The most important thing about this post is that I rewrote it multiple times and considered not posting it at all, because I was concerned about how it might be perceived and whether its recommendations might have ramifications in the future. Once you read it, that thought alone should be terrifying.
With the Labour party in disarray and the population distracted by Brexit, the Investigatory Powers Act has now passed both houses. Media coverage has been inexplicably scant. The Act permits a wide range of snooping and hacking by the security services, allowing unprecedented surveillance of citizens for a democratic country. Theresa May pushed this legislation (dubbed the “Snoopers’ Charter”) as Home Secretary, so it is little surprise that she has forged ahead despite opposition from groups like Liberty and warnings from a number of commentators including Edward Snowden.
I hope that by now most people reading this will have rejected the idea that “if you have nothing to hide, you have nothing to fear”. It is worth revisiting Glen Greenwald’s powerful TED Talk on the subject. This is not paranoia about some perceived theoretical risk. The Snowden revelations demonstrated that the intelligence agencies will take advantage of any information gathering they can get away with, whilst both the Government and the police have demonstrated repeatedly that supposedly anti-terror laws will actually be used whenever convenient. This is why the lack of judicial oversight over access to browsing history should cause serious concern. Most importantly, even if you do trust the current Government, you still should be protecting your privacy. Once a more authoritarian regime takes power, it is too late to claw back what they already hold.
The danger is that authoritarianism occurs in a gradual shift that is easy to overlook as it takes incremental steps. Take, for example, the current Digital Economy Bill which seeks to censor videos that contain a swathe of consensual but non-conventional sex acts. It is entirely unclear why the Government should have any say in such things and it stigmatises private activities enjoyed by a minority. Those of us unaffected by this change should be fighting against it, because it suggests that in future such marginalisation of other minority groups is acceptable based on an arbitrary sense of what is “normal” or “decent”. Now couple this with a regime that also has access to your entire browsing history.
A second major issue with the Investigatory Powers Act is the requirement that companies remove user encryption whenever “practicable”. Many major tech companies have responded robustly about the security implications of creating backdoors in their software, which serve to weaken security for everyone against any malicious attackers. However, the arguments over what is or is not “practicable” for companies to implement will occur in private — without public scrutiny — because the warrants demanding data will invariably contain a gagging order.
Remember also that data leaks by Government bodies are commonplace. The Information Commissioner’s Office lists 54 enforcement actions in just the past two years. Allowing the collection of data also allows the risk of it being released more widely, particularly in light of the Digital Economy Bill’s proposals for data sharing between Government bodies without proper safeguards.
How do you protect yourself in the meantime? Everyone should be using a Virtual Private Network (or VPN). Here’s a friendly beginner’s guide, but broadly a VPN involves making an encrypted connection to a server which handles all of your online requests. That way no one else, like your Internet Service Provider or others on a public wifi hotspot, can track or eavesdrop on what you are doing. You are still trusting the VPN provider, but this gives much greater control than than trusting one of a few local ISPs, all of which will be subject to requirements imposed by the Investigatory Powers Act. The best way to ensure your privacy is to use a VPN that does not log your traffic so that, even if ordered to, it cannot provide your web history to anyone else. There are a number of different companies offering VPN services relatively cheaply. I recommend NordVPN, given the privacy features outlined above coupled with easy-to-use clients for Windows, OSX, iOS and Android, so little technical knowledge is required.
If you know that you will never, ever have anything to hide from anyone else at all, then you have nothing to fear. And a level of clairvoyance that I sincerely envy.