Feeds

Parliament to unleash barrage of criticism on Snoopers' Charter

Unseen spook Farr back again with plan to tap the UK net

Top 5 reasons to deploy VMware with Tegile

The joint parliamentary committee scrutinising the government’s Communications Data Bill - universally dubbed the “Snoopers' Charter” - is set to slate the draft law in its official report published tomorrow.

Most of the committee members felt the Home Office had failed to make a convincing case for the scale of requested powers required to monitor British citizens' activities online, The Register has learnt. Home Secretary Theresa May said the proposed surveillance law would "save lives" and help cops catch more paedophiles and terrorists.

But the committee's MPs and peers are likely to encourage the police and law enforcement agencies to work out a much simpler scheme that the public can trust. The message is likely to be “go back to the drawing board and come and talk to us when you have something fresh”. As regular Register readers will know, the surveillance plans now being re-examined have been touted to successive governments by the intelligence services for years with little change to any details other than the name.

The MPs are likely to offer fierce opposition to the proposals, which would allow the Home Office to wire network traffic probes into the public internet anywhere it chose, for this or any successor government to use for any purpose it chose.

The value for money of the £2bn scheme will also be criticised at a time when the police's technical crime-fighting resources are being severely scaled back.

The report will be another setback for the Home Secretary: in 2010 the former Director of Public Prosecutions Lord Macdonald was asked to review her plan to monitor citizens online. He previously called the project to mine the UK internet:

A paranoid fantasy which would destroy everything that makes living worthwhile. This database would be an unimaginable hellhouse of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail.

Tomorrow the joint parliamentary committee investigating the draft law will be backed, unexpectedly, by a normally well housetrained government lap cat: the specially vetted parliamentary Intelligence and Security Committee, which works behind the veil of secrecy.

The two panels' highly critical reports will be an expected disappointment for the Home Office. They are the latest in a series of spectacular disasters for career spy Charles Farr, who three years ago had hoped to land the top job at the Secret Intelligence Service (MI6) and become “C”.

So close yet so Farr

For the third time, but for the first time in public and in plain view of netizens, his attempts to get Britain’s domestic internet completely tapped by GCHQ and the other intelligence agencies appears to have fallen apart.

As chair of the Olympic Security Board, Farr also oversaw this year’s G4S security fiasco in which he found out days before the 2012 Games began that his chosen security contractors had not trained the necessary security guards. Thousands of troops and police had to be drafted in to take their places.

For more than five years, Farr has been the secret hand behind the state’s electronic surveillance plan. Appointed by Gordon Brown in July 2007 as the first Director General of the Office for Security and Counter Terrorism and notionally as his National Security Adviser, Farr began by masterminding a strategy to mine private information. Within months, he had clawed £1bn from the Treasury for a new Interception Modernisation Programme (IMP), intended to give GCHQ spooks ISP-level access to all UK internet communications.

The GCHQ plan – known internally as “Mastering The Internet” (MTI) - was first and exclusively revealed by The Register in May 2009. Subsequent developments have confirmed the accuracy of El Reg’s scoop.

When the coalition government took over, Con-Lib ministers had to come to terms with the clear promises they had made to block new surveillance laws. Farr had to bide his time for a year. His Labour-era Interception Modernisation Program was rebranded as the safer-sounding “Communications Capability Development Program” (CCDP). Nothing else changed.

Farr made elementary blunders in successive appearances before MPs and peers this year, pointing up the exercise as a smokescreen to distract attention from the core purpose of the new laws - to help GCHQ and defence contractors Detica install their planned data mining network at all major UK ISPs.

He stumbled and stuttered when asked to explain how the government had come up with claimed savings of £5bn to offset the costs of the CCDP. He could not justify the expenditure at a time when austerity cuts have forced police budgets down 20 per cent and knocked back the work of police high-tech and e-crime units across the country.

At first, Farr refused to be seen or photographed, according to parliamentary sources, and repeatedly asked to give his evidence in secret and in private. This cut no ice with the scrutinising committee. His British TV debut can now be viewed on the UK Parliament website (audio only).

Claims of phone companies storing data come unstuck

Farr launched his evidence to the committee with a series of astonishing slip-ups, claiming that “Communications Service Providers (CSPs) no longer retain for their own business purposes communications data as we know it ... they do not generate it ... there is nothing to which they (the CSPs) can get access”.

Asked to “elaborate” by a committee member, Farr claimed that “in the old days” providers kept itemised phone bill records “on a call-by-call duration-by-duration destination-by-destination basis” but that now, as customers often “no longer pay per transaction, [but] pay per month or per year”, telcos “have much less interest in bits of data”.

“30 years ago, BT may have kept data because they needed it in order to bill people correctly,” he said.

Farr’s claim was inaccurate and historically impossible, as the electromechanical exchanges of the early 1980s could not and did not generate call data records. What is now called “itemised billing” did not generally exist for many years thereafter. Now, far from the authorities’ access to communications records being reduced - as the smokescreen story went - it has blossomed with the introduction of the Regulation of Investigatory Powers Act (RIPA) in 2000, and the Data Retention Directive of 2009.

Farr claimed – on the basis of a secret study the Home Office refused to allow the joint committee to see – that police and intelligence agencies can currently see 75 per cent of communications data, but that that would be magicked up to 85 per cent if parliament would pass his new law and approve a £2bn spend over the next ten years.

Even on this basis, Farr’s team admitted that one in six communications links would remain unseen. Nor would minor ISPs be targeted for compulsory interception using Deep Packet Inspection (DPI) systems, leaving plenty of dark cyberspaces where the customary internet spectres, paedophiles and terrorists could continue to operate unseen and unseeable. Quite how a plan with so many gaping holes could be a value-for-money UK security system was a concept that the government side struggled futilely to put forward.

85 per cent of exactly what would be harvested by the new system was never fully explained, but in a second session the officials confirmed that they were hoping to acquire access to encrypted webmail links, Skype VoIP calls and other private systems. They could not explain how they would defeat and thus destroy encrypted SSL (Secure Socket Layer) terminal-to-server protection used to thwart malicious attacks and interceptions. Nor could they explain clearly why it would not be better simply to ask Google, Microsoft and Skype to help UK law enforcement as they already do.

The obvious problem, the committee was told, was that Google and others have to comply with US privacy laws, and that they publish information about what customers’ data they hand over. These and similar providers said that they could only legally respond to justified and specific requests, as opposed to data mining trawls across all available data.

The government also prevented the heads of British intelligence from being examined by the MPs and peers as to the real reasons for the bill. The Home Office then landed a spectacular own goal when, days before the committee started work, MI5 chief Jonathan Evans was allowed to give a public lecture claiming that it would be “extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities” and if parliament refused to give MI5 what it wanted.

The Home Office still banned him from explaining his case to Parliament.

Secure remote control for conventional and virtual desktops

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.