The government's plan to collect details about personal internet-based communications is technically doubtful and fundamentally unclear, the organisation that switches most of the UK's internet traffic said today.
The Information Commissioner's Office (ICO) also condemned the scope of the project. But it welcomed the government's decision to abandon planes for a centralised "Big Brother" database.
In its response to the Home Office's consultation on the proposed Interception Modernisation Programme (IMP), which closed on 20 July, the London Internet Exchange (Linx) said it had "grave misgivings about the technical feasibility" of the project. It added, "It appears that even the basic conceptualisation of the IMP is in flux."
Linx represents 334 internet service providers, including BT, Virgin Media and Carphone Warehouse, the country's largest ISPs. It has constantly expressed its scepticism about the technical feasibility of the project the people running the IMP project since autumn 2007.
The internet traffic now running through Linx has peaked at 460Gbps. This is likely to grow dramatically as the Digital Britain plan to give some 27 million households a 2Mpbs internet connection.
Linx said the scope of the project had expanded far beyond that of the European Data Retention Directive now in force. "These new proposals suggest an intention to capture anything and everything," it said.
This included webmail hosted by third parties such as Google, Microsoft and Yahoo, as well as voice over IP (internet telephony), photographic and video images on sites like Flickr and Facebook, as well as instant messages, bulletin board services and internet relay channels (internet chat forums).
Many of these were protected by secret proprietary protocols that changed often and without notice, it said. This made it extremely hard and costly to reverse engineer them to identify the data the government wanted to collect.
Linx said some of the data might not even exist on UK networks and servers. The lack of clarity over the legal jurisdiction governing the collection of such data was a matter of concern to CSPs, it said.
Linx believed that the government might have to change the wording of the Regulation of Investigatory Powers Act (RIPA), or at least revise its practical interpretation of the act.
Even if these issues could be resolved, the usefulness of the project could be compromised if the senders and receivers encrypted their messages, it said.
Linx wanted to know if the proposed IMP was compatible with European law on data retention and privacy. It said the government was being "disingenuous" in describing the programme as "maintaining" in cyberspace its ability to tap phone calls and posted letters in the physical world.
This was a purely political description that served only to win consent by hiding the extent of the proposed extension of powers for the state, it said.
"The volume of data the government now proposes CSPs should collect and retain will be unprecedented, as is the overall level of intrusion into the privacy of the citizenry," it said.
The ICO said it recognised the value that communications data had for law enforcement officers. "However, this in itself is not a sufficient justification for mandating the collection of all possible communications data on all subscribers by all communication service providers (CSPs)," it said.
The ICO said it was worried about the distinction being made between traffic data and content data. It said there could be gaps in the current regulatory regime that could affect the rights of individuals and their avenues of recourse, but also the clarity of roles and responsibilities of CSPs.
A Home Office spokesman said it could not yet say how many responses it had received as the team was still weeding out spam e-mails. The spokesman said that the government would publish a summary of the responses as well as a full copy of all the responses and their authors.