plus ça change
The UK was forced to make changes, in part through the Investigatory Powers Act, but those changes still break a ruling from the European Court of Justice. And then of course there was the effort to sneak backdoor powers into law last year – about as far from "open discussion" as you can get.
The reality is that while the UK security services has been sufficiently humbled to give reasonableness a try, there is scant evidence that the culture has changed one iota.
The blog post reveals a dangerous depth of defensiveness and disdain when the authors complain about "lawyers, philosophers, and vendors’ PR departments continuing to shout at each other."
They balk at the concept of being questioned – even by the companies whose assistance they need to spy on conversations: "We expect providers to validate that such an authorization is in place, but not try to independently judge the details of the case."
They completely fail to recognize why many companies added end-to-end encryption in the first place: "We don’t think vendors should knowingly remove access to data or capabilities that are useful to public protection agencies, where there's no real customer benefit."
Hint: it's because you abused everyone's trust and then lied about it.
But perhaps the best example of where the spy agencies' mindsets have not moved sufficiently, if at all, is in the fact that almost no consideration is given to constraints on their powers.
One of the principles listed in the blog post is that "transparency is essential" but that transparency only comprises disclosing vulnerabilities in software and even then the authors complain about how they have been forced into that position: "That requires governments to have vulnerabilities on the shelf to use to hack those devices, which is completely at odds with the demands for governments to disclose all vulnerabilities they find to protect the population. That seems daft."
There is no talk of a transparency report outlining how many times the authorities ask for their "virtual crocodile clips" to be applied – something that would indeed provide some public confidence that they are not engaging in mass surveillance.
It's worth noting that the NSA was able to grab the details of every single phone call made in the United States with the approval of a single piece of paper. What's to stop GCHQ from coming up with a similar single piece of approval?
There's no talk of independent judicial review. There's no promise of Parliamentary review. And any discussion of public debate is carefully limited to what emerges from talks between "experts" – presumably with the security services deciding who is an expert and who isn't.
Like an abusive spouse, GCHQ has admitted it has a problem. It's sorry it hurt us and it promises to do better. Now if we would please just come home and put on the dinner, everything will be just fine. ®