GCHQ and American attitudes to surveillance…

(Image c/o Christian Payne on Flickr.)

From Wired:

GCHQ’s hacking operations are conducted with little to no oversight and risk “undermining the security of the internet”, leading online privacy experts have warned. Even when oversight is required, GCHQ has revealed that ministers don’t have the technical knowledge to understand what it is doing. Privacy campaigners today described the issue as “a major scandal”.

Details of GCHQ’s hacking operations and attempts to weaken encryption were revealed in a parliamentary committee report into the UK’s surveillance capabilities. The Intelligence and Security Committee (ISC) review, published last week, revealed GCHQ makes the majority of decisions about hacking, and its operations to weaken encryption, internally and without telling ministers exactly what it is doing.

In a passage quoted by the Open Rights Group, the ISC review found that:

No additional Ministerial Authorisation is required for these activities. There are internal procedures: ***. There is no legal requirement to inform Ministers: however, GCHQ have said that they would ask the Foreign Secretary to approve a specific operation of this kind “where the political or economic risks were sufficiently high” (although, in practice, they manage their operations to avoid this level of risk). GCHQ told the Committee that:

The FCO is aware of the activity and the possible political risk, but individual legal authorisations are not required for each operation. The FCO could assess the political risk of a compromise, it is not well‐placed to assess the complex technical risk. Whilst not formally overseen by a Commissioner, the Intelligence Services Commissioner has been briefed on this type of activity where it relates to individual approved operations.

A very disturbing admission about the state of digital surveillance in the UK. And the timing of the statement from ORG could not be more apposite. Whilst we are only just starting to come to terms with the consequences of this, a study in the US has been published that explores the fall-out from the Snowden revelations in terms of how it has affected behaviours as well as how it has impacted upon the relationship between the state and the individual.

The Pew Research Center’s report, Americans’ Privacy Strategies Post-Snowden, provides a comprehensive and fascination exploration of how these revelations have affected US citizens. There is a lot to plough through, but a few things stand out on an initial reading (and, by the way, wouldn’t it be nice if someone in the UK produced the kind of reports that Pew produce on a regular basis, particularly with respect to the Snowden revelations). Top line stuff:

Overall, nearly nine-in-ten respondents say they have heard at least a bit about the government surveillance programs to monitor phone use and internet use. Some 31% say they have heard a lot about the government surveillance programs and another 56% say they had heard a little. Just 6% suggested that they have heard “nothing at all” about the programs. The 87% of those who had heard at least something about the programs were asked follow-up questions about their own behaviors and privacy strategies:

34% of those who are aware of the surveillance programs (30% of all adults) have taken at least one step to hide or shield their information from the government. For instance, 17% changed their privacy settings on social media; 15% use social media less often; 15% have avoided certain apps and 13% have uninstalled apps; 14% say they speak more in person instead of communicating online or on the phone; and 13% have avoided using certain terms in online communications. 

1 in 3 people changing their behaviours is quite significant, and would explain why there are increasing moves to shut down the methods by which people protect themselves. One might also ask how Cameron would deal with 14% of people speaking in person rather than communicating online (given he thinks no form of communication should be free from surveillance).


 

…the public generally believes it is acceptable for the government to monitor many others, including foreign citizens, foreign leaders, and American leaders:

82% say it is acceptable to monitor communications of suspected terrorists

60% believe it is acceptable to monitor the communications of American leaders.

60% think it is okay to monitor the communications of foreign leaders

54% say it is acceptable to monitor communications from foreign citizens

Yet, 57% say it is unacceptable for the government to monitor the communications of U.S. citizens.


In this survey, 17% of Americans said they are “very concerned” about government surveillance of Americans’ data and electronic communication; 35% say they are “somewhat concerned”; 33% say they are “not very concerned” and 13% say they are “not at all” concerned about the surveillance. Those who are more likely than others to say they are very concerned include those who say they have heard a lot about the surveillance efforts (34% express strong concern) and men (21% are very concerned).


 

Some quotes from those who argue that they are unconcerned about surveillance:

“Law-abiding citizens have nothing to hide and should not be concerned.”

“I am not doing anything wrong so they can monitor me all they want.”

“Small price to pay for maintaining our safe environment from terrorist activities.”

All of which, to my mind, underline a certain failure to grasp the nature of the state and its relationship with individuals. Of course, it is not individuals who determine whether what they are doing is wrong. The lie of “if you have done nothing wrong you have nothing to fear” seems to be one of the hardest to shift, despite its fairly obvious naivety about the state. It also underlines that state propaganda is very effective on large chunks of the populace (I’m not restricting that to the US by the way). So long as you keep talking about threats (which are minimal) and highlighting the importance of “protecting citizens” from “dangerous individuals”, some people will continue to believe that the state will protect them and that sacrifices to their rights must be made to ensure that protection. There’s nothing new in this, states have used that particular strategy for centuries: construct an external enemy, convince the populace that the state has the means to protect them, chip away at individual rights under the guise of protection etc etc.


 

Sophisticated tools and techniques are widely available and can help online Americans increase the privacy and security of their online activities and personal data sharing. However, thus far, fairly few have adopted these tools since learning about the programs. Among those who have heard about the government surveillance programs:

10% say they have used a search engine that doesn’t keep track of their search history.
5% have added privacy-enhancing browser plug-ins like DoNotTrackMe (now known as Blur) or Privacy Badger.
4% have adopted mobile encryption for calls and text messages.
3% have used proxy servers can help them avoid surveillance.
2% have adopted email encryption programs such as Pretty Good Privacy (PGP).
2% have used anonymity software such as Tor.
1% have used locally-networked communications such as FireChat.

It’s interesting that despite the fears and clear concern about the surveillance programme, many people are not using the most effective tools to protect themselves (I would include myself in that category if there were a UK equivalent study). This suggests there is a lot of work to do to inform the general public about how they can protect themselves online. I would guess that Barclays’ Digital Eagles probably won’t offer much help here. It seems to me that, and I probably would say this, librarians are well placed to provide this kind of assistance (see Library Freedom Project). Certainly given our professional ethics, this is an area that should concern us and that we should seek to provide solutions to for the general public. There is clearly a need as, looking at the figures, there is concern and a need to seek protection. One would assume that this would also be the case in the UK but, again, there is no such study at present.

I’d definitely recommend going through the Pew stats if you get the chance. There is a PDF report you can download, but lots of interesting stats are summarised over 5 web pages. Will such a study be conducted in the UK? It seems unlikely at this stage, but with the revelations about the activities of GCHQ and how ministerial oversight appears to be virtually non-existent, a study equivalent to Pew’s would be very welcome.

Is there a class divide in reading habits?

There’s more to reading than books… (image c/o nate bolt on Flickr).

There was a flurry of tweets and comments this morning in relation to the media coverage of a survey commissioned by the Booktrust on the reading habits of 1,500 adults across England. The Guardian claimed that:

New research shows a stark and “worrying” cultural divide in the UK when it comes to reading, with half the country picking up a book at least once a week for pleasure, and 45% preferring television.

The BBC headlined their piece:

England ‘divided into readers and watchers’

The problem is, the much of the media coverage has been a little confusing. Take this section from The Guardian’s piece:

The England-wide survey of the reading habits of 1,500 adults by the University of Sheffield says that on average, the higher the socio-economic group that someone is in, the more often they read: 27% of DEs never read books themselves, compared with 13% of ABs, while 62% of ABs read daily or weekly, compared with 42% of DEs. Reading charity Booktrust, which commissioned the research, believes its findings should serve as a warning that “Britain’s divided reading culture is a barrier to social mobility”.

This is where I started to question the survey and its reporting. One minute the Guardian claims it reveals how often people read, the next it talks about books. It hardly needs spelling out, but reading does not necessarily equate to reading books.

According to the reporting of this survey’s results, I could read the Guardian (or the BBC) online every day without ever touching a book and yet I would not be considered a ‘reader’. Indeed, I would be considered a ‘watcher’ who would rather watch TV than read. But if I am reading the Guardian’s website on a daily basis, surely that makes me a ‘reader’? Likewise, if I read a magazine, a newspaper or content on any other website, that would also make me a ‘reader’. But according to the reporting of this survey, I am not a reader which seems a bit odd given that I regularly, well, read.

I would guess that, in reality, very few people do not read at all. Of course there are those who cannot read or experience difficulties trying to read, but even then I would imagine the proportion is relatively small. Drawing wide-ranging conclusions and drawing a class division based on the reading of books specifically (and I know people who read but don’t read books) is, in my view, a little simplistic to say the least.

This is not to say that I don’t think there is possibly a problem here that needs addressing. We should certainly be encouraging the reading of books in all their forms, particularly in encouraging children to learn to read. However, as Christopher Warren points out, the report also focuses on book purchasing and does not consider books borrowed from public libraries. This also rather skews the results as it makes the obvious point that those with money buy more books.

So, is there a class divide in reading? Maybe, maybe not. There’s currently no hard evidence to suggest that this is the case, and this survey certainly doesn’t address that particular point. It’s misleading to define reading solely as ‘reading a book’ and it is equally misleading to only draw conclusions based on book buying and not incorporate book borrowing. Despite the media headlines, there is very little to get too worked up about here, other than the media headlines themselves.