The Information Commissioner has commented on the Home Office's wretched plan to scrap the current system of obtaining Communications Traffic Data from the Communications Service Providers i.e. the telecomms and internet companies, and instead slurping all those log files into a massive centralised, and secret, Government database
15 Jul 08 - A communications database would be 'a step too far' (.pdf)
Speaking at the launch of his annual report,
Information Commissioner Annual Report 2007 - 2008 (.pdf)
Richard Thomas will say: "I am absolutely clear that the targeted, and duly authorised, interception of the communications of suspects can be invaluable in the fight against terrorism and other serious crime. But there needs to be the fullest public debate about the justification for, and implications of, a specially-created database - potentially accessible to a wide range of law enforcement authorities - holding details of everyone's telephone and internet communications. Do we really want the police, security services and other organs of the state to have access to more and more aspects of our private lives?
"Speculation that the Home Office is considering collecting this information from phone companies and internet service providers has been reinforced by the government's Draft Legislative Programme which, referring to a proposed Communications Data Bill, talks about 'modifying procedures for acquiring communications data'."
See our previous blog article Communications Data Bill announced:
Will there be strict limits and adequate safeguards regarding exactly who has access to such retained log files ?
Will there be a cheap, easy, rapid, fair and decent error correction and complaints procedure for individuals and businesses ?
Will there be criminal penalties for data abusers, generous financial compensation and prompt public apologies from senior officials and politicians when, not if, things go horribly wrong ?
Can pigs fly ?
Richard Thomas believes that there has not been sufficient parliamentary or public debate on proposals to collect more and more personal information without proper justification, citing the expansion of the DNA database and the centralised collection and retention of data from Automatic Number Plate Recognition (ANPR) cameras as two recent examples.
The Information Commissioner is not being tough enough - he should be threatening to prosecute the Home Office for planning to breach the fundamental principles of Data Protection, with this disproportionate scheme.
This Home Office scheme would circumvent even the weak auditing and alleged safeguards provided by the single, censored and increasingly deliberately delayed annual reports to the Prime Minister, of the Interception of Communications Commissioner and the Intelligence Services Commissioner.
It would make it easier for secret disproportionate speculative "data trawling" through innocent people's data, instead of narrowly targeted, proportionate searches of actual terrorist or serious criminal suspects.
It would also allow secret exports of the data to foreign governments, without any oversight from the UK RIPA Commissioners, or any private individuals or companies in the UK.
This plan would circumvent even the weak auditing and alleged safeguard provided by the single, censored and increasingly deliberately delayed annual reports to the Prime Minister, of the Interception of Communications Commissioner and the Intelligence Services Commissioners, and would presumably make it easier to do speculative "data trawling" through innocent people's data, instead of narrowly targeted, proportionate searches of actual terrorist or serious criminal suspects.
These RIPA Commissioners are even weaker than the Information Commissioner, as they have no legal powers to prosecute any abuses, and no budget to investigate any complaints from the public.
The Earl of Northesk has asked four Questions in the Lords about the Home Office's Interception Modernisation Plan. The Home Office's former Admiral Lord West of Spithead fails to convince us that the Home Office has any clue about the technical feasibility or costs involved in this project, even to the nearest billion pounds - i.e. a replay of the wretched ID Cards scheme all over again.
Part of this Interception Modernisation Plan presumably, includes the secret centralised Communications Traffic Data snooping database.
The Earl of Northesk's Questions:
Home Office: Interception Modernisation Programme
The Earl of Northesk asked Her Majesty's Government:
What are the aims of the Home Office's interception modernisation programme. [HL4465]
8 July 2008 : Column WA76The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead): The objective of the interception modernisation programme (IMP) is to maintain the UK's lawful intercept and communications data capabilities in the changing communications environment. It is a cross-government programme, led by the Home Office, to ensure that our capability to lawfully intercept and exploit data when fighting crime and terrorism is not lost. It was established in response to my right honourable friend the Prime Minister's national security remit in 2006.
So they have been working on this Plan for at least 2 years, but, as the rest of the Answers show, they still do not have a detailed technical specification of exactly what they want to do, and therefore no clue about even approximately how much it will cost !
The Earl of Northesk asked Her Majesty's Government:
Whether the current Comprehensive Spending Review allocation contains any financing for the Home Office's interception modernisation programme; and, if so, how much. [HL4466]
Lord West of Spithead: As part of the Government's Comprehensive Spending Review (CSR 07) a central bid was made to HM Treasury on behalf of the security and intelligence agencies. Funding for IMP was included in the bid, and the exact programme allocation across the CSR years is currently being finalised between the Home Office and HM Treasury.
"on behalf of the security and intelligence agencies" i.e. not on behalf of the regional Police forces. Will they have access to this new surveillance infrastructure for free ?
The Earl of Northesk asked Her Majesty's Government:
What are the Home Office's current budgetary estimates for demonstrating the feasibility of the interception modernisation programme. [HL4467]
Lord West of Spithead: A significant proportion of the programme investment over the CSR period will be used to test feasibility and reduce the risk associated with implementing the proposed IMP solution. The private sector is likely to play a major role in this work and the programme will be conducting a competitive tender and entering commercial negotiations to commission its services.
The tendering processes are not yet complete and therefore the budget for the feasibility and de-risking activities is not finalised. For this reason, a precise figure cannot be given at this time.
The Earl of Northesk asked Her Majesty's Government:
What are the Home Office's current budgetary estimates for the interception modernisation programme. [HL4468]
Lord West of Spithead: The interception modernisation programme (IMP) will require a substantial level of investment which will need to tie in with the Government's three-year CSR periods. The scale of overall economic investment is very difficult to calculate because of the complexity of the project and wide ranging implementation solutions currently being considered.
Given this complexity and the commercial and national security sensitivities, the precise costs of the programme cannot be disclosed. Further detail on budgetary estimates for the IMP will, however, become available once the draft Communications Data Bill is published.
8 July 2008 : Column WA77
These Answers demonstrate that the Home Office has no clue about precisely what they even want to achieve, let alone a realistic plan for how to go about it cost effectively.
This is just like the ill fated ID Cards scheme all over again.
See the BBC Radio 4 IPM programme interview with mobile telephone company security insider Stuart Ward, who is rightly worried that the telecomms and internet companies will be forced to simply hand over their customers' data into a secret, unaccountable black hole, with the planned installation of UK Government "network probe" snooping devices, within the private sector telecomms and internet infrastructure.
BBC Radio 4 IPM look set to be investigating the Communications Data Bill some further:
http://www.bbc.co.uk/blogs/ipm/2008/07/communications_data_bill_cause.shtml
Her Majesty's Government Communications Centre (HMGCC) absorbs 80% of the Hanslope Park estate and also is home to MI6's Technical Security Department (TSD), staffed by SIS operatives who process and analyse data sent from GCHQ in Cheltenham and Menwith Hill in North Yorkshire, especially data intercepted from the foreign embassies in London.
They have a spanking brand new 3 story building (left of centre) over 6500 square metres of floor space – under construction , on a former car park, valued at £30Mn. Ostensibly Foreign and Commonwealth Office's (FCO) new Information and Communications Technology Centre supposed to be on stream now.
It would not be much of a stretch to believe that "trials" are already underway and they are more than fully aware of costs because they can hide any damn thing they want under SIS budgets which have mushroomed.
This would be an ideal place to integrate any "sharing" of data with UKUSA et al.
Working on the basis that if it is possible tit will be done, there is no impediment whatever to anyone gaining access.
Some people have always assumed this is really the reason why SIS do not want to produce intercept evidence... close questioning in public is not something they want to happen.
@ Edward - assuming that the new Information and Communications Technology Centre building at Hanslope Park also has to cope with its existing tasks of communicating with Embassies and Consulates in over 200 countries around the world, it does not look to be big enough to handle all the proposed Communications Traffic Data snooping on its own.
Alan Turnbull's Secret Bases website has a couple of photos:
http://homepage.ntlworld.com/alan-turnbull/secret.htm#HMGCC
Any such national scale system, part of the Critical National Infrastructure would require at least two major hub sites, at least 50 miles apart.
The leaked British Telecom document describing the illegal Phorm unencrypted web traffic snooping trial (a technical problem of a similar scale) estimated that over 300 servers, switches, load balancers etc. would be required to cope with just BT's broadband customer traffic, and that is only a fraction of the total UK internet and mobile phone and landline phone traffic. BT did not have enough server hosting rack space available for such a project.
c.f. BT internal report leak on illegal secret Phorm test
There have been plans for a certain number of "black boxes" installed at major ISPs and telcos, under the Regulation of Investigatory Powers Act through the National technical Assistance Centre, originally set up under MI5 and the Home Office, but now under the control of GCHQ and the Foreign and Commonwealth Office.
Whether these are at all sufficient, will be unknown until the Home Office actually publishes a detailed technical specification of exactly what they are trying to do, in sufficient detail for private sector suppliers estimate price and delivery i.e. exactly what the Home Office have failed to do with the National Identity Register scheme.