Posted: 20th Feb, 2012 By: MarkJ
The UK coalition government's controversial and hugely unpopular £2bn
Communications Capabilities Development Programme (CCDP), which threatens to expand existing ISP based
internet snooping laws (
data retention) to cover more than just your basic email and website access logs, now looks set to be officially proposed as part of this year's
Queen's Speech (May 2012).
The CCDP was first revealed in July 2011 (
here) after being hinted at in the government's October 2010
Spending Review (
here). The proposals represent a revival of the previous Labour government's hugely unpopular
Interception Modernisation Programme (IMP).
Labour's IMP was ultimately shelved over criticism of the fact that it would have allowed too many public bodies to have access to the data, which could have resulted in abuse. Everybody from local councils to the NHS and even Royal Mail might have been given access. But since then the security services (MI5, MI6 etc.) are understood to have
lobbied hard for its revival in the CCDP.
At present a
voluntary code already requires broadband ISPs to maintain a basic
log of their customers email and website accesses, but not the content of your communications, for a period of up to 12 months. By comparison the new plan would be more mandatory and could expand its cover to include
social networking sites (Facebook etc.),
online role-playing games (World of Warcraft etc.) and even
Instant Messaging (Twitter, MSN etc.).
Home Office Statement - Communications Data (July 2011)
The UK communications market is one of the most highly competitive and technologically driven in the world. This means we now have access to many new forms of internet based communications, such as social networking sites, online role-playing games and instant messaging.
Criminals use new technology to communicate with each other and to target their victims. The police need to keep up with modern communication methods to be able to investigate serious crime. This is essential in protecting public safety.
Much of our current capability is based on an era of fixed and mobile telephones and was not designed to deal with the growth in the use of the internet. With internet service providers often based abroad, and fewer communications being itemised for billing purposes, investigative capability is declining.
A report in
The Telegraph suggests that the government would store direct messages between Twitter subscribers and even communications between online video gamers (all of those are private, just like emails). But at this stage the official policy has yet to be outlined and as a result much of this remains highly speculative.
Some solace should be taken from how the government states that its system would track the "
who, when and where" of each message, which means access logs and
not the content of your communication. The government apparently began negotiations with ISPs and internet firms almost two months ago.
As before, it's expected that ISPs and internet firms would need to manage the data logs themselves, which caused some cost concerns before and is likely to do again. The security services would also be granted "
real time" access to phone and ISP logs of people they wanted to place under surveillance.
A Home Office spokesman said:
"It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public.
We meet regularly with the communications industry to ensure that capability is maintained without interfering with the public’s right to privacy.
As set out in the Strategic Defence and Security Review we will legislate as soon as Parliamentary time allows to ensure that the use of communications data is compatible with the Government’s approach to civil liberties."
The move risks running contrary to the coalition governments own May 2010 commitment to "
end the storage of internet and email records without good reason", although they claimed last year that the CCDP approach is "
not about developing new, more intrusive powers". Few will see it that way.
Jim Killock, Executive Director of the Open Rights Group (ORG), said:
"Labour’s online surveillance plans have hardly changed but have been rebranded. They are just as intrusive and offensive.
The coalition opposed Labour’s plans in opposition . Now, despite civil liberties commitments from Conservatives and Lib Dems, Home Office officials are planning to push through the same online surveillance capabilities.
They are not telling Parliament, and hope they can slip commitments to build these new surveillance plans before the politicians really know what they are proposing.
The plans are a huge waste of time and money, as well as being a huge intrusion on our civil liberties. Online government surveillance is the last thing we need right now."
Darren Farnden, EntaNet UK's Head of Marketing, said in July 2011:
"The problem with the IMP/CCDP is not only the huge privacy issues that it throws up but also the immense technical challenges. [We are concerned about] the feasibility of communications providers such as Entanet being required to collect and store this immense amount of data.
We also raised concerns over the security of this data and how the government expects to protect it from potential hackers. Let’s face it, the Government doesn’t have the best track record in this area. We have had everything from lost laptops to website hacks in the past."
The UK Internet Service Providers Association ( ISPA ) has this week also called for the new proposals to be "
proportionate, respect freedom of expression and the privacy of users, and are widely consulted upon in an open and transparent manner".
Ultimately we'll have to reserve judgement until the official policy document surfaces, which will show precisely what the government has planned. Meanwhile the criminals will probably find ways to mask and encrypt their communications anyway (e.g. VPN etc.).
Suffice to say that the CCDP will face many obstacles, not least with the technical and legal challenges of gaining access to such logs from overseas firms / services.
UPDATE 20th Feb 2012A BT spokesperson told ISPreview.co.uk: "
This is for the Government to comment on. BT adheres to all legislation applying to its activities and co-operates fully with law enforcement agencies."
UPDATE 21st Feb 2012An article on
ZDNet reveals that the ISPA has not "
been directly told" about the new policy, which isn't uncommon as the government often initially engages with larger ISPs in isolated of the ISPA itself. This frequently happens when discussing big policy issues.
However, ISPs would not be able to help with the governments expanded data gathering remit, which requires a separate engagement via the affected internet companies (e.g. Facebook, Twitter etc.).