Episode: 1057
Title: HPR1057: OggCamp 2012: Simon Phipps: mini-intro to the CDB
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1057/hpr1057.mp3
Transcribed: 2025-10-17 18:02:55

---

We're here at Ogcamp 2012 in John Moore's University in Liverpool and I'm here with Simon
Fipps who's going to be giving a talk tomorrow on behalf of the Open Rights Group. Simon,
what will you talk about? I'm going to be talking about the Communications
Data Bill, which is a piece of legislation that's just about to go through Parliament
and has very worrying consequences for people's civil liberties on the internet.
Right, communications data maybe doesn't sound like it's to do with people's civil liberties,
so what's it all about? Well, this is a bill that solves a problem for the security services
in the UK, in particular the secret service that we have over here and the police forces.
They're very worried that they can't see what's going on inside your email and inside your
text messaging and inside your other online communications and they've for a long time been
trying to get a succession of governments to put into law rules that allow them to snoop on
all of your communications. They tried to do it under Labour and didn't quite work out because
there was an outcry in civil society about it and it's now happening under the Tories and Liberal
Democrats. So this is not a partisan issue at all. This is an activity that is arising out of
the Cheltenham Data Centre that is used by the intelligence services and arising out of the
police forces who are all very worried that they can't read your email.
Now, I've heard a little bit about this and I've heard it pitched in terms of this is the
security services just trying to keep up with changing technology. What do you say to that?
Because obviously what people are using different forms of communication now and
is there anything legitimate in the security services even to quote unquote keep up with that.
I think it's legitimate for them to need to keep up but that is not a good excuse for them to do
what they're doing here because what they're doing is they are creating a right to ask every
internet service provider to keep for 12 months all of your traffic on the internet so that they can
analyse it offline. That gives them plenty of time to crack SSH to crack SSL keys to crack any
encryption that's going on. The big problem is that this right is being created fresh.
It's being created without any right for you to know that it's happening. It's being created
without any judicial oversight so the police can just decide to ask for your material to be
created and it's also being created in such a way that if the police choose to they could create
a central database of all this communication that could then be casually searched and by casually
searched I mean it could be searched by organizations enforcing family law disputes, organization
enforcing defaults on mortgage payments, organizations who are looking into whether you have
renewed the MoT on your car all of those would be the sort of excuses to go dipping in on a
phishing expedition on your personal data. So what's being proposed is not just keeping up to date
with technology it's going way way way beyond any scope for keeping up and it's creating for the
first time a database of citizen communications that can then in the future be fished into arbitrarily
without notification without recourse and without judicial oversight. I mean it might
sign to people that some of the examples you gave about the misuse of such a database or
would are sort of hypothetical or facetious but already I think if you if people were to go to the
open rights group website openrightscript.org there are on the wiki there are documented examples
of how local councils are and individuals and and an individual capacity are already
abusing some of these databases that are intended for much more serious purposes and are
ostensibly there to save us from real threats. So now when these things get started they're always
packed in guarantees that nobody will do anything bad with your data and the CDB is no different
all of the padding around it says trust us to create this database of communications
because look at all of these protections we're putting around it to prevent abuse. Now what we know
is that once you've created a resource mission creep in the future will change the way that it's used
take for example the the congestion charge cameras in London or all round London now there are
number plate recognition cameras that will put there only to collect congestion charge but
well as time has gone by people have found other extremely legitimate uses for them to prevent
terrorism to enforce laws and now they are part of a network that the police can routinely use
to identify the location of any vehicle in central London that wasn't what the cameras were
put there for and when they were set up we were told that wasn't going to happen I look at the
CDB and I believe it's exactly the same thing the thing that's wrong with the communications
data bill is not the uses to which the authorities will put the data it is creating the repository
of data in the first place absolutely and I think together with the lack of judicial oversight
which you already mentioned I think those are some of the really scary aspects about this what can
people do at this stage well at the lowest level what people can do is join the open rights group
open rights group is an organization which is funded largely from the membership fees of its
members you can visit openrightsgroup.org and sign up set up a standing order to pay as little
as five pounds a month that will help to pay for professional researchers to understand all these
highly complex laws and then go and engage on your behalf to make sure that the bad things don't
happen if you're more motivated than that to just join you could get involved with a local
chapter of the open rights group there are local chapters all over the UK where you can meet with
other like-minded people and take local action talking with MPs talking with local radio stations
talking with local newspapers and making sure that the the digital rights agenda of the individual
citizen has as loud a voice as the media lobby is able to bring to corporate concerns sounds great
salmon thank you very much do you want to give your battle statistics where to find you on the web
so i'm i do all sorts of things on the web they are all located on my from my website webmink.com
that's w-e-b-m-i-n-k.com thank you very much looking forward to your presentation tomorrow and
enjoy our camp thank you very much hello everyone this is just a little addendum i thought in the
interests of journalistic integrity i should correct what i said earlier on about the open rights
group wiki um the pitch that i was thinking of is actually the UK privacy debacle's pitch which
lists accidental exposure of information or loss of information by corporations or public bodies
which isn't quite the same thing as what we were talking about in my defense though the accidental
exposure of personal information is another reason why this massive aggregation that would be
instituted under the communications data bill is a bad idea and also the examples that i was
thinking of about uh abuses and and mission creep by uh local authorities i have linked in the show
notes i've also put a full transcript in the show notes for any members of the hpr community
who uh are hard of hearing and i think just also for the benefit of of making all the content
searchable and everything would be a pretty good idea if we had some sort of collaborative wiki
thing for transcripts but that's for another day uh hope to be contributing in my show soon thank
you all for listening bye bye
hpr is funded by the binary revolution at binwreff.com all binwreff projects are proud
sponsored by linear pages from shared hosting to custom private clouds go to lunar pages.com
for all your hosting needs unless otherwise stasis today's show is released under a creative
commons attribution share a live video's own license