UK.gov to unveil reborn, renamed net-snoop plans in Queen's Speech

If at first people protest, try telling them on Sunday


The Coalition's plans to hugely step up surveillance of the internet aren't new - indeed they date from well before the Coalition - but readers could be forgiven for thinking it's all brand new this morning after a quick look at the national newspapers today.

David Cameron's government first published its intentions to snoop on the net back in November 2010, about six months after his Tory party formed a coalition with the Lib Dems, but in fact these plans represented no more than a rebranding of New Labour's "Interception Modernisation Programme".

The Home Office said at the time of the relaunch that it hoped to implement "key proposals... for the storage and acquisition of internet and e-mail records" by June 2015. UK.gov further noted that legislation could be brought in "if necessary".

Then last July, Home Secretary Theresa May signalled more clearly that the previous Labour government's shelved £2bn Interception Modernisation Programme (IMP) was definitely coming back to life.

At that point May outlined a new, or at least newly named, counter-terrorism strategy - dubbed CONTEST - and added that it would include a resurrected IMP.

The CONTEST document released by the Home Office made it clear that legislation would "be brought forward" to address what it described as a "technology challenge". That challenge relates to how terrorists use the internet.

IMP was supposed to be stood up at spook headquarters GCHQ in Cheltenham, to help security services monitor difficult-to-tap tech such as peer-to-peer communications.

The proposed government-snooping plan was stalled until after the 2010 General Election, however, following criticism from civil liberties groups in the UK.

Labour of course lost that election, but the idea of IMP never went away. It was instead effectively rebranded by May's department as the "Communications Capabilities Development Programme [CCDP]", which was squarely aimed at tackling perceived threats from rapidly-evolving encryption and other technologies which have increasingly made it difficult even for government agencies to intercept voice and text mobile communications.

The Sunday Telegraph ran a story about CCDP in February, which appeared to us to show that the broadsheet was simply catching up on old news. Now The Sunday Times has added to that coverage by running a story yesterday that was leaked to the Murdoch paper from a "senior civil servant" at the Home Office.

It would appear that the story is being managed: the government is looking to make sure that CCDP is an old news story well ahead of the Queen's Speech to Parliament on 9 May. Sundays - especially Sunday April the 1st - are good days to have potentially unpopular news reach the population at large.

The only nugget of information that a Home Office spokesman was willing to toss to The Register last month was to confirm that CCDP would be in the Queen's Speech and that the government planned to "legislate on it as soon as possible."

Last month, Tory MP David Davis - who heavily criticised Labour's IMP proposal when in opposition - asked Home Office undersecretary James Brokenshire if his department had been in talks with the Internet Service Providers' Association over consultation on CCDP.

"Home Office officials have met with the main industry associations representing internet service providers and communications service providers to discuss the cross-Government Communication Capabilities Development programme," the minister said on 8 March.

"These meetings have included the Internet Service Providers' Association whose advice has been sought on how and when to engage with all interested internet service providers, as part of the department's ongoing engagement strategy with industry."

As for yesterday's Sunday Times story, we now know that under the new proposed laws spooks will not need a warrant to know who communicates with whom and when they do so - this allows large scale data-mining and analysis. Such hands-off interception can tell spooks a lot, without ever requiring them to read an email or listen to a call: one of the things it can uncover, in fact, is which among millions of conversations, messages, webpages etc etc might be worth looking at or listening to. This kind of monitoring has been a grey area until now, with some saying it's illegal without a warrant and others - including various large commercial concerns, as well as government agencies - arguing that it isn't unless and until individuals are specifically targeted.

Actually looking and listening to the content of communications (as opposed to just the headers and addresses) currently requires a warrant under the existing Regulation of Investigatory Powers legislation. However readers should note that even today this would typically be a secret warrant signed within the relevant ministry by the relevant minister, not one obtained from a judge: and as these ministers (who also have many other calls on their time) must already sign large numbers of interception warrants - often covering many people, phone numbers or other identifiers which realistically they must assume are listed justifiably - it's questionable just how much supervision the spooks are under here. They certainly won't be under more once the new kit and plans are in place.

Quite apart from legal powers, it's expected that such an ambitious project will cost billions of pounds to implement, in part because of the large amount of kit that will need to be installed throughout the UK's communications infrastructure to allow GCHQ to copy "on demand" any internet traffic sent in the UK in "real time". It's still unclear how much of the burden will be borne by private-sector entities such as ISPs - who are already required to keep extensive records - and how much by the taxpayer.

Social networks like Facebook and Twitter - being, after all, just another means of handling packets in the end - as well as online video games could all be tapped by spooks under the new plans, according to the ST report.

Such capabilities would require thousands of Deep Packet Inspection probes to be inserted throughout the country's net infrastructure that would need to be regularly configured to keep up with the changes to how services exchange comms data. Part of the problem with IMP was that the £2bn price tag for implementing such a project over 10 years was simply too low.

Civil liberties campaigner Guy Herbert labelled the CCDP plan "an astonishing waste of money."

He said: "It is not very far from a bug in every living room that can be turned on and turned off at official whim. Whatever you are doing online, whoever you are in contact with, you will never know when you are being watched. And nobody else will either, because none of it will need a warrant." ®

Similar topics


Other stories you might like

  • Research finds consumer-grade IoT devices showing up... on corporate networks

    Considering the slack security of such kit, it's a perfect storm

    Increasing numbers of "non-business" Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations' threat models.

    According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: "When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents."

    The company surveyed 1,900 IT decision-makers across 18 countries including the UK, US, Germany, the Netherlands and Australia, finding that just over three quarters (78 per cent) of them reported an increase in non-business IoT devices connected to their org's networks.

    Continue reading
  • Huawei appears to have quenched its thirst for power in favour of more efficient 5G

    Never mind the performance, man, think of the planet

    MBB Forum 2021 The "G" in 5G stands for Green, if the hours of keynotes at the Mobile Broadband Forum in Dubai are to be believed.

    Run by Huawei, the forum was a mixture of in-person event and talking heads over occasionally grainy video and kicked off with an admission by Ken Hu, rotating chairman of the Shenzhen-based electronics giant, that the adoption of 5G – with its promise of faster speeds, higher bandwidth and lower latency – was still quite low for some applications.

    Despite the dream five years ago, that the tech would link up everything, "we have not connected all things," Hu said.

    Continue reading
  • What is self-learning AI and how does it tackle ransomware?

    Darktrace: Why you need defence that operates at machine speed

    Sponsored There used to be two certainties in life - death and taxes - but thanks to online crooks around the world, there's a third: ransomware. This attack mechanism continues to gain traction because of its phenomenal success. Despite admonishments from governments, victims continue to pay up using low-friction cryptocurrency channels, emboldening criminal groups even further.

    Darktrace, the AI-powered security company that went public this spring, aims to stop the spread of ransomware by preventing its customers from becoming victims at all. To do that, they need a defence mechanism that operates at machine speed, explains its director of threat hunting Max Heinemeyer.

    According to Darktrace's 2021 Ransomware Threat Report [PDF], ransomware attacks are on the rise. It warns that businesses will experience these attacks every 11 seconds in 2021, up from 40 seconds in 2016.

    Continue reading

Biting the hand that feeds IT © 1998–2021