Illustration of architect standing by drawing board. Public domain image.

Back to the drawing board? How you can help ensure the government learns from serious criticism of the Investigatory Powers Bill

Yesterday, I blogged over at Open Rights Group Birmingham about the latest twists and turns in the development of the Investigatory Powers Bill, the government’s plans to increase online surveillance and permit widespread hacking of computer networks.

You can read the full post here.

Open Rights Group Birmingham meetup tomorrow

If this post piqued your interest in online privacy and you live in or near Birmingham, you might like to come to the next Open Rights Group Birmingham meetup, which is happening tomorrow (Wednesday 17 Feb) from 6.30pm at Birmingham Open Media.

At the meetup we’ll be teaching people simple, practical things they can do to protect their privacy and security online. I’m pleased to say we’ve had a really good level of interest in the event, with over 20 people down to attend. If you can’t make it along tomorrow, we’ll be holding regular meetups throughout the year.

 

 

Screenshot of House of Commons science and technology committee report on the Investigatory Powers Bill

Has the science and technology committee struck a blow against the Investigatory Powers Bill?

As an organiser for Open Rights Group Birmingham, I have followed with interest and not a little weariness the twists and turns as the government’s draft Investigatory Powers Bill makes its way through the pre-legislative scrutiny phase.

Today, the House of Commons science and technology committee published a highly critical report on the bill, with its chair, Nicola Blackwood MP commenting:

The current lack of clarity within the draft Investigatory Powers Bill is causing concern amongst businesses. There are widespread doubts over the definition, not to mention the definability, of a number of the terms used in the draft Bill. The Government must urgently review the legislation so that the obligations on the industry are clear and proportionate.

In particular, the report highlights the following problems:

  • The feasibility of collecting and storing Internet Connection Records ICRs – including the very real problem of keeping these highly personal records from (non state-sanctioned) hackers.
  • Anxiety amongst communication  providers over the ability to use effective encryption, which Blackwood recognises is “important in providing the secure services on the internet we all rely on“. The committee particularly wants the government to provide greater clarity over the status of end-to-end encrypted communications, where decryption might not be possible by a communications provider that had not added the original encryption.
  • Concerns amongst certain communications over ‘equipment interference’. For some providers, such as Mozilla (the makers of Firefox), this concern appears to stem from a genuine concern for its users’ privacy and the integrity of the internet. For other providers, the concern is more about how a perception of hacking could hurt their competitiveness in a global market for services.
  • Uncertainty over costs. Coverage of the committee’s report has downplayed the risk associated with spiralling implementation costs, both for government and businesses. At last cost, the Home Secretary has put the cost of implementing the new ICR system at £247 million but the report notes that costs are likely to change (i.e. rise), given the uncertainty and rapid pace of technological change.

It’s worth noting that the committee’s remit was purely to look at the technical feasibility of the government’s proposals and how these might affect communications businesses, not whether the communications monitoring provisions or whether they are proportionate to the threats they are intended to deal with. These issues are expected to be addressed by the joint committe Joint Committee established to scrutinise the draft Bill as a whole.

I believe the criticisms levelled at the bill in this report are significant for a couple of reasons.

Firstly, by focusing solely on the technical feasibility of implementing the bill, it manages to side-step the highly polarised debate between privacy and security advocates. This report says, irrespective of your views on the merits of expanded monitoring of communications, you should be concerned as a citizen and taxpayer about the feasibility of implementing the government’s plans at anything approaching a sensible level of expenditure.

Secondly, by holding up the prospect that the Investigatory Powers Bill will do real harm to the growing UK tech sector, the report will hopefully encourage the government to modify its approach, if only to protect its supposed reputation for business confidence.

Both these signals – questions over the feasability of implementation and the likely damage to the UK’s growing tech sector – will not  in itself be enough to stop the Investigatory Powers Bill becoming law, but it’s a start.

The Joint Committee is due to deliver its full report on the Investigatory Powers Bill no later than 17 February. It will be interesting to see whether this committee takes a similarly critical stance on the merits of expanded monitoring provisions and the limited amount of time the committee was given to scrutinise the bill.

Cost of Investigatory Powers Bill could undermine UK Tech sector – full details of science and technology committee report

Science and Technology Committee of Parliament slams Snoopers’ Charter – Open Rights Group’s reaction to the committee’s report

Screenshot of Twitter account of Kevin McGurgan, UK Consul-General Toronto & Head @UKTI_Canada.

Supporting authentic digital engagement

Since September, my role as product lead for Helpful Technology’s Digitial Action Plan has involved working closely with with senior civil servants to help them become more confident around digital engagement. I’d like to share with you what I have observed to be the main barriers to civil servants becoming authentic digital engagers and how we can overcome them.

Mastering the basics

At its heart, the Digital Action Plan is about giving people the confidence to use digital tools at work to listen, explain and talk with their audiences. Before people can can do that, however, they need to feel at ease with the basics of technology.

One of the great things about being from an external organisation is that civil servants, particularly those in senior roles, feel able to ask me for help where they might otherwise avoid doing so out of fear of looking foolish. For example, one person mentioned to me the common problem of struggling to remember passwords for different online services. Recognising this was likely to discourage them doing more with digital, I introduced them to the LastPass password manager, which will take the headache away from accessing digitial services.

While I am pleased to be able to help participants with any basic issues they have, I’d like to see organisations provide regular opportunities for staff to learn the basics in a non-judgemental environment. From my time as a Social Media Surgery volunteer, I know informal sessions can be a good way for people with skills to help others. Meetups could be held on a partcular theme, such as protecting your privacy and security online, or be of a more free form nature.

Making time for learning

I’ve found time, or more precisely the lack of it, to be a major barrier to civil servants becoming more effective at digital engagement. Not surprisingly, it can be a struggle to carve out time to learn new skills whilst managing a demanding workload.

For example, it’s pretty obvious writing and presenting a paper to the board is going to loom large in somebody’s to-do list and have the potential to put a limit on learning time. With the Digital Action Plan, I try to bridge the traditional divide between training and the day job by encouraging participants to connect their learning goals with real-life project and tasks. For instance, could a participant use Twitter to inform stakeholders about the forthcoming report, what its implications are and how they can get involved?

While most participants find they are able to connect their learning goals to forthcoming projects, I believe there is still more we can do. I would like to see closer working between line managers and participants so that there is clear agreement on how digital engagement learning will be built into participants’ workloads in a way that directly supports a team or department’s core objectives.

Valuing boldness

As a trainer, one of the most satisfying parts of the job is seeing people you’ve supported take offf and really run with something you’ve introduced them to. Conversely, it’s easy to feel disapppointed when people for whatever reason seem to fail to respond to your support or choose not to put what they’ve learned into practice.

In my experience, the people who get the most from the Digital Action Plan are those who are willing to be bold and seize the opportunities available to them. Earlier this month I was impressed when a participant published their first blog post on LinkedIn after previously expressing quite significant reservations over developing their own professional profile online.

At Helpful, I try to encourage participants to be ambitious about what they can achieve and to believe that they have it within themselves to learn new things and to do things differently. I do this by sharing examples of interesting things their peers are doing, such as the Foreign Office’s engaging use of Shorthand Social and showing them that they aren’t the first person to be nervous about blending the personal and the professional in their digital engagement.

The FSA’s Christina Hammond-Aziz’ recent blog post why faceless civil servant is never a good look, makes clear the significant progress the civil servicehas made on digital engagement but, as with any organisation or sector, there is always room for improvement.

This week, Janet Hughes from the Government Digital Service asked: what if boldness were an explicit value of the civil service? Janet describes boldness as bringing your whole to the situation and demonstrating the values of opennesss of optimism and a commitment to something bigger than yourself. In doing so Janet could just as easily have been describing the qualities of authentic digital engagement. Ultimately, if we want civil servants to be authentic digitial engagers, we must go further in supporting an organisatonal culture which values and rewards authetic engagement.

Photo Credit: oliver lamford via Compfight cc

What Shami Chakrabarti can teach us about valuing civil liberties and human rights

As a member of the civil liberties organisation Liberty, it was with sadness that I read earlier this week week that

Chakrabarti has written a thoughtful piece for The Guardian to coincide with the announcment of her depature from Liberty. In it, she notes: “When fear stalks the land, blank cheques become all too easy and ever more dangerous.” This defintiely rings true of my recent experience campaigning against the Investigatory Powers Bill as part of the Open Rights Group. For me, the lowest point of the campaign (so far – it’s not over yet!) was when David Cameron sought to use the Paris Attacks to justify an attack on encryption, despite the fact that the terrorists had in fact coordinated the attacks using regular unencrypted text messages.

I was also struck by another of Chakrabarti’s observations:  “We all love our own rights and those of friends, family and people like us. Other people’s freedoms seem cheaper until it’s almost too late.” Again, I have encountered this in my campaigning for the Open Rights Group. The common response of “nothing to hide, nothing to fear” when privacy concerns are raised in relation to the Investigatory Powers Bill reflects many people’s belief that they (and by extension, their friends and family) will never be adversely affected by expanded online and so we need not worry ourselves about the balance of power between citizen and state.

While I will be sad to see her go I can understand her reasons for stepping down, given the pressure and responsibility she must have felt over the past 12 years. I would like to thank Shami Chakrabarti for everything she has done to defend civil liberties and human rights.

Labour Party General Election 2015 campaign T-shirt displaying the phrase, 'Hell Yes I'm Voting Labour'

My Highs and Lows of 2015

I’ve missed the boat. As I sit down to write this post, the fourth day of 2016 is already drawing to a close.

If I were a better blogger/person, I would have already have written my 2015 round-up and published it in the sweet spot between Christmas and New Year when there’s a flurry of such posts.

Instead, I was caught up in a flurry of holiday hosting and socialising which has only just come to an end. As John Lennon might have said, life is what happens when you’re not busy making other plans.

While I was experiencing 2015, it often felt like the lows were getting the better of the highs but looking back I can see there were a few ‘champagne moments’ along the way.   So, without further ado, here’s a brief round-up of the key events from possibly the most eventful  year in my life.

The Highs

  1. Going freelance as a digital communications specialist and working with the lovely team at Helpful Technology  to deliver their digital confidence and skills programme across Whitehall.
  2. Launching Open Rights Group Birmingham and working with passionate and principled people to protect and promote human rights in the digital age and oppose the Government’s controversial Investigatory Powers Bill.
  3. Getting involved with my local Labour Party in Bournville, helping my local MP Steve McCabe more than double his majority at the General Election in May and creating the Cats of the Campaign Trail blog.
  4.  Photographing Birmingham Beer Bash for the third year in a row and having my photograph of Dismaland picked up by media outlets both here in the UK and abroad.
  5. Getting some much-needed good news towards the ends of the year about health issues which have affected my family throughout 2015.

The Lows

  1. Being made redundant from my role as Communications Manager for ARK Kings Academy in Birmingham, due to a funding shortfall.
  2. Worries over family health issues, which thankfully improved as 2015 drew to a close.
  3. The stomach-churning feeling so many of us got at 10.01 pm on 7 May, when the exit polls announced the Conservatives would get the seats they needed to form a government and I would have to retire my Hell Yeah, I’m Voting Labour T-shirt.
  4. Watching Labour’s Andy Burnham put up virtually no opposition to the Government’s proposed Investigatory Powers Bill, even when  Amnesty International (along with many other respected individuals and groups) have said the bill would effectively legalise mass surveillance put the UK government’s compliance with international law in disarray.
  5. Watching David Cameron use the fear, uncertainty and anger generated by the awful Paris attacks to secure parliamentary approval for bombing Syria and stooping to a new personal low by labelling opponents of bombing ‘terrorist sympathisers‘.

What I’ve learned from nearly three months of delivering digital confidence and skills training for Helpful Technology

I can’t believe it’s nearly three months since I started working as product lead for Helpful Technology’s Digital Action Plan.

Since joining Helpful, my work has been focused on how best to give people the confidence and skills to use digital at work. This has involved delivering face-to-face training, producing engaging online resources and offering ongoing support to participants.

Here’s what I’ve learned so far about how to approach improving people’s  confidence and skills with digital. While I am talking about digital, hopefully these lessons will also be helpful for anyone trying to bring change in other areas.

1. Never make assumptions about a person’s existing skills and confidence

It’s easy to assume a participant will have broadly similar digital skills and confidence as his or her peers. However, now that I have worked with several cohorts from across different organisations and levels of seniority, I have come to realise this is not the case.

For example, I discovered that one participant had started his career as a programmer at IBM before joining the civil service and had actively made the case for embracing digital. This person’s requirements from the Digital Action were very different from someone who had little experience or confidence in using digital at work.

2. Take a holistic approach to people’s learning

Although the Digital Action Plan is focused on giving people the skills and confidence to use digital at work, I’ve found people are more motivated to complete the training when we can link it to their needs and preferences beyond the workplace.

For example, after doing some initial research I discovered that one of our participants, Jonathan Aldridge, is a published author and has blogged about his experiences as a writer. By knowing this, we were able to tailor his learning goals so that he was able to both apply his existing skills to in-work projects and develop new skills that would benefit both his employer and his creative pursuits.

While not every participant will be a published author, by taking the time to talk to participants and regularly reviewing their learning goals with them , it is nearly always possible to link digital to both work and more personal objectives.

Another participant, for example, thought she didn’t really do much with digital but after talking to her, it turns out she has blogged about shoes in her. Knowing this, we were able to encourage her to use this outside interest to create a ‘safe space’ where she could experiment with new digital channels such as Pinterest, before applying them to a work project.

3. Connect training with real-life projects

While it can be very helpful to get participants to think about how they use digital outside of work, ultimately we want people to be using digital in their everyday job roles.

For every goal, participants are asked to apply what they are learning to a project or area of their work. For example, when learning how to use the Hootsuite dashboard to conduct a social listening exercise, policy officers are asked to ‘listen in’ on what people are saying about their policy officer.

Going forward, I am exploring ways of strengthening the connections between a participant’s learning plan and their work priorities.

Earlier this week, for example, Guy Poppy, Chief Scientific Advisor to the Food Standards Agency, explained to me his ambitions to develop a collaborative open data project to improve food safety.

We are now working together to ensure Guy’s learning plan reflects this ambition, for example relating a goal on developing blogging skills to the task of persuading stakeholders to support the open data project.

4. Always be nice (but not too nice)

Finding time for learning and development can be really difficult, particularly when many of the organisations we work with at Helpful are under pressure to ‘do more with less’. This means it’s important to strike the right balance between being supportive and firm when encouraging participants to complete their Digital Actions Plans.

I have found  that putting time in early on to build relationships with participants and course patrons makes it easier to get people through the course. By doing so I have been able to identify and take action to overcome potential barriers to learning, whether that be a participant’s workload, a lack of confidence or how useful a participant perceives their learning goals to be.

Putting in this initial effort means I am able to be firm where required. For example, having worked with a participant to tailor their learning goals or extend a deadline, I am in a strong position to hold them to account, should they not be making sufficient progress.

Dismantled digital camera. Photo by johncarney via Compfight cc

Dismantling the Government’s Arguments in favour of the Investigatory Powers Bill

In my last post, I argued that if campaigners (including myself) are going to take on the Government over its plans for online surveillance and win, we need to dismantle the claims they are making about these powers being necessary for security and crime fighting.

Since then, I’ve done some further online research and had some interesting conversations on Twitter and at last night’s well-attended Open Rights Group Birmingham meetup. This has helped me to develop my thinking on how to frame the argument in a way that convinces politicians and the general public to sit-up and take notice of what’s at stake with the Investigatory Powers Bill.

Winning the argument over the Investigatory Powers Bill – key lines

Security risks created by the Investigatory Powers Bill

  • The new requirement for tech firms to provide  unencrypted communications to the police or security services if requested through a warrant has been widely interpreted as an attempt to weaken encryption.
  • Tim Cook, Apple’s Chief Executive, noted in a recent interview with The Telegraph : “If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It’s the good people. The other people know where to go.
  • As Tim Cook explains, “Any backdoor is a backdoor for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a backdoor can have very dire consequences.”
  • Criminals and other bad people will still be able to access widely available open source encryption tools, while regular people who are less technically sophisticated will be left more vulnerable to data thefts and identity crime, notes security researcher. Paul Bernal, Internet privacy law researcher at the University of East Anglia, notes: “Savvy criminals already use encryption and software like Tor to hide their online activities, so storing web records won’t help combat this.
  • In addition to the weakening of encryption, the bill will create more opportunities for cybercrime. Requiring ISPs to store everyone’s Internet connection records for 12 months will create huge amounts of personal data, which will be highly attractive to criminals. How much more personal data could criminals could have stolen from TalkTalk, had the new collection system been in place? Timothy Brown, Executive Director of Security with Dell Software Group noted: “this only creates larger and more attractive targets for hackers and leaks.
  • The bill proposes granting the security services broad powers to hack computer systems. Doing so will leave critical infrastructure at risk, as the same vulnerabilities used by security services will be exploited by criminals. As Tim Cook  noted: “Any backdoor is a backdoor for everyone.”

Questionable security gains from expansion of surveillance powers

Damage to the UK economy

Expense

  • Internet service providers (ISP) have called into question the cost of implementing a key element of the Investigatory Powers Bill, the mandatory collection and retention of every citizen’s Internet Connection Records.
  • The Home Office has budgeted for £175 million but this is only intended to cover the initial up-front equipments costs, not the ongoing cost of running the system.
  • Matthew Hare, Chief Executive of ISP GigaClear said “the indiscriminate collection of mass data is going to have a massive cost
  • Asked about the feasibility of implementing a system of mass data collection, James Blessing, the chair of the Internet Service Providers’ Association (ISPA),  said ISPs would find it “very feasible – with an infinite budget”.

Human rights and international reputation

Sources

Amnesty International UK, Mass Surveillance by another name, 6 November 2015 (accessed 12 November 2015)

Ars Technica UK, Snooper’s Charter: UK gov’t can demand backdoors, give prison sentences for disclosing them, 6 November 2015 (accessed 12 November 2015)

BoingBoing, UK law will allow secret backdoor orders for software, imprison you for disclosing them, 10 November 2015 (accessed 12 November 2015)

Committee on Legal Affairs and Human Rights of the Parliamentary Assembly of the Council of Europe (PACE), Mass Surveillance Report, 26 January 2015 (accessed 12 November 2015)

EDRi, European Court overturns EU mass surveillance law, 8 April 2014 (accessed 12 November 2015)

IT Pro, Snooper’s Charter puts data at risk even with encryption, 4 November 2015 (accessed 13 November 2015)

Liberty, Investigatory Powers Bill: Spoiler Alert – this is terrifying, 4 November 2015 (accessed 12 November 2015

New Scientist, UK spying rules may drive criminals to use stronger encryption, 11 November 2015 (accessed 13 November 2015)

Schneier on Security, Data Mining for Terrorists, 9 March 2006 (accessed 12 November 2015)

The Guardian, Obama must finally end NSA phone record collection, says privacy board, 29 January 2015 (accessed 12 November 2015)

The Guardian, Broadband bills will have to increase to pay for snooper’s charter, MPs are warned, 11 November 2015 (accessed 12 November 2015)

The Telegraph, Apple’s Tim Cook declares the end of the PC and hints at new medical product, 10 November 2015 (accessed 12 Nov 2015)