The UK's intelligence services should install "probes" for deep-packet inspection of the country's web activity, according to a report from the Intelligence and Security Committee -- the justification for which is based on "pretty heroic assumptions", the head of MI5 has testified.
The Communications Bill -- currently in its draft stages -- is the present government's proposal to make it easier to keep track of what Britons do online. It is, unsurprisingly, controversial, with critics labelling it a "Snooper's Charter". We've covered before on Wired.co.uk that Twitter believes the provisions in the bill could leave it in a " legally untenable position", while Nick Clegg has been immensely critical of Theresa May's support for it. This report from the Intelligence and Security Committee, however, specifically looks at whether the intelligence and security services need the bill to remain effective.
The need for the invasive "probes" comes from the challenges law enforcement and intelligence agencies are facing keeping track of how individuals are using the web -- the report states that current legislation "does not cover the problems of emerging technology", and thus "consideration must, therefore, be given to a new approach".
The bill is quite careful to make the distinction between what it defines as communications data and communications content. Data constitutes the record of a communication, but not the content -- a timestamp, say, or a record of a phone call, or the sender and receivers of an email. Right now, a warrant is needed if the police or intelligence services want to access the content of someone's web activity, and the bill doesn't seek to change that.
Law enforcement agencies are entitled to request communications data without a warrant under the current law, though, but the problem the bill seeks to address is that, increasingly, that information doesn't actually exist. This is problem, as that data is used by many different law enforcement agencies (and even sometimes local authorities) to establish connections between suspects in initial investigations. The report states that around 500,000 requests are made every year for such communications data in the UK (though this means 500,000 devices are implicated -- there are likely fewer individuals whose data is being requested).
In the past, the report points out, the content service providers were often the same as the people providing the infrastructure their services ran on. To find out who someone had phoned in the 1980s required little more than calling up BT and asking for that person's billing history. However, on the web, the companies that provide access -- ISPs and phone networks -- aren't the same people who provide communications services such as Twitter or Facebook. Finding out who sent a Facebook message from one account to another can require coordinating permissions from several different organisations spread around the world.
Mobile phone contracts with unlimited data, calls or texting plans mean there's no reason for providers to keep billing info for their customers' every action.
That adds up to what the report calls the "capability gap" -- the Home Office's estimate "that there is a 25 percent shortfall in the communications data that public authorities would wish to access, and what they are currently able to access", and that "left unchecked, this gap will increase to 35 percent in two years' time".
It's at this point that the report points out that this figure is controversial, because the Home Office couldn't really justify in its written evidence exactly how it calculated this figure. Jonathan Evans, director general of MI5, told the committee that the sums relied on some "pretty heroic assumptions". The report passed over this part, accepting that focusing on the precise size of the gap "can also detract from consideration of the problem itself" -- how to respond to any gap, no matter how large.
Part of the Communications Bill proposes forcing British companies to hold records even if there's no economic incentive for them to do so (such as for billing purposes), something the report quotes as costing ?859m over ten years. That's attracted its own controversies from those, like Jimmy Wales, who see it as a privacy nightmare in the making.
However, the capability gap would still exist with foreign companies like Twitter and Facebook. That leaves the need for deep-packet inspection of all web activity in and out of the United Kingdom as the only way to collect the necessary data from overseas communications. Hence, deep-packet inspection presents "the best available option".
The report redacts the oral evidence offered by government officials that reassured the committee that "the government has options in dealing with the challenge encryption poses". If deep-packet inspection becomes standard it would not be surprising to see people encrypt their web activity as standard. That the committee sees the prospect of a democratic government regularly targeting decryption tools at its own citizens as an acceptable state of affairs is not going to reassure those who worry about the civil rights and privacy implications of the Communications Bill.
The committee also rejects the suggestion that communications data should only be accessible with a warrant, and states the current system is fine -- any change "would not be a positive step, and would affect [intelligence] operational work".
Image: Shutterstock
Source: http://www.wired.co.uk/news/archive/2013-02/06/uk-government-spy-internet
cheryl burke sarah burke mega upload santorum wins iowa archer ibooks 2 ifl
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.