ISPs: UK.gov should pay full costs of Snooper's Charter hardware
And Terrible Theresa accused of deceit over comms data definition
IPB The Internet Services Providers' Association (ISPA) today told a Parliamentary committee that the government should bear the full cost of extra infrastructure needed to support the snooping databases authorised by the Investigatory Powers Bill.
The lobby group's response to the joint committee's call for evidence also claimed that the Home Secretary had mis-characterised communications data when she claimed it was "simply the modern equivalent of an itemised phone bill".
Such criticisms echo those of IT lawyer Graham Smith, who previously criticised this description of communications data to The Register by saying: "We didn't read books over the telephone, but as an entirely accidental by-product of communications technology, our reading habits are now trackable."
Impact on business
The Home Secretary's £257m estimate for the costs of implementing the bill's provisions was somewhat short of the potential £2bn cost – which the government has resolutely buried its head in the sand over.
The ISPA complained that the subset of providers consulted about the impact of the bill was too small, adding "it is not clear whether the indirect effects have been considered by the Impact Assessment."
Additional IPSA complaints related to "the need to procure new hardware to meet new obligations and the high costs of storing large volumes [of] data that would follow."
At present, the Draft Bill only guarantees that the contribution of the Government to a provider's costs cannot be zero but we believe that, for the two stated reasons, it is important to enshrine full cost recovery on the face of the Bill.
The current draft would enable future Governments to scale back their contribution to costs and thus not only put providers at a commercial disadvantage but also risk undermining an important safeguard.
"More information needs to be provided on how the application of Clause 189 (4)(c) would impact providers and services that are widely used by citizens and corporations in the UK" stated the group.
Clause 189 (4)(c) states that the Government may impose an obligation on a provider to remove "electronic protection" which most have taken to mean encryption.
The response calls for the committee to "investigate this area in more detail" and noted that "end-to-end encryption" which a provider must be unable to decrypt has become more common since the current rules were drafted.
As El Reg has noted in the past, the draft Investigatory Powers Bill is careful to avoid using the word database – although a database of citizens' personal lives and habits is exactly what is authorised by Clause 51 of the bill.
ISPA stated that the "request filter effectively creates a single distributed database of communications data that is retained in the UK. This database not only allows for simple searches but also complex profiling queries. As such it is a very powerful tool that makes the complex analysis of communications data more easily achievable for public authorities."
Accordingly, it will be important to ensure that it the request filter is built in such a way that it provides reliable results, but also that the use of the filter is subject to appropriate proportionality tests.
This will need to take into account that the request filter interferes with the rights to privacy of all people whose data is considered as part of a query and not just those people whose data is included in a result.
Moreover, there is a need for tight safeguards to ensure that the powerful Communications Data Request Filter is not abused.
The ISPA response was filed on Wednesday morning, before the Parliamentary committee receives witnesses in the afternoon. Among those witnesses is NSA whistleblower Bill Binney, formerly a technical director of the US surveillance agency, who will claim that mass-surveillance is an ineffective security process which will "cost lives in Britain." ®
ISPA contacted The Register after the publication of this story to inform us: “ISPA was requested to remove the written evidence it submitted to the Joint Committee on the Investigatory Powers Bill from the ISPA website by the Joint Committee. Their guidance states that submissions become the property of the Committee and should not be published elsewhere until the Committee has done so itself.”
Sponsored: The Nuts and Bolts of Ransomware in 2016