CHAPTER 13: PRINCIPLES
13.12. This does not mean that state access to communications should be made easy. Few
now contend for a master key to all communications held by the state, for a
requirement to hold data locally in unencrypted form, or for a guaranteed facility to
insert back doors into any telecommunications system. Such tools threaten the
integrity of our communications and of the internet itself. Far preferable, on any view,
is a law-based system in which encryption keys are handed over (by service providers
or by the users themselves) only after properly authorised requests.
13.13. But in an imperfect world, in which many communications threatening to the UK are
conducted over services whose providers do not or cannot comply with such requests,
there is a compelling public interest in being able to penetrate any channel of
communication, however partially or sporadically. Paedophiles should not be able to
operate on the dark net with guaranteed impunity, and terrorists should not be able to
render themselves undetectable simply by selecting an app on which their
communications history will never be known even to the provider. Hence the
argument for permitting ingenious or intrusive techniques (such as bulk data analysis
or CNE) which may go some way towards enabling otherwise insuperable obstacles
to be circumvented. Hence, also, the argument for requiring certain data to be
retained so that they can be used in piecing together a crime after the event.
13.14. It has been argued that if western democracies refuse to accept no-go areas, the
same will be true of undemocratic regimes that will use their access for sinister and
brutal purposes. The prospect is a gloomy one. But the flaw in the argument is in the
linkage that it asserts. Unpleasant regimes can (and do) use local control of the
internet to suppress legitimate dialogue, self-expression and dissent: but neither their
technical ability nor their inclination to do so are dependent on the practice of other
countries. If the UK is to set an example to the world, it will not be by withdrawing
from the dark spaces of the internet – a lead that no responsible government would
choose to follow. It will be by demonstrating an ability to patrol those spaces in tightly
defined circumstances, and with sufficient safeguards against abuse.
Second principle: limited powers
13.15. My second, balancing principle is that powers need to be limited in the interests of
privacy.
13.16. What one might call over-governed spaces have existed from time to time in the
physical world: commonly cited is the example of communist East Germany, where it
has been estimated that there was at least one spy watching every 66 citizens.13 But
the practice of comprehensive physical surveillance is immensely difficult. There will
always be suspicious groups which cannot be penetrated by a CHIS, buildings which
cannot be safely bugged and potentially dangerous conversations which go
undetected and unheard. Physical surveillance is also extremely costly, which tends
to place its own limitations on what can be done. In no democracy has any of those
techniques been employed against more than a tiny proportion of the population.
13
J. Koehler, Stasi – the untold story of the East German secret police, 1999, chapter 1.
248