Feeds

ISPs frosty on Jacqui's comms surveillance plan

Home Office has a lot of persuading to do

Security for virtualized datacentres

Jacqui Smith's plan to have ISPs create an enormous federated database of all online communications is receiving a frosty reception from the industry, multiple sources have revealed.

Many internet providers are unhappy that Smith plans to order them to retain complete details of who contacts whom, when, where and how. She opened a consultation on the £2bn scheme at the end of April, replacing earlier plans to warehouse all communications data centrally.

Many in the industry are currently working on their written objections to the proposals, which are known in Whitehall as the Interception Modernisation Programme. Their cooperation will be essential if Smith is to get the project - ostensibly aimed at "maintaining capability" of authorities to access communications data - off the ground.

ISPs are worried that the Home Office does not understand the scale of the technical challenge involved in monitoring and storing data on every communication via the internet. They fear the spiralling costs associated with government IT projects and resent being forced to devote resources to the plans.

"They say that most ISPs already have the equipment in place to do this but this is just not the case," said Trefor Davies, chief technology officer of business ISP Timico.

It's understood that under the current government plans, communications data would be copied to ISP-operated databases in transit by deep packet inspection (DPI) equipment.

The devices would be installed as part of GCHQ's ongoing "Mastering the Internet" programme, a secret project revealed by The Register last month. The system could be configured remotely by eavesdroppers at the Cheltenham electronic surveillance agency, allowing them to adapt to collect data on communications via new internet applications that might emerge.

The networked databases - which officials want ISPs to process, so that an individual customer's email activity is linked to their web browsing history - would then be available to law enforcement and intelligence officers as required, without a warrant under part 1 of the Regulation of Investigatory Powers Act (RIPA).

It is not planned that the DPI "black boxes" would routinely intercept the content of communications, though theoretically the technology would be capable of such activity, if warranted by the Home Secretary under RIPA provisions that govern interception.

Industry sources - who asked not to be named because some contact with government on the project is classified - said that officials gave a poorly-received presentation on the federated storage plans, at a regular industry conference held by peering cooperative LINX last month. About 40 per cent of ISPs at the event said they did not currently have the capability to store the data.

Malcom Hutty, LINX's head of public affairs said: "The presentation raised rather more questions than it answered. We look forward to further detailed discussion with the Home Office."

Davies was more forthcoming. He said: "The industry doesn't think the Government understands the likely costs associated with this activity and the continually moving goalpost that is the internet – so the costs of maintaining this capability are likely to be large and ongoing for as long as the government wants to monitor people's activity."

According to Smith's consultation document, officials have estimated internet providers will need £2bn in taxpayer funding to store details of all communications over 10 years.

Spokespeople for large providers, which have close relations with law enforcement and intelligence because they serve the majority of requests for communications data, declined to comment on the government proposals. BT and Virgin Media, the two largest ISPs, both said they were still examining the proposals.

Orange said: "Orange wishes to ensure that any future proposals in maintaining the use of communications data in this arena are proportionate and with a legal basis and has appropriate safeguards to ensure the protection and security of our customers' data."

The communications data consultation closes on July 20, just before the summer Parliamentary recess. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Net neutrality fans' joy as '2.3 million email' flood hits US Congress
FCC invites opinions in CSV format, after Slowdown day 'success'
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.