Jimmy Wales, the Wikipedia founder, has sharply criticised the government’s so-called “snooper’s charter”, which will track the internet, text and email use of all British citizens, as “technologically incompetent”.
Wales said that Wikipedia would move to encrypt all its connections with Britain if UK internet companies, such as Vodafone and Virgin Media, were mandated by the government to keep track of every single page accessed by UK citizens.
The Wikipedia founder said he was confident there would be a general move to encryption across the internet industry if British-based communication service providers were required to collect and store data for 12 months from overseas companies, such as Google and Facebook, for possible access by the police and security services.
He said the British government would have to resort to the “black arts” of hacking to break the encryption: “It is not the sort of thing I would expect from a western democracy. It is the kind of thing I would expect from the Iranians or the Chinese and it would be detected immediately by the internet industry,” Wales told MPs and peers.
His intervention came as leading UK internet companies, including Vodafone and Virgin Media, also raised concerns that making them responsible for retaining and storing sensitive data from overseas third-party companies will damage their commercial relationships and put them at a competitive disadvantage.
The internet industry, which is giving evidence to a parliamentary special select committee on the draft communications data bill, said that the legislation could create new opportunities for hackers and “malicious agents” looking to get hold of sensitive private information about individuals.
One leading internet industry organisation the London Internet Exchange (Linx), told MPs that it had serious concerns the proposals will create a “profiling engine”, a filtering system that will produce detailed profiles on all users of electronic communications systems, that would enable sophisticated data mining.
In a written submission, Linx said it will be a challenge to safeguard this profiling engine, and any breach would amount to “a significant threat to national security”.
“In our opinion this profiling engine amounts to an enormously powerful tool for public authorities. Its mere existence significantly implicates privacy rights, and its extensive use would represent a dramatic shift in the balance between personal privacy and the capabilities of the state to investigate and analyse the citizen,” the Linx submission said.
The £1.8bn scheme will require UK-based internet and phone providers to retain and store for 12 months the “traffic data” – who sent what, to whom, from where – but not the content of every British citizen’s internet, text and mobile phone use.
But the Home Office has admitted it cannot force foreign companies such as Google and Facebook to store and hand over sensitive personal data. Instead it is hoping to rely on voluntary agreements, but the legislation includes powers to require British communication companies to collect and store such third-party data that cross their networks.
Home Office security officials estimate that the rapidly evolving nature of the internet means they can no longer keep track of up to 25% of communications data, despite it being used as vital evidence in the vast majority of terrorist and serious crime cases. Internet and phone companies currently only keep the data they collect for their own business billing purposes.
The Internet Service Providers Association said the government estimated that this “gap” could be reduced by 10% and questioned whether this was sufficient to justify the proposals or represented value for money.
[Image via Joi Ito, Creative Commons licensed]