Entanet Warn “not clear or workable” UK Internet Spying Bill Will Pass

Shropshire-based broadband and telecoms provider Entanet has warned that the Government’s controversial Investigatory Powers Bill (IPB), which will force ISPs to snoop on their customers, is “not clear or workable” but still “looks certain to become law within weeks.”

The IPBill proposes various changes and chief among them is a new requirement for ISPs to retain Internet Connection Records of all their subscribers (i.e. your details + what websites and servers you visited) for a period of up to 12 months, which can then be provided to various public bodies and the security services upon request (a police warrant is only required for more detailed interception).

However ISPs, especially smaller providers, frequently warn that the technical details of this system and how it would work have yet to be fully clarified. On top of that the new approach would impose a significant financial burden upon them, which is likely to cost dramatically more than the Government’s thinly researched estimations (upwards of £175m+). Some are even predicting a figure well north of £1 billion; the government will only pick-up part of the tab for this.

The latest draft revision of the IPBill was officially published in March 2016 (here) and has already made it through the House of Commons, with only a few minor amendments. The bill is now headed for the House of Lords where it may face greater scrutiny, although Entanet and many other ISPs don’t expect much to change.

Paul Heritage-Redpath, Entanet’s Product Manager, said:

“The current IPB is not clear or workable by any stretch of the imagination. To our dismay, following its third reading, Labour has now lent its support to the Bill, which passed in the Commons with a majority of 444 to 69; the SNP, Liberal Democrats, and Green Party voted against it.

Home Secretary Theresa May MP, said that the Bill had received ‘unprecedented levels of scrutiny’. We’re not at all convinced by this statement; the Public Committee that has been scrutinising the IPB is made up of 20 MPs, none of whom, as far as we are aware, are experts in the Internet or security. Consultation with industry has been scant at best.

The concern for MPs is perhaps that the industry will come up with all sorts of objections (as it already has, quite independently) and slow the Bill’s passage down.”

The Shadow Home Secretary, Andy Burnham MP (Labour), has at least joined with others to continue his calls for greater clarification of what ICRs actually constitute and who should have access. “I believe the threshold at which ICRs can be accessed must be higher. At present, the Bill sets it at any crime. I do not think it is necessary or proportionate for information held in ICRs to be accessed in connection with lower-level offences,” said Burnham in April, before adding that too many public bodies can still access the data.

Paul Heritage-Redpath added:

“We have watched the progression of the IPB carefully and we feel it needs much more scrutiny and input from the industry. Like ISPA, we believe that it is important for the government to bring forward new legislation but the current Bill is still a long way from being clear or fair.

Another issue that was raised last week by Gavin Newlands, is the cost impact that keeping ICRs is going to have on ISPs; it is estimated this could be anywhere between £1 billion and £3 billion. We’ve argued in the past that it is unfair that ISPs should have to shoulder the burden of this cost and that the likely outcome is that the extra costs will be passed on to the consumer. But until we know what an ICR actually is, we have no hope of calculating what the cost is likely to be.

In summary, this is a Bill that the government seems to be pushing through quickly for political as well as practical reasons; has not been properly and thoroughly thought-out, lacks clear guidance and definition; and will almost certainly lead to an increase in costs for customers.”

Entanet’s opinion appears to be almost universally shared by other ISPs and civil liberty groups, which all fear the aggressive encroachment of mass state surveillance upon ordinary law abiding citizens.

However for ISPs it’s arguably the cost and technological challenges that create the most concern, both of which are difficult to factor when you have a bill that looks set to become law before anybody is quite sure about how to either implement or pay for it.

Broadband provision in particular is a very low margins business and asking ISPs to implement a system that would impose a disproportionately huge cost is ultimately something that will surely be felt in the price we all pay.

UPDATE 2:12pm

The Regulatory Manager for Zen Internet, Gary Hough, has also given some input on the cost side of things.

Gary Hough, Zen Internet’s Regulatory Managed, agrees:

“Whatever the figure currently being bandied about, I’m of the opinion that this bill, if it was to be introduced as it is currently written, would certainly cost many, many millions more than the government’s figures to date. And remember too this is not just the ISP community having to store data. It also includes hosting companies, content providers such as Facebook, Google etc too so the ongoing costs could stretch into the billions.

It’s not just the physical design, build and implementation of doing this that costs but the ongoing management that includes the ongoing storage; the hardware upgrades and replacement for end-of-life kit; the security of the data and continual training of staff; and we know that this will rise year-on-year as traffic grows. This isn’t a ‘store-it-for-12-months-once-only-exercise’ before deleting the data, it’s an ongoing cost forever and a day.”