UK.gov plans central database for all
Brown team plots Ripa redux?
The Brown government is considering a central database of all UK communications data including times and durations of phone calls, emails and internet access for every British citizen.
The draft bill is still being considered by ministers and a Home Office spokeswoman told us no decision had yet been reached.
The spokeswoman told The Register: "Ministers have made no decision on whether a central database will be included in that draft bill." She refused to compare the proposed legislation to Ripa, as it is still only a proposal.
Under the Regulation of Investigatory Powers Act passed in 2000 and the Anti-Terrorism Crime and Security Act 2001, companies like telcos and internet service providers already have to keep this information in case it is needed by a police or security service investigation.
It appears what is different now is that this information will be actively collected and stored in one place by the government. Reports on the proposals suggest authorities will still need to go to the courts to gain access to the database. However, such a massive amount of data will be ripe for speculative data-mining and fishing techniques, rather than more targeted searches.
More to the point, given this government's gross incompetence in safeguarding any of our data, having all our comms info in one place has to be a major concern.
Under Ripa police or other authorities like local councils can approach service providers and demand access to anyone's communications data.
The Assistant Information Commissioner, Jonathan Bamford, said: "If the intention is to bring all mobile and internet records together under one system, this would give us serious concerns and may well be a step too far. We are not aware of any justification for the state to hold every UK citizen's phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable...
"We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky; the more data that is collected and stored the bigger the problem when the data is lost, traded or stolen... If there is a problem with the current arrangements, we stand ready to advise on how they can be improved."
The government is blaming Europe for the changes. The European Data Retention Directive seeks to ensure that investigators have access to this information, as they do under existing UK law, but does not call for centralised, government-run databases.
The directive was issued in response to the terrorist attacks in London in 2005. It applies only to information around communication - the time and duration of your chat, not its actual content. It aims to harmonise regulations so that data is stored for "not less than six months and not more than two years from the date of the communication".
The proposed bill also ignores at least two actual problems which law enforcement struggles to deal with. Unregistered mobile phones and VoIP services like Skype mean that the proposed law will catch only the densest of criminals.
Paul Vlissidis, technical director of NCC Group, said: "My first thought was "this is the start of the silly season" - essentially all the information they are talking about is already retained. If they are talking about a central, additional database then by definition that adds more risk. It would need best-in-class security and we haven't seen much evidence of that from government IT in recent months."®
Sponsored: Becoming a Pragmatic Security Leader