Feeds

Parliament to unleash barrage of criticism on Snoopers' Charter

Unseen spook Farr back again with plan to tap the UK net

Choosing a cloud hosting partner with confidence

Real government achievement: A 40,000-word bill on a national database managed to avoid the word 'database'

Throughout the hearings in July and October, the Home Office team and Home Secretary Teresa May struggled vainly to stay on message, repeatedly reciting mantras about “catching criminals and saving lives”. Other mantras included: “there will be no central database” and “we only want communications data, not content”.

Desperate to avoid comparisons with Farr’s first failed attempt at the same new law under the previous Labour government in 2008, the language of this year’s bill and explanations was tortuously written around an obscurely defined “Request Filter” agency, which would receive validated orders to extract communications data – “who is in contact with whom” - from the police and other public bodies.

The Request Filter scheme was constructed as a way of avoiding referring to the feared and loathed “central database” of the original Farr plan. But the Home Office team faced well-briefed MPs who soon extracted admissions that data for the “request filter” required fitting remotely controlled DPI equipment at “six or seven major ISPs”.

Farr told that joint committee that “DPI black boxes … come into play in certain circumstances when an overseas provider or the state from which an overseas provider comes, or both together, tell us that they are not prepared to provide data regarding a service which is being offered in this country". The system would therefore put DPI boxes on the “UK network across which the data from the overseas provider must move, with the purpose of sucking off that data”.

The distributed DPI network would therefore have to read the contents of data packets automatically, interpret internet applications and protocols, and then analyse the contents to find the identity of who was communicating with whom, on any type of web service. To do this, “fragmented communications data” gathered from DPI access points would be assembled into a national database, by GCHQ, Detica, or both. But the word “database” was taboo at every point.

Perhaps the most spectacular achievement of the Home Office team was to write an entire 40,000-word draft Communications Data Bill designed to construct a national database derived from data mining, without letting the word “database” creep in even once.

No one has any idea what traffic inspection kit will be fitted

The legal power to require ISPs to fit DPI gear to their networks is contained in Clause One of the bill, but gives no description of the equipment to be fitted or what it might be required to do. This would be defined later in orders that the Home Secretary would then make, which would not be checked by Parliament and might be secret.

The harshest criticism the bill will face in both reports, according to parliamentary sources, is for the Home Office’s inability and unwillingness to explain what equipment ISPs would have to install, and its lack of response to security questions about how the DPI net could be defended against damaging cyber-attacks.

The Home Office claimed that it had briefed and consulted key industry organisations. A stream of industry witnesses told the committee the opposite, revealing that in some cases “consultation” had amounted to sending them a copy of the bill the day before it was published.

MPs and peers were also sceptical about the ability of GCHQ’s chosen contractor, BAE Detica, to deliver an ill-defined and unspecified complex computer project on time and in working order.

BAE’s last major government flop was the planned Nimrod MRA4 maritime surveillance aircraft, whose cost per plane had more than quadrupled by the time the disastrous project was axed in 2010, to the point where the UK could actually have acquired two or more space shuttles for the same money. Incoming coalition ministers ordered the half-rebuilt planes to be bulldozed into wrecks to stop BAE and air chiefs conspiring to push the project back into the defence budget.

BAE Detica’s 2011 report for the Cabinet Office on the “cost of cyber-crime” was widely criticised by experts for its claim that Britain annually loses £27bn though crime. Cyber expert Peter Sommer of the London School of Economics described the Detica report as "inflated British Aerospace puffery".

The data-mining plan Farr has been promoting appears at first to have been devised in the years after attacks on 11 September 2001, when former GCHQ chief and Cabinet Secretary Sir David Omand put forward proposals that British intelligence agencies should start harvesting and collecting “PROTINT”, or the “electronic exhaust” that we all now leave behind in everything we do online.

Even now, Google has hardly heard of PROTINT.

PROTINT, as described by Omand in his 2010 book Securing the State, “is personal information about an individual that resides in databases, such as advance passenger information, airline bookings and other travel data, passport and biometric data, immigration, identity and border records, criminal records, and other governmental and private sector data, including financial and telephone and other communications records … Access to such information, and in some cases the ability to apply data mining and pattern recognition software to databases, might well be the key to effective pre-emption in future terrorist cases”.

Farr's next top job lined up

Farr now appears to want to follow in Omand’s footsteps. He has applied for the recently vacant post of Home Office Permanent Under Secretary, shortly to be supersized as “Chief Executive”. He has been shortlisted for the post, according to political sources.

Parliamentary committee member and Lib Dem MP Dr Julian Huppert led many detailed enquiries into the case for the bill. Last week, he described it as “a seriously botched document, unfit in principle and in detail … thrown together without evidence to support the need for such wide-ranging powers".

“This is a bill that should not and will not get support in Parliament”, he told the Spectator magazine.

At the same time, the Home Office misfired again. The two committees had originally decided to publish their reports last Tuesday. They later announced that they would wait a week for the Leveson report to emerge and be debated.

Farr’s Home Office team tried to strike first, placing an “exclusive interview” with Home Secretary Teresa May in The Sun, attacking Deputy Prime Minister Nick Clegg and claiming hysterically that if opponents of the bill succeeded in having it changed or delayed “we could see people dying”.

“The people who say they’re against this bill need to look victims of serious crime, terrorism and child sex offences in the eye and tell them why they’re not prepared to give the police the powers they need to protect the public. Anybody who is against this bill is putting politics before people’s lives,” May was quoted as saying.

But the attack looked stupid and flopped because its timing was wrong. As one privacy campaigner commented “it seems the Home Office can’t even manage to listen to their own telephone messages”.

Members of the joint committee are determined to not allow the Home Office to surf tomorrow’s avalanche of criticism and carry on as though nothing had happened. Liberal Democrat sources have said that Nick Clegg will use the report – which he demanded – to force a complete new review of surveillance measures. He should not fail, unless the Labour Party wishes to win back their former reputation for control freakery and intrusion by backing the spooks. ®

Duncan Campbell gave evidence to the Joint Select Committee on the Communications Data Bill.

Secure remote control for conventional and virtual desktops

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.