This Mail on Sunday article seems suspiciously like Whitehall securocrats trying to manipulate the Press and public opinion, to spin the way for another stab at the reviled Communications Data Bill power grab.
They do not seem to have learnt anything from their previous failures to convince Parliament or the public. Why can't they cite some actual, relevant recent cases, to justify their "we must grab everything (for free, in secret), even from millions of innocent people" policies ?
This article is so full of half truths and spin, that it has provoked Spy Blog to comment on almost every section:
Cameron told internet giants have withdrawn cooperation with MI5
Some are obstructing requests for help tracking terrorists and criminals
Follows Edward Snowden's claims firms are used to snoop on Brits
By Robert Verkaik
Published: 01:01, 27 April 2014 | Updated: 01:01, 27 April 2014
David Cameron has been warned by the country's top spy chiefs that internet companies including Facebook and Google are undermining national security.
The Prime Minister was told internet giants have 'withdrawn' their cooperation and are obstructing MI5 requests for help tracking terrorists and major criminals, including paedophiles.
What evidence is there of any actual obstruction ? There is none whatsoever in this article.
It follows fugitive Edward Snowden's claims that the firms are used to snoop on British citizens, which is disputed by spy chiefs.
Before the US whistleblower's disclosures, they willingly responded to lawful requests for details of phone calls, emails, text messages and other private information.
Now the companies are said to be concerned about being seen to acquiesce too easily.
It is clear from the Oral evidence to the Joint Committee on the Draft Communications Data Bill (.pdf) back in the summer of 2012, i.e. before the Snowden revelations that big US based companies Google, Facebook and Yahoo even then insisted on a clear Mutual Legal Assistance Treaty request from UK Police via US law enforcement partners, typically the FBI.
They also have 24 hour rapid response teams in place to expedite urgent requests e.g. kidnap situations where lives are immediately at risk.
So what, exactly has changed ? There is now proof via the Snowden revealed documents, that the years of goodwill and voluntary cooperation with say the UK Police, have been completely undermined by the out of control mass surveillance and actual attacks on their infrastructure by NSA and GCHQ and their 5 Eyes partners intelligence agencies.
One of the fears is that intelligence officers will lose the ability to monitor the safety threat posed by British jihadists travelling to Syria, for example Londoner Mohammed El Araj, 23, who is said to have died while fighting for militants with links to Al Qaeda.
What threat from returning fighters, exactly ?
What safety threat to the UK can someone who has died in Syria pose ? Where are the examples of any such UK fighters in Syria who have returned to the UK ? How many are there ?
How many of them are totally disenchanted by the realities of civil war ideologies like e.g. George Orwell after fighting in the Spanish Civil War ?
What about UK fighters who have actually been trying to liberate the country from the evil Assad regime ? What if they have received direct or indirect support, money or training or weapons from UK or other allied agencies ?
What about non-combatants who "only" help with food or medical relief etc. for refugees ? A few of these may actually become radicalised towards violence after what they have witnessed in Syria, but most will not.
If there really is such a threat, why have there been no arrests or convictions of returning fighters from Syria (or Afghanistan or Pakistan or Somalia or Oman etc.) ?
The intelligence agencies have access to credit card, bank account, passport, visa and travel booking data systems, none of which has anything to do with Google etc. Why does this does not reveal any travel plans of jihadists going to, or returning from Syria ?
Any wannabe terrorists stupid enough to put their travel plans on Facebook, should be trivial to track down.
How exactly are such "returning fighters" going to magically smuggle in the AK-47s and RPGs that they have been using in Syria, back into the UK ?
A security source told The Mail on Sunday: 'One of the impacts of the Snowden disclosures is that internet companies have withdrawn their willing co-operation and that has affected some operations.'
Why can't these "security source" briefings be from named, official spokesmen, on the record ? This might add some credibility and public trust in the Government's message, which is totally lacking in these sneaky "anonymous" briefings.
The fact that NSA and GCHQ were / still are, snooping on vast amounts of innocent customers data flowing between the datacentre communications links of companies like Google and Yahoo, regardless of how well they were cooperating with informal requests and formal legal demands for data, is hugely significant.
This counterproductive and easily avoidable betrayal of the companies' trust in the authorities is entirely the fault of the US and UK securocrats and politicians..
The source added that a key bone of contention was the internet service providers' unwillingness to hand over encryption keys that unlock data being sought by law enforcement agencies.
Why are law enforcement agencies seeking encryption keys from Google, Facebook, Yahoo or from "internet service providers" ?
Which "encryption keys" is this anonymous "security source" moaning about ?
Are Whitehall securocrats seriously expecting Google to hand over the private de-cryption keys of their search engine or web mail etc. web servers ?
Given the millions of innocent people who use these web servers every day, it would be completely disproportionate, even to try to decipher tens of thousands of terrorist suspects TLS encrypted web sessions and even if they could legally serve a US based company with a RIPA Part III section 49 notice.
Have any such encryption keys ever been handed over to UK law enforcement agencies in the past (no RIPA section 49 notices have been reported as such in the handful of individual cases referenced by the various RIPA Commissioners' Annual reports)
Such section 49 notices are supposed to be narrowly targeted and have the provision to demand de-ciphered plaintext, where this is available, without putting millions of other customers and users data at risk.
It would be a horrible legal precedent if Google or Facebook or Yahoo ever handed over their web servers' private keys to anyone, especially a foreign Law Enforcement Organisation like the UK police..
What then would stop repressive regimes like Iran or China or governments which are nominally democratic, but which are sliding towards authoritarianism like Turkey or Venezuela from legally demanding the same, in order to repress their political dissidents ?
Note also the careful avoidance of any mention of intelligence agencies by the anonymous Whitehall briefer - the Snowden revelations show that GCHQ and NSA have been attacking internet encryption systems, regardless of the damage to internet e-commerce etc. i.e. working against National Security (one definition of which is "the economic well being of the United Kingdom)
N.B. encrypted web or email traffic protocols currently do not hide the Communications Data / metadata of a web or email session, which gives law Enforcement a lot of intelligence to work with, even without being able to read the contents of a web session or an email in transit.
None of this helps if the suspects or political activists use an extra layer of end to end encryption e.g. by GPG encrypting the contents of their Google gmail message.
The source added: 'It is not simply about terrorism; it's about serious crime, including paedophiles and gangland crime bosses.'
Intelligence agencies are interested in paedophiles only for blackmail, not chiid protection
This same anonymous Whitehall "security source" seems to be trying to drag GCHQ & MI5 into the specialised world of online paedophile investigations (is it Charles Farr or someone else at the Home Office's Office for Security and Counter-Terrorism ?)
This is something which is not in their intelligence remit. Intelligence agencies are peripherally interested in paedophiles, but only so as to blackmail and recruit them if they are of intelligence value. According to the Snowden documents there have also been controversial amateurish attempts to "disrupt" through smearing via social media, some non-terrorist political or religious alleged supporters of terrorists' causes, against whom they have no actual evidence. None of this is for actually for child protection, unlike Police investigations..
Intelligence agency staff conducting non-criminal i.e. intelligence investigations, do not have any legal immunity from the draconian UK child porn laws which criminalise possession or copying of child porn images, They have no powers of arrest, so they might as well leave such investigations to the Police, anyway. There is a limited immunity from the Child Porn laws for Police officers who are investigating actual crimes.
if the specialised Child Porn Police units cannot cope with the cumulative psychological damage of having to view lots of such evil material, or cannot establish working relationships with their foreign counterparts, then wasting intelligence services resources in trying to duplicate this will not help
Now Mr Cameron has been briefed by Sir Iain Lobban, head of the Government's intelligence gathering operation GCHQ, and Andrew Parker, director general of MI5.
According to a report, more than 500,000 Regulation of Investigatory Powers Act (RIPA) requests for data were made to communication service companies last year.
c.f. 2013 Annual Report of the Interception of Communications
Commissioner (.pdf) by Rt. Hon. Sir Anthony May
Facebook rejects a third of requests made by UK law enforcement authorities and other agencies, while Yahoo turns down a quarter.
No ! These figures are not for UK Regulation of Investigatory Powers Act 2000 interception warrants or Communications Data "requests" as outlined in deliberately obscured statistics in the report above. They are from their own, USA based voluntary Mutual Legal Aid Treaty transparency statistics.
Neither Facebook nor Yahoo are UK based major telecommunications, Internet Service or Postal companies i.e. they are not Communications Service Providers, which fall under RIPA.
That is what the controversial Draft Communications Data Bill / "Snoopers Charter" was trying to wangle, before it was shelved for now.
And despite pressure from Home Secretary Theresa May, Yahoo is moving its entire operation to Dublin, beyond the scrutiny of British surveillance laws. If others follow, it is feared the country will be left even more dangerously exposed.
Most of Yahoo'e infrastructure is in the USA. The move to Dublin of their European subsidiary is as much to do with corporation tax as with the UK surveillance laws.
The fact that millions of innocent Yahoo customers had their private webcam video chats snooped on in bulk by GCHQ is also significant and should have been avoided.
Ministers have already been told that the thousands of top-secret files stolen by Snowden and published in the Guardian, have caused massive damage to Britain's intelligence capability.
Note the weasel words ! The Guardian have not published "thousands of top-secret files", they have only published a handful of pages from a few files, all (with one minor exception) having first been vetted by the UK government.
There is no evidence of "massive damage" - top terrorists and criminals and spies were already avoiding email and mobile phones etc. The US Government did more damage by publicising the names of participants in an intercepted supposed Al Quaeda online chat conference than any of the published Snowden documents have done. Remember that Osama bin Laden did not use either mobile phones or the internet and evaded the hunt for him for years.
The source said that it is vital that internet companies help police and security services to stay one step ahead of their targets in a rapidly changing digital world.
Under existing arrangements, police and intelligence agencies use RIPA to request crucial data and wiretaps.
But requests are being rejected or sent back for further consideration, even in the case of Home Secretary-approved warrants.
So why was there no mention of these rejected "Home Secretary-approved warrants" in Rt.Hon. Sir Anthony May's report, published just before Easter this year, which specifically discusses the Snowden revelations ?
Access to data has proved essential in thwarting terrorist atrocities and organised crime.
In 2007 police and MI5 foiled an Al Qaeda plot to kidnap, torture and behead a British Muslim soldier. Telephone taps and internet surveillance played a crucial role in jailing five men.
UK telephone taps (or Communications Data / Traffic Analysis / Metadata) are important, but they have got nothing to do with Google, Facebook or Yahoo.
Even the Daily Mail reports at the time contradict that requests / demands to the "internet giants" were crucial to this case:
It is understood that a tip-off from a trusted informant last summer sparked the dramatic events in Birmingham when nine men suspected of being members of the terror cell were arrested in a series of raids across the city.
During a six-month, £10million surveillance operation involving 250 police officers and MI5, cameras, telephone taps and surveillance teams had been used to monitor the group's movements.
And in 2012 paedophile John Maber, 47, who shared online footage of his rape of a child, was jailed after police intercepted an internet offer he made to abuse a child over a webcam.
The article is dominated by the large image of this convicted child rapist.
Why does the Mail on Sunday deliberately choose not to mention that:
Maber, a senior prison officer,
Maber, who worked at London's Pentonville Jail, was caught after police in New Zealand intercepted an offer from him to abuse a child online.
Why couldn't the Whitehall briefers or the Mail on Sunday find a more relevant example of an online child rapist caught through voluntary or legally enforced cooperation by Google, Facebook or Yahoo ?
MP Rob Wilson said: 'It's right that internet companies take great care in how they handle their users' personal information and who has access to it
But people will clearly expect them to co-operate with the police and others when it comes to tackling matters like serious crime or the dreadful scourge of online paedophilia.
'And they will be rightly concerned if the police and intelligence agencies are facing unnecessary difficulties and delays.'
In its most recent government requests report Facebook stated: 'We respond to valid requests relating to criminal cases. Each and every request we receive is checked for legal sufficiency and we reject or require greater specificity on requests that are overly broad or vague.'
Yahoo said: 'We carefully review Government Data Requests for legal sufficiency and interpret them narrowly in an effort to produce the least amount of data necessary to comply with the request.'
Google declined to comment directly on the claims but it is understood to follow a policy of fully scrutinising every incoming request.
Rejecting overly broad or vague or illegal requests from foreign i.e. UK police agencies
is not "shielding terrorists and paedophiles"
The Internet Service Providers Association said its members were 'understandably cautious' about handing over data but that none of the companies wanted to break the law.
Google, Facebook and Yahoo also have to comply with privacy and data protection laws, at both US Federal and State level, not just with UK laws which have triggered a Mutual Legal Assistance Treaty request.
A Home Office spokesman said: 'The Government is committed to ensuring that law enforcement and intelligence agencies have the powers they need to investigate crime, protect the public and safeguard national security.'
That is not sufficient. One of the deliberately vague definitions of National Security is "the economic well being of the United Kingdom".
The Home Office pretends to be ignorant of the UK internet economy, but they really must not be allowed to continue to put it at risk, i.e. to put "the economic well being of the United Kingdom" at risk through their existing overbroad, disproportionate, weakly regulated, non-transparent snooping powers and definitely not by simply calling for even more mass snooping and politically expedient but impossible to enforce restrictions.
The whole complicated bureaucratic mess of the Regulation of Investigatory Powers Act and the interplay with the Intelligence Services Act needs urgent reform to make it fit for the the modern internet age.