• silicon.com
• Management
• Public Sector

By Tom Espiner, 6 May 2009 08:45

NEWS

The government's electronic eavesdropping agency has denied developing technology that will enable the mass surveillance of UK citizens' web communications.

In a press statement on Monday, GCHQ said it would not monitor internet use or phone calls for every UK citizen. The GCHQ announcement came after an article, co-authored by The Sunday Times and The Register and published on Sunday, claimed the government was pushing ahead with mass surveillance plans, despite having announced on 27 April that it would not store intercepted data in a centralised database.

Monday's statement said: "GCHQ is not developing technology to enable the monitoring of all internet use and phone calls in Britain, or to target everyone in the UK. Similarly, GCHQ has no ambitions, expectations or plans for a database or databases to store centrally all communications data in Britain."

The press statement said GCHQ is in the process of developing technologies that are "designed to work under the existing legal framework", and that blanket interception would not be legal under the Regulation of Investigatory Powers Act (Ripa) or the European Convention on Human Rights.

However, Cambridge University security expert Richard Clayton told silicon.com sister site ZDNet UK on Tuesday that GCHQ had been "very precise" about what it would not intercept. Clayton said that 'black boxes' used for deep packet inspection had already been placed on content service provider (CSP) networks.

"They don't want to intercept content," said Clayton. "Lots of black boxes have been rolled out to CSPs, to pick up communications traffic data. They are not denying the black boxes, they are just denying intercepting content."

Clayton said that communications traffic data could be used to establish exactly who was communicating with whom, and when. He added that this data did not have to be processed or stored in a centralised database to be accessed and used by the intelligence services.

"The database is still a problem if it's a distributed database," said Clayton. "Provided there are automated enquiries - we're talking authorised online access - they can get data out of a distributed database just as quickly."

Clayton added that interception of traffic data would probably not contravene UK law.

"The offence under Ripa is picking out content, and making that content available to someone else," said Clayton. "They are going to know who you are communicating with, but that's not against the law."

Home Secretary Jacqui Smith announced on 27 April that the government wants CSPs to record, retain and process details of all communications that take place over their networks. The Home Office also announced on the same day that £2bn would be made available to CSPs over 10 years to achieve this.

On Tuesday a Home Office spokesperson told ZDNet UK that the £2bn would not be provided out of the GCHQ budget, but instead would be a "cross-government project", should the programme go ahead in its proposed form.

"The £2bn costs include the set-up and running costs over 10 years," said the spokesperson. "It's estimated the costs would be recovered by not running the current [interception] system."

The spokesperson added that the government's current interception capabilities were being "rapidly eroded" by the pace of technological change, and said that the tools were necessary for law-enforcement purposes.