Parliament to unleash barrage of criticism on Snoopers' Charter

Unseen spook Farr back again with plan to tap the UK net

Combat fraud and increase customer satisfaction

The joint parliamentary committee scrutinising the government’s Communications Data Bill - universally dubbed the “Snoopers' Charter” - is set to slate the draft law in its official report published tomorrow.

Most of the committee members felt the Home Office had failed to make a convincing case for the scale of requested powers required to monitor British citizens' activities online, The Register has learnt. Home Secretary Theresa May said the proposed surveillance law would "save lives" and help cops catch more paedophiles and terrorists.

But the committee's MPs and peers are likely to encourage the police and law enforcement agencies to work out a much simpler scheme that the public can trust. The message is likely to be “go back to the drawing board and come and talk to us when you have something fresh”. As regular Register readers will know, the surveillance plans now being re-examined have been touted to successive governments by the intelligence services for years with little change to any details other than the name.

The MPs are likely to offer fierce opposition to the proposals, which would allow the Home Office to wire network traffic probes into the public internet anywhere it chose, for this or any successor government to use for any purpose it chose.

The value for money of the £2bn scheme will also be criticised at a time when the police's technical crime-fighting resources are being severely scaled back.

The report will be another setback for the Home Secretary: in 2010 the former Director of Public Prosecutions Lord Macdonald was asked to review her plan to monitor citizens online. He previously called the project to mine the UK internet:

A paranoid fantasy which would destroy everything that makes living worthwhile. This database would be an unimaginable hellhouse of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail.

Tomorrow the joint parliamentary committee investigating the draft law will be backed, unexpectedly, by a normally well housetrained government lap cat: the specially vetted parliamentary Intelligence and Security Committee, which works behind the veil of secrecy.

The two panels' highly critical reports will be an expected disappointment for the Home Office. They are the latest in a series of spectacular disasters for career spy Charles Farr, who three years ago had hoped to land the top job at the Secret Intelligence Service (MI6) and become “C”.

So close yet so Farr

For the third time, but for the first time in public and in plain view of netizens, his attempts to get Britain’s domestic internet completely tapped by GCHQ and the other intelligence agencies appears to have fallen apart.

As chair of the Olympic Security Board, Farr also oversaw this year’s G4S security fiasco in which he found out days before the 2012 Games began that his chosen security contractors had not trained the necessary security guards. Thousands of troops and police had to be drafted in to take their places.

For more than five years, Farr has been the secret hand behind the state’s electronic surveillance plan. Appointed by Gordon Brown in July 2007 as the first Director General of the Office for Security and Counter Terrorism and notionally as his National Security Adviser, Farr began by masterminding a strategy to mine private information. Within months, he had clawed £1bn from the Treasury for a new Interception Modernisation Programme (IMP), intended to give GCHQ spooks ISP-level access to all UK internet communications.

The GCHQ plan – known internally as “Mastering The Internet” (MTI) - was first and exclusively revealed by The Register in May 2009. Subsequent developments have confirmed the accuracy of El Reg’s scoop.

When the coalition government took over, Con-Lib ministers had to come to terms with the clear promises they had made to block new surveillance laws. Farr had to bide his time for a year. His Labour-era Interception Modernisation Program was rebranded as the safer-sounding “Communications Capability Development Program” (CCDP). Nothing else changed.

Farr made elementary blunders in successive appearances before MPs and peers this year, pointing up the exercise as a smokescreen to distract attention from the core purpose of the new laws - to help GCHQ and defence contractors Detica install their planned data mining network at all major UK ISPs.

He stumbled and stuttered when asked to explain how the government had come up with claimed savings of £5bn to offset the costs of the CCDP. He could not justify the expenditure at a time when austerity cuts have forced police budgets down 20 per cent and knocked back the work of police high-tech and e-crime units across the country.

At first, Farr refused to be seen or photographed, according to parliamentary sources, and repeatedly asked to give his evidence in secret and in private. This cut no ice with the scrutinising committee. His British TV debut can now be viewed on the UK Parliament website (audio only).

Claims of phone companies storing data come unstuck

Farr launched his evidence to the committee with a series of astonishing slip-ups, claiming that “Communications Service Providers (CSPs) no longer retain for their own business purposes communications data as we know it ... they do not generate it ... there is nothing to which they (the CSPs) can get access”.

Asked to “elaborate” by a committee member, Farr claimed that “in the old days” providers kept itemised phone bill records “on a call-by-call duration-by-duration destination-by-destination basis” but that now, as customers often “no longer pay per transaction, [but] pay per month or per year”, telcos “have much less interest in bits of data”.

“30 years ago, BT may have kept data because they needed it in order to bill people correctly,” he said.

Farr’s claim was inaccurate and historically impossible, as the electromechanical exchanges of the early 1980s could not and did not generate call data records. What is now called “itemised billing” did not generally exist for many years thereafter. Now, far from the authorities’ access to communications records being reduced - as the smokescreen story went - it has blossomed with the introduction of the Regulation of Investigatory Powers Act (RIPA) in 2000, and the Data Retention Directive of 2009.

Farr claimed – on the basis of a secret study the Home Office refused to allow the joint committee to see – that police and intelligence agencies can currently see 75 per cent of communications data, but that that would be magicked up to 85 per cent if parliament would pass his new law and approve a £2bn spend over the next ten years.

Even on this basis, Farr’s team admitted that one in six communications links would remain unseen. Nor would minor ISPs be targeted for compulsory interception using Deep Packet Inspection (DPI) systems, leaving plenty of dark cyberspaces where the customary internet spectres, paedophiles and terrorists could continue to operate unseen and unseeable. Quite how a plan with so many gaping holes could be a value-for-money UK security system was a concept that the government side struggled futilely to put forward.

85 per cent of exactly what would be harvested by the new system was never fully explained, but in a second session the officials confirmed that they were hoping to acquire access to encrypted webmail links, Skype VoIP calls and other private systems. They could not explain how they would defeat and thus destroy encrypted SSL (Secure Socket Layer) terminal-to-server protection used to thwart malicious attacks and interceptions. Nor could they explain clearly why it would not be better simply to ask Google, Microsoft and Skype to help UK law enforcement as they already do.

The obvious problem, the committee was told, was that Google and others have to comply with US privacy laws, and that they publish information about what customers’ data they hand over. These and similar providers said that they could only legally respond to justified and specific requests, as opposed to data mining trawls across all available data.

The government also prevented the heads of British intelligence from being examined by the MPs and peers as to the real reasons for the bill. The Home Office then landed a spectacular own goal when, days before the committee started work, MI5 chief Jonathan Evans was allowed to give a public lecture claiming that it would be “extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities” and if parliament refused to give MI5 what it wanted.

The Home Office still banned him from explaining his case to Parliament.

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.