Feeds

Parliament to unleash barrage of criticism on Snoopers' Charter

Unseen spook Farr back again with plan to tap the UK net

Choosing a cloud hosting partner with confidence

Real government achievement: A 40,000-word bill on a national database managed to avoid the word 'database'

Throughout the hearings in July and October, the Home Office team and Home Secretary Teresa May struggled vainly to stay on message, repeatedly reciting mantras about “catching criminals and saving lives”. Other mantras included: “there will be no central database” and “we only want communications data, not content”.

Desperate to avoid comparisons with Farr’s first failed attempt at the same new law under the previous Labour government in 2008, the language of this year’s bill and explanations was tortuously written around an obscurely defined “Request Filter” agency, which would receive validated orders to extract communications data – “who is in contact with whom” - from the police and other public bodies.

The Request Filter scheme was constructed as a way of avoiding referring to the feared and loathed “central database” of the original Farr plan. But the Home Office team faced well-briefed MPs who soon extracted admissions that data for the “request filter” required fitting remotely controlled DPI equipment at “six or seven major ISPs”.

Farr told that joint committee that “DPI black boxes … come into play in certain circumstances when an overseas provider or the state from which an overseas provider comes, or both together, tell us that they are not prepared to provide data regarding a service which is being offered in this country". The system would therefore put DPI boxes on the “UK network across which the data from the overseas provider must move, with the purpose of sucking off that data”.

The distributed DPI network would therefore have to read the contents of data packets automatically, interpret internet applications and protocols, and then analyse the contents to find the identity of who was communicating with whom, on any type of web service. To do this, “fragmented communications data” gathered from DPI access points would be assembled into a national database, by GCHQ, Detica, or both. But the word “database” was taboo at every point.

Perhaps the most spectacular achievement of the Home Office team was to write an entire 40,000-word draft Communications Data Bill designed to construct a national database derived from data mining, without letting the word “database” creep in even once.

No one has any idea what traffic inspection kit will be fitted

The legal power to require ISPs to fit DPI gear to their networks is contained in Clause One of the bill, but gives no description of the equipment to be fitted or what it might be required to do. This would be defined later in orders that the Home Secretary would then make, which would not be checked by Parliament and might be secret.

The harshest criticism the bill will face in both reports, according to parliamentary sources, is for the Home Office’s inability and unwillingness to explain what equipment ISPs would have to install, and its lack of response to security questions about how the DPI net could be defended against damaging cyber-attacks.

The Home Office claimed that it had briefed and consulted key industry organisations. A stream of industry witnesses told the committee the opposite, revealing that in some cases “consultation” had amounted to sending them a copy of the bill the day before it was published.

MPs and peers were also sceptical about the ability of GCHQ’s chosen contractor, BAE Detica, to deliver an ill-defined and unspecified complex computer project on time and in working order.

BAE’s last major government flop was the planned Nimrod MRA4 maritime surveillance aircraft, whose cost per plane had more than quadrupled by the time the disastrous project was axed in 2010, to the point where the UK could actually have acquired two or more space shuttles for the same money. Incoming coalition ministers ordered the half-rebuilt planes to be bulldozed into wrecks to stop BAE and air chiefs conspiring to push the project back into the defence budget.

BAE Detica’s 2011 report for the Cabinet Office on the “cost of cyber-crime” was widely criticised by experts for its claim that Britain annually loses £27bn though crime. Cyber expert Peter Sommer of the London School of Economics described the Detica report as "inflated British Aerospace puffery".

The data-mining plan Farr has been promoting appears at first to have been devised in the years after attacks on 11 September 2001, when former GCHQ chief and Cabinet Secretary Sir David Omand put forward proposals that British intelligence agencies should start harvesting and collecting “PROTINT”, or the “electronic exhaust” that we all now leave behind in everything we do online.

Even now, Google has hardly heard of PROTINT.

PROTINT, as described by Omand in his 2010 book Securing the State, “is personal information about an individual that resides in databases, such as advance passenger information, airline bookings and other travel data, passport and biometric data, immigration, identity and border records, criminal records, and other governmental and private sector data, including financial and telephone and other communications records … Access to such information, and in some cases the ability to apply data mining and pattern recognition software to databases, might well be the key to effective pre-emption in future terrorist cases”.

Farr's next top job lined up

Farr now appears to want to follow in Omand’s footsteps. He has applied for the recently vacant post of Home Office Permanent Under Secretary, shortly to be supersized as “Chief Executive”. He has been shortlisted for the post, according to political sources.

Parliamentary committee member and Lib Dem MP Dr Julian Huppert led many detailed enquiries into the case for the bill. Last week, he described it as “a seriously botched document, unfit in principle and in detail … thrown together without evidence to support the need for such wide-ranging powers".

“This is a bill that should not and will not get support in Parliament”, he told the Spectator magazine.

At the same time, the Home Office misfired again. The two committees had originally decided to publish their reports last Tuesday. They later announced that they would wait a week for the Leveson report to emerge and be debated.

Farr’s Home Office team tried to strike first, placing an “exclusive interview” with Home Secretary Teresa May in The Sun, attacking Deputy Prime Minister Nick Clegg and claiming hysterically that if opponents of the bill succeeded in having it changed or delayed “we could see people dying”.

“The people who say they’re against this bill need to look victims of serious crime, terrorism and child sex offences in the eye and tell them why they’re not prepared to give the police the powers they need to protect the public. Anybody who is against this bill is putting politics before people’s lives,” May was quoted as saying.

But the attack looked stupid and flopped because its timing was wrong. As one privacy campaigner commented “it seems the Home Office can’t even manage to listen to their own telephone messages”.

Members of the joint committee are determined to not allow the Home Office to surf tomorrow’s avalanche of criticism and carry on as though nothing had happened. Liberal Democrat sources have said that Nick Clegg will use the report – which he demanded – to force a complete new review of surveillance measures. He should not fail, unless the Labour Party wishes to win back their former reputation for control freakery and intrusion by backing the spooks. ®

Duncan Campbell gave evidence to the Joint Select Committee on the Communications Data Bill.

Intelligent flash storage arrays

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.