Parliament to unleash barrage of criticism on Snoopers' Charter
Unseen spook Farr back again with plan to tap the UK net
What you need to know about cloud backup
The joint parliamentary committee scrutinising the government’s Communications Data Bill - universally dubbed the “Snoopers' Charter” - is set to slate the draft law in its official report published tomorrow.
Most of the committee members felt the Home Office had failed to make a convincing case for the scale of requested powers required to monitor British citizens' activities online, The Register has learnt. Home Secretary Theresa May said the proposed surveillance law would "save lives" and help cops catch more paedophiles and terrorists.
But the committee's MPs and peers are likely to encourage the police and law enforcement agencies to work out a much simpler scheme that the public can trust. The message is likely to be “go back to the drawing board and come and talk to us when you have something fresh”. As regular Register readers will know, the surveillance plans now being re-examined have been touted to successive governments by the intelligence services for years with little change to any details other than the name.
The MPs are likely to offer fierce opposition to the proposals, which would allow the Home Office to wire network traffic probes into the public internet anywhere it chose, for this or any successor government to use for any purpose it chose.
The value for money of the £2bn scheme will also be criticised at a time when the police's technical crime-fighting resources are being severely scaled back.
The report will be another setback for the Home Secretary: in 2010 the former Director of Public Prosecutions Lord Macdonald was asked to review her plan to monitor citizens online. He previously called the project to mine the UK internet:
A paranoid fantasy which would destroy everything that makes living worthwhile. This database would be an unimaginable hellhouse of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail.
Tomorrow the joint parliamentary committee investigating the draft law will be backed, unexpectedly, by a normally well housetrained government lap cat: the specially vetted parliamentary Intelligence and Security Committee, which works behind the veil of secrecy.
The two panels' highly critical reports will be an expected disappointment for the Home Office. They are the latest in a series of spectacular disasters for career spy Charles Farr, who three years ago had hoped to land the top job at the Secret Intelligence Service (MI6) and become “C”.
So close yet so Farr
For the third time, but for the first time in public and in plain view of netizens, his attempts to get Britain’s domestic internet completely tapped by GCHQ and the other intelligence agencies appears to have fallen apart.
As chair of the Olympic Security Board, Farr also oversaw this year’s G4S security fiasco in which he found out days before the 2012 Games began that his chosen security contractors had not trained the necessary security guards. Thousands of troops and police had to be drafted in to take their places.
For more than five years, Farr has been the secret hand behind the state’s electronic surveillance plan. Appointed by Gordon Brown in July 2007 as the first Director General of the Office for Security and Counter Terrorism and notionally as his National Security Adviser, Farr began by masterminding a strategy to mine private information. Within months, he had clawed £1bn from the Treasury for a new Interception Modernisation Programme (IMP), intended to give GCHQ spooks ISP-level access to all UK internet communications.
The GCHQ plan – known internally as “Mastering The Internet” (MTI) - was first and exclusively revealed by The Register in May 2009. Subsequent developments have confirmed the accuracy of El Reg’s scoop.
When the coalition government took over, Con-Lib ministers had to come to terms with the clear promises they had made to block new surveillance laws. Farr had to bide his time for a year. His Labour-era Interception Modernisation Program was rebranded as the safer-sounding “Communications Capability Development Program” (CCDP). Nothing else changed.
Farr made elementary blunders in successive appearances before MPs and peers this year, pointing up the exercise as a smokescreen to distract attention from the core purpose of the new laws - to help GCHQ and defence contractors Detica install their planned data mining network at all major UK ISPs.
He stumbled and stuttered when asked to explain how the government had come up with claimed savings of £5bn to offset the costs of the CCDP. He could not justify the expenditure at a time when austerity cuts have forced police budgets down 20 per cent and knocked back the work of police high-tech and e-crime units across the country.
At first, Farr refused to be seen or photographed, according to parliamentary sources, and repeatedly asked to give his evidence in secret and in private. This cut no ice with the scrutinising committee. His British TV debut can now be viewed on the UK Parliament website (audio only).
Claims of phone companies storing data come unstuck
Farr launched his evidence to the committee with a series of astonishing slip-ups, claiming that “Communications Service Providers (CSPs) no longer retain for their own business purposes communications data as we know it ... they do not generate it ... there is nothing to which they (the CSPs) can get access”.
Asked to “elaborate” by a committee member, Farr claimed that “in the old days” providers kept itemised phone bill records “on a call-by-call duration-by-duration destination-by-destination basis” but that now, as customers often “no longer pay per transaction, [but] pay per month or per year”, telcos “have much less interest in bits of data”.
“30 years ago, BT may have kept data because they needed it in order to bill people correctly,” he said.
Farr’s claim was inaccurate and historically impossible, as the electromechanical exchanges of the early 1980s could not and did not generate call data records. What is now called “itemised billing” did not generally exist for many years thereafter. Now, far from the authorities’ access to communications records being reduced - as the smokescreen story went - it has blossomed with the introduction of the Regulation of Investigatory Powers Act (RIPA) in 2000, and the Data Retention Directive of 2009.
Farr claimed – on the basis of a secret study the Home Office refused to allow the joint committee to see – that police and intelligence agencies can currently see 75 per cent of communications data, but that that would be magicked up to 85 per cent if parliament would pass his new law and approve a £2bn spend over the next ten years.
Even on this basis, Farr’s team admitted that one in six communications links would remain unseen. Nor would minor ISPs be targeted for compulsory interception using Deep Packet Inspection (DPI) systems, leaving plenty of dark cyberspaces where the customary internet spectres, paedophiles and terrorists could continue to operate unseen and unseeable. Quite how a plan with so many gaping holes could be a value-for-money UK security system was a concept that the government side struggled futilely to put forward.
85 per cent of exactly what would be harvested by the new system was never fully explained, but in a second session the officials confirmed that they were hoping to acquire access to encrypted webmail links, Skype VoIP calls and other private systems. They could not explain how they would defeat and thus destroy encrypted SSL (Secure Socket Layer) terminal-to-server protection used to thwart malicious attacks and interceptions. Nor could they explain clearly why it would not be better simply to ask Google, Microsoft and Skype to help UK law enforcement as they already do.
The obvious problem, the committee was told, was that Google and others have to comply with US privacy laws, and that they publish information about what customers’ data they hand over. These and similar providers said that they could only legally respond to justified and specific requests, as opposed to data mining trawls across all available data.
The government also prevented the heads of British intelligence from being examined by the MPs and peers as to the real reasons for the bill. The Home Office then landed a spectacular own goal when, days before the committee started work, MI5 chief Jonathan Evans was allowed to give a public lecture claiming that it would be “extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities” and if parliament refused to give MI5 what it wanted.
The Home Office still banned him from explaining his case to Parliament.
COMMENTS
It's about trawling, not about process.
Your are not telling me that any remotely compent national security agency does not have a good few moles embedded in telcos, Google, Facebook etc. If they want data on any single person, I bet they can get it in minutes without going through any formal processes whatsover.
The only purpose for a dragnet this big (and this leaky) is to hoover through vast quantities of data to see if anyone is doing anything wrong - or, even better, to ensure that when the government do want to go after someone, there's a previous record of them having done something "wrong" like watching internet porn or visiting suspect sites.
I'm sorry to keep saying it, but we used to be prepared to risk nuclear war to avoid ending up in such a sick, surveillance society.
A well reasoned and written article
I've asked the question before "where are these ideas originating". We see them being put forward, shot down, and then re-appearing under a different name a short while later.
It's not a party political thing; the idea has been promoted by several different Home Secretaries of differing political stripes. Whilst the author identifies one particular civil servant, I suspect that is just a semi public face that is seen by the ministers; the driver is more likely to be hiding away in darker shadows. I've no idea what their motivation is, but it cannot be to anyone's benefit.
I'm pleased that some of the MPs are starting to wake up to how dangerous this idea really is; they will not gain from it any more than the average UK citizen. In fact, they probably have more to lose; can you imagine the effect on an MP that is having a minor dalliance with a party activist? Being blackmailed as a result of information gleaned from this odious idea is just the start of their problems.
From previous projects, it's proven that they cannot be trusted to implement, manage or operate such a programme; and it is likely that we would see major cost overruns at a time when we really cannot afford to waste public money. Anyone that continues to promote this idiotic plan should be prevented from ever holding any public office at all as they are clearly one step away from tanks of sharks with frikkin' laser beams!
Re: Scary
Not just that it keeps coming back but the Tories actually attacked the near-identical scheme that New Labour wanted to introduce. I don't trust these bastards one bit, nor the previous bastards, nor the next bastards.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
