Big brother, or why bother?

A few days ago the UK Government half announced* that they want to change the law to allow additional monitoring of electronic communications by GCHQ – the UK spy central.

Details of what exactly has been proposed are limited, but I’m going to try and pick through what they could mean from an analytical perspective.  I’m not going to get into the territory of right or wrong, protection from terrorism or unwarranted breach of civil liberties.  I’ll leave that for other, frequently less qualified, observers.

What has been proposed?

Broadly speaking the proposals seem to require ISPs and other electronic communications providers to give access (potentially in real time) to information about the sender and receiver of communications, possibly the size or length of the communication, and the time and date.

All of this can be done without a warrant.  If they want to know the contents then they have to apply for a warrant.

If this sounds familiar as a data set, it should – it’s pretty much the same data set that telcos use when they do Social Network Analysis**.  In the industry this is known as the social graph, made up of nodes (people) and edges (communications). 

Analytically what could they work out?

I’ve done extensive work in social network analysis, and it is an incredibly powerful analytical tool.  It’s not perfect, but it can be used for a number of predictions and analyses:

Your network

At its most basic level this means the security services get easy access to knowing who everyone in your social circle is.  Or social circles.  And if they know anything about any person in that circle then they know something about you.  So do you care if they know about that book club?  Possibly not.  What about that musical theatre society?****

Influence

Once you know the social graph you can predict who is the most important person in terms of influence.  Sometimes this is a little counter intuitive.  For example, at college is the influential person the one who makes lots of calls, or who receives lots of calls?  Would you want people outside your circle knowing that?

Families

It’s pretty easy to spot the family relationships in social graphs, even when you don’t listen to the contents of calls (or read the contents of emails).

Types of relationship

But you can go further and identify different types of relationship.  Is it a work relationship or a social one?  A casual relationship or a deep one?  All becomes open…

Changes

And how about changes?  A French colleague noted that this information could be used to spot “the minute that someone fell in love, when they moved in together, when the relationship was in difficulty, and when they split up.”

The end of anonymity

Of course these connections allow you to link known people/data to unknown people/data.  Take Facebook as an easy example.  Imagine that you don’t tell me which school you went to.  If I want to know I can look at your connections – if more than 50% of them went to school x then it’s a good bet that you did too.  And once I start building up that picture then it’s very hard to preserve anonymity.

Some technical issues (because it’s always fun to poke holes)

Real time? Really?

This always amuses me.  What do they mean by real time, and who is going to pay for it?  Do they mean real time access, but not historical access, or are they going to require the same level of detail to be stored?

Matching individuals

I am @duncan3ross on Twitter.  I’m duncan.3.ross on Facebook.  But I’m TheSheep on UKPollingReport.  A key issue for the security services will be knowing that those three are the same.  Easy for most home users: log the IP address.  But if I was trying to hide then I would have disposable SIM based smartphones that would separate my online identities.  It would require a bit of fieldcraft, but it wouldn’t be too difficult.

Of course, if you assume that one of the things that the security services want to do is build up a correspondence between various online identities then they can probably work around this, providing they do it for everyone, all the time.

Internationalisation and Blackberry

How far will this law reach?  Will it be relevant if my server is in Bermuda?  If I’m a US company?  And what about RIM (assuming they’re still in existence?).  They have regularly had battles with the Indian and various gulf governments about the privacy of BBM communications…

Conclusion

I hope this has opened your eyes to what could be done, without any judicial oversight, and without ever reading the content of messages.  Now you can decide if it’s a good or a bad thing.

 **********************************

*Half announcements are popular, because as a politician they give you the opportunity to change your mind under the guise of consultation, testing the waters, etc… and to tell people to “wait until you’ve seen the full (i.e. different) proposals” if they seem to be a real stinker.

**Not, and I repeat this, not Social Media analysis.  This doesn’t require you to use Facebook***.  It can be done really effectively with phone calls.

***Although you can if you want.

****Yes, that’s a euphemism.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s