UK web snoop charter: Just how much extra info do spooks need?

Influential parliamentarians sniffs around packet-sniffing draft law

Analysis MI5 makes the most requests for information on Brits' phone calls and internet activities, according to a panel of MPs and peers scrutinising Home Secretary Theresa May's draft communications surveillance law. The controversial bill calls for much wider spying on online activity.

The Home Office, in pushing for these extended snooping powers, claimed there is a 25 per cent "shortfall" in the communications data that authorities want and what they can currently get. The Intelligence and Security Committee of MPs and peers looked at this supposed gap, apparently caused by people using technology that pushes messages and chats out of spooks' reach, but concluded that the figure was "immaterial".

The panel said in a report:

What is important is whether there is a gap, whether the gap is causing a problem, and - most importantly - how significant that problem is.

The head of the MI5, Sir Jonathan Evans, admitted to the committee that the 25 per cent figure rested on some "pretty heroic assumptions".

Critics of May's surveillance bill, dubbed a Snooper's Charter, have repeatedly brought into question the Home Office's comms data shortfall claim - in part because police and spooks have failed to provide any specifics to ISPs and web services.

However, the report - which was partially redacted on the grounds of protecting national security - noted that while police and other law enforcement agencies were most "acutely affected" by that apparent gap in the availability of communications data, the same wasn't currently true of security agencies:

At present, the intelligence and security Agencies are able, to some extent, to work around the problem of declining communications data by obtaining intelligence using other national security capabilities which are not, in most cases, available to the police.

This means that the Agencies are not facing as immediate a problem as that currently faced by the police and other authorities. Nevertheless, we believe that the decline of available communications data will begin shortly to have a serious impact on the intelligence and security Agencies.

However, the report did not reveal what workarounds the MI5 and other spook agencies were using to counteract the problem of being unable to access, for example, data from overseas comms providers or the information transported by an ISP from, say, Facebook to the subscriber.

The committee, chaired by Tory MP Sir Malcolm Rifkind, explored different ways of tackling the issue of communications data by considering investigatory tools used by the Security Service as well as the possibility of a collaborative agreement with communications service providers. It concluded that those ideas failed to offer a solution, either on the basis of costs or because of a lack of cooperation from some, if not all, CSPs.

The MPs and peers agreed that legislation, while "not a perfect solution", was the best option available.

Cops cop costs

Data retention costs got very little airtime in the report, but the matter has been batted around Parliament recently.

Late last month, Tory MP Dominic Raab asked May's department how much the Home Office "currently remunerates (a) telephone companies, (b) internet service providers and (c) others annually for data storage; and what estimate she has made of such figures if the draft Communications Data Bill was passed."

Minister James Brokenshire, minister for crime and security at the Home Office, explained that "the police and other operational agencies requesting the data" normally reimbursed CSPs for the costs of retaining comms data under current legislation in RIPA (The Regulation of Investigatory Powers Act 2000).

He added:

80 per cent of this expenditure is through a pilot project established by the Home Office to ensure value for money and auditing of payments to industry. Under this pilot, a subset of providers are reimbursed directly by the Home Office, with the money then recharged to operational agencies.

Brokenshire also revealed that the total estimate for such payments made last year to comms providers stood at £15m.

That's an interesting figure when one considers what that could mean for the already budget-squeezed bobbies if the draft Communications Data Bill had passed through Parliament in its current form.

Charles Farr, who is Director General of the Office for Security and Counter Terrorism, is leading the charge for more powers to snoop on British netizens. He has previously told politicos that around 50 per cent of the highly-questioned £1.8bn price tag placed on the Communications Capabilities Development Programme (CCDP) would be used to pay CSPs for storage of the data.

The report highlights this by pointing out the Home Office has estimated compensation costs of £859m over a 10-year period.

Ultimately that suggests the police could be faced with much higher costs - with today's £15m figure creeping up to anything as high as £85m each year.

That said, as CSPs have repeatedly complained, those estimations of payment are full of assumptions because the Home Office failed to seek the advice of comms providers when drawing up the draft bill.

Costs being plucked out of thin air was one of the reasons why May's bill so spectacularly failed to pass the pre-legislative select committee scrutiny test and it's also why those figures are now being picked apart and reassembled by the Home Office.

But the fact remains that the police could end up footing a hugely expensive bill to cover the costs of data retention in order that they can access the supposed 25 per cent shortfall of information that they apparently need to catch criminals and terrorists online.

The Register asked the Home Office to explain more about the pilot scheme mentioned by Brokenshire. It told us:

The Home Office is running a pilot scheme where cost recovery for certain communications service providers is managed by the Home Office itself.

One advantage of the scheme is that a single body examines claims for reimbursement on behalf of all law enforcement, ensuring greater scrutiny and value for money.

The Home Office does not comment on specific charges and services made by communications providers.

Sponsored: How to determine if cloud backup is right for your servers

Next page: How to make DPI fly