No Hiding Place: Britain and its Fifth Utility: Closed-Circuit Surveillance Technology: and the Elements of Cryptography

Britain is now a surveillance state. The authorities may be prying into your ‘private’ life this second. And in the electronic age, it is much easier for innocent people to be mistaken for criminals. The amount of closed-circuit television cameras is staggering. There are now 1.5 million of these operating in Britain. They will become, as Dr Stephen Graham of the University of Newcastle has suggested, the “fifth utility”, after telephones, water, gas and electricity.

Britain – 2001

Privacy is dead. We are watched by 1.5m closed-circuit television cameras, more per head of population than any country on Earth. Our government, police and intelligence services have more legal powers to poke around in our private lives than those of communist China. And thanks to new technologies from mobile phones to the internet, they can use those powers to find out where we are, whom we talk or send e-mails to, and what websites we click on. According to most experts in the field, a police state with powers of control and surveillance beyond the wildest dreams of Hitler or Stalin could now be established in Britain within 24 hours. And guess what: MI5 (a huge governmental database which trolls endlessly) probably read this article before you did. It was delivered by e-mail, a hopelessly insecure system. It is full of the sort of security-sensitive words the spooks look out for, and, as I shall explain, I seem to be an MI5 target.

But the weirdest thing of all is that we really don’t care. To take an example that may sound trivial but isn’t, the Television Licensing Authority is currently running an advertising campaign boasting of its ability to invade our privacy. Hoardings show a local street sign with the caption that declares, four people in this street don’t have a TV licence and the TLA knows who they are.

Duncan Bennett, a systems administrator with the Medical Research Council in Cambridge, knows exactly what this means. He hasn’t had a TV in 10 years and yet, annually, he gets threatening letters from the TLA. He has now discovered that, with no evidence against him whatsoever, they can get a warrant – always automatically granted – to break into and search his house. He is assumed to be guilty until proven innocent, a terrible inversion of ancient common-law tradition. He has struggled to find anybody willing to take up his campaign on the issue. Bennett is not suspected of drug-trafficking, terrorism or subversion. He is suspected of having a TV without a licence. Only in Britain would such an abuse of power – or even such advertisements – be tolerated.

We seem to have such fear of crime, and such a mute acceptance of the seizure of power by the authorities, that we are actually comforted by the thought that we are being watched all the time. This, in the current climate of paranoia and high technology, is dangerous. Our right to live a law-abiding life without interference is now utterly compromised. The Englishman’s home is no longer his castle, it is his virtual interrogation cell.

The State of Surveillance- The Core of Modern Cryptography

How did we get here? The story begins in a bedroom in Cheltenham in 1969. James Ellis, an employee of the Government Communications Headquarters, Britain’s global listening post, had been working on the problem of coding, more accurately known as encryption. Thanks to our cracking of the German Enigma code during the second world war, the British were regarded as world masters of this art. Since then, GCHQ had been working closely with the American National Security Agency (NSA) to ensure that the good guys – us – would always be able to crack or write codes more successfully than the bad guys – primarily the Soviets.

In his bedroom, Ellis had an idea for a system of encryption that would be utterly unbreakable. But his system was so completely at odds with prevailing wisdom that it was at once rejected by almost everybody in the code business. Ellis died in 1997, professionally anonymous to the last, and just a month before his brilliance was generally recognised when GCHQ finally published his papers on their website.

Until then, everybody thought the first man to have this idea was an American named Whitfield Diffie. In 1975, Diffie had independently experienced the same eureka moment as Ellis, but his insight was made public. At that moment, both GCHQ and NSA, not to mention every other security and intelligence service on the planet, suffered a crisis from which they have yet to recover, and the issue of individual privacy leapt to the top of the political agenda, where, almost everywhere except in Britain, it remains.

The Ellis/Diffie invention was what is now called public key cryptography (PKC). It is the most powerful coding system that has ever been devised. It’s what you use if you bank or buy on the internet. You don’t know you’re using it: your computer does it for you. It offers everybody the power to communicate in unbreakable codes. As a result, it’s easily the worst thing that has ever happened to the spooks and the police. Beside this, Kim Philby was a minor hiccough.

This is how it works. Normally, if one spook wants to send a coded message to another, he does so in a code that can be unlocked by a key – a string of numbers – known to both of them. The problem is, they have somehow to give each other the key. Diplomats going through customs handcuffed to briefcases are one way of passing on keys. But you can mug a diplomat and, as the British showed when they seized a German Enigma machine, you can intercept keys transmitted by any other means. Either way, the spooks lose their secrecy.

In PKC, one party makes his key completely public; anybody can have it.

This public code allows anybody to encode their message and send it. But the public key can only encrypt the message, it cannot decrypt it. Only the secret key possessed by the recipient can unscramble the message. As long as he keeps his key secret – an easy task, because he need never share it with anyone else – then his code is unbreakable.

The one flaw in this might be the use of supercomputers simply to run through all possible key combinations – a so-called “brute force” attack. Keys are just sequences of numbers, after all. But now that more powerful personal computers and software accept much longer keys, it would take billions of years for a brute-force attack to succeed. Rumour has it – there are only ever rumours in this area – that the NSA has spent $5 billion trying to crack the strongest contemporary codes and failed.

Since both the NSA and GCHQ are founded on the principle that they should be able to read any communication anywhere in the world, this is their worst nightmare. Since 1975 they have been battling to find ways of ensuring they can still eavesdrop on anything. And, because Diffie’s trick was already out there among the nerds and hackers of the world, this battle had to take place in public. Essentially, both the British and American security services wanted copies of all keys to be lodged with government agencies – so-called “key escrow” – or, as in the system we now have in Britain, they wanted to be able to demand the surrender of keys.

But the libertarian nerds, known in this field as “cypherpunks”, fought back in the name of freedom from the all-seeing eyes of Big Brother government. In the United States they have had some success, thanks to the native distrust of government; in Britain they have had almost none.

After the collapse of communism in 1989, this issue became even more urgent. The primary targets of the security services were no longer the Soviets. Now they were organised criminals, drug traffickers and terrorists. This meant they wanted to watch their own citizens rather than just foreign spooks. The possibility of the high-tech, constant-surveillance Big Brother state was threatening to become a reality.

PKC had become much more than a brilliant mathematical trick: it was now the centre of a bitter philosophical and political debate about the privacy of the individual. This has now spilt over into just about every area of public policy. Before PKC, the spooks could watch and never explain anything. After PKC, they had to come out and argue their case.

The big questions are obvious. How much should the government be able to find out about me and the things I do? Should it be able to read all my private messages, my bank accounts, my health records? Do I have any right to privacy at all, or does the public interest in the possibility that I might be a terrorist, paedophile, criminal or spy overrule all other considerations?

Cryptography was only the beginning of this debate. Technology – whether in the form of computers, mobile phones, credit cards, store cards or closed-circuit television cameras with sophisticated face recognition systems – means that people can now, if they like, know almost everything about anybody.

The Remnants of Passing Through

We all leave an electronic trail wherever we go, whatever we do. This trail is impossible for the individual to eradicate or control.

Much of this trail may seem innocent – what you buy at Tesco using your loyalty card is hardly likely to be a sensitive matter. But the point about computer memory and processing power is that it is expanding at a rate few of us can begin to understand. As a result, thanks to those loyalty cards, it is perfectly possible to trawl through everything you have ever bought at Tesco, and that can produce a startlingly detailed picture of your life.

“I’m not embarrassed about my shopping,” says Ian Brown, a researcher into mobile multimedia security at University College, London, “but the insidious nature of this is that it’s not the day-by-day information, it’s knowing about all your grocery for the last five years. It’s amazing how much you can tell about someone from the pattern of their buying.” Furthermore, information breeds information. Once I know one thing about you, I can generally find out another. Using a technique known as ‘social engineering’ – essentially a simple con trick – armed with a few details like your date of birth and post code, I can easily convince some lowly clerk on the phone that I am you and seduce him into parting with more sensitive material.

When you add into that mix internet usage and e-mails – neither of which are remotely secure unless you go out of your way to make sure they are – it becomes easy to build up staggeringly detailed pictures of the lives and habits of almost anybody. Indeed, there is an automated global system code-named Echelon, operated by the US, UK, Canada, Australia and New Zealand, which is believed to intercept up to 3 billion communications a day, trawling through them for sensitive words that might indicate a security threat – it may well pick up this article in transit. Some claim that 90% of internet traffic is scanned by Echelon. The exact figures are unknown, because the system is top secret. Indeed, Britain, alone among these countries, does not even admit it exists. Simon Davies, head of the pressure group Privacy International and a self-confessed cypherpunk, describes Echelon as “black-helicopter, Mulder-and-Scully stuff”. As in The X Files, the truth is out there, but so is somebody who doesn’t want you to know.

Even by just collating all the addresses of your e-mail correspondents, the security services can construct “friendship trees”, patterns of association that, whether you are guilty or not, may connect you to terrorists or criminals.

The All-Seeing Eyes

Closed-circuit television (CCTV) cameras are the final turn of the screw. There are now 1.5m of these operating in Britain, and some, as in the London borough of Newham, use facial recognition software that automatically identifies target individuals. Some of these cameras are visible, but many, in pubs and clubs, are not. In time, it is thought these cameras will be linked in a nationwide web. They will become, as Dr Stephen Graham of the University of Newcastle upon Tyne has suggested, the “fifth utility”, after telephones, water, gas and electricity. “These networks,” he writes, “have long since merged and extended to become technologically standardised, multipurpose, nationally regulated utilities, with virtually universal coverage. I would argue that CCTV looks set to follow a similar pattern of development over the next 20 years, to become a kind of fifth utility.”

“We have far more of these cameras than any other country,” Graham tells me, “though Germany and the US are now catching up.” Why? Well, I suppose we have fewer constitutional and political fears about invasions of privacy.

We have a huge fear of crime and we have no totalitarian past like almost all the other countries in Europe.”

Graham believes the key to the future, networked power of CCTV is automation. “The key to the limitations of their use was the human operator, who just got bored. Soon, software will be able to do all that, and then the power will be in the hands of the software writers to decide what is abnormal behaviour. It will all be hidden – there will be no accountability.”

And, in their book The Maximum Surveillance Society: The Rise of CCTV, the academics Clive Norris and Gary Armstrong write: “The architecture of the maximum surveillance society is now in place.” Their point is that the hardware of CCTV is so firmly in position that enabling it to watch everybody all the time is now merely a software problem.

Meanwhile, other surveillance technologies are springing up all the time. Police in the US, and some private agencies here, now have machines – called IMSI catchers – in their cars that fool your mobile phone into thinking they are base stations on your network. They can even tell your phone not to use any form of encryption. So they can listen to every mobile call you make. In addition, all big companies in the City of London routinely have to attach devices to their windows to prevent sensitive meetings being overheard through remote sensors that pick up voices from vibrations of the glass. Or there are Van Eck devices, which can read everything on your computer screen from a street away from your house. It is rumoured that one of these machines has been refined to the point where it can pick out one computer screen at the top of Canary Wharf from street level. Or tiny airborne devices the size of butterflies are being developed that can watch every move you make. And so on and so on. “It is plausible,” writes Bruce Schneier, an American security consultant, in his book Secrets & Lies, “that we could soon be living in a world without expectation of privacy, anywhere or at any time.”

Soon, some have suggested, we shall have to record our entire lives on audio and video just to establish an alibi, in case we are implicated in a crime. Indeed, not to make such a recording may one day be treated as a cause for suspicion.

Do we care? In Britain, apparently not. We accept CCTV cameras out of fear of crime, and as a result we have more than any other nation in the world. Meanwhile, a study by the Economic and Social Research Council’s Virtual Society programme has found that employees do not regard surveillance systems in the workplace as invasions of privacy. And finally, in the form of last year’s Regulation of Investigatory Powers Act (RIP), we now have, according to many observers, the most invasive legal apparatus anywhere in the world. China, it has been pointed out, has nothing as draconian as this on its statute book. It has been described by the constitutionalist Anthony Barnett as “the most pernicious invasion of privacy ever imposed by a democratic state”. Among other things, the act ensures that all internet and mobile-phone communications will potentially be interceptible by the police and security services. Furthermore, even if you are not suspected of any crime, you can be imprisoned for two years if you fail to disclose a computer password. The communications of UK citizens can now be trawled by GCHQ to investigate any “large number of persons in pursuit of a common purpose”.

Author: Bryan Appleyard

News Service: Sunday Time Magazine UK


Leave a Reply

%d bloggers like this: