Feeds

UK.gov plans central database for all your communications

Brown team plots Ripa redux?

Top three mobile application threats

The Brown government is considering a central database of all UK communications data including times and durations of phone calls, emails and internet access for every British citizen.

The draft bill is still being considered by ministers and a Home Office spokeswoman told us no decision had yet been reached.

The spokeswoman told The Register: "Ministers have made no decision on whether a central database will be included in that draft bill." She refused to compare the proposed legislation to Ripa, as it is still only a proposal.

Under the Regulation of Investigatory Powers Act passed in 2000 and the Anti-Terrorism Crime and Security Act 2001, companies like telcos and internet service providers already have to keep this information in case it is needed by a police or security service investigation.

It appears what is different now is that this information will be actively collected and stored in one place by the government. Reports on the proposals suggest authorities will still need to go to the courts to gain access to the database. However, such a massive amount of data will be ripe for speculative data-mining and fishing techniques, rather than more targeted searches.

More to the point, given this government's gross incompetence in safeguarding any of our data, having all our comms info in one place has to be a major concern.

Under Ripa police or other authorities like local councils can approach service providers and demand access to anyone's communications data.

The Assistant Information Commissioner, Jonathan Bamford, said: "If the intention is to bring all mobile and internet records together under one system, this would give us serious concerns and may well be a step too far. We are not aware of any justification for the state to hold every UK citizen's phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable...

"We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky; the more data that is collected and stored the bigger the problem when the data is lost, traded or stolen... If there is a problem with the current arrangements, we stand ready to advise on how they can be improved."

The government is blaming Europe for the changes. The European Data Retention Directive seeks to ensure that investigators have access to this information, as they do under existing UK law, but does not call for centralised, government-run databases.

The directive was issued in response to the terrorist attacks in London in 2005. It applies only to information around communication - the time and duration of your chat, not its actual content. It aims to harmonise regulations so that data is stored for "not less than six months and not more than two years from the date of the communication".

The proposed bill also ignores at least two actual problems which law enforcement struggles to deal with. Unregistered mobile phones and VoIP services like Skype mean that the proposed law will catch only the densest of criminals.

Paul Vlissidis, technical director of NCC Group, said: "My first thought was "this is the start of the silly season" - essentially all the information they are talking about is already retained. If they are talking about a central, additional database then by definition that adds more risk. It would need best-in-class security and we haven't seen much evidence of that from government IT in recent months."®

SANS - Survey on application security programs

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.