Plans for the introduction of new internet surveillance technology which will give the UK Government the potential for an insight into its population unparalleled in history were announced in the Queen’s Speech.
The proposals will allow the intelligence agencies to analyse the details of all the internet activity of the UK citizens, including browsing history, email, internet messaging, social media accounts and voipfone – phone calls made using internet technology – communications.
In the speech the Queen said: “My government intends to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public subject to scrutiny of draft clauses.”
According to intelligence experts, the emergence of the internet as a means of communication and the adoption of new technologies such as the cloud, social media and mobile has presented an opportunity to produce profiles of people and monitor their behaviour in a way that has never been possible before.
Analysis of the data, which it is rumoured the Government will require internet service providers and telecommunications companies to store for a minimum of a year, will enable to security services to identify terrorists and criminals, by searching the data for patterns of abnormal behaviour.
The move to introduce the system has provoked an outcry among civil liberties groups and could threaten the stability of the Government due to outright opposition to the measures from the Liberal Democrats who claim that they are being locked out of discussion on the matter.
According to Julian Huppert, the Liberal Democrat MP for Cambridge, who has been tasked by Deputy Prime Minister Nick Clegg with monitoring the issue because of his Cambridge science background, the Liberal Democrats have not been provided with any details on the measures despite request to the Home Office.
“The Home Secretary has refused to tell us what is in the proposal,” said Huppert. “I think the Home Office is very confused about what its doing. What they appear to be talking about we would be extremely opposed to,” he added.
The discord among the coalition is particularly ironic, as according to Michael Drury, the GCHQ lawyer responsible for the drawing up of the Regulation of Investigatory Powers Act, the phone monitoring legislation that the new measures are expected to supersede, Nick Clegg was considered to be the most effective opponent of RIPA.
“When were drafting the first RIPA legislation, the most sensible and informed commentator on the issue was Nick Clegg,” said Drury, who left GCHQ two years ago, and now works in commercial practice for BCL Burton Copeland.
Concern over the developments has already resulted in a flurry of activity from privacy groups with Privacy International convening an emergency, ‘Scrambling for Safety’ debate, on the issue at the London School of Economics two weeks ago, which included former Conservative Shadow Home Secretary David Davis, Huppert and the director of Liberty Shami Chakrabarti among others.
‘the global landscape has changed in the last 10 years. Known security threats have given way to new ones that have been conceived to avoid detection. The techniques available to law and order have not kept pace with the ever increasing sophistication of modern communications infrastructure’
“Quite why this is needed has not been made clear, or why it needs to be done so quickly with so little consultation,” said Eric King who monitors surveillance technology for Privacy International. If this was so crucial then we would have expected it to have been in place before the Olympics but there is no way it is going to ready in time for that, because this will take at least a year to be set up.”
The reason for the sudden impetus given to the plans is not clear. According to some observers the Government has been looking to introduce the measures since 2006 with the pressure for the changes coming from the Home Office.
“There is a very real and sustainable fear that the amount of protective intelligence available to those who undertake the analysis of communications data is falling, unless you take some real steps to require the retention of data. I think that is a fair and real fear,” said Drury, adding that the population’s blurring of communications, switching from email to the phone, text and internet messaging in a matter of minutes had made the intelligence agencies’ task much more difficult.
Drury also stressed the ephemeral nature of data as the reason for the requirement to store a pool of data.
Insiders say that the initiative is being pushed by Charles Farr, the Director General of the newly-formed Office for Security and Counter Terrorism, who recently commented that “Communications data from internet-based services is not always available; for some internet-based services it is not generated, collected and stored by the internet service provider. Many service providers are based overseas,” he said.
“About 25% of requests for communication data by the police and agencies can no longer be met. This has a direct impact on the investigation of crime in this country and our ability to identify and then prosecute criminals and terrorists.”
According to ISPs approached by the Government over the proposed changes, the point has been stressed that changes in communications introduced by the internet have meant that many people are now using overseas-based communications companies.
Coincidentally the pressure for the reform of the UK’s laws on surveillance have occurred at exactly the same moment as protests in the US have started against the passing of the Cyber Intelligence Storing and Protection Act by the US Congress which the Obama administration has vowed to veto.
Opposition to the plans is not just coming from politicians and activists, who are worried about the costs of the technology and the implications for their relationship with their customers, telecommunications companies are privately expressing a profound disquiet about the measure.
“We all want to be good citizens and we understand the need for the intelligence services to be able to monitor the activities criminals and terrorists.
“But we have grave concerns about exactly how that information is obtained, partly on grounds of cost, partly on grounds of practicality, but mostly our concern is about the privacy of the individual and the activities of the intelligence agencies,” said Colin Duffy, chief executive officer of Voipfone and a board member of the IT Service Providers Association, which represents internet phone companies.
The detail of what is being proposed has not yet been made available.
According to information gleaned by Huppert and the privacy activists, the proposals will involve the creation of stores of internet activity data held by the service providers that the Government will be able to access and interrogate remotely and analyse very fast.
Whether this will involve the housing of a ‘black box’ in the communications system of the service provider or a direct cable link into the internet company’s database is not clear but according to observers, the Government has now talked to all of the internet companies about its objectives including social media sites like Facebook, cloud and search companies such as Yahoo and Google and the voipfone and instant message companies.
“We know that they have spoken to everyone apart from Skype,” said PI’s King, adding: “but as Skype is owned by Microsoft I can’t see them not co-operating.”
Quite what the technology can do is impressive VasTech, a South African company that advertises its business on the web as being network recording and passive surveillance produces a system called Zebra which is simply for call analysis. Zebra’s marketing materials state that the problem is a ‘gap in the intelligence picture that the criminals slip through’.
The solution, according to VasTech, is ‘massive passive surveillance technology for recording communications from satellite and terrestrial networks, unfiltered and uncompressed,’ Zebra VasTech states can provide ‘power without compromise. The Zebra records, stores and analyse billions of calls uncovering crucial intelligence. Zebra takes automated intelligence gathering to a new level.
The VasTech system’s marketing also states that it can also identify ‘key relationships between stakeholders. Valuable insight on the structure and operation of syndicate networks are obtained. Speaker identification reveals unknown numbers and new mobile numbers used by targets.’
A number crunching capability that can reduce even the largest population to a manageable size and one that VasTech is not alone in offering to a market that now includes every advanced country in the world alongside many states with poor human rights records.
Worldwide surveillance web
“All the advanced countries in the world have now deployed advanced intelligence systems to varying degrees but they all do have these systems,” said Dr Bjoern Rupp, the chief executive officer of GSMK Cryptophone, an expert on phone interception who has worked as an advisor to the German government.
According to Rupp, the monitoring technology can, just on the basis of the phone information culled under the existing RIPA legislation, give governments a frightening degree of information on the activities of individuals.
“The current data hides a lot of information inside so you can easily determine not just who called who, but who was travelling from where and when and how many people that they were in contact with.”
Adding in additional information from the internet makes the potential profiling ability of the systems even frighteningly powerful according to Rupp.
“From the data you can employ advanced data mining technology and then find out for instance not only who the person is but you can then profile that person to find similar people to them in the database.
“You can effectively say to it I’m trying to find a certain person and the system will generate that person for me even though I don’t know them yet.”
Social control fears
For Rupp it is a power that is a massive danger for civil liberties as well as privacy.
“The underlying issue is that once you store the data it’s very easy for the data to be misused. The UK is a state where the rule of the law is very well enforced in other states where the rule of law is not so well enforced the data is not only going to be misused it is going to be used at will.
“The trend in intelligence support systems is that these are systems that are installed by governments to monitor the telecommunications behaviour of the population.
“The trend in the systems is to correlate a lot of data from various sources and to allow you one, to profile an individual to great detail and much greater details than was possible 10-20 years ago and two, the system allows you to profile abnormal behaviour.”
An amount of data that is already comprehensive, call analysis patterns already yield information about an individual’s status in a group, mobile phone records are overlaid onto that to provide location and travel pattern data, this data is linked to online commercial databases providing information on spending and personal tastes and family situation.
According to Rupp, so powerful are the computer systems now in use by Government’s around the world that they can assign a value to an individual for a pattern of normal behaviour, gathered from a routine monitoring of that individual, but any deviation from that pattern of normal behaviour will register on the system and can be grouped into numerous different types of patterns.
A method that has already been employed by some companies in office computer systems, where intelligent software looks through an employee’s computer use and will alert the company to any change in the ‘normal pattern of behaviour of an employee,’ changes that will normally indicate changes in an individual’s personal circumstances such as money worries or relationship problems and will lead to the individual being placed on a watch list.
A situation that may perhaps be justifiable in a work environment but one that becomes extremely invasive and questionable when applied to personal communications.
Costs and legal issues
But according to Trefor Davies, chief technology officer of the internet service provider Timico, it is a situation that we are ironically happy to accept if it involves organisations other than the Government.
“The odd thing about this is that we actually not really talking about much more data than Google holds, but I think that there are other issues other than that,” said Davies who was also one of the panellists at the recent Scrambling for Safety debate.
“There are lots of issues that need to be thought about here – there is the practicality of what they are doing because this is going to cost a lot of money and then there is the issue of putting in a system that is a serious threat to privacy.”
In a nutshell all of the concerns that will be exercising the Government, which is claiming that the system should only cost £2bn and is evidently optimistic about being able to balance the last two factors.
Others are putting the costs much higher, according to civil servants the costs of £2bn are hard to see and insiders are privately mentioning figures closer to an eventual cost of between £15-£20bn.
Costs aside others are pointing out that there are actually greater issues for the Government to consider.
Sir David Omand, the former head of GCHQ, in a recent report for the thinktank Demos called for changes to the existing legislation to allow the monitoring of internet communications but insisted that, that monitoring needed to be placed on a clear legal footing and the public needed to be confident it was not being abused.
A point echoed by Voipfone’s Duffy: “The thing that really worries me about this is that if the rumours are true about what the Government wants to do is that it will change the relationship of ordinary people to the Government.
“We are supposed to be policed by consent. If we are simply surveilled without any controls or consent then I am going to change my behaviour and so I am demonstrating that I don’t give my consent.
“At the moment we have a regime where the people wanting to obtain this information have to go through a transparent and accountable process and that needs to stay if we are to have confidence in these changes.”
Need for transparency
It is this transparency that lies at the heart of the Government’s problems.
According to Drury, when RIPA was drafted it did not envisage the development of social networks or ‘the cloud’.
“How do you define and safeguard for the future? It is a very difficult thing to do given that no-one knows what developments will occur next and no-one really knows what the future development of social media sites will be to take one example,” said Drury, adding that the Government faced very real issues in the drafting of the legislation.
“I think that there is a case that due to technological change that we may be on the edge of what can legislated for under the law, any statute may be potentially unwieldy and there may be a case to look at a set of principles, defined by a code and regulated by a standing committee.”
Another issue highlighted by Drury was the possible problems of transparency in any court case based on information obtained by using such a system, as it would become necessary to say how the individual had been found and that revealing that information as it would alert those being sought to how they were being found.
Those opposed to the proposed changes have received support from an unexpected quarter. Melissa Hathaway, who had been widely expected to take the post of Barrack Obama’s first Cyber Czar
Hathaway, who has been expounding a policy of information age openness since leaving the Obama administration for personal reasons, said that in the internet age it was essential to encourage transparency from all sections of society to generate trust.
“I believe it is very important to have the law govern the Government so that people can see accountability in action.”