NOTW and the impact of Information


The News of the World scandal is over, kind of. The newspaper will be shut down and lawsuits are under way. While there’s a lot of discussion in favor of this and I’m definitely not disagreeing with that, I can’t help but feel that this entire scandal is proof of a double standard.

In basics, reporters at the News of the World decided to actively engage in small scale surveillance of public figures using techniques that most anybody with technical understanding of how cellphone systems work would dismiss as too cumbersome given the much easier methods available? Sure, it was probably just somebody that figured out that if you call a cellphone with a different area code you get into the voice mail number, and most people use their default PIN codes to access the voicemail, if they have any PIN at all. This is not hacking. It’s also not particularly efficient. In December 2009 rainbow tables for A3/1, the encryption method used for cellphones, were published – this means that given any particular steam of encrypted cellphone data intercepted with cheap and easily available hardware (hint: you have most of what’s needed in your pocket), you can listen to any cellphone conversation. Who leaves important messages in voicemail anyway? Pro tip: Don’t discuss sensitive things over insecure communications channels, and treat any communications channel operated by a third party as compromised by default.

Now that it’s become public knowledge that they were doing this, dozens of people are getting lots of shit, ranging from David Cameron to Rupert Murdoch. All of these people are well deserving of shit, but somehow it baffles me that it should be this that causes it. It probably has more to do with the fact that people experience their phone conversations as private and feel that this kind of invasion of privacy is immoral. Fair enough. But that people should experience it that way simply suggests that people aren’t being educated very well about how telecommunications technology works. Whose fault is that?

But in light of this scandal I’d like to know why people don’t complain when governments engage in ubiquitous surveillance of all citizens through untransparent mechanisms such as Data Retention. Here’s how it works: All telecoms operators store various metadata about every single communications event that happen on their network. They have to pay for it, too, despite the fact that it doesn’t help them at all. Who does it help? The police. And most of the time police ask for the data and get it, because most people working at the telecoms aren’t aware that they’re supposed to require a court order. This data can be accurately used to map out your social interactions, your location history, your Internet viewing habits, and so on. Whether you have an affinity for videos of cute kittens on YouTube, read a lot of political history online, or you call a phone dating service, it’s all in there, even though the specific content of the communications aren’t in there.

The argument most commonplace is that governments are more accountable than private corporations. This of course is utter bullshit, in reality, not least in the UK where government secrecy is phenomenal. The truth is that when it comes to surveillance, accountability is wanting everywhere. Even in Iceland courts are granting phone tapping orders to police in blatant violation of the law, as Brynjar Níelsson pointed out yesterday (in Icelandic), and the police are not fulfilling their end of the bargain, which includes informing the individuals in question about the surveillance after the fact regardless of whether evidence arises which can be used in a court.

Coming back to corporate interests, why don’t people complain that banks and credit card companies store remarkably accurate transaction histories for electronic transactions, right down to information which can be used to pinpoint your location at any given time? By overlaying electronic transactions on a map it’d be possible to guess with relative certainty who knows each other, who had lunch together, and who’s a pervert.

Why don’t people complain when police and municipal governments install CCTV cameras all over the place, making it effectively possible to do some relatively simple Facebook-style face recognition and build a profile of people’s whereabouts, their friends, their style of clothing, their walking speed, and whatever?

Always there are arguments in favor of violating our privacy. National security, terrorism, violence, fraud. Somehow we’ve decided as a culture to allow this kind of argument to go unchecked. Every single independent paper I’ve seen on these subjects has shown that these pervasive surveillance methods are ludicrously expensive, almost entirely ineffective, and in gross violation of our fundamental rights.

This “phone hacking” scandal isn’t particularly scandalous from a technological perspective, except insofar as people are not taking the next logical step and asking what next? Technology is such a common thing in our lives that this will not be the last time something like this happens.

I think that both for News Corp’s scandalous revelations and for the future of electronic surveillance, Churchill’s famous phrase applies: “Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.”