Comment: Yes to Privacy, and Yes to Internet Surveillance

"The Internet knows more about us than our closest friends and relatives", says Prof. Watson
"The Internet knows more about us than our closest friends and relatives", says Prof. Watson
Tim Watson, De Montfort University
Tim Watson, De Montfort University

Before the invention of domestic privacy, the sheltering, communal living space of the Great Hall was home to families and their animals – a place of warmth and security in a hostile world. Strength in numbers was the key: everyone looking out for each other. Being alone, unwatched and unheard was an uncomfortable and dangerous state to be in. Things have changed.

In the modern, developed world, the rule of law, property rights and other aspects of good governance have provided the basis for continued economic growth and prosperity, even in the face of the current financial difficulties. We are rich enough and safe enough to treat ourselves to the luxury of a private life. And one of the most significant engines for economic growth is also an increasingly important accomplice in our most private activities. The Internet knows more about us than our closest friends and relatives.

The importance of a safe, secure and resilient cyberspace is key to the UK’s economic prosperity, which is why the government emphasizes the benefits in its Cyber Security Strategy. It is also why new powers are being proposed to require internet service providers (ISPs) to store details of Internet communications, allowing government agencies to respond quickly and effectively – in a targeted and proportionate way – to threats. But opponents of the proposal see this as an unwarranted invasion of our privacy and a risk to security if the data stored by the ISPs gets into the wrong hands.

The opponents of the proposal may have a point. Organizations don't have a tremendously impressive history of effective data guardianship. It oftentimes seems as if the Internet is akin to a competition to see who can lose the most data the quickest.

The granting of powers in the fight against crime and terrorism is not without its worrying side either. When the Regulation of Investigatory Powers Act – RIPA (pronounced 'Ripper') – came into force, it was not intended to be used by local councils to spy on parents fraudulently claiming to be living within the catchment area of a good school, nor to be used to catch dog owners failing to follow a poop with a scoop. But it was. So worries about the misuse of new powers and the protection of personal data are justified.

Yet the Internet is still a largely ungoverned space. Like provincials from the countryside arriving for the first time in the big city, many of us wander around cyberspace with our wallet invitingly accessible and our wide-eyed, wondrous gaze blind to the dangers that lurk around every corner. There are no friendly cops, no manned CCTV cameras, and if you do get fleeced or assaulted online (Facebook can be a vicious playground), then you may well find that your local police force doesn't know the way to cyberspace, let alone how to catch criminals in it. 

"Cyberspace is not a private space. It is a very public space, with every web request travelling across dozens of networks"

We need to provide better Internet governance so that cyberspace becomes more prosperous, safer and more resistant to attack. For many, cyberspace feels like an extension of their private spaces. A laptop in a living room acts as a window into a personal, virtual universe where role-playing adventures mix with e-commerce and Wikipedia. But cyberspace is not a private space. It is a very public space, with every web request travelling across dozens of networks, advertising details of the request, its sender, and what software they're using to anyone who cares to listen. HTTPS helps, but client-side attacks and man-in-the-browser exploits are all too common, as are personal computers whose owners are ignorant that every aspect of their privacy and security is compromised through lax or ineffective security practices and misplaced trust.

In a cyberspace where the UK estimates it is losing £27bn per year through e-crime, where personal data is leaking through every opening like water through a sieve, isn't it reasonable to put in place proportionate measures to help safeguard the virtual space we have come to rely on as much as the physical neighborhood in which we live? While the proposal details are yet to be clarified and while it is true that, if these new powers are realized, data that otherwise would not have been kept will undoubtedly find its way into unscrupulous hands, it still seems reasonable to maintain that the net effect would be an increase in both the security of cyberspace and, consequently, in the protection of the privacy of its inhabitants. It would make the real world safer too.

And for those worried about the inexorable rise of the police state, it should perhaps be of some comfort to see that these powers are being sought legally and discussed openly. It may mean a permanent increase in surveillance but, like the cop on the beat and the CCTV camera in the high street, it may be a price worth paying for a better governed, prosperous and more civilized cyberspace. In the future, it might be harder to lurk in the shadows, but at least the Internet should be safer than the howling, unseen landscape outside the Great Hall.

Dr Tim Watson is the director of the Cyber Security Centre at De Montfort University. With more than twenty years' experience in the computing industry and academia, he has been involved with a wide range of computer systems on several high-profile projects and has acted as a consultant for some of the largest telecoms, power and oil companies. Watson is a regular media commentator on cybersecurity and digital forensics.

What’s hot on Infosecurity Magazine?