart of the report's proposals, as two further sections make clear:

The development of a universally agreed regulatory framework imposing consistent obligations on all ISPs regarding the type and duration of customer usage data to be retained would be of considerable benefit to law enforcement and intelligence agencies investigating terrorism cases.


To the extent possible, authorities should establish informal relationships or understandings with ISPs (both domestic and foreign) that might hold data relevant for law enforcement purposes about procedures for making such data available for law enforcement investigations.

Interestingly, the report touches on a currently contentious topic in the UK: secret trials.

In many terrorism cases, evidence used by the prosecution is based on intelligence. The integration of intelligence activities into criminal justice systems remains a fundamental problem for authorities in dealing with terrorism, i.e. how can authorities protect sensitive intelligence underlying evidence while meeting obligations to ensure a fair trial and effective defence for accused persons, including the obligation to disclose all material parts of the prosecution case to the defence?

The answer, of course, is that they can't. You have to choose between justice and secrecy. I think it's pretty clearly which side the report would come down on.

Alongside its unthinking preference for censorship and surveillance, the report has another major flaw: trying to get terrorists off the Internet is precisely the wrong thing to do, for purely practical reasons. Maddeningly, the report even tells us why:

A significant amount of knowledge about the functioning, activities and sometimes the targets of terrorist organizations is derived from website, chat room and other Internet communications. Further, increased Internet use for terrorist purposes provides a corresponding increase in the availability of electronic data which may be compiled and analysed for counter-terrorism purposes. Law enforcement, intelligence and other authorities are developing increasingly sophisticated tools to proactively prevent, detect and deter terrorist activity involving use of the Internet. The use of traditional investigative means, such as dedicated translation resources for the timely identification of potential terrorist threats, is also expanding.

That is, the Internet is actually a fantastically powerful tool for fighting terrorism, which is why terrorist Web sites and communication tools should only be closed down in extreme cases. They are in fact a great source of information about the people that need to be monitored. By allowing those sites and services to be active, but watched closely, we avoid the need to bring in inefficient and counterproductive blanket snooping laws of the kind the UK government is trying to push through currently.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Find your next job with computerworld UK jobs