CXO

UK plans to monitor all online comms are "waste of money"

Why proposed laws to allow UK police and security services to monitor all online communications will likely be hugely expensive and ineffective.

UK security services and police will be able to monitor all online communication under draft laws to be detailed later this month.

The proposals - which will allow law enforcers to monitor email, social networks, instant messaging and even online games - will cost billions to implement, if estimates for similar schemes hold true.

The government said that police and security services need to be able to monitor all online communications "to investigate serious crime and terrorism and to protect the public".

Monitoring on this scale will require UK internet service providers to install systems to intercept and analyse internet traffic using deep packet inspection (DPI), according to Cambridge University security researcher Dr Richard Clayton.

DPI can be used to monitor everything a person does online, from the web pages they visit to the messages they send to their friends. However the government said it plans to implement systems that will only monitor "communications data", such as who a person talked to online and when, and not the message content.

DPI-enabled monitoring requires "substantial" ongoing investment, Clayton said, as it needs to be set up to work with each site and service online, as well as needing regular tweaks to continue monitoring them.

"It can be done, but whether this is a good way to waste the taxpayers money is another question because this equipment is extremely expensive and will require a great deal of hand holding," he said.

Bypassing such a system would also be relatively simple to the technically savvy. Anyone who encrypts their internet traffic, for instance by using an https-enabled site to communicate, would be able to hide who they are talking to. Given the ease with which such a system can be circumvented, Clayton questioned how much use it would be in meeting the government's aim of monitoring terrorist groups and serious organised criminal gangs.

"You're not picking up the hardcore people who know how to do communications security, what you're doing is random surveillance of wannabes sitting in their bedrooms," he said.

"I think this is people getting excited about technology for technology's sake, and that there are far better things to spend the money on, like hiring more policeman."

Clayton is worried by the principle of routinely monitoring people before they are suspected of wrongdoing. "Essentially it really is Big Brother, it's let's get all of this information about everyone beforehand on the off-chance that they're naughty," he said.

The governments in China and Iran reportedly use DPI systems to monitor and censor internet traffic.

The UK government said that it will "ensure that the use of communications data is compatible with the government's approach to civil liberties".

The government will publish the full details of its communication intercept plans by the end of this month, and wants legislation in place by the end of June 2015, according to Home Office documents published in January.

The previous Labour government proposed a similar system using a central database to track phone, text, email and internet use, but it was dogged by concerns over the project's technical feasibility and cost.

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Editor's Picks