When Labour ministers say ‘we’re listening’, this is what they really mean — and it’s frightening
Last week the Labour government revealed its plans to create a national cyber-database to hold details of every phone call, text, email and visit to the internet, as part of its plan to fight terrorism and crime. Internet service providers and telecoms companies will be required to give their records to the Home Office, where the data will be held for at least a year. Police and other security units will be allowed access if permission is granted by the courts. The government claims the proposal comes as part of plans to implement an EU directive developed after the 7 July bombings to bring uniformity of recordkeeping among member states.
The proposal set alarm bells ringing for both human rights and security experts. The Information Commissioner Jonathan Bamford warned that the database was ‘a step too far’ and that the UK was in danger of ‘sleepwalking into a surveillance society’. ‘Holding large collections of data is always risky,’ he said. ‘The more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen.’ There are also business and economic implications. Susan Hall, an IT specialist at the law firm Cobbetts, points out the huge costs this could impose on ISPs, which would be required to keep traffic data for every internet connection made and every email sent by their clients. ‘Your ISP will be required to retain billions of records. Even though storage is cheaper and broadband is faster — making it easier to gather this kind of data — ISPs will still need potentially to spend millions of pounds building the virtual capacity to standardise this data.’ One of her principal concerns is that the sheer scale of the data storage requirements has been seriously underestimated by the sponsors of this Bill. ‘Think of your daily inbox, and multiply the traffic data for that, plus your mobile phone, plus your daily internet usage by the number of computerusing people in the country, bearing in mind that “computer using” now extends to smart phones like BlackBerrys — and you get a sense of the problem.’ The main problem will be creating the database in an easy-to-access form: a technical challenge for the industry, and a frightening concept for its customers. The problem, says Ken Munro, director of penetration and security testing at NCC Group, is that ISPs, phone companies and VoIP (Voice Over Internet Protocol) companies, who may be included as well, all keep their data in different formats. ‘This project is all about linking lots of different databases together and making them easier to query. You have to ask how much this will cost — the NHS database linking hospitals with GP surgeries is costing around £4 billion — why should this be any different?’ Hall thinks that if the proposal becomes law it will push many businesses to take their internet business elsewhere, using ISPs based outside the UK to avoid having their records captured in a potentially unsafe database. ‘We’ve seen significant breaches of security lately: think of the child benefit data being lost. What’s to make this more successful or secure than any other government database?’ Munro says the other option is for businesses to encrypt their emails beyond recognition by the authorities. The question remains whether the threat of a terrorist attack justifies the significant costs that creating such a database would impose. On this, Hall has an even more depressing thought to offer. ‘Given the glacial speed of government computer projects, if the security safeguards are cutting-edge at the time they’re designed, they’ll be Neolithic by the time the system goes live.’
Edie G. Lush
Previous page
