Feeds

UK.gov plans central database for all your communications

Brown team plots Ripa redux?

The Brown government is considering a central database of all UK communications data including times and durations of phone calls, emails and internet access for every British citizen.

The draft bill is still being considered by ministers and a Home Office spokeswoman told us no decision had yet been reached.

The spokeswoman told The Register: "Ministers have made no decision on whether a central database will be included in that draft bill." She refused to compare the proposed legislation to Ripa, as it is still only a proposal.

Under the Regulation of Investigatory Powers Act passed in 2000 and the Anti-Terrorism Crime and Security Act 2001, companies like telcos and internet service providers already have to keep this information in case it is needed by a police or security service investigation.

It appears what is different now is that this information will be actively collected and stored in one place by the government. Reports on the proposals suggest authorities will still need to go to the courts to gain access to the database. However, such a massive amount of data will be ripe for speculative data-mining and fishing techniques, rather than more targeted searches.

More to the point, given this government's gross incompetence in safeguarding any of our data, having all our comms info in one place has to be a major concern.

Under Ripa police or other authorities like local councils can approach service providers and demand access to anyone's communications data.

The Assistant Information Commissioner, Jonathan Bamford, said: "If the intention is to bring all mobile and internet records together under one system, this would give us serious concerns and may well be a step too far. We are not aware of any justification for the state to hold every UK citizen's phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable...

"We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky; the more data that is collected and stored the bigger the problem when the data is lost, traded or stolen... If there is a problem with the current arrangements, we stand ready to advise on how they can be improved."

The government is blaming Europe for the changes. The European Data Retention Directive seeks to ensure that investigators have access to this information, as they do under existing UK law, but does not call for centralised, government-run databases.

The directive was issued in response to the terrorist attacks in London in 2005. It applies only to information around communication - the time and duration of your chat, not its actual content. It aims to harmonise regulations so that data is stored for "not less than six months and not more than two years from the date of the communication".

The proposed bill also ignores at least two actual problems which law enforcement struggles to deal with. Unregistered mobile phones and VoIP services like Skype mean that the proposed law will catch only the densest of criminals.

Paul Vlissidis, technical director of NCC Group, said: "My first thought was "this is the start of the silly season" - essentially all the information they are talking about is already retained. If they are talking about a central, additional database then by definition that adds more risk. It would need best-in-class security and we haven't seen much evidence of that from government IT in recent months."®

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.