Feeds

UK.gov plans central database for all your communications

Brown team plots Ripa redux?

Providing a secure and efficient Helpdesk

The Brown government is considering a central database of all UK communications data including times and durations of phone calls, emails and internet access for every British citizen.

The draft bill is still being considered by ministers and a Home Office spokeswoman told us no decision had yet been reached.

The spokeswoman told The Register: "Ministers have made no decision on whether a central database will be included in that draft bill." She refused to compare the proposed legislation to Ripa, as it is still only a proposal.

Under the Regulation of Investigatory Powers Act passed in 2000 and the Anti-Terrorism Crime and Security Act 2001, companies like telcos and internet service providers already have to keep this information in case it is needed by a police or security service investigation.

It appears what is different now is that this information will be actively collected and stored in one place by the government. Reports on the proposals suggest authorities will still need to go to the courts to gain access to the database. However, such a massive amount of data will be ripe for speculative data-mining and fishing techniques, rather than more targeted searches.

More to the point, given this government's gross incompetence in safeguarding any of our data, having all our comms info in one place has to be a major concern.

Under Ripa police or other authorities like local councils can approach service providers and demand access to anyone's communications data.

The Assistant Information Commissioner, Jonathan Bamford, said: "If the intention is to bring all mobile and internet records together under one system, this would give us serious concerns and may well be a step too far. We are not aware of any justification for the state to hold every UK citizen's phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable...

"We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky; the more data that is collected and stored the bigger the problem when the data is lost, traded or stolen... If there is a problem with the current arrangements, we stand ready to advise on how they can be improved."

The government is blaming Europe for the changes. The European Data Retention Directive seeks to ensure that investigators have access to this information, as they do under existing UK law, but does not call for centralised, government-run databases.

The directive was issued in response to the terrorist attacks in London in 2005. It applies only to information around communication - the time and duration of your chat, not its actual content. It aims to harmonise regulations so that data is stored for "not less than six months and not more than two years from the date of the communication".

The proposed bill also ignores at least two actual problems which law enforcement struggles to deal with. Unregistered mobile phones and VoIP services like Skype mean that the proposed law will catch only the densest of criminals.

Paul Vlissidis, technical director of NCC Group, said: "My first thought was "this is the start of the silly season" - essentially all the information they are talking about is already retained. If they are talking about a central, additional database then by definition that adds more risk. It would need best-in-class security and we haven't seen much evidence of that from government IT in recent months."®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.