Intercept Modernisation

From Orgwiki

1 Executive Summary
2 Back Story
3 The Issues
4 Links

[edit] Executive Summary

The Intercept Modernisation Programme, or Communications Data Bill, are a set of new proposals on the UK Government's Draft Legislative Bill for the Parliamentary session beginning October 2008. It has been reported that they include a proposal to centralise the electronic communications traffic data of the entire UK population in a database managed by the Government.

Jacqui Smith spoke about the plans on 15 October at an ippr event. She said that although the original plans had been due to go before the House of Commons in the Communications Data Bill in november, she was now holding back this Bill "in order to expand the extent of surveillance powers open to the security services, while consulting further on the best way to win public support for the plan" (Daily Telegraph report). She did not reveal the substance of the original plans.

[edit] Back Story

According to a written answer submitted to the Earl of Northesk by Lord West of Spithead, the Parliamentary Under-Secretary (Security and Counter-terrorism), Home Office:

"the objective of the Intercept Modernisation Programme (IMP) is to maintain the UK's lawful intercept and communications data capabilities in the changing communications environment. It is a cross-government programme, led by the Home Office, to ensure that our capability to lawfully intercept and exploit data when fighting crime and terrorism is not lost. It was established in response to my right honourable friend the Prime Minister's national security remit in 2006."[1][2]

Starting with The Times, who broke the story in May 2008, several media reports have claimed that as part of this programme a new national database would be created to centralise the electronic communications data (some of it collected and retained by ISPs and other communications service providers under Data Retention legislation passed down from Europe, others of it not collected or retained under any existing statute) of the entire population[3].

The BBC added some substance to the specualtion in May when it ran an interview with Stuart Ward, a telecoms security engineer, who says the government have been in conversations with mobile phone operators about the best way to implement a centralised database[4]. Since the stories started appearing they have been criticised by a number of sources, including the Information Commissioner, Richard Thomas[5].

Over the Summer, the Home Office responded to speculation with statements that the detail of the Communications Data Bill, are yet to be released.

[edit] The Issues

[edit] Mass sureveillance and "fishing expeditions"

The EU Data Retention Directive, which is currently being transposed into UK law, requires that Communications Service Providers (CSPs) store communications traffic data for between 6 months and 2 years (depending on how the Member State wishes to implement the Directive - it is likely that the UK will go for the maximum time).

If the government wish to view stored communications traffic data, they need to approach individual CSPs directly with a Regulation of Investigatory Powers Act (RIPA) warrant for access to that data. A centralised database would lower the cost of viewing communications traffic data, as all CSPs would deposit the data with a central Government agency.

Lowering the cost of surveillance is likely to lead to more so-called "fishing expeditions", where officials use the communications patterns of known targets to identify unknown targets. As a Home Office spokesman is quoted as saying in this Guardian piece:

"It... gives investigators the potential to identify other forensic opportunities, identify witnesses and premises of evidential interest."

Many activists - including ORG - spoke out against the EU Data Retention Directive when it was being drafted in 2005. Centralising the data retained under the Directive would be even worse - it takes us from a situation where the Government can watch anybody, to where the Government can watch everybody. Mass surveillance undermines human dignitiy, which is the value that underpins every other human right.

[edit] Meaningful oversight

Any scheme which gives Government agencies power to access communications traffic data needs meaningful oversight. If data is collected centrally, then it will be difficult for an external body properly to audit the way that data is accessed, and to see that those operating it are strict about complying to RIPA and Data Protection Act requirements.

[edit] Proportionality

RIPA powers are already being abused by government agencies. As Sir Christopher Rose, the Chief Surveillance Commissioner, noted in his most recent report to the Prime Minister [6]:

The evidence is that [Local Authorities] tend to resort to covert activity as a last resort but, when they do, have a tendency to expose lack of understanding of the legislation by completing documentation poorly. In particular there is a serious misunderstanding of the concept of proportionality. It is not acceptable, for example, to judge, that because directed surveillance is being conducted from a public place, this automatically renders the activity overt or to assert that an activity is proportionate because it is the only way to further an investigation. At the end of the reporting period, media reports highlighted the need for a public debate on the use of these powers and specifically the issue of proportionality.

Local authorities have used RIPA powers to spy on a family for three weeks to find out if they were really living in a school catchment area (Poole), or to investigate dog fouling (Derby City Council, Bolton, Gateshead and Hartlepool) [7].

[edit] Cost

Centralising storage of communications traffic data would entail huge costs - to government and to ISPs, who could have to make major and expensive changes to their core networks, for example to be able to hand over your web browsing records. It is possible that some or all of these costs would need to be met by the taxpayer. The Home Office is already managing a multi-billion pound database project in the National Identity Register. Could this money be better spent elsewhere?

[edit] Personal data security

The government has a poor record on keeping your personal data secure (See UK Privacy Debacles). Large databases which grant access to hundreds of different users will always be subject to "insider threats" - public servants who are either corrupt[8] or incompetent[9]. This puts the security of vulnerable people, such as those fleeing abusive relationships, at greater risk of harm.

[edit] Links

[edit] Pending Freedom of Information Request

The Open Rights Group has made the following FOI request to the Home Office regarding the Intercept Modernisation Programme: http://www.whatdotheyknow.com/request/intercept_modernisation_programm

[edit] Government Resources

NCIS SUBMISSION ON COMMUNICATIONS DATA RETENTION LAW Leaked strategy document of 2000 from A.C.P.O. and A.C.P.O (S) H.M. CUSTOMS & EXCISE SECURITY SERVICE SECRET INTELLIGENCE SERVICE, AND GCHQ - from Cryptome

Draft Legislative Programme - Communications Data Bill

Link to consult on Communications Data Bill via direct.gov.uk

Written Answer to Earl of Northesk on the Intercept Modernisation Programme

[edit] Experts

Stuart Ward, Telecom's Security Officer's personal blog post

Information Commissioner's Statement

[edit] Media

[edit] 2008

2008-10-15 - The Independent - Exclusive: Storm over Big Brother database: Author: Robert Verkaik and Nigel Morris; Summary: Early plans to create a giant "Big Brother" database holding information about every phone call, email and internet visit made in the UK were last night condemned by the Government's own terrorism watchdog.

2008-10-15 - The Telegraph - Jacqui Smith plans broad new 'Big Brother' surveillance powers: Author: Rosa Prince; Summary: Telephone calls, internet use and email will be monitored by the police as part of a broad extension of the ability of the state to snoop on citizens.

2008-10-07 - The Register - Spy chiefs plot £12bn IT spree for comms überdatabase: Author: Chris Williams; Summary: Billions of pounds of public money will soon be up for grabs for private IT contractors ready to serve the Interception Modernisation Programme - UK spy chiefs' plan to store details of every call, email, text and web browsing session.

2008-10-06 - Daily Express - Spies will tap into all emails and calls: Author: Macer Hall; Summary: All telephone calls, emails and text messages in Britain will be monitored under new Government snooping plans. A £12billion identity database at the GCHQ spy centre could even log every website visited by computer users nationwide. ... Michael Parker of anti-identity card group No2ID said: "It is a shocking intrusion into privacy. This is stalking. If an individual carried out this sort of snooping, it would be a crime."

2008-10-06 - Metro - 'Stalker state' database would cost £12bn: Summary: A database costing £12billion – to hold the e-mails, phone records and internet habits of everyone in Britain – would turn the country into a 'stalker state', lobby groups have warned.

2008-10-05 - The Times - Government will spy on every call and e-mail: Author: David Leppard; Summary: Ministers are considering spending up to £12 billion on a database to monitor and store the internet browsing habits, e-mail and telephone records of everyone in Britain.

2008-10-05 - The Times - There's no hiding place as spy HQ plans to see all: Author: David Leppard; Summary: Sir David Pepper who, as the director of GCHQ, the government's secret eavesdropping agency in Cheltenham, is plotting the biggest surveillance system ever created in Britain ... Pepper is masterminding an innocent-sounding project called the Interception Modernisation Programme. The scope of the project is said by officials to be so vast that it will dwarf the estimated £5 billion ministers have set aside for the identity cards programme. ... Aimed at placing a "live tap" on every electronic communication in Britain, it will dwarf other "big brother" surveillance projects ...

2008-09-25 - The Register - UK.gov 'to drop' überdatabase from snoop Bill: Author: Chris Williams; Summary: The government will drop plans for a massive central database to track private communications from the forthcoming Communications Data Bill, but officials will proceed with the multi-billion project in the background instead. Senior civil servants will discreetly run the project to swerve potential political opposition to a scheme which would retain details of every phone call, email, and web browsing session of every UK citizen, sources have told The Register.

2008-08-19 - Gizmodo USA - 'UK Gov't Creating Centralized Snooping Silo to Monitor all Calls, Texts, Emails, IMs and Surf Histories': Author: Adam Frucci; Summary: The UK government has decided to spend hundreds of millions of pounds (gajillions of dollars in US currency) on a huge central silo for all of the country's communications data. What'll that entail? Well, apparently "the one-stop-shop database will retain details of all calls, texts, emails, instant messenger conversations and websites accessed in the UK for up to two years." Oh my.

2008-08-19 - The Register - 'UK.gov to spend hundreds of millions on snooping silo': Author: Chris Williams; Summary: The government is pressing ahead with plans to spend hundreds of millions of pounds on a massive central silo for all UK communications data, The Register has learned.

2008-08-13 - The Guardian - 'Snooper's charter' to check texts and emails: Author: Alan Travis; Summary: Local councils, health authorities and hundreds of other public bodies are to be given the power to access details of everyone's personal text, emails and internet use under Home Office proposals published yesterday. Story relates to the of the Data Retntion Directive, but also references IMP.

2008-07-16 - Daily Mail - Big Brother database recording all our calls, texts and e-mails will "ruin British way of life": Author: Matthew Hickley; Summary: Plans for a massive database snooping on the entire population were condemned yesterday as a "step too far for the British way of life". In an Orwellian move, the Home Office is proposing to detail every phone call, e-mail, text message, internet search and online purchase in the fight against terrorism and other serious crime.

2008-07-15 - BBC Online - Warning over phone calls database: Summary: A central database holding details of everyone's phone calls and emails could be a "step too far for the British way of life", ministers have been warned. Plans for such a database are rumoured to be in the Communications Data Bill.

2008-07-15 - BBC iPM - Communications Data Bill: cause for concern?: Author: Jennifer Tracey; Summary: How do you feel about the possibility of a centralised police database holding details of every phone call and text message you've sent and websites you've visited?

2008-07-15 - ZDNet - Critics attack 'dangerous' gov't comms-snooping plan: Author: Tom Espiner; Summary: Internet service providers are to be invited to tender for a government scheme to monitor all internet communications and telecommunications. Under the proposed Interception Modernisation Programme (IMP), internet service providers (ISPs) would be required to link 'black boxes' to their servers to record all internet traffic, including details of emails, VoIP telephone conversations, instant messages and browsing habits. Telephone conversations would also be monitored.

2008-07-12 - BBC Online - Fears grow over information plans: Summary: Government plans to collect more data on mobile phone calls and internet usage have been further criticised as an attack on civil liberties.

2008-05-22 - Computer Weekly - Revealed - Government plans to tap phone and internet use: Author: Cath Jennings; Summary: The Home Office is considering radical plans to develop a centralised surveillance system to track in real-time every kind of electronic activity undertaken by citizens. The project, driven by intelligence services, would require the development of a surveillance system unprecedented in its scope and technical sophistication.

2008-05-21 - Society for Computers and Law - Communications Data Bill: ICO Repeats Warning on Surveillance Society: Summary: The ICO has released a statement expressing concerns about the Government plans for a Communications Data Bill. The Government plans for a Communications Data Bill, outlined in its draft legislative programme, have received a pretty distrustful reaction from the ICO.

2008-05-20 - Silicon.com - Critics attack gov't email, phone database plan: Author: Nick Heath; Summary: All email, blogs, instant messaging and VoIP calls could be monitored under government proposals - but critics warn the plans go too far. As of last September telecoms providers must keep all text and phone call records for up to two years under an EU directive, and this is to be rolled out to include all online traffic by 2009 at the latest.

2008-05-20 - ZDNet - Gov't planning centralised communications database: Author: David Meyer; Summary: Privacy and IT security experts have reacted with horror to reported government plans that would see UK citizens' internet and telephony usage details stored in a massive centralised database.

2008-05-20 - The Times - "Big Brother" database for phones and e-mails: Author: Richard Ford; Summary: A massive government database holding details of every phone call, e-mail and time spent on the internet by the public is being planned as part of the fight against crime and terrorism. Internet service providers (ISPs) and telecoms companies would hand over the records to the Home Office under plans put forward by officials.

2008-05-15 - Outlaw.com - Government orders data retention by ISPs: Summary: Phone and internet companies will soon be forced to keep logs of internet usage to be made available to the police under a new law announced by Prime Minister Gordon Brown this week. The law, the Communications Data Bill, will implement the remainder of the European Union's Data Retention Directive.

Retrieved from "http://www.openrightsgroup.org/orgwiki/index.php/Intercept_Modernisation"