More like this

Business

Arrow

Government

UK's internet spy law: £250m in costs could balloon to £2 BILLION

Just look at IMP. Or CDB

Analysis The Home Office has revealed some of the costs associated with its proposed Investigatory Powers law – but the final price tag could arguably run into billions of pounds.

At present, Secretary of State Theresa May's department has estimated a price tag of £247m over a 10-year-period to cover the costs of communications data and oversight.

Government estimates for previous abandoned bids to legislate for greater surveillance of Brits' online activity were far higher. For example, Labour's Interception Modernisation Programme carried a £2bn price tag, while May's Communications Data Bill would have lifted an estimated £1.8bn from the public purse.

However, the current £247m does not take into account the potential costs for interception of bulk personal data and hacking into computer systems. Costs associated with those "policy provisions" are marked as "N/K" – not known.

The only breakdown of estimated costs the Home Office does offer in its "Overarching Impact Assessment" [PDF] for the draft Investigatory Powers Bill – which was laid before Parliament on Wednesday – relate to communications data (£187.1m) and oversight (£59.9m).

It's unclear where the comms data figure comes from, but according to industry sources, little or no consultation has taken place on costs so far. The Home Office may therefore be referring to cost estimates [PDF] outlined in 2012's draft Communications Data Bill (CDB).

As The Register noted in early 2013, Charles Farr – Director General of the Office for Security and Counter Terrorism – previously estimated to MPs that around 50 per cent of the highly-questioned £1.8bn price tag placed on the Communications Capabilities Development Programme (which morphed into CDB) would have been used to pay communications providers for storage of the data.

Those compensation costs of around £859m to be paid to ISPs over the course of 10 years were widely dismissed by the industry, which complained at the time that those estimations of payment were full of assumptions.

The reason? The Home Office had failed to seek the advice of comms providers when drawing up its draft bill.

May's department said in its latest Impact Assessment that:

There would be minimal increases above existing baseline costs for interception, equipment interference, and bulk personal data.

The government can openly say this now, after May disclosed to Parliament that Brit spooks have, for years, been using section 94 of the 1984 Telecommunications Act to intercept bulk communications data of people in the UK.

The Home Office added in its assessment:

The costs of the Bill are primarily in relation to increased cost of establishing a new oversight body (led by the Investigatory Powers Commissioner), including accommodation, overheads, running costs, and the administration of a new warranty process.

The provisions in the Bill in relation to internet connection records and the request filter for communications data have associated costs to business, which are reimbursed by government.

Section 185 of the draft IPB [PDF] notes that telcos should "receive an appropriate contribution in respect of such of their relevant costs as the Secretary of State considers appropriate".

However, we'll have to wait and see exactly what price tags are applied to these particular provisions once the proposed law has been scrutinised by politicos and peers and re-drafted. By then, we may have a better idea about whether ISPs would be required to suck up any hidden costs that could ultimately hit the pockets of their customers. ®

Sponsored: Global DDoS threat landscape report