Will Britain Log All Communications For 7 Years?

psychohorsie writes: "The BBC are reporting that the British intelligent services and the police want all of the telephone calls, e-mails and internet traffic in the countr to be logged and kept in storage for [7] years. If this comes to pass, this is a major blow to democracy in my opinion. They may have good intentions with this stuff to begin with ..." Hian Bosu also points to this story in The Observer . The shape of things to come?

Re:You have to trust the government.

As someone who lives in the UK I thought it was quite amusing.

Irony/sarcasm - The cornerstones of British humour. This is one of the biggest differences between the nations. The sense of humour simply doesn't translate too well.

People who work at GCHQ don't want or need this

[evilandi]

I live near Cheltenham and know several people who have worked or are currently working at GCHQ. Obviously they never go into details, and I wouldn't want them to, but the issue of unfocused data trawling often comes up and is always laughed at.

In my opinion- and I do not work at GCHQ and nobody there would ever say anything as direct as this- GCHQ neither wants nor needs the ability to search archives of all emails ever sent.

GCHQ have never and will never get involved in an unfocused trawling excercise. Why?

• Firstly, because it is impractical and will always remain impractical. Even with GCHQ's massive supercomputing power, the amount of data created in a day will always far exceed any processing ability to trawl it with any accuracy.

• Secondly, because such unfocused trawls produce a very poor signal to noise ratio. GCHQ quite frankly don't have the time to investigate if you've had an affair with your wife's sister, or avoided a parking ticket, or made a boring first post to Slashdot. Neither do they care. They have far more important things to be doing.

What GCHQ and the police do want and already have is the ability to monitor particular network junction points for specific traffic to/from known individuals- namely those they have a reasonable suspicion are involved in terrorism, warmongering, child porn and economic warfare. For this they can already get a wiretap order signed by the Home Secretary.

If GCHQ have a good reason to want to read your email, they will pop a tap on your connection and be done with it. Maybe they might catch a few conversations between uninvolved people in the same premises, but that's it.

GCHQ do not wish to be forced to trawl through several billion useless emails to get to half a dozen important messages. If you're under the spotlight, they just want your messages, not everybody else's. No change in law is required to enable such focused wiretapping.

Every so often, some slack-jawed nanny civil servant puts forward the idea of unfocused data trawling. Every so often, GCHQ tell the annoying little squirts that they have far better things to be doing with their CPU cycles.

--

Re:Brittish Boston Party?

[Syberghost]

A little more data:

JANET's US-to-UK transatlantic links transferred a total of 1803765.15 Megabytes yesterday.

That's 1.72 Terabytes a day, or 4.395 Exabytes in 7 years, and that's assuming traffic doesn't keep doubling every year, which it is expected to at LEAST do.

Someone was linking Sun's 11.8 Terabyte tape array. You'd need 373 of them to store all this online where you could retrieve it. Government pricing on those is about $250,000 a pop, you could probably get a quantity discount for ordering several hundred of them. Let's say you don't, so it's $250,000 apiece. That's $93.25 million US$.

Then you gotta buy the tapes; they hold 35GB apiece, so you need 128,589 of them. They're about $80 apiece, so that's another $10 million US, assuming none of them wear out and have to be replaced, and again assuming traffic stops doubling every year.

Even if you could store that, how many months would it take to run a query against it?

And that's just US-to-UK and UK-to-US traffic. UK to anywhere else isn't accounted for.

-

Re:Brittish Boston Party?

[Syberghost]

Usenet traffic alone is over 100Gb a DAY.

They want to preserve that for 7 years.

That's 255.5 Terabytes, just for Usenet.

Usenet is a drop in the bucket compared to web traffic.

Columbia University estimates that Average data traffic for the year 2000 is 4.451 Terabits per SECOND.

By 2002, it's estimated to be 27.645 Terabits per second. That's worldwide, of course, not British.

I doubt there's enough disk and tape capacity worldwide to store a month of it, much less 7 years.

We're talking 298.566 Exabytes per day in 2002.

Perhaps these idiots should look at the statistics before they pass a law that they can't possibly fund.

-

EngSoc

[redhog]

English socialism

1948, the time was badly predicted. But the history not. It didn't happen 1984, but 2048 it will all have happened...

Re:Brittish Boston Party?

[GC]

people living in Cornwall

we have people living in Cornwall? I thought they were apes.

Millenium Dome

[SEWilco]

There's a use for the Millenium Dome when the tourist trade drops off: Archival Storage Facility.

Re:Debunkathon Time!

[jcupitt65]

It's not clear from the BBC piece, but it looks like they're proposing to log *connections*, not content.

http://www.guardianunlimited.co.uk/internetnews/ st ory/0,7369,406484,00.html

(not much better from a freedom point of view, but at least technically possible)

Okay...

[glebite]

Even if they were to take on this mammoth enterprise, and actually get it to work, how does logging transactions act as a serious blow to democracy? I mean really, having the right to elect your officials has nothing to do with how they conduct the business and security of they country unless you are unable to vote again.

This is one of those silly statements that really irks me - the debate between freedom and security in a democracy. The real issue here is do you really want the government to know that you send emails or correspond with whoever it is that you correspond with.

Would these transaction logs be available to your company? Your estranged loved-one while you are going through a divorce? Could these be used in a civil court of law? Or are these STRICTLY used by the government in an effort and means to reduce seedy activities by seedy people?

Re:London is already under surveillance

A while back a friend of mine was mugged and beaten up. Thanks to those cameras the people who did it were caught and charged within a week. I like to feel safe when walking around town at night, and this helps me to.

Let me get this right. You 'feel safe' because AFTER your friend was beaten up and mugged, the cops managed to catch the crooks, who probably got their wrists slapped and were released with a small fine or suspended sentence. AFTER THEY WERE MUGGED AND BEATEN UP!!!!

Wow! I must say, knowing that AFTER I GET MUGGED AND BEATEN UP the cops may be able to use the cameras to catch the crooks really makes me feel SO safe.

Particularly when the local store-owners where I live in the UK have been complaining about the sizable increase in robberies since the cops installed cameras and stopped patrolling. Oddly enough, the crooks have worked out that there's a simple solution to camera surveillance: it's called 'a mask'. Now they know that they can rob the stores with impunity, with the only risk being that possibly, if they're really unlucky, one day the cops might be able to track them down from a video; that makes them feel safe, compared to the old days when they ran the risk of being caught by a police patrol as they actually commited the crime.

Ah well, I'm out of here as soon as I find a better nation to move to; have fun in your ultra-safe police state where you know that after you get mugged and beaten up the cops may be able to catch the guy, if they weren't smart enough to wear a mask.

Not so bad?

[Ed+Avis]

Cool, no more need to do my own backups!

Re:Brittish Boston Party?

[Space+cowboy]

Technically I doubt it's a problem. I work in the video/film post-production industry. On a film shoot, you can get (say) 40 Terabytes of data coming in every day on DTF tape. All that happens is the tape is thrown into a robot the size of a warehouse. Now, to access that tape I just do something similar to 'cp /array/Scene_xxx/Shot_yyy/frame_zzz my.local.file'. What's my point ? IT WORKS BOTH WAYS. I can put a feed (hell, this is an ISP/fibre-forest location!) to a Petasite (that's what these robots are called) and transparently copy all data from the ISP line to my central location. All I need to do for maintenance is unload tapes that fill and load up blank new ones. Everything else is managed.

So say I have a capacity of 100 Pb (Petabytes) in a huge wartime bunker under Hyde Park (Central London, for those who don't know). I put an ADSL-like line into each ISP going to my bunker, and simply store it as a datastream. Petasites running SAM-FS use several Terabytes of disk as a cache onto the tapes - all you do is write the file to a disk, SAM-FS copes with archiving it to tape using a prioritised LRU algorithm.

Every tape holds (standard DTF) 42Gb. Every day I change (say) 100 tapes max. Get monkeys to do it. 100 tapes gives me 4.2Tb/day using DTF, significantly larger than 1.7Tb/day... Assume tape storage goes up roughly with bandwidth use, even if it doesn't you can employ more monkeys!

Store tapes ordered by date. Have a separate (small) robot for queries. Insert tapes for time period and employ (presumably custom written) query tools. All the tools have to do is pretend they're looking at a network datastream (netmon!) and have some query/report on top of that. Do datamining if you want, but it's not necessary.

As for costs, even smallish (40 people) Post-production houses can have a (admittedly single-robot :-) Petasite running. I personally know of two in Soho. Budget 7 million pounds (*way* over the top, even including running costs) for the robots, and 13 million for tapes (100/day, #50/tape * 365 * 7). 20 million quid? pocket money!

What you also have to remember is that the British (how would you like being called Ammericans? :-) Government have just passed the RIP (sic!) bill specifically to implement this spying within the law.

It seems to me it should be possible to circumvent though. Should be pretty easy to adapt the ideas behind spread-spectrum wireless comms to wired comms using cryptographic signatures to verify the integrity of the request. Given a co-operating network of servers to which (using PKC) you submit requests (for the same page but different portions of it using Range: headers), which further split the requests between themselves and others, I don't see how they could track you down.

All they'd be able to say was that you submitted a request to a 'reflection-server' and it sent some data back to you, and during that time the 'reflection server' also visited all these porn sites '...'

I know I'm going to take a hard look at encryption technologies everywhere within my business now. I think you can get around the 'we can demand your keys' RIP clause by setting up a webserver with an HTTPS connection somewhere abroad (or in SeaLand :-) and using HTTP-uploads on that HTTPS connection to POST files to the webserver.At that point I think you could prove you didn't have the cryptographic key (and so avoid being sent to jail!). This is all IMHO of course, but I think we'll be opening a foreign web presence soon!

ATB,
Simon.

disturbing...

[colmore]

wasn't 1984 set in Britain?

Re:disturbing...

[squiggleslash]

Indeed. In 1984, the world had been divided into three supernations, and the one America had formed Britain was part of.

Imagine it. A UK beholden to American security interests, passing draconian security legislation at the whim of the powers that be across the Atlantic, with at any moment the ruling party deciding it's at war against the European supernation, and then deciding that it wasn't, and that it never was at war against them.

Thank god it will never happen. ;)
--

A man that would sacrifice his freedom

[lupine]

When liberty is taken away by force it can be restored by force. When it is relinquished voluntarily by default, it can never be recovered.
-Dorothy Thompson

If men use their liberty in such a way as to surrender their liberty, are they thereafter any less than slaves? If people by a plebiscite elect a man despot over them, do they remain free because the despotism was of their own making?
-Herbert Spencer

Once fully enslaved, no nation, state, city of this earth ever afterward resumes its liberty.
-Walt Whitman

The foolish and the uneducated have little use for freedom.
-Anonymous

A man that would sacrifice his freedom for security deserves neither.
-Thomas Jefferson

Brittish Boston Party?

[Ektanoor]

Cool, I wanna see what Brittish taxpayers will say when someone will try to implement such thing... Because only two thingies will come out of this. First it will be impossible, technically and humanly, to hold up, control, process and manipulate such level of information. A week on logging more than 2 thousand users is enough to overkill your best servers (I'm not talking about this iXXX trashcan arch), fill up the capacity of your disks (reaching a good 300 gigs) and turn every channel into a 2400 bps link in the end term. People did this and came into the conclusion it is MADNESS to try hunting everyone and everything.

But what is more funny is the financial part... Such surveillance eats up to 80% of communication costs in the end... And it will be VERY FUNNY to see Brittish users paying for such...

Re:Brittish Boston Party?

[GC]

You do realise that we pay through the nose for telephone calls over here already?

Thinking about the cost per megabyte and past proposals for an "Information Tax"... I wouldn't say that it's all that far fetched...

300Gigs is a small disk array in business terms.

Here's product sheet on a 6-Terabyte Filer well within the capacity of being bought by the Government and being installed in every local telephone exchange.

Data communications can be compressed up and stored on these, analogue (voice) calls could be parsed through voice recognition systems and also compressed. Hell, when they run out of space they'll start dumping the old stuff to tape. (Ahem... Sun's 11-Terabyte solution). If these types of solutions are available commercially just think what the governments of the developed world will have available to them. The two products I just speced out would fit in a rather small datacentre.

Put this configuration in each telephone exchange and keeping records of all calls is just a matter of buying the tapes!!!

On another note, we're not, in general, as concerned with privacy here in the UK as much as you guys are in the US. We've had thousands of Closed Circuit cameras installed throughout our streets since the '80s (What with IRA bombing campaigns etc...) and for many people, especially women, it has instilled security for the general public as opposed to fear. Are we mis-guided? I'm not saying that I agree that my telephone conversations can be recorded, but if they're just going to be archived to tape then it doesn't bother me extremely. Hell, I would think that they are just as likely to protect me as they might incriminate me.

GC

Re:Brittish Boston Party?

[weave]

Data communications can be compressed up and stored on these, analogue (voice) calls could be parsed through voice recognition systems and also compressed.

I'm sorry but I can't see how that is technically possible. I'm half English, spent a lot of my life in England, and I still can't tell what the hell the people living in Cornwall are saying. I swear it must be English but I just can't parse a bloody word of it. I can't see how a voice recognition program could do any better!

Debunkathon Time!

[onyxruby]

Time to debunk this into the FUD that it is. This will never happen for a number of very practical reasons:

First, if this actually stood, the stock of hard drive manufactures would jump through the roof. When East Germany did this kind of thing, they had very significant amounts of resources devoted just to storing the data. Even using recordable DVD systems from companies like Dictaphone still takes a lot of resources.

You have to be able to use the data. I know this sounds self evident, but it doesn't matter how much data you have if you aren't capable of using it. Such a database would quickly overwhelm anything else in the world, even WalMarts'. You have to get the important info to humans to analyze. Too much info, and you can't manage it.

This violates 3 important acts that have are active in Britian according to the Observer:

1.Human Rights Act

2.European Union Law

3.Data Protection Act

The Europeans are /much/ more sensitive on privacy issues than the US. After dealing with Communist goverments for several decades, can you blame them? This would be a particular problem with the German goverment, which is still going through data seized from the East Germans over a decade ago.

The bottom line, cost, the article in the observer claims that they will set it up for 3 million pounds (about $5 million) and maintain it for 9 million pounds (about $14 million). The amount of money they are talking about probably wouldn't even buy the hardware that they need. They also have to look at building space, lots and lots of building space, near a POP on the backbone (naturally very expensive land). People, this requires enterprise class database administrators. Not only are these people rare, but you have to get them to all pass background checks.

This also isn't practical on an infrastructure standpoint. You have to be able to support such a system in small towns and rural areas that have trouble supporting what they have. Such a system would probably require a carnivore like setup, and they just might use Carnivore if they went with it. There is a long history of cooperation between the Brits and US intelligence networks, why would this be any different? The amount of data collected by a system like carnivore has got to be enormous, imagine what it would be when you tell it to collect everything. This leads to the next point -

There isn't enough bandwidth. Assumably data collected at distributed points (like ISP's) would be forwarded to a centralized database (you do want to cross-index it don't you?). This isn't the kind of thing you drop in the post, or have Fed-Ex bring. Such a system would demand real time updating if it is going to be used for active monitoring of drug deals etc. They would have to send this over the Internet, and that would require a massive infrastructure overhaul by BT. The cost of the amount of bandwidth required alone would be exorbitant, far beyond the 9 million pound cost that is the supposed budget. Than you have the cost of overhauling rural and small town infrastructure. If you only have a single E1 going to a town, you can't just buy more bandwidth, you have to lay cable.

The last reason is Political Ramifications. There are very serious human rights concerns with something like this. Not only will the citizens of Britian be upset about this, but the EU will probably not be very happy either.

You have to trust the government.

[Kiss+the+Blade]

Personally, and speaking as a British Subject, I have no problem with these moves. In some other countries, such as Germany or the USA, these moves would be unnacceptable; this is because the populations of these countries do not trust their government, and rightly, given their histories.

However, Britain has the strongest tradition of democracy and free speech in the world, and has indeed defined many aspects of these institutions. Free speech has been guarranteed under Law for some 785 years. Also, Britain is a small and densly populated country, meaning that the typival Briton knows and trusts his fellow man.

Britain has no need of written constitutions, freedom laws etc etc. In Britain, the institutions of government are trusted and respected, and can be relied upon to do their job in a fair manner.

KTB:Lover, Poet, Artiste, Aesthete, Programmer.