Government keeps web-monitoring plan alive

Government keeps web-monitoring plan alive

Summary: The coalition intends to pursue plans to track web-communications data and hand it over to security agencies, despite pre-election promises to cut back on surveillance

SHARE:
TOPICS: Security
6

The coalition looks likely to forge ahead with the previous government's plans to intercept web communications, despite pre-election pledges from the Conservatives and the Liberal Democrats to reduce surveillance of citizens.

A passage in the newly released Strategic Defence Security Review (SDSR) outlined a plan to monitor messages, with reference to new technology.

The government will "introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain communication data and to intercept communications within the appropriate legal framework. This programme is required to keep up with changing technology and to maintain capabilities that are vital to the work these agencies do to protect the public", it said in the security review, published on Tuesday.

Read this

Government to allocate £500m for cyber-defence

Over half a billion pounds will go to cyber-defence and improving the computer security of the critical national infrastructure, the government has announced

Read more+

Specific details of the plans are not immediately available, a Home Office spokeswoman told ZDNet UK on Thursday. She declined to say whether the government planned to monitor all web communications.

"The premise is similar [to the previous government's plans]," she said. "[The SDSR indicates] an intent to take forward a programme of work."

The previous Labour government formulated a plan to have ISPs, social-networking sites and other communications service providers collect traffic data on all web communications under the Interception Modernisation Programme. The scheme aimed to gather information on the sender, recipient, timing and location of every email and other message sent via the web. The data, harvested using deep-packet inspection, was to be stored in a manner to allow law enforcement and the intelligence services to track any individual and to see with whom they were communicating and when.

In January, the Home Office announced that it had fused two of its teams. One was to look at traditional interception such as phone tapping, and the other was to look at the interception of new technologies. The group is called the Communications Capabilities Directorate (CCD).

The SDSR shows that the CCD is being provided with resources, with the level of funding to be announced in the future, the Home Office spokeswoman said on Thursday.

Before the election in May, Conservative Party policy was to reduce government surveillance. In a position paper written in September 2009, called Reversing the rise of the surveillance state, then-shadow home secretary Dominic Grieve pledged to protect personal privacy.

Grieve said in the paper that an incoming Conservative government would set about "immediately submitting the Home Office's plans for the retention of — and access to — communications data to the Information Commissioner for pre-legislative scrutiny".

In September 2009, the Liberal Democrats said that the Conservatives' plans to cut back on surveillance of citizens were not stringent enough.

Read this

Hundreds of government IT projects in firing line

The government has revealed it is planning to scrap or scale back more than 400 IT projects, in a bid to meet its targets on public spending cuts

Read more+

The Information Commissioner has not been consulted on any interception plans since the coalition government took power in May, according to a spokesman for the Information Commissioner's Office (ICO). The commissioner, Christopher Graham, is concerned that such plans may be disproportionate, he said.

"The Commissioner's... key concern is whether the case has been made for the project," said the spokesman for the UK privacy watchdog. "On the face of it, the proposal seems disproportionate when any perceived benefits that might be gained from retaining this data are set against the risks to privacy involved. He looks forward to meeting with officials at the Home Office to establish whether or not his concerns have been addressed."

Security and forensics expert Peter Sommer said that privacy is extremely difficult to maintain when capturing web communications.

"With analogue communications, you can separate out data [ie. who is speaking to whom] from intercept content," said Sommer. "If you start to capture a multiplicity of web protocols, you have to capture the whole stream before you separate out the details you are entitled to collect."

Police and the intelligence agencies have a system of self-authorisation when it comes to collecting communications-traffic data. However, they need to get authorisation from the Home Secretary if they want to look at the actual content of a communication.

One of the problems with intercepting web protocols is that you cannot tell what is traffic data and what is content before it is intercepted, said Sommer, which leads to the danger of self-authorisation by law enforcement agencies.

Government web-interception plans were likely to revolve around one of two scenarios, said Sommer, who is an observer at Eurim and on the advisory council for the Foundation for Information Policy Research think tank. In the first scenario, communications service providers could capture all traffic from all customers and hold it for a minimum of six months, against receiving a request from law enforcement. In the second scenario, data could be collected by the providers, siphoned off to a database run by GCHQ, and passed out to law enforcement according to specification.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • I know, let's issue the postman with a portable scanner so he can take a copy of everything before he pushes it through the letterbox - just to be on the safe side, in case it turns out to be the home of a terrorist or gangster. After all it makes about as much sense as this.
    walsingham
  • The original plan stemmed from a briefing by the head of GCHQ, that said they could not intercept internet communications because those were routed through multiple routes. Thus they claimed the only way to intercept communications legally was to intercept everything all the time.

    This is a lie. Not a misunderstanding or ignorance, it's a flat out lie.

    To LEGALLY intercept any communication with any person under surveillance, simple serve the ISP with a warrant, and just as they can route the connection anyway they choose, they can route it through GCHQ. Do you imagine ISPs can track PHORM adverts but can't route connections? That they can track usage for billing but not for legal interceptions?

    To under stand why well meaning but flawed individuals are the real danger to freedom, see examples like this:
    http://boingboing.net/2010/09/15/pa-homeland-security.html

    Ultimately the good guys become the bad guys, because sooner or later they confuse what goes through their brains with the definition of good.
    guihombre
  • Do we really need more reasons to believe politicians are all hypocrites and liars?!
    authentictech
  • Every e-mail, phone call, and Web site visit recorded and stored. Creepy. It will be used to target and stigmatise minority groups, whistleblowers, and political enemies engaged in criticism or peaceful political protest.
    pacelegal-92cb9
  • its the beginning of the end for the web as a proper forum of free speech. . . . who is going to fight back, and how are we going to do it?
    bazookajoe-c71b6
  • this is so wrong

    we are being punished for what hackers do and that is so wrong o'will i will just shut down my internet for good that is the only to stop i have done any thing wrong and i am paying for what hackers are doing what a big wrong to me and othwers
    ttx19