Feeds

Parliament to unleash barrage of criticism on Snoopers' Charter

Unseen spook Farr back again with plan to tap the UK net

Build a business case: developing custom apps

Real government achievement: A 40,000-word bill on a national database managed to avoid the word 'database'

Throughout the hearings in July and October, the Home Office team and Home Secretary Teresa May struggled vainly to stay on message, repeatedly reciting mantras about “catching criminals and saving lives”. Other mantras included: “there will be no central database” and “we only want communications data, not content”.

Desperate to avoid comparisons with Farr’s first failed attempt at the same new law under the previous Labour government in 2008, the language of this year’s bill and explanations was tortuously written around an obscurely defined “Request Filter” agency, which would receive validated orders to extract communications data – “who is in contact with whom” - from the police and other public bodies.

The Request Filter scheme was constructed as a way of avoiding referring to the feared and loathed “central database” of the original Farr plan. But the Home Office team faced well-briefed MPs who soon extracted admissions that data for the “request filter” required fitting remotely controlled DPI equipment at “six or seven major ISPs”.

Farr told that joint committee that “DPI black boxes … come into play in certain circumstances when an overseas provider or the state from which an overseas provider comes, or both together, tell us that they are not prepared to provide data regarding a service which is being offered in this country". The system would therefore put DPI boxes on the “UK network across which the data from the overseas provider must move, with the purpose of sucking off that data”.

The distributed DPI network would therefore have to read the contents of data packets automatically, interpret internet applications and protocols, and then analyse the contents to find the identity of who was communicating with whom, on any type of web service. To do this, “fragmented communications data” gathered from DPI access points would be assembled into a national database, by GCHQ, Detica, or both. But the word “database” was taboo at every point.

Perhaps the most spectacular achievement of the Home Office team was to write an entire 40,000-word draft Communications Data Bill designed to construct a national database derived from data mining, without letting the word “database” creep in even once.

No one has any idea what traffic inspection kit will be fitted

The legal power to require ISPs to fit DPI gear to their networks is contained in Clause One of the bill, but gives no description of the equipment to be fitted or what it might be required to do. This would be defined later in orders that the Home Secretary would then make, which would not be checked by Parliament and might be secret.

The harshest criticism the bill will face in both reports, according to parliamentary sources, is for the Home Office’s inability and unwillingness to explain what equipment ISPs would have to install, and its lack of response to security questions about how the DPI net could be defended against damaging cyber-attacks.

The Home Office claimed that it had briefed and consulted key industry organisations. A stream of industry witnesses told the committee the opposite, revealing that in some cases “consultation” had amounted to sending them a copy of the bill the day before it was published.

MPs and peers were also sceptical about the ability of GCHQ’s chosen contractor, BAE Detica, to deliver an ill-defined and unspecified complex computer project on time and in working order.

BAE’s last major government flop was the planned Nimrod MRA4 maritime surveillance aircraft, whose cost per plane had more than quadrupled by the time the disastrous project was axed in 2010, to the point where the UK could actually have acquired two or more space shuttles for the same money. Incoming coalition ministers ordered the half-rebuilt planes to be bulldozed into wrecks to stop BAE and air chiefs conspiring to push the project back into the defence budget.

BAE Detica’s 2011 report for the Cabinet Office on the “cost of cyber-crime” was widely criticised by experts for its claim that Britain annually loses £27bn though crime. Cyber expert Peter Sommer of the London School of Economics described the Detica report as "inflated British Aerospace puffery".

The data-mining plan Farr has been promoting appears at first to have been devised in the years after attacks on 11 September 2001, when former GCHQ chief and Cabinet Secretary Sir David Omand put forward proposals that British intelligence agencies should start harvesting and collecting “PROTINT”, or the “electronic exhaust” that we all now leave behind in everything we do online.

Even now, Google has hardly heard of PROTINT.

PROTINT, as described by Omand in his 2010 book Securing the State, “is personal information about an individual that resides in databases, such as advance passenger information, airline bookings and other travel data, passport and biometric data, immigration, identity and border records, criminal records, and other governmental and private sector data, including financial and telephone and other communications records … Access to such information, and in some cases the ability to apply data mining and pattern recognition software to databases, might well be the key to effective pre-emption in future terrorist cases”.

Farr's next top job lined up

Farr now appears to want to follow in Omand’s footsteps. He has applied for the recently vacant post of Home Office Permanent Under Secretary, shortly to be supersized as “Chief Executive”. He has been shortlisted for the post, according to political sources.

Parliamentary committee member and Lib Dem MP Dr Julian Huppert led many detailed enquiries into the case for the bill. Last week, he described it as “a seriously botched document, unfit in principle and in detail … thrown together without evidence to support the need for such wide-ranging powers".

“This is a bill that should not and will not get support in Parliament”, he told the Spectator magazine.

At the same time, the Home Office misfired again. The two committees had originally decided to publish their reports last Tuesday. They later announced that they would wait a week for the Leveson report to emerge and be debated.

Farr’s Home Office team tried to strike first, placing an “exclusive interview” with Home Secretary Teresa May in The Sun, attacking Deputy Prime Minister Nick Clegg and claiming hysterically that if opponents of the bill succeeded in having it changed or delayed “we could see people dying”.

“The people who say they’re against this bill need to look victims of serious crime, terrorism and child sex offences in the eye and tell them why they’re not prepared to give the police the powers they need to protect the public. Anybody who is against this bill is putting politics before people’s lives,” May was quoted as saying.

But the attack looked stupid and flopped because its timing was wrong. As one privacy campaigner commented “it seems the Home Office can’t even manage to listen to their own telephone messages”.

Members of the joint committee are determined to not allow the Home Office to surf tomorrow’s avalanche of criticism and carry on as though nothing had happened. Liberal Democrat sources have said that Nick Clegg will use the report – which he demanded – to force a complete new review of surveillance measures. He should not fail, unless the Labour Party wishes to win back their former reputation for control freakery and intrusion by backing the spooks. ®

Duncan Campbell gave evidence to the Joint Select Committee on the Communications Data Bill.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
True fact: 1 in 4 Brits are now TERRORISTS
YouGov poll reveals terrible truth about the enemy within
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
NBN Co claims 96 mbps download speeds for FTTN trial
Umina trial also delivers 30 mbps uploads, but exact rig used not revealed
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?