Farewell Caspar

10th July, 2015 — Laura Kalbag

Caspar Bowden
Photograph by Rama, Wikimedia Commons (Cc-by-sa-2.0-fr)

We were sad to hear Caspar Bowden died this week. It’s a huge blow to our community, and every citizen who has, and will still, benefit from his tenacious work for human rights.

Those of us who have come to privacy advocacy since the Snowden revelations may not know the full length, breadth, and depth of Caspar’s work. At Ind.ie we got the chance to meet him in person when we attended the Defending Human Rights In A Digital Age panel at Goldsmiths University in February.

Caspar stood out as someone who cared a huge amount about privacy, and didn’t want to waste any time on superficial discussion or empty platitudes. His experience, and depth of understanding, of both the technological and legal sides of privacy issues, gave him the unique ability to make his points accessible to the audience.

There are many sites with wonderful tributes to Caspar, written by people who knew him and his work well. We thought it’d be a fitting tribute to look at Caspar’s work, and how we can continue to advocate for these issues.

Privacy and human rights

Caspar was a long-standing privacy advocate, co-founding the think tank Foundation for Information Policy Research (FIPR) in 1998, focusing on policy implications at the intersection of technology, business, government, and society. Before many privacy advocates were of legal drinking age, FIPR was investigating how technology issues affected “business, freedom of speech, privacy, democratic governance, and the accountability and efficiency of public administration.” As it says on the FIPR policy page, “Government policy making is not always informed by a full appreciation of the consequences either for business or for the individual consumer and citizen.”

“He was tireless, fierce, and had an encyclopedic knowledge of privacy legislation, regulation, and technology.” — Cory Doctorow

Right to encrypt

In the 1990s Crypto Wars, Caspar was a key figure in the British fight for the right to encrypt. As a technology adviser for Scientists for Labour, he convinced the out-of-power British Labour party to adopt a civil liberties platform that was “strongly pro-privacy and pro-encryption.” Unfortunately, when Labour gained power in 1997, they “began drafting a potentially catastrophic law that would have mandated compulsory crypto backdoors in the UK.” Sound familiar?

Guilty of being a foreigner

One of Caspar’s key fights was against the US’s ability to collect and analyse intelligence on any person outside the US, without a particular warrant, through mass surveillance. As the US legal system doesn’t protect anyone outside of the US (US citizens are protected under the Fourth Amendment,) he referred to s702 in the Foreign Intelligence Surveillance Amendment Act 2008 (FISAA) as the “guilty of being a foreigner” provision. Caspar pointed out that it wasn’t safe to store EU data in US-based clouds. His report explained that privacy and data protection are challenged in the name of security and the fight against terrorism, “both in the case of the Patriot Act and in the case of the Foreign Intelligence Surveillance Amendment Act (FISAA) of 2008.”

Backdoors

After working as a privacy advisor for Microsoft between 2002 and 2011, Caspar was dissatisfied by the protections of civil liberties in European law, and no longer trusted Microsoft and the other proprietary technology that likely had backdoors for government access. He turned to open source technology as the underlying code could be examined for security breaches, recently working with Tor and Qubes. As Ray Corrigan says, “He was prepared to wrestle with the user unfriendly inconveniences of privacy enhancing technologies.” This is why we must continue to make privacy enhancing technologies accessible to everybody, without such unfriendly inconveniences.

“Where others would have been slowed down by false reassurance, or given up in the face of intimidating detail, Caspar would read the legislation, read the code, understand the context, and keep going until he had a way forward.” — Ben Goldacre

Privacy before Snowden

In 2012, a year before the Snowden revelations, Caspar was warning people about how government mass surveillance would infringe the privacy rights of citizens. He pointed out how the Regulation of Investigatory Powers Act 2000 (RIP Act) granted the government powers to scan the contents of all the data carried by an internet service provider without a warrant. The data could also potentially be stored infinitely for future reference and analysis. Caspar also explained how retaining this data in the name of terrorism was disproportionate, and security should never be cited as a reason for blanket surveillance.

“Caspar frequently had the frustrating experience of seeing his most pessimistic predictions disregarded as alarmist, only to turn out to be true all along.” — Danny O’Brien

The report he co-wrote for the European Parliament expressed concern over people storing data in the cloud, not so much as an issue for fraud or “cyber crime,” but because people lose control over their data when it’s stored in somebody else’s space. The report examined issues with data stored in the cloud being subject to inconsistent, or entirely absent, protection and regulation because of differing laws in different countries and jurisdictions. And that the relationships between public authorities, private entities and public and private authorities often used data protection and privacy as negotiating chips, frequently in the name of security and the fight against terrorism, to the detriment of the individuals’ rights.

“His was one of the few voices shouting about the huge and growing risks to privacy — from cloud computing, from big data, from connected devices and increasingly interwoven datasets — when few ears were listening.” — Natasha Lomas

RIP Act was followed by the Data Retention and Investigatory Powers Act 2014, where mass surveillance was allowed to continue, but retention time was limited. The Communications Data Bill (also know as The Snoopers’ Charter) is now being drafted to amend, and add further mass surveillance powers, to the RIP Act 2000. We can help fight against the Snooper’s Charter with campaigns such as Open Rights Group’s Don’t Let The Snoopers’ Charter Bounce Back.

Post-Snowden

After the Snowden revelations, Caspar wrote another report for the European Parliament on The US surveillance programmes and their impact on EU citizens' fundamental rights. This report explains the NSA’s PRISM programme, amongst other surveillance programmes, and their historical context. Caspar continued to fight for the rights of non-US citizens targeted by these programmes, as well as US citizens not adequately protected by the Fourth Amendment. He again examined the challenges surrounding cloud computing, how it undermines data protection, and why the legislation put in place to address these issues now mainly serve as loopholes to perpetuate the surveillance’s existence. He then gave recommendations for institutional reform, keeping data inside Europe, and protecting the rights of whistleblowers. The material of this report also features in many of his talks.

“Yes, he could be abrupt, and yes, he often ‘bent’ convention by asking direct and probing questions in ways that risked alienating the policymakers he sought to influence. But I never saw him do so rudely, inappropriately, or in a way that demonstrated anything less than total integrity. That took strong moral principles, intellectual rigour, and courage.” — Robin Wilton

Caspar, you will be missed.