By Tom Espiner, 18 June 2009 16:09
NEWS
A government plan to allow the intelligence services to monitor all UK web communications is technologically impossible, according to experts from the London School of Economics.
The Interception Modernisation Programme (IMP) calls for internet service providers to record the traffic details of all web communications. They must also present those details to the intelligence services and other public authorities in a way that establishes the links between different pieces of data associated with, for example, an individual's phone, email address or user IDs.
Professor Peter Sommer and Gus Hosein, an LSE visiting fellow, published a report on Wednesday that criticised the government scheme. Sommer told silicon.com sister site ZDNet UK that the requirements are technologically impossible, due to the way data is transmitted on the internet.
"Existing law is based on the old telephone system, where it was easy to separate out communications data," Sommer said on Tuesday. "The problem with the internet is that it's all basically data bits."
The problem is made more complex by the blurring of boundaries in web communications between traffic data and content, and by the number of protocols used. Not only are a multiplicity of web protocols used by different companies, Sommer said, but those protocols are changed periodically, making interception as proposed by the government very difficult.
"If Microsoft rewrites Windows Live, [the government] would have to rewrite the [interception] protocol," said Sommer.
The government has proposed that ISPs use deep packet inspection, in which every data packet is opened and examined, to derive a picture of who is communicating with whom at any one time. In the report, Sommer and Hosein wrote that the devices used for deep packet inspection, known as 'black boxes', will have to collect large amounts of traffic associated with each internet user, discard whatever appears to be content, and combine the different streams of traffic to create the interlinked data picture of the individual. "This is an impossibility," Sommer said.
In the report, Sommer and Hosein also criticised the scheme for its extension of intelligence-service powers.
"If the boxes were under the control of GCHQ, then the entire existing fabric of warrants, authorisations and judgements over 'necessity' and 'proportionality' would collapse," wrote the authors.
Sommer also told ZDNet UK that the LSE is concerned about the cost of the scheme, which the government has projected at £2bn over 10 years. "The figure of £2bn leads to endless questions about how the figures were derived, and where the costs are borne," he said.
The Home Office on Wednesday declined to give details about how the scheme's costs would break down. The programme will be cross-government, but will be funded by the Home Office, said a spokesperson.
The Home Office said it needed the capability to track all communications.
"Communications data plays a vital role in tackling serious crimes such as child sex abuse, kidnap, murder and drug related crime, as well as in public protection," the Home Office said in a statement. "Technology is evolving, and new innovative forms of internet-based communications are emerging. If we do not make changes now to maintain existing capabilities and look ahead to the future, the police, security and intelligence agencies will no longer be able to use this data to fight crime."
In terms of privacy, the Home Office said that it will "ensure there are stringent safeguards inbuilt into any future proposals", and added that it had launched a consultation on the matter.
"We know that this is a complex and sensitive subject, with a fine balance to be made between protecting public safety and civil liberties. Because of this we have launched a public consultation to seek views from interested parties, including communication service providers," said the Home Office statement.
ZDNet UK understands that the Home Office believes there are sufficient privacy safeguards in place for the work of both the intelligence service and other security services. These include Ripa, the Human Rights Act and the Data Protection Act.
Comments
There are 7 comments. Join the discussion
1. Richard Davies
the Home Office said that it will "ensure there are stringent safeguards inbuilt into any future proposals"
The above words are worthless. They absolutely carry no weight simply because the government have proved themselves to be inept at most things...particularly IT related projects.
Why can't the security services spy on people that have been identified as a criminal...why are they insisting on spying on everyone just in case.
Maybe in the next war they will just carpet bomb an entire country just to be on the safe side...its a sad state of affairs.
2. karen challinor
"Communications data plays a vital role in tackling serious crimes such as child sex abuse, kidnap, murder and drug related crime, as well as in public protection,"
hmm they can't stop spam, phishing, driveby downloads of virii that snaffle your bank details or spyware but they reckon this sort of activity is magically different because it's 'serious' crime and can therefore be traced and eliminated
more likely it is 'emotive' crime and referring to it often enough instils sufficient fear in the populace that they won't oppose legislation intended to deal with it despite all the side effects such legislation invariably brings
and when the legislation fails they won't remove it, they'll add more legislation to try and plug the gaps until eventually you may be fined for leaving your home for work without a police permit
3. anonymous
All this will do is allow goverments to snoop on the communications of law abiding citizens.
Hackers and terrorists will continue to exchange (currently unbreakable) encrypted traffic very often via "mule" systems so there is no point-to-point link.
Data that is encrypted just looks like the rest of the endless chatter on the internet and ISP's will stand no chance in being able to filter this out - so the only other alternative is to hand it over to the goverment as-is.
In these circumstances, the amount of data, bandwidth and traffic will become impossible to analyse - and if they try you can probably stick a few extra zero's on the goverments cost estimate. But it's only taxpayers money of course !
4. Roger Huffadine
Anyone who is planning a terrorist - or any other illegal act - who uses the internet, a mobile phone, a landline, snail mail or normal radio communication is a mug and deserves to be caught.
The really sad part of all this is that many of our leaders actually believe that this legislation will improve national security.
5. Simon
>> ... it will "ensure there are stringent safeguards inbuilt into any future proposals"
Hmm, those will be like the "stringent safeguards" protecting people from undue snooping under RIPA then.
And like the promises that the Sex Offenders Register would only be for "people convicted of SERIOUS sex offences", expect it to be passed, and then relaxed by ministerial edict.
Message to politicians : WE DON'T TRUST YOU, you've proven yourselves time and time again to be corrupt and untrustworthy.
6. anonymous
"the internet is ... basically data bits".
Thanks for clearing that up, 'professor' Peter Sommer (or whatever your real name is - sorry but I can't remember it).
Drivel like this report isn't going to help the public understand what is happening, or how to tackle it.
Many other commentators have noted, quite correctly that, along with the flawed ID Card scheme, this policy will do nothing to stop terrorism or serious crime...
It will, however, make many consultants very, very rich...
7. Drew Stephenson
The thing i don't get is why they're persevering with this. Not because of any public backlash, they plainly don't give two hoots for their employers (us), but surely even those dunderheads in the home office are beginning to realise that this is completely unworkable and they will never extract any meaningful data from it? Surely?
Oh, who am i kidding?