May 20, 2008

Govt's proposed terrorism database slammed by industry

Counter terrorism or Orwellian society?

By Mikael Ricknäs and Siobhan Chapman, IDG News Service

---

Civil liberties groups and telecommunications industry representatives are up in arms about a suggestion that the UK government wants to keep track of every phone call, email and website visit made in the country.

The UK government is preparing new telecommunications legislation that it says is necessary to deal with changes in the way we communicate, including the use of email, instant messaging, blogs, and social network sites.

"The changes ... will increasingly undermine our current capabilities to obtain communications data and use it to protect the public," said a spokeswoman for the UK Home Office.

The government wants to update the law to allow authorities to obtain communications data it says is essential for counter-terrorism purposes and investigating crime.

The creation of a central database containing information about citizens' electronic communications is among the measures being considered in a draft of the new law.

To make such a database a reality would mean a re-engineering of networks in Britain, with the result that many service providers would simply move abroad, according to Ross Anderson, chair at the Foundation for Information Policy Research, a think tank for Internet policy in Britain.

"It's an enormous power grab by the Home Office, and to think it will become a reality is wishful thinking," Anderson said.

William Fellows, co-founder of the 451 Group.com, called for legislation reform for data protection: “It is a further demonstration of the urgent and growing need for a 'Magna Carta' moment on the collection, storage and use of personal data.”

Janice McGinn, research director of the CIO Practice, which is also part of the 451 Group, said the step was "hare-brained".

"Apart from any number of issues about privacy and civil liberties, central government has an appalling record in building and maintaining large databases of sensitive information," said McGinn. "Assuming co-operation is forthcoming from the ISPs and other stakeholders, history – for example, the NHS – suggests the project would overrun, with high, escalating costs. Given Whitehall’s serious security breaches, the Home Office’s ability to maintain data integrity is highly questionable."

An executive of encryption software vendor PGP Corp. also slated the idea of a central database.

"You've got to admire the government’s gall in attempting to bring in yet another 'super-database' with public confidence still in tatters over recent lapses in data protection," said Jamie Cowper, director of European marketing at PGP.

It would make more sense to focus on existing databases and proving their security before introducing new ones, according to Cowper.

The Internet Services Providers' Association is taking more of a wait-and-see approach, but is worried about modifications in the procedures by which the authorities acquire communications data, according to a spokesman.

Mike Cansfield, principal analyst at Forrester, said the proposals raised more questions around how the government where the information would be stored, and how to fund the project, and how the data could be analysed. "The government could set up the database, or it could go to the phone operators and ISPs and get them to track the data. A question would be: if the operators store this, how will they share it with the government? Also, how will the government track data round firewalls?"

"It’s all very well capturing this data, but we then need to have experts analysing it. They’d be looking for a needle in a haystack – one suspect communication among millions of innocent ones."

Brian Spector, general manager of security firm Workshare, backed the plan as positive move to tackle terrorism, but said the government would need to prove its ability to keep data secure if the proposals are to achieve widespread support.

"Since losing the details of over 25 million child benefit claimants last November, the government has failed to effectively address the issue of data security," said Spector. "In March this year the same government was criticised by a joint select committee for its poor track record with data leaks, and earlier this month it was revealed that 600 HMRC staff have been disciplined over data security."

Full details of the government's plans will be released later this year, but ministers have made no decision on whether a central database will be in that draft bill, according to a statement from the Home Office.

Newsletters

Your daily injection of CW news and expert analysis: we’ll bring the news to you.