The government's plan to collect details about personal
internet-based communications is technically doubtful and
fundamentally unclear, the organisation that switches most of the
UK's internet traffic said today.
The Information Commissioner's Office (ICO) also condemned the
scope of the project. But it welcomed the government's decision to
abandon planes for a centralised "Big Brother" database.
In its response to the Home Office's consultation on the
proposed
Interception Modernisation Programme (IMP), which closed on 20
July, the London Internet
Exchange (Linx) said it had "grave misgivings about the
technical feasibility" of the project. It added, "It appears that
even the basic conceptualisation of the IMP is in flux."
Linx represents 334 internet service providers, including BT,
Virgin Media and Carphone Warehouse, the country's largest ISPs. It
has constantly expressed its scepticism about the technical
feasibility of the project the people running the IMP project since
autumn 2007.
The internet traffic now running through Linx has peaked at
460Gbps. This is likely to grow dramatically as the
Digital Britain plan to give some 27 million households a 2Mpbs
internet connection.
Linx said the scope of the project had expanded far beyond that
of the European Data Retention Directive now in force. "These new
proposals suggest an intention to capture anything and everything,"
it said.
This included webmail hosted by third parties such as Google,
Microsoft and Yahoo, as well as voice over IP (internet telephony),
photographic and video images on sites like Flickr and Facebook, as
well as instant messages, bulletin board services and internet
relay channels (internet chat forums).
Many of these were protected by secret proprietary protocols
that changed often and without notice, it said. This made it
extremely hard and costly to reverse engineer them to identify the
data the government wanted to collect.
Linx said some of the data might not even exist on UK networks
and servers. The lack of clarity over the legal jurisdiction
governing the collection of such data was a matter of concern to
CSPs, it said.
Linx believed that the government might have to change the
wording of the Regulation of Investigatory Powers Act (RIPA), or at
least revise its practical interpretation of the act.
Even if these issues could be resolved, the usefulness of the
project could be compromised if the senders and receivers encrypted
their messages, it said.
Linx wanted to know if the proposed IMP was compatible with
European law on data retention and privacy. It said the government
was being "disingenuous" in describing the programme as
"maintaining" in cyberspace its ability to tap phone calls and
posted letters in the physical world.
This was a purely political description that served only to win
consent by hiding the extent of the proposed extension of powers
for the state, it said.
"The volume of data the government now proposes CSPs should
collect and retain will be unprecedented, as is the overall level
of intrusion into the privacy of the citizenry," it said.
The ICO said it recognised the value that communications data
had for law enforcement officers. "However, this in itself is not a
sufficient justification for mandating the collection of all
possible communications data on all subscribers by all
communication service providers (CSPs)," it said.
The ICO said it was worried about the distinction being made
between traffic data and content data. It said there could be gaps
in the current regulatory regime that could affect the rights of
individuals and their avenues of recourse, but also the clarity of
roles and responsibilities of CSPs.
A Home Office spokesman said it could not yet say how many
responses it had received as the team was still weeding out spam
e-mails. The spokesman said that the government would publish a
summary of the responses as well as a full copy of all the
responses and their authors.