The Leave vote: doomed to division

Two weeks on from the referendum on EU membership, consultancy CEB scanned 25,000 sources world wide to collect data about job vacancies on offer in the UK. They concluded that compared with pre-referendum figures, the number of jobs on offer had declined by 47%, from almost 1.5 million to around 820,000. They described this as “far outside the normal fluctuations seen by the company, which tend to be between 5 and 10 per cent”.

Of course, it’s still too early to say whether this is simply a short-term “blip” or whether there will be a significant long-term reduction in jobs on offer. One thing is fairly certain: this is not the zero-sum game that the Leave campaign would have people believe. Removing the 2 million or so EU citizens currently employed in the UK will not simply shift 2 million unemployed natives into work. Taking 2 million employees out of the system is far more likely to reduce economic activity over all, slowing growth and making it harder for companies to invest in increased capacity.

Leavers hope that Britain will become a newly vibrant, dynamic economy – perhaps based on expectations of new companies springing up in the absence of all that EU red tape. But those companies will need a market, and the UK’s departure from the EU will make market access more difficult and more expensive.

In the longer term, barring EU citizens from coming to work in the UK would aggravate Britain’s demographic problems: an aging population without sufficient young, tax-paying people in the workforce to sustain the pension system and welfare state.

And there we have it. The Conservative Brexit strategy, if put into practice, is one which would lead, predictably, to bad consequences for anyone stuck in Britain without the means to leave, or to pay for their own healthcare and retirement. That’s a demographic from which the leading Leave campaigners are conspicuously absent. They blithely encouraged others to vote Leave, knowing that they themselves would not be caught in the resulting trap.

From across the Channel, the French publication Libération can see that the Brexit movement tries to combine two incompatible groups: one it describes as “driven by a narrow, xenophobic nationalism; the other more liberal or libertarian than nationalist, and in no way hostile to immigration, with Daniel Hannan MEP as its principal protagonist”*.

The problem for those now faced with the task of delivering on the Leave campaign’s promises is this: there is simply no way to reconcile the wishes of those two groups, either economically or politically.

Economically, as Daniel Hannan was obliged to concede after the referendum, the UK cannot enjoy continued access to the single market if it insists on barring EU workers.

Politically, as Matthew Parris has so eloquently put it, “anti-immigrant feeling won it for Leave, and they know it. They used it, rode it and are complicit in it.” Hannan’s “informed, liberal, immigration-friendly” perspective will do nothing for that constituency but enrage it.

The Leave proponents (those who haven’t simply shrugged and walked away, that is) now find themselves between the proverbial rock and hard place. They have made promises they can’t keep, to constituencies they can’t simultaneously satisfy. If that’s what they count as a victory, I’d hate to think what they would consider a defeat.

*”L’un est animé par un nationalisme borné et xénophobe. L’autre, dont Daniel Hannan est le principal représentant, est informé, plus libéral ou libertarien que nationaliste, et nullement hostile à l’immigration.” — Liberation, 5/7/2016

The EU Referendum and Article 50

The “No” vote in the UK’s recent referendum on membership of the European Union has, in itself, plunged the UK into political, economic and social turmoil – even though the referendum was purely advisory (not legally binding on the government), and even though no political decision on a British exit has been taken, much less an exit effected in practice.

A lot has been written in analysis of the constitutional problems raised by the vote and its political fall-out. The clearest example to date is probably the piece by David Pannick QC in the Times: http://www.thetimes.co.uk/article/why-giving-notice-of-withdrawal-from-the-eu-requires-act-of-parliament-dz7s85dmw

Even that piece, though, is quite detailed and involved. I had to read it several times before I could state it simply enough to believe that I had understood its logic myself – so I thought the resulting summary might be helpful to others. Here it is:

1. Invoking Art.50 commits the UK, irreversibly, to a process which requires the amendment of existing UK statutes.

2. Existing UK statutes can only be amended by Act of Parliament*.

3. Therefore, Art.50 cannot lawfully be invoked without an Act of Parliament (and consequently a parliamentary vote).

Conclusion: it would be unlawful for the Prime Minister to invoke Art.50 without putting that decision to the vote in parliament.

 

* And crucially, the PM may not revoke (“frustrate”)  a prior parliamentary decision by invoking the “royal prerogative”.

The UK and EU research


This week I am in Brussels to review a project part funded by the EU’s Horizon 2020 programme. In line with Horizon 2020’s criteria, this project is large scale (it will specify infrastructure for academic and research bodies across the continent) and pan-national (it’s about integrating institutions’ login systems with their counterparts across the EU and beyond). 

The UK’s academic login federation is part of the project – as you would expect. UK students need federated access to other institutions’ digital resources, as foreign students need access to ours. Large scale scientific research, too, depends on the ability for resources to be securely shared regardless of their geographic location.

In future, as a non-EU country, the UK risks finding itself more or less excluded from projects like this one. At best, it will be allowed to participate (like Switzerland or the USA) but at a higher cost: UK participation will be fully at UK expense, with no EU grant funding. At worst, the inclusion of UK members in consortium proposals will simply make those proposals less likely to survive what is already a tough evaluation process (I know – I’ve been an evaluator and a rapporteur in that process). 

But the damage doesn’t stop there. 

“Fine,” you might say, “if we can’t join EU-funded projects, we’ll just do without”. But think, for instance, of the academic login project I’m looking at this week. Even if the UK is not part of that consortium, it still needs to federate with non-UK institutions. It will have to achieve interoperability and compliance anyway, but it will have to do so without having influenced the architecture, and without the EU grant funding from which others will benefit. That sounds to me like a lose-lose, and a recipe for lost competitiveness.

But that’s not all.

Look at it from the perspective of a company which wants to stay at the forefront of large-scale research. If you’re based in Britain, you exclude yourself from subsidised participation in EU collaborative research, and thereby from the whole community of potential partners who, themselves, are benefiting from EU grant funding.

If you have the option, you’d do better to shift your operations to an EU member state, and reap the benefits of a collaborative framework, 27 countries’-worth of capable partners, and grant funding into the bargain. The UK, as a base for large-scale collaborative research, will go into a vicious cycle of reduced funding and increased cost.

The project of this week’s review, large-scale though it is, is just one microscopic part of the picture. For example, I have had similar involvement with EU-level projects dealing with e-identity, emergency response in the financial services sector, biometric authentication at borders, privacy and personal data management, ‘big data’ and financial services, cross-border sharing of research infrastructure, and privacy of medical research data, and so on. And of course, those projects too are a tiny fraction of the scope of EU research funding as a whole.

Nor is this just a matter of academic research: exactly the same logic applies, for instance, to compatibility with EU data protection and privacy laws. We cannot survive by ignoring them, and we have just thrown away the option of influencing the development of laws with which we will, in any case, need to comply.  

In that context, for politicians to claim that the UK can benefit by “taking back control” is delusion on a colossal scale. The UK insulates itself from its European counterparts to its own detriment; it can only thrive by collaborating and interoperating with them. The future we face now is of having to interoperate with systems and laws we didn’t help draft, on a scale we can’t afford alone, and of paying full price for the privilege.

Bravo, Eurosceptics. Your bumper-sticker politics represents a giant step towards a second-rate future. This is now the bumper sticker for our country:

“If you thought education was expensive, just wait until you’ve tried ignorance.”

Is the IP Bill holed below the water line?

The big privacy and policy story of the day in the UK is the publication of the Intelligence and Security Committee’s report on the draft Investigatory Powers Bill – which is currently being pushed through an abbreviated parliamentary process.

The Bill’s authors get a rough ride from the committee. This is from the ISC Chairman’s covering press release:

“Taken as a whole, the draft Bill fails to deliver the clarity that is so badly needed in this area. The issues under consideration are undoubtedly complex, however it has been evident that even those working on the legislation have not always been clear as to what the provisions are intended to achieve. The draft Bill appears to have suffered from a lack of sufficient time and preparation.”

Here’s the ISC’s site with a link to the report itself:

http://isc.independent.gov.uk/news-archive/9february2016

And here are a couple of good, short pieces of analysis from reliable tech/policy commenters:

Ian Dunt (politics.co.uk)

http://www.politics.co.uk/blogs/2016/02/09/bad-day-for-britain-s-spies-as-intelligence-watchdog-grows-t

Glyn Moody (arstechnica.co.uk)

http://arstechnica.co.uk/tech-policy/2016/02/previously-tame-uk-parliament-watchdog-rips-into-new-snoopers-charter/

The Bill is criticised in almost every respect:

  • it doesn’t achieve its stated goal of bringing all the interception powers into a single statutory instrument;
  • it fails to bring clarity to the purpose and goals of the policy it embodies;
  • it does not include operational justifications, without which parliament cannot decide on its adequacy – and will not include them until after it is expected to be passed into law;
  • its provisions for privacy protection are piecemeal and unclear;
  • the safe guards applied to use of comunications data are “inconsistent and largely incomprehensible”.

In other words, it has been drafted in haste, by people some of whom don’t know – or can’t articulate – what it is supposed to do. As a result, it is confusing and grants over-broad powers with insufficient safeguards.

If the Bill were to be passed as is, the ISC’s report would offer a ready supply of ammunition to anyone seeking to challenge it on grounds of necessity, proportionality and legal certainty.

For the ISC’s report to be so frankly critical is somewhat unexpected. Under its previous chairman, the committee said little, and what little it did say consisted of bland reassurances that the security and intelligence services were doing a fine job. (See “pelted with marshmallows“, from just over two years ago…).

This Bill has been rushed through an abbreviated consultation period: the Home Secretary used the November Paris attacks to justify shortening the normal parliamentary process. The Bill’s consultation committee was given about 3 weeks of parliamentary time to conduct its expert witness hearings and consider any written evidence submitted, either side of the Christmas/New Year parliamentary recess. It is due to publish its own report on Thursday.

This puts the consultation committee in an interesting position. If its report is less critical than that of the Intelligence and Security Committee (which is, after all, the specialist in this area), its credibility will be called into question.  If its report is equally critical, the Bill itself will be even more deeply discredited.

The IP Bill: a repeat offence.

The current UK government in general, and the Home Secretary in particular, is beginning to exhibit a ‘repeat offending’ pattern. Here’s how it goes:

  1. Propose more intrusive powers of surveillance, data collection and retention;
  2. Fail to convince relevant stakeholders (coalition partners, electorate, courts);
  3. Spot a convenient bandwagon onto which to hitch the policy;
  4. Using (3), short-cut parliamentary process to push legislation through without proper scrutiny.

In some instances there is a Step 5, at which the legislation is ruled disproportionate, struck down, etc., but paradoxically that is then used as another reason to rush further knee-jerk legislation through with inadequate parliamentary scrutiny.

So, for instance, the DRIP Bill – rammed through parliament in a shamelessly farcical 8 days – was announced as an “emergency” measure because the government had failed to care that (over a period of months) international bodies from the UN to the European Parliament and, finally and critically, the European Court of Justice, had looked at what it was doing and found that it clearly violated the principles of necessity and proportionality.

However, the next piece of ‘repeat offender’ behaviour is that this government will on no account stop doing what it wants to do simply because that has been ruled illegal. Instead, it will change the law to make what it wants to do legal.

It will frame its legislative ambitions in terms of supposedly incontrovertible case studies: anyone who objects to the “itemised phone bill” Theresa May is asking for would clearly prefer babies to die, terrorists to win, and civilisation to crumble into ruins. This isn’t about anything as petty as your personal privacy; it’s about the very safety of society as we know it.

There are two small problems with the Home Secretary’s approach.

First, if this issue is as existentially important as she makes out, how dare she deny the IP Bill proper parliamentary scrutiny? There can only be one reason to push a 300-page, technical Bill through in three weeks, and that is to stop anyone understanding its contents.

Second, the approach she is asking for demonstrably has not worked up to now, and cannot work in future. US intelligence services say they are “drowning in data”; what they already collect is beyond their capacity to process usefully. But the Home Secretary wants her agencies to have more. The very attacks on Paris which the Home Secretary cites are a stark reminder that intrusive online surveillance (of the very kinds France has enacted) do not stop committed attackers, even if those attackers communicate in clear via SMS and social media sites.

“Legislate in haste, repent at leisure”, they say. But the IP Bill isn’t even bad because it’s done in haste. It’s just the government’s latest attempt to get its pet surveillance project onto the books; it’s premeditatedly bad, and this government shows every sign of being incapable of repentance.

The tragedy is, this time they might just get away with it.

 

 

 

 

MPs successfully challenge UK government in High Court

Two MPs, David Davis (Conservative) and Tom Watson (Labour), with human rights advocacy group Liberty, have won a challenge in the High Court against the UK’s data retention law (DRIPA). The ruling finds against the UK law on several grounds, including incompatibility with the right to privacy, and a lack of clarity in the rules applying to access requests. Since the current rules allow a very wide range of public authorities to request communications data, and to do so without independent approval, there is a clear implication that the UK’s approach to data retention fails the proportionality test.

It’s worth stressing just how exceptional it is for members of parliament to challenge primary legislation in court, let alone to win. After all, the first place primary legislation should be challenged is in the parliament to which they have been elected. But DRIPA’s passage through parliament was not normal. It was rushed through parliament with a single day’s debate – essentially ensuring that it could not receive proper parliamentary scrutiny.
The government tried to explained away this haste by claiming that the bill was “emergency legislation”, brought in because the prior legislation had, in turn, been ruled non-compliant with EU law. That ruling was itself delivered well in advance of the presentation of DRIPA to the house: there was no excuse for the UK government to have failed to foresee that requirement.
According to the Security Minister, John Hayes, opposition to the government’s data retention plans comes from a “paranoid liberal bourgeoisie”, intent on hamstringing law enforcement even if it means criminals and terrorists run amok. Of course, the accusation of paranoia might carry more weight if every “paranoid” prediction about the government’s use and abuse of surveillance powers hadn’t been accurately pointed out by the late Caspar Bowden and amply proved by the Snowden disclosures.
Mr Hayes says the government ‘disagrees absolutely’ with this judgment and fully intends to appeal against it. In other words, despite having had DRIPA and its predecessor struck down, the government’s view is that no change of course is needed, and they can keep the same data retention powers if they go on saying that’s what they want.
There’s an old quip, isn’t there, which defines insanity as repeating the same actions while expecting a different outcome. Far be it from me to accuse the current government of insanity, but I have to wonder how rational it is to expect an appeal to succeed.

Caspar Bowden

Caspar died today. Three simple words that encompass so much.

Twitter has, understandably and gratifyingly, lit up with messages of condolence, admiration and regret – and so it should. The privacy advocacy community has lost one of its most capable members, and feels that loss keenly. But we are all affected by the issues on which Caspar fought: the regulation and availability of cryptography, the interception of communications, the governance of surveillance, the equal application of human rights. There isn’t a person on the planet whose interests are unaffected by these issues, and we are worse off for losing Caspar’s efforts on our behalf.

Let me give two three little snapshots from my memories of Caspar.

The first is from a meeting of the Enterprise Privacy Group, in about 2007. Two or three of us had just arrived and were clustered near the coffee table, talking about ethics and data protection. Caspar arrived, and was pouring himself a cup of coffee a few feet away from our group. He carried it over to us and, as he arrived, said

“Well, I favour a Rawlsian model – because unless you can point to a basis in justice, none of the other approaches can work anyway.”

It wasn’t said as a put-down or out of intellectual snobbery; he had simply grasped the essentials of our conversation within the time it took to pour a cup of coffee, and was contributing his conclusion. Of course, the rest of us had to sneak off later and Google “Rawls on Justice” to refresh our memories <cough>, but the truth of it is, in the work I’ve done on ethical data-handling in the last couple of years, I have come back, time and again, to the principles Caspar set out in that conversation some 8 years ago.

There was mischief in Caspar too, and my second snapshot is from Berlin, where Caspar and I were among the invited participants in an Article 29 Working Group meeting. As ever, a group beer was proposed for the evening, and we all piled into taxis to get to an otherwise unremarkable Bierhof somewhere outside the city. I found it hard to believe that we couldn’t have found somewhere just as good in town, and grumbled something to Caspar along those lines. He, of course, knew exactly where we were, and said “Yes – but there’s a certain irony, isn’t there, in drinking beer with a group of European Data Protection Supervisors, right next to the Wannsee”.

The third is from QCon 2014, where Caspar gave a talk on “Mistrusting Trust”. The talk was excellent, and you can replay it here… but my abiding memory wasn’t that; it was that about 4 minutes in (as you’ll see if you watch the video), Caspar’s laptop reset, and threatened to melt down. It was overheating partly because it was a bit old, but partly because Caspar was running Qubes on it, so as to be able to boot a virtual OS in order to show his slides. Now, lots of privacy advocates love the idea of only using virtual machines, and killing them in between sessions of browsing, email and whatever… but an awful lot of us can’t be bothered to go to the inconvenience, when it comes down to it. Caspar could – even if it almost reduced his laptop to a pool of smoking black plastic in front of an audience.

To say that people sacrifice privacy for convenience is such a cliché most of us don’t even reflect on it any more. But Caspar’s example should remind us that too many of us sacrifice more than just privacy for the sake of a little convenience. Caspar had always done his homework. How many of us hold forth on the laws governing data protection, interception, surveillance and so on without actually having read them all the way through? I know I’m guilty on that score – but Caspar had read them – and not just for one country, but for the UK, and the US, and the EU, and France, and so on. How many of us read them and then forget the detail, or don’t bother to really think through the implications, and publish our analysis, and fight for how we think it should be?

And of course it wasn’t just the law. As his comment on Rawls indicates, Caspar was scarily well read in all kinds of areas, and he had a level of recall which many policymakers had occasion to find embarrassing.

Yes, he could be abrupt, and yes, he often ‘bent’ convention by asking direct and probing questions in ways that risked alienating the policymakers he sought to influence. But I never saw him do so rudely, inappropriately, or in a way that demonstrated anything less than total integrity. That took strong moral principles, intellectual rigour, and courage.

Caspar – thank you for your dedication; we’re worse off without you, and we’ll miss you. And I wish I’d said that to you before you died.