back to article UK's internet spy law: £250m in costs could balloon to £2 BILLION

The Home Office has revealed some of the costs associated with its proposed Investigatory Powers law – but the final price tag could arguably run into billions of pounds. At present, Secretary of State Theresa May's department has estimated a price tag of £247m over a 10-year-period to cover the costs of communications data …

Page:

  1. This post has been deleted by its author

    1. allthecoolshortnamesweretaken Silver badge

      All the figures in political projects published in early stages are essentially made up. All of them, no matter what project, no matter on what level from local to nationwide.

      The dates usually have only marginal connection to the actual project at hand, but correlate with other, far more importand dates like election dates and the timeframe for campaigns or when a specific player in the fiels is supposed to move on or retire. And so on.

      The sums usually have to fit a certain corridor, i.e. low enough to be okayed, large enough to qualify for subsidies, and so on.

    2. Tony S

      @1980s_coder

      "After all, this is draft legislation at the moment."

      This is true; and as you quite rightly say, there is scope to add a lot more stuff before the ink dries on the final version of the act. Some of that is probably going to be expensive.

      However *normally*, before it gets to the draft stage, there will have been at least some discussion, so that they have figures to put before the treasury. The civil service used to have (and I think still do) whole rooms of people that spend all day analysing and putting together financial projections on many things that never even see the light of day. (I spent some time last year working with a guy that had been involved in some of this work)

      I suspect that they do have some numbers and that they are eye wateringly high. But if experience tells us anything, those numbers will be on the low side. So I'm betting that at this stage, they are keeping it vague, hoping to generate some support for the concept first. If the plans accepted, the costs then tend to be seen as less relevant, which would make it easier to push the bill through.

      That's politics.

      1. Anonymous Coward
        Anonymous Coward

        Re: @1980s_coder

        @Tony S

        However *normally*, before it gets to the draft stage, there will have been at least some discussion, so that they have figures to put before the treasury. The civil service used to have (and I think still do) whole rooms of people that spend all day analysing and putting together financial projections on many things that never even see the light of day. (I spent some time last year working with a guy that had been involved in some of this work)

        I have been (not by choice) been one of those "people in a room" and if my experience is anything to go by, making up the figures is as good a description as any as we were tasked to come up with figures for something for which there was no data at all. You are left in a position where you are expected to come up with numbers in days, but don't even have the faintest where to begin so the approach taken was to do a what if, assume the time and effort and look at general prices of new tech when developed for that specific environment. But it still meant you were dreaming it up from assumptions, and because of the lack of time it is also quite plausible that you have overlooked something that could snowball into real money.

        The "cost" as put together for this legislation appear exactly like that, because no sensibly democratic nation has decent figures for mass surveillance. That is because they either don't do it (which is the only really democratic approach given that nobody wants it unless you keep them scared senseless with baseless horror stories), or they do it on the sly and overspend because nobody can really control fiefdoms built on hidden budgets.

        Never. again.

    3. Ledswinger Silver badge

      @1980s_coder

      After all, this is draft legislation at the moment.

      And so you think it a sound idea to even draft legislation on the basis of incorrect, incomplete, or simply absent data? That's worked out well before, hasn't it, looking at energy policy, defence procurement, HS2?

      This is the usual shit headed policy making by politicians and civil servants spending other people's money. Their pensions are index linked and state guaranteed, they really, genuinely couldn't give a shit about how much their poorly informed, misguided decisions cost the rest of us. And in this case not only are we on the hook for a vast bill, but what we get in return is the biggest assault on civil liberties ever undertaken by a supposedly democratic government.

    4. Smooth Newt Silver badge

      Maybe the fact that the costs are not yet known suggests that they are still unsure at this stage of the final extent of the scope of the bill. After all, this is draft legislation at the moment.

      More likely "unknown" gets a better response than derision for putting a politically palatable figure, or horror from a realistic estimate. "Not known" makes it harder for people to argue the point.

      Draft legislation is only draft because they haven't gone through the motions of generating consultation bum-fodder. Governments are obliged to carry out consultations, but they are free to ignore the results.

      1. Sir Runcible Spoon Silver badge

        They should make all this shit payable by the political party in power that implements it. It would disappear quickly enough then I'm sure.

        I don't know if it's my subconscious working overtime or if I'm starting to see omens, but the number 666 has cropped up in my awareness in lots of odd places over the last couple of weeks (like, dozens of times).

        1. Anonymous Coward
          Anonymous Coward

          "They should make all this shit payable by the political party in power that implements it. It would disappear quickly enough then I'm sure."

          This shit has turned up several times in the last decade, under both main parties and under coalition; it's not just politicians. Perhaps the costs - all of them, including any third party / consequential ones - should be taken from both the Parliamentary and senior Civil Service payrolls .....

    5. Warm Braw Silver badge

      They are unsure in the sense that the bill gives powers, but the Home Secretary has discretion to excercise them as she sees fit. The actual sum won't be known until the details of the orders made under those powers become known.

    6. Alan Brown Silver badge

      "Maybe the fact that the costs are not yet known suggests"

      That they're fully aware of how much it could end up costing but want to keep that hidden away so it will pass.

      Civil disobedience in the form of https everywhere and programs which randomly crawl the Internet can easily push those costs even higher.

    7. AlbertH

      Maybe the fact that the costs are not yet known suggests that they are still unsure at this stage of the final extent of the scope of the bill. After all, this is draft legislation at the moment.

      Errrrr no. The reason that they don't know the costs is because they're entirely clueless about anything vaguely technical. The amount of data they're proposing to store is gigantic, and will only massively increase in volume as we all start adopting "auto browsing" to keep our machines on the 'net 24/7 to screw with their stats.

      I've just written some scripts for Raspberry Pi that will keep it seemingly browsing a huge range of sites continuously. Just add a couple of these to your home network (as long as you don't pay usage-related charges), and they won't have a clue about your browsing habits, and you'll massively add noise to their data collection system.

      The sheer quantity of the data they're proposing to record isn't actually very practical, and it's our duty to make their data useless!

  2. John Smith 19 Gold badge
    Gimp

    299 pages and *no* full cost estimate. I smell a PATRIOT (act) game.

    You know a lot of those clauses will be filler with the real nasties buried deep. Lots of usual talk about the 4 horsemen IE Paedos, terrorist, drug traffickers and money launderers.

    Also beware stuff like "Data to be be retained will be listed in Appendix X"

    Where "Appendix X" is a) Subject to change later on (by "Statutory Instrument" or some other method with no judicial or democratic oversight ) or b) Includes an "And any other data the Home Secretary deems necessary" clause.

    Yet another round of data fetishists play time.

    1. Tim Jenkins
      Coat

      "Lots of usual talk about the 4 horsemen"

      Don't think I've seen that one. Is it available on rotten dot com?

      ( data fetishists play time sounds good too)

      /eyebleach

    2. Anonymous Coward
      Anonymous Coward

      Re: 299 pages and *no* full cost estimate. I smell a PATRIOT (act) game.

      from my (limited) experience with various government documents, you missed a c), which is "Appendix X" - this page can not be displayed, please try again later.

    3. PaulR79

      Re: 299 pages and *no* full cost estimate. I smell a PATRIOT (act) game.

      "4 horsemen IE Paedos, terrorist, drug traffickers and money launderers."

      I'm aware of what most of those are but I'm terrified at the prospect of anyone still using Internet Explorer.

  3. Danny 2 Silver badge

    Laughing all the way to the Banksy

    Sorry for being off-topic on a great article, but I bet Banksy would be worth £2 billion if he'd copyrighted his work. Anyone can copy his stencils, with a bit of practice do better original ones, but people rip buildings apart to ship them abroad for auction. He really has proven his point that the art world is insane.

    1. Sir Runcible Spoon Silver badge

      Re: Laughing all the way to the Banksy

      He has also quite successfully created a platform upon which he can disseminate any message he likes to the rest of the world and have it heard.

      It's hard to buy that kind of exposure and still retain credibility.

      1. Danny 2 Silver badge

        Re: Laughing all the way to the Banksy

        I agree, just like Warhol and Picasso did. They made their point(s), sold out in their own lifetimes, and still are above reproach.

        I must be stupider than sin to realise this and still be this poor. Wanna buy an early sketch of mine while it's still cheap? Guarantee I'll kill myself once I'm a millionaire.

  4. Zog_but_not_the_first Silver badge
    Big Brother

    Cut *your* benefits

    To pay for *our* benefits?

  5. Disgruntled of TW
    FAIL

    Show us the experts ... name them.

    It is about time that civil servants and security experts who are spewing out these figures and business cases were named, to make them more accountable for the immense cockup that looms ahead. Their track record is abysmal and unlikely to improve. Why should we give them another bite at the cherry? Get experts who know what they are doing, and can build business cases based on facts, or STOP with the trying.

    1. allthecoolshortnamesweretaken Silver badge

      Re: Show us the experts ... name them.

      I'm with you, but ain't gonna happen.

  6. Anonymous Coward
    Anonymous Coward

    The rule of thumb

    ...used to be that an eventual project cost was 3 x the estimate of the engineers - and 10 x the estimate of the salesman. In this case the politicians are the salesmen and the engineers apparently haven't been asked.

    1. Jimmy2Cows
      Thumb Up

      Re: The rule of thumb

      Indeed. I'd be amazed if the final bill only reaches 2 billion, given that was about the level of previous cost estimates for IMP and CMB.

      Following that rule, 6 - 20 billion is more likely.

      Funnily enough (but not haha funny), their targeted 12 billion saving from benefit cuts lies pretty much bang in the middle of that range...

      Financially cripple the poorest in society and spy the crap out of them for no overall cost increase. I'd like to believe gov can't sink any lower, but I'm sure they'll find some way to outdo themselves.

  7. Zmodem

    waste of money, when you can just force microsoft, and other browsers into sending your history, or sysncing it with a remote server, then let everyone patch the dll

    echelon is suppose to look for keywords and take your number

    1. Afernie
      Facepalm

      Err...

      Sorry, just so I'm clear here... you think that patching every web browser in Britain (presumably including the FOSS ones) with custom spyware every time a new version comes out is a cheaper way of monitoring web browsing history than slurping the data in bulk in the data centre? You don't happen to work in government already do you?

      1. Zmodem

        Re: Err...

        the FBI pays every company a $1million to add backdoors to everything

        1. Afernie

          Re: Err...

          Leaving aside the meaning of the term Open Source, I'm sorry, but unlike in the 1960s, One Million Dollars doesn't stretch very far these days

          1. Zmodem

            Re: Err...

            its enough to get a back door added to PGP etc

            its a waste of money, and its better spent on bringing back crisis loans to cover people`s first month of work if they have to sign off when they get their first full wage

            1. Afernie

              Re: Err...

              "its enough to get a back door added to PGP etc"

              No. It isn't. PGP is a standard, not just a piece of software sold to people. Gpg, the GPL implementation is open source and under the GPL, meaning that we all have the source code and we all can see the changes.

  8. johnaaronrose

    One of proposals is that all web browsing details will be help by ISPs for one year so that MI5, police etc may look at it. AFAIK TOR will stop this idea working. I can see all terrorists / IS / bigtime criminals using TOR, disk encryption, phone call encryption & SMS encryption as routine by the time this act is passed. Am I correct in the above?

    1. Danny 2 Silver badge

      "Terrorists / IS / bigtime criminals" already do use encryption, they have done for years.

      This is about your doctors, your lawyers, your politicians being nobbled by the state. It's about population control, not crime reduction.

      1. Zmodem

        who exactly cares about what people brought at argos and your supermarket, the rest of the internets is rubbish and why most people just use tablets

        1. Anonymous Coward
          Anonymous Coward

          "and why most people just use tablets"

          please remember to take yours

        2. fruitoftheloon
          FAIL

          @ZModem...

          Zmodem,

          I think you are more than a little out of your depth here.

          How do you think 'tablets' receive & send information eh ?

          Carrier pigeons/telekinesis...

          Please do a bit of thinking next time.

          Regards,

          jay

      2. John Smith 19 Gold badge
        Unhappy

        "Terrorists / IS / bigtime criminals" already do use encryption, they have done for years."

        "It's about population control, not crime reduction."

        These are the usual excuses for this sort of law.

        That they are used does not meant they actually mean anything.

        1. Daniel von Asmuth Bronze badge
          Trollface

          Re: "Terrorists / IS / bigtime criminals" already do use encryption, they have done for years."

          Never mind. That still leave a big amount of unencrypted information.

          The consequence of all this intelligence gathering is that foreign groups who dislike Britons need only break into the government's big data warehouse and download all in bulk. Thus you become more vulnerable.

    2. Anonymous Coward
      Anonymous Coward

      Yes but lets be realistic they can already access most of those things. Phone and SMS encryption isn't any good. TOR isn't perfect and most people tend not to understand how it works and use it wrong so end up making the whole thing pointless.

      Unsure what the the real end game is for all this as they claim encryption makes things hard but thats only the case if you don't have the keys. And for almost all common tools, and communication methods in use today they have.

  9. g e

    wget -b -r --delete-after --wait=1 --random-wait --limit-rate=100k http://www.wikipedia.com

    See title, substitute URL of your choice.

    1. Anonymous Coward
      Anonymous Coward

      Re: wget -b -r --delete-after --wait=1 --random-wait --limit-rate=100k http://www.wikipedia.com

      Sorry, that'll produce relatively few database entries with a single incrementing field. Your best bet (like I posted yesterday) would be to start with 1.1.1.1. Of course SNI makes this incomplete, I don't know of any good way to dump the zone files of .com, .net, .etc (there isn't a .etc is there?)

      1. Anonymous Coward
        Anonymous Coward

        Re: wget -b -r --delete-after --wait=1 --random-wait --limit-rate=100k http://www.wikipedia.com

        You could probably fill their logs much faster using something in UDP. For TCP they can generally log the individual sessions, with UDP they'd probably need to start logging each of the packets.

        1. Anonymous Coward
          Anonymous Coward

          Re: wget -b -r --delete-after --wait=1 --random-wait --limit-rate=100k http://www.wikipedia.com

          surely wget -b -r -p --delete-after --wait=1 --random-wait --limit-rate=100k http://www.gchq.gov.uk/press_and_media/news_and_features/Pages/draft-investigatory-powers-bill-announced.aspx

          ?

  10. Fonant

    What is an ISP, legally-speaking in the context of this proposed new law?

    Obviously Talk Talk and BT Internet are ISPs, but what about me? I run a handful of web servers that also handle customer email, so my company certainly provides internet services. I don't provide ADSL or other forms of internet connection. Am I an ISP?

    I have recently set up Squid as a proxy server on one of my web servers. I can now use an SSH tunnel to that proxy, so that my web browsing is invisible to my ISP, Zen Internet. All they can log is the time I set up the SSH connection, and to the IP address I connected. As a web host I connect using SSH on a daily basis, to obtain command-line access to my servers. So this is not unusual or suspicious behaviour. If I provide a service to my customers to use my server as a proxy, via SSH, like this, am I then an ISP?

    1. Anonymous Coward
      Anonymous Coward

      @Fonant "I run a handful of web servers that also handle customer email, so my company certainly provides internet services. I don't provide ADSL or other forms of internet connection. Am I an ISP?"

      Depends how you classify yourself, but you're a CSP and this shite covers you too. An ISP is just one type of CSP. [Communication Service Provider]

      Under the old regs, they had to contact you and inform you that you should be collecting this data, if they didn't do so, you were free to not store the logs they wanted.

      I assume this might* end up being the same, gathering the data on 99% of the population via the big providers (small providers in the main just resell wholesale products so data will be collected at source by the wholesaler, as will be your email clients data) will be good enough for what they want, as it's not about public safety anyway.

      Whatever they do will fail to collect 100% of communications data, which is what you would need to do to satisfy the "What if" questions they'e posing as justification for this intrusive state thought control program, additionally the "entities that threaten our way of life" will be using many diverse methods to avoid their data being collected.

      However the statistics for detected crime will rise. Now in addition to searching your computer to see what other petty crime you might have committed when you are arrested for stealing a bottle of water, they will be able to search your complete communications history to see what other charges they can lay at you feet. So much easier to "detect" this type of crime than to actually prevent real crimes in the first place.

      I note that the bill only requires the CSP to store data for 1 year, but there's no mention of the data that is transferred to GCHQ or Police databases being deleted, media agencies don't appear to be asking the right questions again, which seems to be a running theme.

      Why havn't any news organisation asked the opinions of former resident's of East Germany to see how they feel about state monitoring of the population?

      Welcome to UK.Stasi WE are watching YOU, EVERYWHERE

      1. billse10

        "Now in addition to searching your computer to see what other petty crime you might have committed when you are arrested for stealing a bottle of water, they will be able to search your complete communications history to see what other charges they can lay at you feet."

        there was a story yesterday about a guy stopped for an unrelated motoring offence who was done for driving at 180mph plus, after the police found his own videos of that on his phone ...... two offences for the price of one?

    2. SMabille

      Check section 189 (if I remember right) defining what a communication is, what a service provider is and what is a private or public infrastructure is.

      The definitions are so wide that on one hand if you give access to Netflix to your kids you are a CSP and on the other hand if you filter your kids internet you might be seen as intercepting private network which is a criminal offence, even if I doubt the government wants "in court for trying to protect their children" headline in the Daily Crap.

      This is 199 pages designed to roughly give the government complete freedom to change its mind (or as I suspect it already clearly made it) and ask anyone to record virtually anything. (That is not terminating to my German or Swiss coloc IPSEC end point.... But I imagine that will make me even more suspicious and routed via GCHQ for further analysis - which might be one type of "interference" the CSP will have to facilitate).

  11. Efros

    2 billion

    Reminds me of a contract extension on software support we offered to a corporation who shall remain nameless. We didn't want to do it so we looked at our normal price and added a zero to discourage them. The fuckers took up the contract! We thought about it and accepted, the extra drinking vouchers almost made the pain worthwhile.

  12. Anonymous Coward
    Anonymous Coward

    Very low cost to CSP's

    We've been logging communications data for 18 years in to our 10MB ring buffer log, I assume there must be billions on records in there by now, althought I've yet to be asked to get any data out. I'm sure GCHQ can use quantum interference to get the data out though.

  13. macjules Silver badge

    Only £2 beeelion?

    How £250m costs could balloon to £2 BILLION

    Normal government process:

    1) Give the contract to Capita

    2) Watch the costs soar to over £5Bn

    3) Panic and hand it over to Steria

    4) Fail to see that Steria is still employing the Capita contractors.

    5) Panic even more.

    1. Anonymous Coward
      Anonymous Coward

      Re: Only £2 beeelion?

      Upvote

      £5Bn is probably a conservative estimate given the exponential rise of internet traffic. Add that to the cost of not-so-Smart Meters and you have just bought a couple of nuclear reactors which can go towards combating Britain's looming energy shortfall.

    2. Anonymous Coward
      Anonymous Coward

      Re: Only £2 beeelion?

      Having worked on two large government contracts I can tell you nobody will know what the f*** they are doing. Never have I seen so much incompetence so the thought this might actually work makes me laugh.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019