Feeds

UK web snoop charter: Just how much extra info do spooks need?

Influential parliamentarians sniffs around packet-sniffing draft law

Choosing a cloud hosting partner with confidence

Analysis MI5 makes the most requests for information on Brits' phone calls and internet activities, according to a panel of MPs and peers scrutinising Home Secretary Theresa May's draft communications surveillance law. The controversial bill calls for much wider spying on online activity.

The Home Office, in pushing for these extended snooping powers, claimed there is a 25 per cent "shortfall" in the communications data that authorities want and what they can currently get. The Intelligence and Security Committee of MPs and peers looked at this supposed gap, apparently caused by people using technology that pushes messages and chats out of spooks' reach, but concluded that the figure was "immaterial".

The panel said in a report:

What is important is whether there is a gap, whether the gap is causing a problem, and - most importantly - how significant that problem is.

The head of the MI5, Sir Jonathan Evans, admitted to the committee that the 25 per cent figure rested on some "pretty heroic assumptions".

Critics of May's surveillance bill, dubbed a Snooper's Charter, have repeatedly brought into question the Home Office's comms data shortfall claim - in part because police and spooks have failed to provide any specifics to ISPs and web services.

However, the report - which was partially redacted on the grounds of protecting national security - noted that while police and other law enforcement agencies were most "acutely affected" by that apparent gap in the availability of communications data, the same wasn't currently true of security agencies:

At present, the intelligence and security Agencies are able, to some extent, to work around the problem of declining communications data by obtaining intelligence using other national security capabilities which are not, in most cases, available to the police.

This means that the Agencies are not facing as immediate a problem as that currently faced by the police and other authorities. Nevertheless, we believe that the decline of available communications data will begin shortly to have a serious impact on the intelligence and security Agencies.

However, the report did not reveal what workarounds the MI5 and other spook agencies were using to counteract the problem of being unable to access, for example, data from overseas comms providers or the information transported by an ISP from, say, Facebook to the subscriber.

The committee, chaired by Tory MP Sir Malcolm Rifkind, explored different ways of tackling the issue of communications data by considering investigatory tools used by the Security Service as well as the possibility of a collaborative agreement with communications service providers. It concluded that those ideas failed to offer a solution, either on the basis of costs or because of a lack of cooperation from some, if not all, CSPs.

The MPs and peers agreed that legislation, while "not a perfect solution", was the best option available.

Cops cop costs

Data retention costs got very little airtime in the report, but the matter has been batted around Parliament recently.

Late last month, Tory MP Dominic Raab asked May's department how much the Home Office "currently remunerates (a) telephone companies, (b) internet service providers and (c) others annually for data storage; and what estimate she has made of such figures if the draft Communications Data Bill was passed."

Minister James Brokenshire, minister for crime and security at the Home Office, explained that "the police and other operational agencies requesting the data" normally reimbursed CSPs for the costs of retaining comms data under current legislation in RIPA (The Regulation of Investigatory Powers Act 2000).

He added:

80 per cent of this expenditure is through a pilot project established by the Home Office to ensure value for money and auditing of payments to industry. Under this pilot, a subset of providers are reimbursed directly by the Home Office, with the money then recharged to operational agencies.

Brokenshire also revealed that the total estimate for such payments made last year to comms providers stood at £15m.

That's an interesting figure when one considers what that could mean for the already budget-squeezed bobbies if the draft Communications Data Bill had passed through Parliament in its current form.

Charles Farr, who is Director General of the Office for Security and Counter Terrorism, is leading the charge for more powers to snoop on British netizens. He has previously told politicos that around 50 per cent of the highly-questioned £1.8bn price tag placed on the Communications Capabilities Development Programme (CCDP) would be used to pay CSPs for storage of the data.

The report highlights this by pointing out the Home Office has estimated compensation costs of £859m over a 10-year period.

Ultimately that suggests the police could be faced with much higher costs - with today's £15m figure creeping up to anything as high as £85m each year.

That said, as CSPs have repeatedly complained, those estimations of payment are full of assumptions because the Home Office failed to seek the advice of comms providers when drawing up the draft bill.

Costs being plucked out of thin air was one of the reasons why May's bill so spectacularly failed to pass the pre-legislative select committee scrutiny test and it's also why those figures are now being picked apart and reassembled by the Home Office.

But the fact remains that the police could end up footing a hugely expensive bill to cover the costs of data retention in order that they can access the supposed 25 per cent shortfall of information that they apparently need to catch criminals and terrorists online.

The Register asked the Home Office to explain more about the pilot scheme mentioned by Brokenshire. It told us:

The Home Office is running a pilot scheme where cost recovery for certain communications service providers is managed by the Home Office itself.

One advantage of the scheme is that a single body examines claims for reimbursement on behalf of all law enforcement, ensuring greater scrutiny and value for money.

The Home Office does not comment on specific charges and services made by communications providers.

Secure remote control for conventional and virtual desktops

Next page: How to make DPI fly

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.