back to article MPs to assess tech feasibility of requirements under draft surveillance laws

The UK government published a draft Investigatory Powers Bill earlier this month in a bid to close gaps it has said exist in the surveillance powers available to the UK's intelligence and security services. The Science and Technology Committee said that it will carry out a "short inquiry into the technology aspects" of the …

  1. Anonymous Coward
    Anonymous Coward

    What I don't really understand is why they feel the need to record the communication records of everyone. I don't have a problem with the police being able to tap phones, record internet communications, etc of people they are interested in, in fact that seems a logical set of powers to give them.

    Perhaps a better solution would be to make it easier for them to get targeted powers to record communications. For example if they have even a small suspicion Alice was up to no good they could get permission to record and examine her communication. At the same time they could record (for up to a year) but not examine the records of anyone Alice communicates with. If Alice talks to Bob and they have reason to suspect Bob the records could be opened up to them. If they have no reason to suspect Charlie, someone else Alice talks too, then they could never examine Charlie's records.

    This gives them the best of both worlds, they have loads of records to examine but it makes drag net fishing harder.

    1. Anonymous Coward
      Anonymous Coward

      But they are lazy megalomaniacs and don't think they need to answer to anyone, see the current Reg story on the Cleveland Police. Just think of all that extra paperwork if they actually had to ask a Judge for permission, Constable Savage of the yard would be most disappointed:

      Savage of the yard

      1. TRT Silver badge

        At least the records of THEIR conversations are a matter of public record.

    2. Doctor Syntax Silver badge

      "Perhaps a better solution would be to make it easier for them to get targeted powers to record communications."

      Not easier, but properly regulated. A sign-off by a senior officer or a politician is not proper regulation. Neither is a system which does not require justification for the sign-off. Nor a system which doesn't incorporate and use feedback to check that requests were well-targeted and not just fishing expeditions.

    3. Cynical Observer
      Childcatcher

      A=B=C=D

      To the AC that posted first.

      Interest in Alice allows them to record Bob - but separately, Bob communicates with Tom Dick and Harry. Harry communicates with Pugh Pugh and Barney Mcgrew who communicates with Fireman Sam.

      Should they have the right to record Fireman Sam. How far should the powers be transitive.

      Your argument works assuming that all persons involved in nefarious deeds are communicating with each other - as opposed to some cell type operation.

      Don't get me wrong - I still think Bulk collection is wrong and that warrants should be obtained for surveillance. I just don't think your half way house will be deemed workable by anybody - pro or con the new proposals.

      1. Doctor Syntax Silver badge

        Re: A=B=C=D

        Before they went 0845 a local travel agent had a phone number similar to ours and we'd get the occasional wrong number call intended for them.

        Now suppose someone rightly or wrongly suspected of being of interest made one of those when he was wanting to book a flight to visit his granny in Pakistan/go to a jihad training camp/take his kids to Disney. Should I then have become of interest? And what would that have done to my SC clearance?

        That's the trouble with meta-data. Not only does it not specifically identify a person as opposed to an address or whatever, it doesn't even tell you why the communication was made or even if it was completed correctly.

        1. Fred Flintstone Gold badge

          Re: A=B=C=D

          That's the trouble with meta-data. Not only does it not specifically identify a person as opposed to an address or whatever, it doesn't even tell you why the communication was made or even if it was completed correctly.

          The massive problem with meta data is that it can be manipulated by carefully selecting the sources you include, and there are very few people that understand the difference between a probability inferred from meta data and a hard fact derived from the actual contents of communication. Meta data "facts" are NEVER facts, they are always probabilities and should be presented as such.

          Not that I hold out much hope they will, which is why I am absolutely against uncontrolled mass surveillance (because that's what they're really after).

          I dare ANY, and I mean ANY MP who is for this idea to offer their data to the public for 6 months, because that is really what they're asking us to agree to - I have yet to see any access restriction actually be respected. If you dare not, don't ask the voters to do so.

    4. strum

      >What I don't really understand is why they feel the need to record the communication records of everyone.

      So they've got some really big numbers to put in the end-of-year report. (and I'm only half-joking)

    5. Trigonoceps occipitalis

      Organisaton

      "What I don't really understand is why they feel the need to record the communication records of everyone."

      Who is talking to who (allied to car registrations, addresses, travel plans etc) is a powerful tool in developing the organisation and hierarchy of an organisation (terrorist, paedophile or ordinary decent criminals - TPODC). Knowing the organisation and hierarchy is a vital step in defeating or neutralising the enemy. When someone, previously unknown, is spotted as a TPODC having historical data just makes it quicker and easier.

      The fact is that the government are not going to go without this capability. All we can argue about is reach (IP address, search history, communications meta-data etc), funding, retention time, security of the data and, most importantly, who has access. Currently the reach is too high, ISP customers will be funding some of the system, retention time is too long, security is probably non-existent in reality and far too many low-level busybodies and aspiring dictators will have access for little or no good reason.

    6. eldakka
      Holmes

      "What I don't really understand is why they feel the need to record the communication records of everyone."

      It's called Network Analytics.

      You can use it to draw links between everyone. Who know's whom. Who is friendly (frequent contact) vs just vaguely adjacent (one-off contact). Who shops where, so if you know person A B and C frequently go to the same Haridresser, with appointments at the same time, they probably know each other. Same doctors.

      Say a newspaper publishes a story, a leak (or say just a personally embarrassing story about an MP screwing a cleaner on their desk). Great, newspaper Tablods'R'Us published the story. Cool lets go check all the telephone records of anyone who's ever worked at the newspaper. And their spouses records. Childrens. Friends. Siblings. The team-mates of their siblings. Hey wow, Joe who works for the MP concerned, and 6 months before the story was published (which was 2 years after the actual desk-screwing incident) he called his stepbrother who soon after called his ex-girlfriend who called her mistress who called her father who called his footy teammate who works with a guy that called his lawyer who called his Gentlemen's Club sponsor who called the secretary of the brother of the reporter who wrote the story.

      That's why they want to record it all.

    7. druck Silver badge
      Facepalm

      What I don't really understand is why they feel the need to record the communication records of everyone.

      It's the same as saying CCTV camera's should not record everyone and only the criminals. A very small amount of the CCTV usage is following suspects using live cameras, the vast bulk of the usage is trawling through records after a crime has been committed. So as with communication records, you need to record everything in order to be able to trace back from a person of interest to their associates, many of whom would not be known in advance.

      1. Chris Parsons

        ...and, inevitably

        they find that the bit they want is either too blurry to be of use or has been wiped.

  2. Camilla Smythe

    Dragnet

    It is in effect what they want and they are going to want to spread it as wide as possible so that does not restrict 'Communications Service Providers' to 'Internet Service Providers'. Basically anyone or any company that transfers data over the Internet or makes use of the Internet to transfer data IS going to be included.

    It is going to be one Fuck Awful mess in terms of implementation, managing, monitoring and regulating but.... hey, that's not their problem. If they, by virtue of delusional stupidity, can string some words together that mean what they think they mean then it must be possible. Anyone who tries to explain otherwise is just incapable of thinking outside of the box, or budget and a subversive too boot.

    I reserve The Right to go Godwin.

    1. Teiwaz

      Re: Dragnet

      No real 'outside the box' thinking with this latest round of 'let's build a Surveillance State'.

      Future generations will regard the current crop of politicians as a 'bunch of mindless jerks...'

      1. Anonymous Coward
        Anonymous Coward

        @Teiwaz

        I already regard them as a 'bunch of mindless jerks...'

      2. Anonymous Coward
        Unhappy

        Re: Dragnet

        "Future generations will regard the current crop of politicians as a 'bunch of mindless jerks...'

        Nope, future generations are already programmed to reject all notions of privacy. It's the current generations that are a PITA for government.

      3. Anonymous Coward
        Anonymous Coward

        Regard the current crop of politicians as a 'bunch of mindless jerks...'

        Future generations will regard the current crop of politicians as a 'bunch of mindless jerks...'

        No they won't. We regard those that fought and died in the war with respect. They laid down their lives to fight for a free Britain. Now we their grandchildren sit back and watch the elected cunts do Hitler's bidding and shit on all they fought for. I am sorry but if this passes our grand kinds will rightfully think 'we' were yellow and cowardly for not standing up against this crap.

        1. Mark 85

          Re: Regard the current crop of politicians as a 'bunch of mindless jerks...'

          What you say is true, but only if the masters allow the educators to speak of these things. Otherwise, the kinder will not have any knowledge of the way things used to be.

    2. Roland6 Silver badge

      Re: Dragnet

      >Basically anyone or any company that transfers data over the Internet or makes use of the Internet to transfer data IS going to be included.

      Whilst telecomms and the Internet are explicitly mentioned and are treated as being the main focus, the draft bill does not limit itself by actually defining in any detail what a CSP is, hence the Post Office, DHL, etc. and their physical communication services should not be considered as being excluded from scope.

      Interesting, whether they are going to want the PO et al to record basic details about letters eg. collection point, destination address...

      1. Anonymous Coward
        Unhappy

        Re: Dragnet

        Or simply run them through a catscan and record the contents, that way they don't have to open and re-seal the envelopes.

        1. Roland6 Silver badge

          Re: Dragnet

          >Or simply run them through a catscan

          I thought they did that already, given the prohibitions on what can and can't be sent in the post.

          Also given they already read postcodes on every item, it isn't that big a leap to taking an image of the envelope and storing that. Years back the postmark did reveal which postbox something was dropped in - don't know if that is still the case. But the basic's for collecting communications records is there - but then there is a long history to postal service interception...

          1. Anonymous Coward
            Anonymous Coward

            Re: Dragnet

            "Years back the postmark did reveal which postbox something was dropped in - don't know if that is still the case"

            I would presume it's more related to the sorting office, not postbox, otherwise each one would have to have franking equipment installed.

  3. Dan 55 Silver badge
    Facepalm

    MPs to assess tech feasibility of requirements

    How strange that MPs seem to know everything about everything. Which school did they go to do learn so much?

    1. nematoad

      Re: MPs to assess tech feasibility of requirements

      "Which school did they go to do learn so much?"

      Well as far as the present government goes:

      Eton.

    2. TRT Silver badge

      Re: MPs to assess tech feasibility of requirements

      I'm so glad that they are experts in that field. I feel so much more secure now.

    3. Grahame 2
      Joke

      Re: MPs to assess tech feasibility of requirements

      If you are going to be good at anything in life, be a good liar. That way, you are good at everything!

  4. Vimes

    Check out section 195 of the bill, where it defines terms. The one for 'data' is rather odd to say the least

    '“data” includes any information which is not data'

    (noticed initially not by me, but by Gareth Corfield)

    I hear that they have a line in reserve: '"crime" includes actions that are not crimes' (with thanks to Sir Bonar for that one)

    1. smudge
      Holmes

      “data” includes any information which is not data'

      https://en.wikipedia.org/wiki/Russell's_paradox ??

    2. Roland6 Silver badge

      re: “data” includes any information which is not data

      I read that to mean 'data' in this context actually meant metadata and everything that isn't classed as application content.

      Hence for example if you take a typical email transfer that means practically the entire message can be captured except for the message body - namely the part transferred between DATA and <CR><LF>.<CR><LF> in an SMTP message exchange.

      1. Vimes

        I read that to mean 'data' in this context actually meant metadata and everything that isn't classed as application content.

        I didn't. I saw it as an attempt to widen the definition as much as possible and to minimise any meaning it might have. Who's right I wonder, given their tendency to grab everything they can and their sudden obsession to 'future proof' everything?

        This is a proposed law and when it comes to the law detail is everything. Anything requiring interpretation or 'understandings' is something that has been very badly written and a big cause of all that 'judicial activism' that politicians like to complain about so much.

        1. Roland6 Silver badge

          "I didn't"

          I suppose I read this after having read paragraph 20 on page 12.

          As to who is or isn't right, well that depends on the actual wording used in the bill and the capabilities of a good legal advisor :)

          1. Vimes

            I suppose I read this after having read paragraph 20 on page 12.

            To me this seems to be nothing more than a vague way of establishing intent. We only have to look at RIPA to know how long good intentions last and where they lead to.

            IMO intent is irrelevant in the context of law. What matters is the letter of the law, not the intent, and preambles aside their definition could be taken to mean anything they want it to. The situation isn't improved in the slightest by the part of the bill you mentioned, at least not in my opinion at any rate (for whatever that might be worth).

            1. Roland6 Silver badge

              What matters is the letter of the law, not the intent, and preambles aside their definition could be taken to mean anything they want it to.

              This is why we are going to have to read and consider the draft, watch and see how the actual text of the bill develops and lobby when it seems too much wiggle room has been given.

  5. nematoad

    They said what?

    An inquiry is all very well and fine.

    The real issue is will the government actually listen to the findings.

    On past evidence they will if it suits them but ignore it if it goes against what they have already decided upon.

    So it's a gamble, if the input from the interested parties can be spun to reflect the government's agenda it probably will get a green light. If not it will probably disappear in to limbo.

    Given the make-up of the committee it looks as if the "security" lobby will have a ready ear. Labour and the Conservatives seem to be in agreement that we all need closer watching. The only ray of light is Carol Monaghan the SNP member, she may have a different view on things.

  6. smudge
    Boffin

    My submission in full

    More specific issues of interest to the Committee include the extent to which communications data and communications content can be separated

    Dear Commmittee,

    They can't be separated.

    Luv,

    Smudge

    1. Camilla Smythe

      Re: My submission in full

      Perhaps you meant...

      "More specific issues of interest to the Committee include the extent to which communications data and communications content can be separated"

      Dear Commmittee,

      Redefine the meaning of communications data and communications content

      Example,

      "Given communications content involves data it is therefore a subset of and should be included with communications data."

      or apply Section 195.

      Example,

      "communications data includes any communications content which is not communications data."

      Slime, Grovel, Lick.

      You are so clever and wonderful. Can I join your club?

      Big Defence Contractor.

  7. Anonymous Coward
    Anonymous Coward

    What I want is something like a Raspberry Pi that sits next to my router and wandering all over the internet randomly all day. If we all ran one of those the servers would soon run out of storage space... The trouble is the nitwits who come up with this idea have no idea how anything works - when I used to look at my DNS lookups I was accessing dozens of sites I wasn't aware of - servers behind the scenes etc. Imagine how much data will be generated by the average household - it isn't manageable.

    I'll pay through the nose for a decent VPN connection before I let Theresa May get her poisonous claws on my internet history - and I would say I have nothing to hide (not even any torrenting etc)

    1. Doctor Syntax Silver badge

      "and I would say I have nothing to hide"

      You almost certainly do have something to hide and at least some of it you will be contractually bound to hide: login credentials to any internet banking you use, internet merchants you buy from or internet services you use. I doubt anyone who's tried to justify their actions with the "nothing to hide" line has actually lived up to their words & published such information about themselves.

      1. Roland6 Silver badge

        >I doubt anyone who's tried to justify their actions with the "nothing to hide" line has actually lived up to their words & published such information about themselves.

        Well there was Jeremy Clarkson... http://www.theguardian.com/money/2008/jan/07/personalfinancenews.scamsandfraud

        1. Doctor Syntax Silver badge

          Yup, I knew of the Clarkson example but I don't think he was trying to justify some action with "nothing to hide". He is of enormous value in pointing out what can go wrong.

          1. Anonymous Coward
            Anonymous Coward

            Dido Harding says TalkTalk customers have nothing to fear from their data being splashed out there, so must be she has nothing to hide? After all, no-one could say it's fine for others unless they are fine for all of their own info to be kept as well ....

            what's that, there's an exception for MPs? Well f* me that's a surprise .....

      2. Yugguy

        I think this is the problem - the two things can't be seperated - it's not black and white.

        I absolutely want secured traffic for my banking online for instance, but I'm not as bothered if GCHQ read my private emails which are stunningly boring to anyone else and to be honest if they could intercept and read encrypted terrorist comms then wouldn't this be a good thing? But then my work emails can and often do contain corporate sensitive information and if so then they are encypted too and would I want the spooks seeing those? Could they be trusted not to lose it/leak it somehow?

        1. Roland6 Silver badge

          But then my work emails can and often do contain corporate sensitive information and if so then they are encypted too and would I want the spooks seeing those?

          Depends on who's spooks you are talking about. There have been reports over the years of US spooks using information gathered from foreign (including UK) companies to assist US companies...

  8. Queeg
    Headmaster

    Once the Committee has reported back..

    And someone tells them about TOR I wonder how long it'll be before one of the technologically challenged Etonian Luddites advises Hameron it should be banned and he sticks his foot in his mouth again.

    Better his foot than anything else I suppose.

    Comfy chair and popcorn preordered.

    1. Roland6 Silver badge

      Re: Once the Committee has reported back..

      I think a UK provider of a TOR access point would have to comply with the strictures of this bill, given it could be argued they are a CSP...

      1. billse10

        Re: Once the Committee has reported back..

        it can indeed be argued they are a CSP - as is your local pub, if it has WiFi, and as is the post office. The definitions in the bill are quite funny until you realise somebody actually means them ....

  9. Jess

    Won't this just provide a smokescreen for terrorists?

    If everyone is worried their porn history will be available, then surely TOR will become the standard for adult browsing. (Perhaps even using a live CD.)

    This will make TOR work far more effectively, and provide far better cover for those using it to damage the lives of others.

  10. nijam Silver badge

    After the question of judicial oversight is considered, the most significant 'technical' issue is this: once the data is logged, there is 100% certainty that it will be hacked. (Especially, but not only, if encryption is banned.)

    If it is stored by ISPs: TalkTalk stands as an example. If it is stored by the police or security services: Cleveland is the example to consider.

    I suggest any scheme of this type be introduced gradually, to iron out any flaws:

    Year 1 - applies only to politicians and their families

    Year 2 - police officers and their families are added

    ...

    I'm sure you all have your own ideas how to proceed in subsequent years.

    1. Vimes

      Come to think of it, if data is being stored by the ISPs in order to support government activities, shouldn't those same ISPs be subject to FoIA when it comes to requests regarding that data?

    2. Vimes

      I would suggest the following addition:

      Year 1 - applies only to politicians and their families

      At the end of year 1, run tests to see how secure the information is. If information is successfully accessed, then publish it in it's entirety online

      Yes, I know it won't happen because of the DPA and all that, but it might make them think twice if that was done...

      1. Roland6 Silver badge

        At the end of year 1, run tests to see how secure the information is.

        There is also the question of data deletion. Given the government has stipulated the data needs to be retained for one year, an ISP does need a data destruction policy, which it can show it is adhering to...

  11. Anonymous Coward
    Anonymous Coward

    Privacy

    Is optional..there's no real need for it...at least there'd not be, if we designed a society where we don't all have to fight each other for every resource, job, opportunity. In the light of Paris, it is obvious that this society is more than a bit broken and needs a radical fix....

    1. Anonymous Coward
      Anonymous Coward

      Re: Privacy

      You're proposing communism? Looks like the politicians are ahead of you then, already implementing the police state structures and tools to monitor if all comrades are doing what they are supposed to be doing.

  12. Graham Marsden
    Facepalm

    "to help combat terrorism, serious crime or protect the UK's economic interests"

    So a nice, precise and well-defined set of circumstances with no wiggle-room for abuse of these powers, then...

  13. Green Nigel 42

    Duplicity

    Its interesting that the MP's want this intrusion into our data whilst trying to introduce another that would hobble the Freedom of information act, you know the one that caught them out fiddling their expenses!

    Here's a little song about politicians I've composed, unfortunately I've had to substitute some of the words to get past the Reg's filter and not to cause offence!

    MP's dadaa

    Dadee da da,

    Dedee dada dada

    Deedee dada dada dada

    The fucking bastard cunts!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like