Brits consider tracking all UK Facebook traffic

Brits consider tracking all UK Facebook traffic

Summary: The British Home Officer minister proposed recording the traffic data of all UK citizens on social-networking sites, such as Facebook, MySpace and Bebo.

SHARE:
The UK government is considering the mass surveillance and retention of all user communications on social-networking sites including Facebook, MySpace, and Bebo.

Home Office security minister Vernon Coaker said on Monday that the EU Data Retention Directive, under which ISPs must store communications data for 12 months, does not go far enough. Communications such as those on social networking sites and instant messaging could also be monitored, he said.

"Social-networking sites, such as MySpace or Bebo, are not covered by the directive," said Coaker, speaking at a meeting of the House of Commons Fourth Delegated Legislation Committee. "That is one reason why the government are looking at what we should do about the Intercept Modernization Program, because there are certain aspects of communications which are not covered by the directive."

Under the EU Data Retention Directive, from the March 15, 2009, all UK internet service providers (ISPs) are required to store customer traffic data for a year. The Intercept Modernization Program (IMP) is a government proposal, introduced last year, for legislation to use mass monitoring of traffic data as an anti-terrorism tool. The IMP has two strands: that the government use deep packet inspection to monitor the web communications of all UK citizens; and that all of the traffic data relating to those communications are stored in a centralized government database.

The UK government has previously said that communications interception was "vital", and has hinted that social-networking sites may be put under surveillance. However, responding to a question from Liberal Democrat MP Tom Brake, Coaker said that all traffic data on social-networking sites and through instant messaging may be harvested and stored.

"The honorable member for Carshalton and Wallington will also know the controversy that currently surrounds the Intercept Modernization Program," said Coaker. "I look forward to his support when we present Intercept Modernization Program proposals, which may include requiring the retention of data on Facebook, Bebo, MySpace and all other similar sites."

Deep packet inspection, the second strand of the IMP, involves intercepting and examining the contents of all data packets that flow over a network. In Monday's meeting, Coaker said the government still intends to have a consultation on whether to inspect and then store all internet traffic data in a centralized government database.

"What is the point of having a consultation if, as the honourable gentleman implies, the government have already made up their mind to have a central database?" said Coaker. "We have not made up our mind. We have said we will consult on a variety of options."

Opposition to the government's IMP proposal has been fierce. Cambridge University computer security expert Richard Clayton told ZDNet UK on Wednesday that the government proposal to monitor social-networking traffic was "extremely intrusive".

"The question is whether it's necessary or proportionate, and the short answer is no, it doesn't look that way," said Clayton. "If the government wants to make us safer, having a few more police on the electronic beat would be a good idea."

Clayton said that the problem for the government is that the Data Retention Directive only applies to data held by internet service providers, but that a large number of people don't use ISPs' systems to communicate, instead using online services including webmail and social-networking sites. Servers may be located in different jurisdictions, said Clayton, and data-retention times may be short.

"The government wants to collect all of this data on everybody, just in case," said Clayton. "Suppose you use hotmail.pk, and you blow up the Houses of Parliament. The government would have to persuade the Pakistani authorities to turn over the logs, which may then turn out only to have been retained for three days."

However, Clayton believes that the cost of harvesting this information, which would involve all UK internet infrastructure providers and ISPs having 'black boxes' to monitor data, would be prohibitively expensive. Clayton said that taxpayers' money would be better spent on the police, who could target investigations to those they suspect of criminal activity, rather than on performing blanket surveillance of everybody.

"To deploy deep packet inspection equipment isn't cheap — the word 'billion' is appropriate," said Clayton. "It took the Home Office the best part of a year to find £3m for the Police e-Crime Unit. That's what is wrong with this picture."

Web inventor Sir Tim Berners-Lee also opposes the use of deep packet inspection to inspect people's data. Berners-Lee told ZDNet UK last week that the internet should not be "snooped" upon.

"If [third parties] are using the data for political ends or commercial interest, there we have to draw the line," Berners-Lee said. "There's a gap between running a successful internet service and looking inside data packets."

This article was originally posted on ZDNet.co.uk.

Topics: Telcos, Browser, Enterprise Software, Government, Government US, Software, Social Enterprise

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • and when everyone goes encrypted.. this will be useless.

    The brits are on the verge of a police state. I see V for vendetta coming.

    I cant believe the people would stand for this.

    I already dont like our laws here in the US, that would push me too far.
    Been_Done_Before
    • It's a crime in UK not to give up passwords

      If you encrypt, then they simply haul you in and demand the password. If you fail to give it to them, it's a serious crime and you go right to jail for it. Simple.

      As for people in the US standing for it, the Bush answer for that was simple also, don't tell anybody you're doing it. Cisco built a whole new class of network gear, HP and IBM built some of the largest data centers for the US Govt to do just what Britain is only talking about. That's why Bush and Cheney were so frantic about getting immunity for the telcos on data tapping, because they were threatening to out all the secret installations that monitor just about whatever Internet traffic the Feds want to look at.
      Manny_Wacker
      • which password?.

        The secure certificate? the self-gen key? or what.

        In theory they can ask for the password but in a real world scene is stupid because it is impractical:"Hey Mustaffa (the evil terrorist), can you give us your password?."

        Its expensive and take a lot of time to survey a single user. So when they say "we will track all connection" is the same to say "i want to copy all the Internet(s) onto my notebook", or you could say BS.
        magallanes
  • RE: Brits consider tracking all UK Facebook traffic

    Sadly the majority will shrug and think it doesn't apply to them. Frankly the sooner this unpleasant and authoritarian government is destroyed in the polling booth the better.
    obliquewordsmith
    • And do you think ANY government will be different??!!

      All governments are the same. Given that (discussions above) the US is
      already doing it, you think one govt won't follow suit? Of course they will.
      They'd be stupid not to!
      pjher
  • RE: Brits consider tracking all UK Facebook traffic

    Its not like they have a choice in the matter. Just
    like i'm sure they didn't have a choice to allow the
    gov't to require ISP's to keep a year's data.
    badkid32
  • RE: Brits consider tracking all UK Facebook traffic

    I think he means encrypted tunneling, SSH and the
    like. VPN's as well. Deep packet monitoring won't see
    what's in the packets with out the crypto keys. Tis
    why I use an encrypted VPN to home when i'm using
    public wifi. Not that my home internet is much more
    secure, at least it's not public wifi :)
    badkid32
  • Even without digital encryption

    Even without digital encryption is possible to send a private message, for example:

    "lorem iBsUm dolor sYt amet, coNsectetUr adipisiKing elAt, sed do eiusmod CempOr incidiLdunt ut Aabore et dolore magna aliqua."

    They will spend billion in security when free trick can easily bypass it. So, what is the trick?, to give money a specific contractor or simple to intimidate?.
    magallanes
  • RE: Brits consider tracking all UK Facebook traffic

    Like here in the US, they want to monitor and collect the data under the guise of "preventing terrorism". Why would you need to blanket cover all the data for that? They never mention any searching for keywords or flagging anything specific, just keeping records of everything they can for one year "just in case". In case what? The off chance that a group of terrorists would be stupid enough to actually say things online like "I have the components to make the bomb. Meet me at The Masons Arms pub (in central London) so we can go over the details of our bombing of Parliament". Even your average thief or con man knows better than to mention directly any crimes or anything illegal. Even if they were to communicate they may just say "let's meet at the pub for drinks later before we go out", not mention anything that these records would help find.

    Further, how long do you think it would take to go through all this data since there are over 60 million people in the UK? By the time you found anything in this data, whatever was planned will have already happened so it will have served no purpose.
    jian9007
  • RE: Brits consider tracking all UK Facebook traffic

    [i]If you encrypt, then they simply haul you in and demand the password. If you fail to give it to them, it's a serious crime and you go right to jail for it. Simple.[/i]

    And some people are willing to do that. If you're gonna go to jail anyway, why make it easier for them by self-incriminating yourself.
    hasta la Vista, bah-bie
  • RE: Brits consider tracking all UK Facebook traffic

    Come on, it already is a police state. It has more
    'security' cameras per head of population than any
    other country in the world (apparently). I was born in
    England..I moved country's because of the monetarial
    fascism of 80's thatchers briatain and will NEVER move
    back..in fact I burnt my British PassPort so I
    wouldn't even be tempted. This really isn't news - its
    just the 'farmers' tagging a few more sheep.
    wezhind@...
  • And you think ANY government is any different??!!

    All governments are the same. Given that (discussions above) the US is
    already doing it, you think one govt won't follow suit? Of course they will.
    They'd be stupid not to!
    pjher
  • It would be the equivalent of tapping every phone call you ever made!

    The point about the invasion of privacy is that it will not
    just be used to prevent terrorism. As we've already seen in
    Britain anti-terrorist measures - surveillance cameras -
    have been used for car-parking offenses!!
    The rationale is, if the technology's in place why not use it!
    The other danger is that records will be kept that may not
    be accurate: mistaken identity, human error etc. People will
    end up with things they didn't do on their 'records'.
    The powers that be, having access to such powerful
    records, will be able to prevent you from doing what you
    have a perfect right to do without you have access to the
    reasons or the recourse to correct your 'record'. This has,
    and continues to happen with, credit records.
    It is also what makes an apartheid state so powerful:
    remember South Africa? People couldn't travel from one
    area of the country to another because they didn't have the
    'correct' pass.
    These measures must be opposed by everyone in every
    country.
    pjher
  • Cool Britannia me a*se!

    You cant smoke in pubs, traffic camera's everywhere & speeding fines in the mail, taxed up the ying yang on everything, one of the most nosey and intrusive governments in the western world, 'Cool Britannia' my backside. Its a pathetic nanny state whos once solid people now let themselves be walked over by the w**kers in parliament.
    DaiHard
  • This is wonderful!

    Only by allowing our government complete access to all our communications can we truly have privacy. All hail our great leader! Welcome to a New World Order! Seig Heil! Seig Heil! Seig Heil!
    cmatrix
  • RE: Brits consider tracking all UK Facebook traffic

    there is no privacy anywhere..at first through cctv now they have not spared the internet as well, next what? i support the government for taking drastic steps to fight terrorism, but it shouldnt be done at the cost of law abiding peoples' liberties. if government are keeping eye on facebook, myspace and bebo and if they think that there are terrorists using these sites, then i have to switch to other sites which are safe.

    at present im active in http://atflashback.com
    sandyviv