The U.K. government is considering the mass surveillance and retention of all
user communications on social-networking sites, including Facebook, MySpace, and
Vernon Coaker, the U.K. Home Office security minister, on Monday said the EU
Data Retention Directive, under which Internet service providers must store
communications data for 12 months, does not go far enough. Communications such
as those on social-networking sites and via instant-messaging services could
also be monitored, he said.
"Social-networking sites such as MySpace or Bebo are not covered by the
directive," said Coaker, speaking at a meeting of the House of Commons Fourth
Delegated Legislation Committee. "That is one reason why the government (is)
looking at what we should do about the Intercept(ion) Modernization Program,
because there are certain aspects of communications which are not covered by the
Under the EU Data Retention Directive, from March 15, 2009, all U.K. ISPs are
required to store customer traffic data for a year. The Interception
Modernization Program, or IMP, is a government proposal, introduced last year,
for legislation to use mass monitoring of traffic data as an antiterrorism tool.
The IMP has two objectives: that the government use deep-packet inspection to
monitor the Web communications of all U.K. citizens; and that all of the traffic
data relating to those communications are stored in a centralized government
The U.K. government has previously said communications interception is
"vital" and has hinted that social-networking sites may be put under
surveillance. And responding to a question from Liberal Democrat Parliament
member Tom Brake, Coaker said all traffic data on social-networking sites and
through instant-messaging services may be harvested and stored.
"The honorable member for Carshalton and Wallington will also know the
controversy that currently surrounds the Intercept(ion) Modernization
Program," Coaker said. "I look forward to his support when we present (IMP)
proposals, which may include requiring the retention of data on Facebook, Bebo,
MySpace, and all other similar sites."
Deep-packet inspection, the second strand of the IMP, involves intercepting
and examining the contents of all data packets that flow over a network. In
Monday's meeting, Coaker said the government still intends to have a
consultation on whether to inspect and then store all Internet traffic data in a
centralized government database.
"What is the point of having a consultation if, as the honorable gentleman
implies, the government (has) already made up (its) mind to have a central
database?" Coaker asked. "We have not made up our mind. We have said we will
consult on a variety of options."
Opposition to the government's IMP proposal has been fierce. Cambridge
University computer security expert Richard Clayton told ZDNet Asia's sister ZDNet UK on Wednesday
that the government proposal to monitor social-networking traffic was "extremely
"The question is whether it's necessary or proportionate, and the short
answer is no, it doesn't look that way," said Clayton. "If the government wants
to make us safer, having a few more police on the electronic beat would be a
Clayton said the problem for the government is that the Data Retention
Directive applies only to data held by Internet service providers, but that a
large number of people don't use ISPs' systems to communicate, instead using
online services such as Web mail and social-networking sites. Servers may be
located in different jurisdictions, Clayton said, and data retention times may
"The government wants to collect all of this data on everybody, just in
case," Clayton said. "Suppose you use (an e-mail service based in Pakistan), and
you blow up the Houses of Parliament. The government would have to persuade the
Pakistani authorities to turn over the logs, which may then turn out only to
have been retained for three days."
However, Clayton believes that the cost of harvesting this information, which
would involve all U.K. Internet infrastructure providers and ISPs having "black
boxes" to monitor data, would be prohibitively expensive. Clayton said
taxpayers' money would be better spent on the police, who could target
investigations to those they suspect of criminal activity, rather than on
performing blanket surveillance of everybody.
"To deploy deep-packet inspection equipment isn't cheap--the word 'billion'
is appropriate," Clayton said. "It took the Home Office the best part of a year
to find 3 million pounds for the Police e-Crime Unit. That's what is wrong with
Web inventor Sir Tim Berners-Lee also opposes the use of deep-packet inspection to inspect people's data.
Berners-Lee told ZDNet UK last week that the Internet should not be "snooped"
"If (third parties) are using the data for political ends or commercial
interest, there we have to draw the line," Berners-Lee said. "There's a gap
between running a successful Internet service and looking inside data