Br0kenTeleph0n3

Following the broadband money

What are the hard costs and benefits of online surveillance?

with 3 comments

It is annoying to read, once again, reports that the coalition government, or at least certain civil servants, wants to reintroduce Labour’s shelved Interception Modernisation Programme (IMP), now in its new guise as the Communications Capabilities Development Programme (CCDP.

Curiously, the story broke in the same week that Canada introduced a “Crime Bill” to permit surveillance, allegedly to give children the same online protection that others countries give, but which looks a lot like the IMP.

Basically the law enforcement people want to be able to tap phones they way used to, but the change in technology to packet switching means this is hard to impossible.

The initial cost of IMP was put at £12bn. This was mainly for the centralised GCHQ database, to be run by US outsource outfit EDS. This was to house all the emails, social network chit-chat, telephone calls, and especially voice over IP calls, that originate in or transit the UK. GCHQ then apparently opted for a £2bn pilot study. No-one outside the security establishment knows whether it worked, or to what extent it failed.

The UK, and to be fair, most other countries, have been deluged with draconian surveillance legislation ever since the 9/11 terrorist attacks. In Britain, the Information Commissioner’s Office even produced a report that asked whether we were sleep-walking into a “surveillance state,” and answered its own question with a “yes”.

Communications service providers like BT, Virgin Media, TalkTalk, Sky etc, are required under data retention laws to keep header information about the messages that transit their networks for a year. This information is essentially the same as one might find on a postal letter: name and address of sender and receiver, and the time of sending. NOT the contents. Or at least, not yet.

The data retention laws are supported by the Regulation of Investigatory Powers Act 2000 (RIPA). Under RIPA warrants to intercept messages (i.e. the entire communication)  must be signed by a secretary of state of a Scottish minister. “The authorisation can only be given in the interests of national security, for the purpose of preventing or detecting serious crime or for the purpose of safeguarding the economic well-being of the United Kingdom,” the Interception of Communications Commissioner (ICC) says in his 2010 annual report.

In 2010 the Home Secretary signed 1,682 warrants, and there were 1,048 still in force at the end of the year, a 10% rise over 2009. Scottish ministers approved 183 warrants, down from 204 in 2008, leaving 46 still in force at the end of the year a 5% rise from 2008. The ICC does not report how many requests were refused.

RIPA also allows hundreds of thousands of civil servants to request communications data (i.e. the “envelope information”). And they do. Those allowed include the intelligence agencies, police forces, the United Kingdom Border Agency (UKBA), the Serious Organised Crime Agency (SOCA) and other public authorities such as the Gambling Commission, Financial Services Authority (FSA) and local authorities.

The ICC’s annual report for 2010 says there were 552,550 requests for communications data for that year. This was up from 525,130 and 504,173 in the two preceding years respectively. Some 65% were to find out who owns a mobile phone. In the light of investigations into police corruption allied to mobile phone hacking, that may cause some concern.

There is without doubt a terrorist threat: the 7/7 London bombs show that. But with the death of Osama bin Laden and the apparently destruction of  of Al-Queda, what threats remain?

One would not like to think that the entire panoply of anti-terrorist measures are to be used to fight RnB music pirates, as SOCA did this week.

The fact remains that this entire area is virtually evidence-free, certainly with regard to costs and benefits. One imagines that MI6 could buy an awful lot of human intelligence with £12bn, without affecting the law-abiding majority of the population.

These are the questions I would like to see answered and debated in public.

What evidence must the authorities produce for minister to grant a warrant to permit surveillance?

How can ministers test it before they grant the warrant?

How many warrants does the government expect to issue a year?

Under what circumstances will the evidence gathered from surveillance be permitted in court?

How do the investigators account for IP spoofing, for temporary IP address assignments, for TOR’ed messages and for encrypted messages?

Who bears the cost of collecting, storing and accessing communications data?

What is the budget for the collection, storage, retrieval and subsequent processing of this data?

What protections and sources of restitution are there for people falsely identified and investigated?

What estimates are there of the number of residents who buy or sell pornographic images of children?

How many convictions have been secured in the past five years in which evidence gathered using surveillance laws, particularly intercept and communications data, proved conclusive to the prosecution?

What is the split between convictions related to terrorism and to economic crime (including smuggling)?

 

Advertisements

Written by Br0kenTeleph0n3

2012/02/19 at 14:10

3 Responses

Subscribe to comments with RSS.

  1. Ian,
    Like every other multi-billion £ project, this should be tested using ROI+TCO based upon facts and past performance. It is therefore very likely to fail, based on the previous journey down this garden path.

    Reflects poorly on government ability to tell a lemon project from a useful one. We unfortunately have to rely on the ISPs to point out the costs to the government. They at least have a clue regarding cost and management of that volume of data.

    Good article.

    thebizarch

    2012/02/20 at 09:02

    • I think it’s quite hard to measure ROI for public benefits, which is why I’d like to see the ratio of warrants to convictions. At least that gives us a clue in concrete terms how effectively the money is spent. Oddly enough, I’m told this information is not available, partly because intercept data is presently inadmissible as evidence in court. You have to ask why then are there more than 1500 requests for communications data PER DAY.
      I’ve also spoken to guys who deal daily with Big Data problems. They say GCHQ’s problem is not resolvable using the proposed tools. However, if the government wants to spend the money, they’re happy to take it. Indeed. Who wouldn’t?

      Ian Grant

      2012/02/20 at 09:37

  2. Will wireless and community networks etc. have to store data?

    Somerset

    2012/02/20 at 12:33


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: