Feeds

Parliament to unleash barrage of criticism on Snoopers' Charter

Unseen spook Farr back again with plan to tap the UK net

Website security in corporate America

The joint parliamentary committee scrutinising the government’s Communications Data Bill - universally dubbed the “Snoopers' Charter” - is set to slate the draft law in its official report published tomorrow.

Most of the committee members felt the Home Office had failed to make a convincing case for the scale of requested powers required to monitor British citizens' activities online, The Register has learnt. Home Secretary Theresa May said the proposed surveillance law would "save lives" and help cops catch more paedophiles and terrorists.

But the committee's MPs and peers are likely to encourage the police and law enforcement agencies to work out a much simpler scheme that the public can trust. The message is likely to be “go back to the drawing board and come and talk to us when you have something fresh”. As regular Register readers will know, the surveillance plans now being re-examined have been touted to successive governments by the intelligence services for years with little change to any details other than the name.

The MPs are likely to offer fierce opposition to the proposals, which would allow the Home Office to wire network traffic probes into the public internet anywhere it chose, for this or any successor government to use for any purpose it chose.

The value for money of the £2bn scheme will also be criticised at a time when the police's technical crime-fighting resources are being severely scaled back.

The report will be another setback for the Home Secretary: in 2010 the former Director of Public Prosecutions Lord Macdonald was asked to review her plan to monitor citizens online. He previously called the project to mine the UK internet:

A paranoid fantasy which would destroy everything that makes living worthwhile. This database would be an unimaginable hellhouse of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail.

Tomorrow the joint parliamentary committee investigating the draft law will be backed, unexpectedly, by a normally well housetrained government lap cat: the specially vetted parliamentary Intelligence and Security Committee, which works behind the veil of secrecy.

The two panels' highly critical reports will be an expected disappointment for the Home Office. They are the latest in a series of spectacular disasters for career spy Charles Farr, who three years ago had hoped to land the top job at the Secret Intelligence Service (MI6) and become “C”.

So close yet so Farr

For the third time, but for the first time in public and in plain view of netizens, his attempts to get Britain’s domestic internet completely tapped by GCHQ and the other intelligence agencies appears to have fallen apart.

As chair of the Olympic Security Board, Farr also oversaw this year’s G4S security fiasco in which he found out days before the 2012 Games began that his chosen security contractors had not trained the necessary security guards. Thousands of troops and police had to be drafted in to take their places.

For more than five years, Farr has been the secret hand behind the state’s electronic surveillance plan. Appointed by Gordon Brown in July 2007 as the first Director General of the Office for Security and Counter Terrorism and notionally as his National Security Adviser, Farr began by masterminding a strategy to mine private information. Within months, he had clawed £1bn from the Treasury for a new Interception Modernisation Programme (IMP), intended to give GCHQ spooks ISP-level access to all UK internet communications.

The GCHQ plan – known internally as “Mastering The Internet” (MTI) - was first and exclusively revealed by The Register in May 2009. Subsequent developments have confirmed the accuracy of El Reg’s scoop.

When the coalition government took over, Con-Lib ministers had to come to terms with the clear promises they had made to block new surveillance laws. Farr had to bide his time for a year. His Labour-era Interception Modernisation Program was rebranded as the safer-sounding “Communications Capability Development Program” (CCDP). Nothing else changed.

Farr made elementary blunders in successive appearances before MPs and peers this year, pointing up the exercise as a smokescreen to distract attention from the core purpose of the new laws - to help GCHQ and defence contractors Detica install their planned data mining network at all major UK ISPs.

He stumbled and stuttered when asked to explain how the government had come up with claimed savings of £5bn to offset the costs of the CCDP. He could not justify the expenditure at a time when austerity cuts have forced police budgets down 20 per cent and knocked back the work of police high-tech and e-crime units across the country.

At first, Farr refused to be seen or photographed, according to parliamentary sources, and repeatedly asked to give his evidence in secret and in private. This cut no ice with the scrutinising committee. His British TV debut can now be viewed on the UK Parliament website (audio only).

Claims of phone companies storing data come unstuck

Farr launched his evidence to the committee with a series of astonishing slip-ups, claiming that “Communications Service Providers (CSPs) no longer retain for their own business purposes communications data as we know it ... they do not generate it ... there is nothing to which they (the CSPs) can get access”.

Asked to “elaborate” by a committee member, Farr claimed that “in the old days” providers kept itemised phone bill records “on a call-by-call duration-by-duration destination-by-destination basis” but that now, as customers often “no longer pay per transaction, [but] pay per month or per year”, telcos “have much less interest in bits of data”.

“30 years ago, BT may have kept data because they needed it in order to bill people correctly,” he said.

Farr’s claim was inaccurate and historically impossible, as the electromechanical exchanges of the early 1980s could not and did not generate call data records. What is now called “itemised billing” did not generally exist for many years thereafter. Now, far from the authorities’ access to communications records being reduced - as the smokescreen story went - it has blossomed with the introduction of the Regulation of Investigatory Powers Act (RIPA) in 2000, and the Data Retention Directive of 2009.

Farr claimed – on the basis of a secret study the Home Office refused to allow the joint committee to see – that police and intelligence agencies can currently see 75 per cent of communications data, but that that would be magicked up to 85 per cent if parliament would pass his new law and approve a £2bn spend over the next ten years.

Even on this basis, Farr’s team admitted that one in six communications links would remain unseen. Nor would minor ISPs be targeted for compulsory interception using Deep Packet Inspection (DPI) systems, leaving plenty of dark cyberspaces where the customary internet spectres, paedophiles and terrorists could continue to operate unseen and unseeable. Quite how a plan with so many gaping holes could be a value-for-money UK security system was a concept that the government side struggled futilely to put forward.

85 per cent of exactly what would be harvested by the new system was never fully explained, but in a second session the officials confirmed that they were hoping to acquire access to encrypted webmail links, Skype VoIP calls and other private systems. They could not explain how they would defeat and thus destroy encrypted SSL (Secure Socket Layer) terminal-to-server protection used to thwart malicious attacks and interceptions. Nor could they explain clearly why it would not be better simply to ask Google, Microsoft and Skype to help UK law enforcement as they already do.

The obvious problem, the committee was told, was that Google and others have to comply with US privacy laws, and that they publish information about what customers’ data they hand over. These and similar providers said that they could only legally respond to justified and specific requests, as opposed to data mining trawls across all available data.

The government also prevented the heads of British intelligence from being examined by the MPs and peers as to the real reasons for the bill. The Home Office then landed a spectacular own goal when, days before the committee started work, MI5 chief Jonathan Evans was allowed to give a public lecture claiming that it would be “extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities” and if parliament refused to give MI5 what it wanted.

The Home Office still banned him from explaining his case to Parliament.

Internet Security Threat Report 2014

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.