Feeds

UK web snoop charter: Just how much extra info do spooks need?

Influential parliamentarians sniffs around packet-sniffing draft law

Combat fraud and increase customer satisfaction

Analysis MI5 makes the most requests for information on Brits' phone calls and internet activities, according to a panel of MPs and peers scrutinising Home Secretary Theresa May's draft communications surveillance law. The controversial bill calls for much wider spying on online activity.

The Home Office, in pushing for these extended snooping powers, claimed there is a 25 per cent "shortfall" in the communications data that authorities want and what they can currently get. The Intelligence and Security Committee of MPs and peers looked at this supposed gap, apparently caused by people using technology that pushes messages and chats out of spooks' reach, but concluded that the figure was "immaterial".

The panel said in a report:

What is important is whether there is a gap, whether the gap is causing a problem, and - most importantly - how significant that problem is.

The head of the MI5, Sir Jonathan Evans, admitted to the committee that the 25 per cent figure rested on some "pretty heroic assumptions".

Critics of May's surveillance bill, dubbed a Snooper's Charter, have repeatedly brought into question the Home Office's comms data shortfall claim - in part because police and spooks have failed to provide any specifics to ISPs and web services.

However, the report - which was partially redacted on the grounds of protecting national security - noted that while police and other law enforcement agencies were most "acutely affected" by that apparent gap in the availability of communications data, the same wasn't currently true of security agencies:

At present, the intelligence and security Agencies are able, to some extent, to work around the problem of declining communications data by obtaining intelligence using other national security capabilities which are not, in most cases, available to the police.

This means that the Agencies are not facing as immediate a problem as that currently faced by the police and other authorities. Nevertheless, we believe that the decline of available communications data will begin shortly to have a serious impact on the intelligence and security Agencies.

However, the report did not reveal what workarounds the MI5 and other spook agencies were using to counteract the problem of being unable to access, for example, data from overseas comms providers or the information transported by an ISP from, say, Facebook to the subscriber.

The committee, chaired by Tory MP Sir Malcolm Rifkind, explored different ways of tackling the issue of communications data by considering investigatory tools used by the Security Service as well as the possibility of a collaborative agreement with communications service providers. It concluded that those ideas failed to offer a solution, either on the basis of costs or because of a lack of cooperation from some, if not all, CSPs.

The MPs and peers agreed that legislation, while "not a perfect solution", was the best option available.

Cops cop costs

Data retention costs got very little airtime in the report, but the matter has been batted around Parliament recently.

Late last month, Tory MP Dominic Raab asked May's department how much the Home Office "currently remunerates (a) telephone companies, (b) internet service providers and (c) others annually for data storage; and what estimate she has made of such figures if the draft Communications Data Bill was passed."

Minister James Brokenshire, minister for crime and security at the Home Office, explained that "the police and other operational agencies requesting the data" normally reimbursed CSPs for the costs of retaining comms data under current legislation in RIPA (The Regulation of Investigatory Powers Act 2000).

He added:

80 per cent of this expenditure is through a pilot project established by the Home Office to ensure value for money and auditing of payments to industry. Under this pilot, a subset of providers are reimbursed directly by the Home Office, with the money then recharged to operational agencies.

Brokenshire also revealed that the total estimate for such payments made last year to comms providers stood at £15m.

That's an interesting figure when one considers what that could mean for the already budget-squeezed bobbies if the draft Communications Data Bill had passed through Parliament in its current form.

Charles Farr, who is Director General of the Office for Security and Counter Terrorism, is leading the charge for more powers to snoop on British netizens. He has previously told politicos that around 50 per cent of the highly-questioned £1.8bn price tag placed on the Communications Capabilities Development Programme (CCDP) would be used to pay CSPs for storage of the data.

The report highlights this by pointing out the Home Office has estimated compensation costs of £859m over a 10-year period.

Ultimately that suggests the police could be faced with much higher costs - with today's £15m figure creeping up to anything as high as £85m each year.

That said, as CSPs have repeatedly complained, those estimations of payment are full of assumptions because the Home Office failed to seek the advice of comms providers when drawing up the draft bill.

Costs being plucked out of thin air was one of the reasons why May's bill so spectacularly failed to pass the pre-legislative select committee scrutiny test and it's also why those figures are now being picked apart and reassembled by the Home Office.

But the fact remains that the police could end up footing a hugely expensive bill to cover the costs of data retention in order that they can access the supposed 25 per cent shortfall of information that they apparently need to catch criminals and terrorists online.

The Register asked the Home Office to explain more about the pilot scheme mentioned by Brokenshire. It told us:

The Home Office is running a pilot scheme where cost recovery for certain communications service providers is managed by the Home Office itself.

One advantage of the scheme is that a single body examines claims for reimbursement on behalf of all law enforcement, ensuring greater scrutiny and value for money.

The Home Office does not comment on specific charges and services made by communications providers.

SANS - Survey on application security programs

Next page: How to make DPI fly

More from The Register

next story
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.