Terror concerns have prompted British spy agencies to propose a new mass surveillance system that will monitor social network communications and enable real-time access to phone and internet records.
Under a government plan, the Communications Capabilities Development Programme, Internet service providers will be made to grant security services—including the Government Communications Headquarters, an eavesdropping agency—easy access to users’ online information. If legislated, it will give intelligence officers an entire picture of a person’s online activity, including with whom an individual or group is in contact, how often, and for how long.
Details of the CCDP were first published by the Daily Telegraph in February. But debate was reignited across the United Kingdom yesterday after the Sunday Times followed up the story on its front page with the inflammatory headline, “Government to snoop on all emails.” The government is expected to publish its latest plans by the end of this month and wants legislation to be in place by June 2015, according to official documents.
Unsurprisingly, civil liberties campaigners have responded angrily, branding the plan an assault on privacy. Their protests have worked before: A previous plan to upgrade Britain’s surveillance apparatus was shelved in 2009 after controversy and widespread public opposition.
“CCDP changes everything,” Gus Hosein of Privacy International told Slate. “It compels telephone companies and ISPs to collect information that they never would have collected, and then makes them retain it. This will be the first time that there’s a law actively requiring an organization to collect information on innocent people just in case it may be of relevance in the future.”
What appears most significant about the CCDP is that it would broaden the kinds of information being stored and make the process of obtaining this information easier through real-time access. The Open Rights Group believes that it will, for the first time,enable the logging of third-party data using deep packet inspection. These third-party data would include, for instance, instant messaging correspondents or lists of social networking friends.
British spy agencies are keen to push through these changes, according to the Telegraph, as they currently have a limited capacity when it comes to monitoring email traffic and text messages. GCHQ in particular may be eager to keep pace with its American counterpart, the National Security Agency. As Wired reported in March, the NSA is currently building a massive $2 billion spy center in Utah that will apparently monitor “complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter’.”
Communications providers that operate within Europe are already bound by a controversial data retention directive issued by the EU. Since 2009 in the U.K., this has meant ISPs have been made to log and store for 12 months details of websites users visit in addition to communications data: the who, when, and where of a communication but not what was said or what was written. Law enforcement and intelligence agencies can then request this information provided they can meet set criteria, such as that it is in the interest of national security or crime prevention.
Ryan Gallagher will be reporting on surveillance technologies for Future Tense on a regular basis. Follow him on Twitter.
