Internet service providers are to be invited to tender for a government scheme to monitor all internet communications and telecommunications.
Under the proposed Interception Modernisation Programme (IMP), internet service providers (ISPs) would be required to link 'black boxes' to their servers to record all internet traffic, including details of emails, VoIP telephone conversations, instant messages and browsing habits. Telephone conversations would also be monitored.
The traffic data would then be siphoned into a centralised database, enabling the government to monitor all business and domestic internet and telephone communications. According to insiders, some ISPs have already been pitching to the Home Office to provide the 'black boxes' to record the data.
The Home Office and GCHQ have applied to central government for funding for the scheme. Answering a written question posed by Lord Northesk last month, Admiral West, the parliamentary undersecretary of state for security and an adviser to Gordon Brown, gave details of the funding request last week.
According to West, as part of the 2007 Comprehensive Spending Review (CSR), "a central bid was made to HM Treasury on behalf of the security and intelligence agencies. Funding for IMP was included in the bid, and the exact programme allocation across the CSR years is currently being finalised between the Home Office and HM Treasury."
Funding would be for three years. University of Cambridge security expert Richard Clayton told ZDNet.co.uk that putting state-of-the-art surveillance devices into all UK ISPs would be "likely to cost quite a lot". As a consequence, Clayton said the government plans to deploy the system at one ISP initially.
West confirmed that the government would be conducting a "feasibility study" for the surveillance of ISPs and for the centralised communications database, up to 2010.
"A significant proportion of the programme investment over the Comprehensive Spending Review period will be used to test feasibility and reduce the risk associated with implementing the proposed IMP solution," said West. "The private sector is likely to play a major role in this work and the programme will be conducting a competitive tender and entering commercial negotiations to commission its services."
However, peers criticised the government proposals. Lord Erroll of Hay told ZDNet.co.uk on Tuesday that the proposals were "incredibly dangerous".
"Part of the problem is that the Home Office would be able to self-authorise to do any searches in the database, which is very dangerous indeed," said Erroll. "At the moment, someone checks the access requests."
Clayton agreed with Erroll that the proposals were "completely not proportionate". "If the government is going to do this, it would be far better to force all mosques, churches, and public houses to fit microphones and tape recorders," he told ZDNet.co.uk. "East Germany used to have a comparable system."
At present, surveillance information can be requested from ISPs by law-enforcement agencies, but those requests can be queried by the ISPs concerned. According to Clayton, a centralised database without such a check may contravene existing data-protection legislation, so the government would need to change the law to make the database legal.
"At the moment, the centralised database and self-authorisation would be illegal under the Data Protection Act," said Clayton. "The draft Communications Data Bill will contain clauses to make this legal."
Lord Erroll agreed that the only reason to bring the Communications Data Bill in as primary, rather than secondary, legislation would be to legalise the government plans — secondary legislation would have to conform to existing data-protection laws.
"The Communications Data Bill has to be producing something new — the Home Office is going after some new powers," said Erroll. "They have all of the powers they want, except for being able to bring all of the data together at the Home Office."
The Home Office on Tuesday confirmed that it was seeking to introduce a centralised database of communications data, but said the plans were at the proposal stage.
"The changes to the way we communicate, due particularly to the internet revolution, will increasingly undermine our current capabilities to obtain communications data — essential for counter-terrorism and investigation of crime purpose[s] — and use it to protect the public," stated a Home Office spokesperson. "Proposals are being developed and full details of the draft Bill will be released later this year, allowing for full engagement with Parliament and the public."
The Home Office spokesperson admitted that primary legislation would be necessary to legalise a self-authorised, centralised database. "That is why we're introducing primary legislation," the spokesperson told ZDNet.co.uk. However, the spokesperson again added that, at present, these are proposals rather than plans.
Privacy watchdog the Information Commissioner's Office (ICO) said it had "grave questions about the acceptability of such a scheme".
"In the fight against evil, we must not ride roughshod over our liberties," said Richard Thomas in a speech on Tuesday. "Every phone call, email, internet search and online transaction would be monitored. Even the possibility of such a scheme needs the fullest debate before becoming legislation."
Thomas declined to comment as to whether the Home Office proposals were legal under current data-protection law, and refused to comment any further about his concerns.
The ICO had not been consulted by the Home Office over the communications-database plans, said an ICO insider.
Talkback
I'm surprised to see no comments on this article. Indeed I have also been surprised at the lack of comment on similar subjects (on ZDNet) in the past.
It's only by speaking out and acting now, before it's too late, that we have any chance of infuence. Otherwise we are just sleep walking into a society of total surveillance and total control.
Apart from that, I have discovered from past experience that an organisation cannot offer us a satisfactory service and, at the same time, police us. These are mutually incompatible activities.
This government appears to be developing a key area of expertise, namely drawing up plans to put its citizens' personal data at risk.
I fully accept that there needs to be a mechanism for the security services (and them alone) to gain access to the content of individuals' communications, where they have a legitimate concern, in order to protect the security of the population. They obtain a warrant, use this to obtain the data, then analyse it. Note that this is to protect the security of the population - not to increase the revenue of the government.
However, the key here is that they have to go through a legal process to obtain the data, ensuring the power cannot be abused.
This new proposal (and let's hope it is a proposal, to be debated fully and openly) apparently will allow the government to collect all data we transmit over our internet connection - commercially sensitive emails, telephone calls, personal banking transactions, credit card details, login passwords, indeed a huge amount of sensitive data... and store it in one of the government's renowned secure centralised databases.
Since, and with good reason, few people trust the government to keep data secure, this idea of a centralised database is one of the main reasons why people dislike the ID cards scheme. Now they are doing it again with our internet traffic.
What is wrong with the traditional, and indeed existing, scheme of obtaining legal permission first, for a specific data collection operation, and then collecting the data? Why is this government obsessed with storing so much of our personal data centrally and consequently putting such data at risk of theft or misuse? There surely cannot be any legitimate benefit which offsets this.
In fact I would go as far as to suggest that the government's duty to protect its population from harm would be better fulfilled were they to do nothing, than implementing their various databases supposedly designed to protect us. The bigger threat to our personal security and freedom appears to be not criminals and terrorists, but the government themselves.
Is there nobody in government with the population's interests at heart?
We all get spam and malware emails which waste time and clutter up the communications network. There are horrendous websites condoning and encouraging suicide, giving instructions on how to murder those with different 'religious' persuasions etc. So why aren't they on top of the list to be snooped on and removed from circulation? We all know they are there, the ISPs have the ability to shut them down. OK, there's the censorship issue, but surely commonsense tells us that should not be allowed to be put forward in defence of blatant evil? Let's be reasonable and draw the line.
Why do the government and the relevant authorities not target the bad guy's instead of this broad brush philosophy which affects all of us detrimentally, but does little to curb the real problems and bring the bad guys to book.
However, I disagree that the ISP's should be responsible, this job should be left to the duly constituted authorities and done under warrant. No thank you to private policing!
This post has been removed by a moderator.
This post has been removed by a moderator.
Anyone else feeling like we're well on our way to a very bad place.
the internet is the one, open, un-policed, resource with uncensored, free information. Anyone who doesn't realise how corrupt our government is simply lacks intelligence, we should not so willingly give the government more power. I speak for the vast majority of like-minded techys "This is our world now... the world of the electron and the switch"
This post has been removed by a moderator.
This post has been removed by a moderator.
Where theres a will, theres a way, no one will be allowed to control the internet, nor police it...
Yes it does seem as though the government factions are in a mild state of panic about all this. They can instinctivley sense the time for them to be sidelined is closing in.
Soon it will be known who we are (individual identity and all social/ physical network relationships therein), where we are, where we go, who we're with, who we meet and all that we watch, read, eat, buy, touch and do.
TFD