Another
well thought out plan from NuLabour. According to several sources,
the government is mulling over the idea of a central database of all
UK communications data. This would include times and durations of
phone calls, plus emails and net access for all UK citizens.
The wording is hazy and the details scant, but it should be noted that (especially with phone calls) there’s no talk of recording the content, just times, and senders/recipients. Of course even this is pretty damned intrusive, and is a chilling piece of insight into how far such a government would be likely to go if the technology (or its ability to adequately specify such technology) allowed it.
Luckily,
it’s highly unlikely that such a mammoth project could ever get off
the ground. Given that the government couldn't even set up a gun database with a few thousand names on it, I can't see how the scheme could ever possibly work, or
be useful even if it did work. There are one or two technical hurdles to overcome, to put it mildly.
The commonest concern currently being voiced in the mainstream press is the issue of misplaced data, given the government’s appalling track record with data protection. However, that wasn’t the immediate concern that spring to my mind. I was more worried for the poor developers who would be chartered with the job of building such a poorly realised system.
It seems idealistic to say “Let’s make every ISP in this country hand over details of all emails that their customers send and receive.” Even assuming they’re not talking about the content in the emails, there’s the sheer bulk of data. According to The Times Online, an estimated 3 billion emails are sent every day. Given the Government’s previous great successes with vast databases, this one should be a walk in the park, right?
Then there are the technical issues with tracking something as diverse and loosely defined as “email”.
For example, will they also be tracking Google Mail users? Even if the users login via a UK ISP, the data is transmitted over SSL; so among the billions of emails the proposed system will have to track each day, will it also have any cycles left over to decrypt every single request/response over port 443 (the default SSL port) and figure if it’s an email or something else?
Of course there isn’t just Google Mail, there’s Yahoo! Mail, Hotmail, plus any number of private webmail servers. For that matter, how will the system track the large number of emails sent via a “traditional” client but that aren’t sent via an ISP? Or emails that are sent via some other protocol besides SMTP/POP3/IMAP? Will the UK Government make it illegal for UK citizens to write their own homegrown email protocols?
Will they store just details of emails that are sent, or both sent and received (which would double the amount of data they’ll have to store and sift through).
Then there's junk mail. Modern spam filters do a poor enough job of telling genuine mail apart from spam, and always require manual intervention to confirm that Auntie Mabel's 90th birthday invitation hasn't just been filed away in the cheap V|iagra bin. How will the government determine which emails are real and which aren't? (Especially if they're not storing the mail body). These citizens are appearing an unusual number of emails from Nigeria. Let's pay them a little visit...
You can just see the havoc that spammers will be able to wreak: organise a zombie network to spam-bomb millions of UK recipients with key words in the titles that'll trigger the "potential terrorist" alerts, thus incriminating every BT Broadband user in the country.
I wonder, will the system track emails sent by UK users to overseas citizens, and emails sent from overseas citizens to UK users? Will they snoop on emails sent from overseas citizens to other overseas citizens that happen to be routed via a UK-based mail server?
So far that’s just email that presents some quite nutty-flavoured complications. The proposal (or at least, online reporting of the proposal) also veered into text messaging and recording of all voice call times and durations.
Perversely, Government recording of voice call details could even turn out to be a good thing, as it would (one hopes) fuel the increase in popularity of VoIP applications such as Skype. I’m sure we would very quickly see a demand for strongly encrypted VoIP, and increase in use of voice over P2P that sends the data packets around the houses a little bit.
The details of the proposal are of course sketchy, but there’s no mention anywhere of instant messaging -- AIM, ICQ, IRC, Jabber, Curses or any number of other TCP/IP-based chat apps/protocols. The government must realise that if they start snooping to this extent, they’ll just fuel a pacifistic arms race in which new protocols are released faster than they can pass a bill to start writing the software to start tracking them.
If someone were to implement their own VoIP or Instant Messaging protocol, would that mark them out as a potential terrorist, or someone who just doesn’t appreciate having some spook in the modern equivalent of Bletchley Park note down that they’ve just called their mate Phil about the prize trout they just caught?
So, we should feel a bit worried about the privacy concerns and possible misplacing of personal data. But I have a feeling that as soon as those responsible look into the technical details a little more, the project just won’t get off the ground. And if it’s ever completed and ships this century (or before technology has moved on and made matters even more complicated), that would be a technical miracle.
It can be done. The US government isn't only logging phone calls; they're recording them. And emails. This is a growing threat to the world's democracies, and it will get worse unless citizens start opposing it.
Posted by: Alan8 | Friday, 30 May 2008 at 02:27 PM