Skip Navigation

Data monitoring service to cost four times what UK Gov invests in broadband
Thursday 14 June 2012 18:34:16 by Andrew Ferguson

It is almost impossible to not draw comparisons with the card index systems, and survelliance society that was a reality in East Germany, and new plans to monitor who we communicate with in the online world. What is surprising is the £1.8 billion estimated cost for carrying out this new level of monitoring which is likely to involve the 12 largest providers. The Government appears concerned so much with criminal activity online, that it is willing to spend four times as much as will be invested via the BDUK/local authority projects. The cost is justified apparently as the benefits are likely to be estimated at £5bn to £6.2bn, though exactly how one estimates the benefit financially of protecting children online is difficult, reading the draft bill itself gives a good clue, taxation is mentioned an awful lot, as in chasing those who evade it.

The new plan is an extension of RIPA, but the new data sources, which are likely to cover areas such as websites visited (but not full URL's), who we talk to on social networks, play online games with and send emails to. The aim it seems to allow the intelligence services, police, HM Revenue and Customs and SOCA will have access to the contact logs which will have to be retained for twelve months, with greater detail available via a warrant.

It is the need to delve deeper into the packet data to go beyond source and destination IP address, to create the logs that authorised authorities will be able to apply for via the courts for access that will represent most of the effort in the technical implemenation. The reason being that it may require social network operators such as twitter to reveal information about their communication protocols and encryption that helps to keep users personal data secure.

"Whilst we appreciate that technological developments mean that Government is looking again at its communications data capabilities, it is important that powers are clear and contain sufficient safeguards.

We welcome the additional scrutiny the Bill will face in parliament and we will be seeking to address our key points during this process. ISPA will be working closely with its members over the coming months to ensure that the full breadth and range of industry is heard. We want to ensure that the proposals are clear, proportionate and fit for purpose."

Statement from Internet Services Providers' Association

For those who pay all their taxes on time, don't talk to terrorists and are not engaged in other serious crime, then there will be little to worry about, and while those questioning the proposed bill are being labelled conspiracy theorists, given other nations past experience with survelliance reliant policy suggest a strong degree of concern is healthy.

While the full-time criminal will simply learn how to evade capture, just as over the years burglars have largely learnt to wear gloves, there is a danger that some totally legal businesses may decide to not use the UK as their operational base, costing the UK money and jobs.


Posted by GMAN99 over 5 years ago
Well that just says it all really. Looking to pay more on snooping that investing in future broadband, that wad of money would help a lot of rural areas
Posted by dsf58 over 5 years ago
I don't support most of his politics but David Davis I think sums up the futility of this type of activity:

“If they really want to do things like this – and we all accept they use data to catch criminals – get a warrant. Get a judge to sign a warrant, not the guy at the next desk, not somebody else in the same organisation.

“The only people who will avoid this are the actual criminals, because there are ways around this – you use an internet cafe, you hack into somebody’s wi-fi, you use what’s called proxy servers, and they are just the easy ways.”
Posted by billford over 5 years ago
Quote: "...which is likely to involve the 12 largest providers"

Good news for the small providers? :-p
Posted by camieabz over 5 years ago
It is slightly galling that 1.8bn is used for snooping and BB expansion projects, or jobs creation. Create more jobs, increase the tax take, fund the BB rollout, and then there will be more income and more reason to snoop (with more of the country connected). As usual the law makers and politicians have it all the wrong way round, due to the paranoia of the largely uninformed, and in no small part to those who commit these crimes (be they career criminals, file sharers or threats to the state).
Posted by alexatkinuk over 5 years ago
What a complete waste of money, as criminals need only avoid the 12 largest providers and job done.

Small ISPs will never be able to handle the infrastructure needed to do this so they will either remain outside the law or be forced to close.

Then even if you are on one of the affected ISPs you need only use encryption to some server outside the UK to do all your dirty work, and you are immune.

I can't help thinking all this system will ever be used for going after movie pirates.
Posted by prlzx over 5 years ago
I do feel there is a touch of "Emperor's New Clothes" about the proposals as described so far.

For instance take web-based email (e.g. GMail, Hotmail, Yahoo Mail). The notion that the ISPs will have the "email header" (From/To/Date/Subject) seems to be a flawed assumption that it is just like a desktop mail client.

Mail clients using vanilla POP/IMAP/SMTP will be easy, but has nobody given a 10 minute briefing to a minister "What is HTTPS"? (and then SSL/TLS email client settings).

Will ISPs see any of this unless they perform man-in-the-middle attack?
Posted by prlzx over 5 years ago
... or do politicians actually believe everyone still uses a supplied BT / Virgin / TalkTalk / O3 / AOL email address, with a POP account setup in Outlook Express?

Grand plan to splurge a load of cash on ISPs saving 12 months of logs:

"Bob visited Hotmail, Twitter, Facebook (dates/times).
We don't know who he spoke to because pf HTTPS. Go ask services individually.
Oh and in the daytime Bob is out a work so we only have logs for evenings and weekends. You'll have to go speak to his 3G / work ISP / local Starbucks / McDonalds to get the missing info"
Posted by tommy45 over 5 years ago
Typical, they cry poverty and announce cuts and threaten the most vulnerable in our society(jobless ,disabled)and then go an spend a hideous amount of money on something that isn't necessary, As for circumventing their efforts , this could easily be done, so will be a complete waste of tax payers money,
Posted by GMAN99 over 5 years ago

"What a complete waste of money, as criminals need only avoid the 12 largest providers and job done."

Hahah indeed. I can see an new small niche ISP on the horizon.
Posted by AndrueC over 5 years ago
And yet you can probably /still/ find people who think we'd be better off if BT were nationalised.
Posted by AndrueC over 5 years ago
Reading email headers is silly anyway. They can be faked. Every. Last. One of them.

Anyone in the know can send an email claiming to come from anyone they want and apparently not addressed to the recipient. As long as the headers parse that's all most clients and servers care about.
Posted by andywhy over 5 years ago
How about the government focuses on getting us out of the recession before they start spending money they don't have? It pisses me off that they are even considering this, given that anyone in the know how will find a way to circumvent the monitoring anyway with encrypted VPN's and the likes.

No wonder this country has gone down the pan... Time to emigrate I think.
Posted by andrew (Favicon staff member) over 5 years ago

That is the idea, i.e. man in the middle attacks to break apart headers/HTTP POST and GET to the info.
Posted by Password_Forget over 5 years ago
I have my own website and use that for email, it's https, so does that mean my ISP ( Talk Talk ) can't give the government the details they need. ?

Does https stop this in it's tracks or do they have the equipment to break through https. ?
Posted by chrysalis over 5 years ago
this shows where their priorities lie really.

I said the email monitoring wouldnt be cheap, although this is also probably inflated as well to help a few make a profit in the process.
Posted by mike41 over 5 years ago
As usual, a succinct report which goes to the heart of the problem. Thank you Andrew.
Posted by cyberdoyle over 5 years ago
Spot on Andrew. The digital economy act and the feckless MPs who got whipped into wash up have a lot to answer for.
What a complete and utter waste of our money when it could go into getting connections to rural people still on dial up. For once me and Gman99 agree.
Posted by GMAN99 over 5 years ago
I find it amazing that their is (quite rightly) outrage about phone hacking and yet the government thinks its fine to spend a ton of cash on spying on everything we do on the Internet. This "oh we won't look at the content" rubbish, who is monitoring them monitoring us?

Hopefully it will be another government u-turn that is the only thing they seem to be good at
Posted by GMAN99 over 5 years ago
Another thing our clueless government wont have considered is just how attractive this "service" will be to hackers.

All of that personal sensitive information all stored in one place and I presume transferred elsewhere regularly, its a total goldmine for id theft, people were worried about Phorm! This is a million times worse.

Its a total honeypot for hackers and you can bet anything they'll get in and get the data. Why would hackers bother about credit cards anymore when they can get that info and so much more and its all sat there in one place waiting to be stolen.
Posted by Saurus over 5 years ago
Journalist Duncan Campbell has spent much of his life investigating Echelon. In a report commissioned by the European Parliament he produced evidence that the NSA snooped on phone calls from a French firm bidding for a contract in Brazil. They passed the information on to an American competitor, which won the contract. Got this from BBC article from 1999! This snooping is probably the backlash from MP's after being caught stealing taxpayers money!
Posted by rian over 5 years ago
This is just crazy. This is nowhere to keep UK safe but waste of money. Are we going after some Asian countries?
Posted by Joppy over 5 years ago
@prlzx, even with encrypted email the recipients and subject cannot be encrypted. Even PGP messages cannot do that without breaking the email.

So time to move to Sweden and start a VPN company or buy shares in one!
Posted by otester over 5 years ago
Well they are going to need these tools when they make dissidence illegal.
Posted by Password_Forget over 5 years ago
Creeping ever closer to the 1984 vision of society.
Posted by AndrueC over 5 years ago
@Joppy:I think you're wrong there. There's nothing in email headers that has to be correct. It probably has to be syntactically valid (although a simple server implementation might not bother even with that).

SMTP is basically just like FTP. The sending server connects then tells the receiving server which mailbox(es) it wants the data putting into - using the RCPT command. There's no need for the server to read the headers and there isn't much in there a client cares about either.

The only thing about STMP that is even close to forensically sound are the server logs.
Posted by darren_mccoy over 5 years ago
They will do a U-turn AFTER they have "spent" the money!
Posted by bjmccourt over 5 years ago
Isn't it intriguing that at the same moment as the ConDem Government declares Rupert Murdoch “unfit to run a multinational company” due to his continual turning a blind-eye to hacking people’s Emails and phone calls, that that self-same Government wishes to do precisely the same thing to the public at large. Will this lead to a substantial reduction in unemployment as the next step will presumably be to have every letter and parcel you receive or send being opened and checked for "illicit" materials - just like your E-mail or postings online?
Posted by bjmccourt over 5 years ago
Is everyone to be considered guilty till they can prove prove their innocence? Always suspected that the implementation of that "double jeopardy" law would lead to - seems it was to be the thin end of the stick with which to beat the people of the UK. Thank the Stars I'm a Scot and we'll soon be able to say "bye-bye" to this nutty bunch in Westminster. !
Posted by Password_Forget over 5 years ago
I'm Scottish too but if you think Alex Salmond is the answer then think again, he will lead us into the Euro and screw up our economy, anyways enough politics, i agree with you regarding the hypocrisy of calling Murdoch unfit and yet they want to be able to read all our emails etc etc.
Posted by uniquename over 5 years ago
And your ISPs in an independent Scotland will be ...?

Don't imagine that they will not have to implement this for Scottish customers. As they operate in England they will be subject to English law.
Posted by drteeth over 5 years ago
They will just set up Scottish shell companies. Next problem please...
Posted by bjmccourt over 5 years ago
As a matter of reality - forgive the "anyway enough politics" breach - but YOU will decide whether WE join the Euro - NOT Alex Salmond - this IS a democracy we are setting up in Scotland , NOT a dictatorship! Sorry to be so "off-topic" people! It is all related ideological stuff though - isn't it? I assume we ALL want democratic freedom to be a sustainable reality.
Posted by Airidh over 5 years ago
Possibly also a bit off topic, but my wish is that the Governemnt would spend the money on getting the tax system to work properly before they try aything _really_ difficult. Can you imagine this new scheme getting into such a mess as the Inland Revenue?
Posted by Airidh over 5 years ago
Sorry - "anything"!
Posted by Password_Forget over 5 years ago

If you believe that you'll believe anything, politicians lie all the time and once elected they break promises, Salmond wanted the Euro but now it's all going belly up he is quiet on the matter.

I don't trust politicians and promises.

You must be logged in to post comments. Click here to login.