Disruptive Proactivity“David Blaine. We’ll send flowers”
“David Blaine. We’ll send flowers”, was the throwaway line, used as the public justification (aka coverup) for landing the TARDIS in Trafalgar Square. The line was funny. And, in a fictional prime time TV show, watched by few million people simultaneously around the planet, it was expected to be internationally funny.
Rather less of an audience was watching when the heads of the UK Intelligence Agencies spoke in public; although the body language from the head of GCHQ was almost as entertaining. He certainly seemed spooked by questions he knew were coming because he’d insisted they be given to him ahead of time.
In that session, one suggestion given for the regard in which the UK holds its intelligence agencies, was Bletchley Park and 007. That is probably true, but having dealt with a wide variety of people and organisations during my work on the Communications Data Bill (which will be back in the next Parliament) there’s something else as well: secrecy.
It’s very easy to be seen as competent, when you get to decide what is shown to people. Mainstream Saturday night TV claims that landing a TARDIS is a magician’s stunt, and it’s funny. But you can’t imagine France making that sort of joke credibly. The UK has an unusual relationship with authority, and with perceptions of power.
Bruce Schneier, one of the best cryptographers on the planet, in this fascinating discussion talks about an experience he had travelling with some data. Because of the sensitivity, he had to take precautions. He triple encrypted the contents carefully, and then erased the free space on his laptop. Then he unencrypted the files, because if there was a typo in the complex encryption key, he’d never be able to decrypt them again. Once that was validated, he safely deleted the files he had decrypted, and then erased his free space, and then had to run to the airport. Safely at his destination, he opened his laptop, and noticed that, the original data, the content that he had initially encrypted, was still sitting there unencrypted and undeleted.
There is the belief that no official would ever do anything like that. That belief exists solely because any time that they did, it would be so highly classified that it would never be known about, if the official admitted told anyone else at all. But, from the Communications Data Bill, I’ve seen that intelligence officials, away from the front line, are just civil servants with a comfort blanket of secrecy. And they hold that comfort blanket very tightly indeed.
Security is hard. Perception matters. It far easier when you can just make something up and claim authority. All of the scandals of the last decade, from MPs expenses to care.data have been because those with power thought they could do as they wished without repercussions, and something else happened instead.
Occasionally, we do get a view into the operational security of spies, and find that they do cock it up, just like everyone else does. The Russians had little problem identifying MI5 staff for a few years, because spies would religiously turn their phones off before going into Thames House, and then not turn them on again until they got off the plane in Moscow, which immediately looked for the last cell tower that they were connected to. The Russians can (and did) read the GSM specs to find this out, and it made their life easier, and MI5’s job somewhat more difficult. Data can leak out in many different ways.
By Government mandate, the UK public sector must report data losses to the information regulator. Transparency is the right thing to do, but because we don’t hear of the spooks losing sensitive data regularly, it doesn’t mean it doesn’t happen. We only know it has happened once because it was given to the press. But who else had other copies, and what did they care about?
Knowledge of data losses can be public, and of interest to the data and computer geeks, but few others care about the detail. Even on public sector data losses Glyn spent 2 years talking about every public sector data loss he could find (sometimes multiple per day); but no one cared.
At a recent cryptofest panel session, Nick Pickles from Big Brother Watch talks about how he went about explaining data and privacy to MPs, as part of the key role he played in killing the last incarnation of the Comms Data Bill. But equally, he also talks about how much is lacking, how much the community that says it cares about these issues, actually doesn’t do much to prioritise them. The whole panel is highly worth watching, for a diverse set of perspectives on the same story, but it shows that the main issue is lack of effective technical campaigning operations from the internet. Many pieces need to work together, in a a better way than this press release.
For how different pieces come together in interesting ways, the last three adam Curtis pieces illustrate it perfectly. Multiple complex narratives, that come together in ways that aren’t obvious for reasons that are fundementally unpredictable”, as to what people will find interesting and why.
But it’s much easier for authority to create something to fear and use it to justify secrecy. That’s how all the world used to work, and a large part of it still does. The UK has excelled at that for hundreds of years.
On the other hand, I’m really looking forward to the new Adam Curtis series as an “iplayer original”. Whoever had that idea, is inspired on multiple levels, because that’s how bits of the world are starting to work.