Access to private communications is a privilege, not a right

News & Analysis
Access to private communications is a privilege, not a right

Governments have no automatic right of access to our communications. This will sound highly controversial to some, even downright radical. But the demands of national security and crime prevention do not, in fact, immediately trump every other right and responsibility in the complex relationship between citizen and state. 

The recent Skype argument is a great example. Skype has always prided itself on being a secure method of communication. Businesses, government agencies, human rights organisations and other groups that value security therefore adopted Skype wholesale - but now there are questions about how Skype allows access to its users' communications.

Some argue that, on a moral basis, Skype has to build its technology in such a way that permits government access. Others wrongly believe that they have a legal obligation to do so. But in whose interests does Skype develop its product?  

It's no simple task to create back-doors, or redesign networks in order to allow lawful access. In the old days, it was possible to attach a wire to the telephone line to listen in, or to ask telephone companies for the logs of who called who. In the 1990s, the Clinton Administration grew concerned about complex new digital switching on telephone networks so funded half a billion dollars of subsidies to require industry to build backdoors, under the Communications Assistance for Law Enforcement Act (CALEA). However, Congress specifically excluded the internet, or information services, from this requirement.

There is now talk of expanding CALEA to cover internet services like Skype. The UK government is proposing the power to allow the Home Secretary to order companies to install new equipment, collect new categories of data, and give police officers automatic access to the information.

The belief among governments today is that no communications service to which they cannot gain access should exist. If they find they can't force the company running the service to comply with their wishes, they threaten legal action. Worse, when they're restricted by the complexities of jurisdiction, governments are now seeking to compel the breaking of security around relevant communications services and to order local ISPs to gain access to the data streams.  

This was most recently stated by the head of security and counter-terrorism at the UK Home Office, while presenting to Parliament his plans for advanced communications surveillance:  

"The central plank of this programme is a collaborative relationship with service providers in this country and overseas. DPI, black boxes, or whatever other metaphor or language we choose, only come into play in certain circumstances when an overseas provider or the state from which an overseas provider comes, or both together, tell us that they are not prepared to provide data regarding a service which is being offered in this country and which we knew and know is being used by criminal elements of whatever kind."  (Q52 of uncorrected evidence (PDF))

Governments use two tactics in their hunt for information: the hammer and the anvil. The 'hammer' is when a governments orders a specific service provider like Google, Skype or Facebook to collect information on its users and make it available on request by law enforcement agencies. The 'anvil' is what happens if the company refuses; the government then orders domestic ISPs to record all interactions relating to the targeted communications service that pass through their networks. We are all caught between the hammer and the anvil. 

We are at risk of this becoming a norm: any new service will be subject to the hammer or the anvil. If the hammer and the anvil approach existed when the internet was in its infancy, the internet would not have survived.