Feeds

UK web snoop charter: Just how much extra info do spooks need?

Influential parliamentarians sniffs around packet-sniffing draft law

Analysis MI5 makes the most requests for information on Brits' phone calls and internet activities, according to a panel of MPs and peers scrutinising Home Secretary Theresa May's draft communications surveillance law. The controversial bill calls for much wider spying on online activity.

The Home Office, in pushing for these extended snooping powers, claimed there is a 25 per cent "shortfall" in the communications data that authorities want and what they can currently get. The Intelligence and Security Committee of MPs and peers looked at this supposed gap, apparently caused by people using technology that pushes messages and chats out of spooks' reach, but concluded that the figure was "immaterial".

The panel said in a report:

What is important is whether there is a gap, whether the gap is causing a problem, and - most importantly - how significant that problem is.

The head of the MI5, Sir Jonathan Evans, admitted to the committee that the 25 per cent figure rested on some "pretty heroic assumptions".

Critics of May's surveillance bill, dubbed a Snooper's Charter, have repeatedly brought into question the Home Office's comms data shortfall claim - in part because police and spooks have failed to provide any specifics to ISPs and web services.

However, the report - which was partially redacted on the grounds of protecting national security - noted that while police and other law enforcement agencies were most "acutely affected" by that apparent gap in the availability of communications data, the same wasn't currently true of security agencies:

At present, the intelligence and security Agencies are able, to some extent, to work around the problem of declining communications data by obtaining intelligence using other national security capabilities which are not, in most cases, available to the police.

This means that the Agencies are not facing as immediate a problem as that currently faced by the police and other authorities. Nevertheless, we believe that the decline of available communications data will begin shortly to have a serious impact on the intelligence and security Agencies.

However, the report did not reveal what workarounds the MI5 and other spook agencies were using to counteract the problem of being unable to access, for example, data from overseas comms providers or the information transported by an ISP from, say, Facebook to the subscriber.

The committee, chaired by Tory MP Sir Malcolm Rifkind, explored different ways of tackling the issue of communications data by considering investigatory tools used by the Security Service as well as the possibility of a collaborative agreement with communications service providers. It concluded that those ideas failed to offer a solution, either on the basis of costs or because of a lack of cooperation from some, if not all, CSPs.

The MPs and peers agreed that legislation, while "not a perfect solution", was the best option available.

Cops cop costs

Data retention costs got very little airtime in the report, but the matter has been batted around Parliament recently.

Late last month, Tory MP Dominic Raab asked May's department how much the Home Office "currently remunerates (a) telephone companies, (b) internet service providers and (c) others annually for data storage; and what estimate she has made of such figures if the draft Communications Data Bill was passed."

Minister James Brokenshire, minister for crime and security at the Home Office, explained that "the police and other operational agencies requesting the data" normally reimbursed CSPs for the costs of retaining comms data under current legislation in RIPA (The Regulation of Investigatory Powers Act 2000).

He added:

80 per cent of this expenditure is through a pilot project established by the Home Office to ensure value for money and auditing of payments to industry. Under this pilot, a subset of providers are reimbursed directly by the Home Office, with the money then recharged to operational agencies.

Brokenshire also revealed that the total estimate for such payments made last year to comms providers stood at £15m.

That's an interesting figure when one considers what that could mean for the already budget-squeezed bobbies if the draft Communications Data Bill had passed through Parliament in its current form.

Charles Farr, who is Director General of the Office for Security and Counter Terrorism, is leading the charge for more powers to snoop on British netizens. He has previously told politicos that around 50 per cent of the highly-questioned £1.8bn price tag placed on the Communications Capabilities Development Programme (CCDP) would be used to pay CSPs for storage of the data.

The report highlights this by pointing out the Home Office has estimated compensation costs of £859m over a 10-year period.

Ultimately that suggests the police could be faced with much higher costs - with today's £15m figure creeping up to anything as high as £85m each year.

That said, as CSPs have repeatedly complained, those estimations of payment are full of assumptions because the Home Office failed to seek the advice of comms providers when drawing up the draft bill.

Costs being plucked out of thin air was one of the reasons why May's bill so spectacularly failed to pass the pre-legislative select committee scrutiny test and it's also why those figures are now being picked apart and reassembled by the Home Office.

But the fact remains that the police could end up footing a hugely expensive bill to cover the costs of data retention in order that they can access the supposed 25 per cent shortfall of information that they apparently need to catch criminals and terrorists online.

The Register asked the Home Office to explain more about the pilot scheme mentioned by Brokenshire. It told us:

The Home Office is running a pilot scheme where cost recovery for certain communications service providers is managed by the Home Office itself.

One advantage of the scheme is that a single body examines claims for reimbursement on behalf of all law enforcement, ensuring greater scrutiny and value for money.

The Home Office does not comment on specific charges and services made by communications providers.

Next page: How to make DPI fly

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.