Posts Tagged Interception Modernisation Programme

Following the confirmation in today’s Queen’s Speech that something that might look like the Communications Capability Development Programme is going ahead, a conference call had been (pre-)arranged with the cast of the earlier, somewhat more confrontational call. The main difference this time is that instead of being lead by a handful of Senior Political Advisors, the main speaker was none other than Cambridge’s own Dr Julian Huppert MP, who Nick Clegg has publicly deferred to on the issue of Communications Interception.

First of all, I shall start with the LibDem Win: As reported by the Guardian today, if the Tories were left to their own devices, this would probably be rammed through as part of a larger bill.

Whilst we’re not there yet, we (And I mean all campaigners here!) are already making a difference and I’m told some of the plans the Home Office had are already being torn us in the face of opposition. They have been careful not to put anything in writing so far and the full details of the most draconian measures that were in the works will probably never be publicly known, but it seems likely that any plan to put compulsory black boxes on service providers networks to snoop on traffic are already out the window, which is excellent news. Also out is apparently any suggestion that the police would simply be able to pull data from service providers directly over the Internet, without needing to request it specifically from a human.

As to the conference call itself, there was much less technical content than last time. This was partly because we know Julian Huppert very much Gets It, and if he doesn’t he’ll ask those of us that do. But also, it’s because we’re worrying about how we get where we want to be and not the unannounced detail.

As it stands, we’re waiting for the Home Office to say what they want, in writing. They may ask only for entirely reasonable things that we can agree to, but that is unlikely. Instead, it should go through a similar committee process the Libel Reform Bill that was also announced today to allow experts to pick it apart. Some of what the Home Office propose will probably be unacceptable, and we’ll kick it out. Some might be a little awkward, but a genuine attempt by the Home Office to come up with something workable towards a specific goal. We should help them on that if we think it’s a worthy goal.

I’ll sound a note of caution here: As I said above, the civil service may – hell, probably will announce draft clauses that are very illiberal. I’ve no doubt some will react with alarm if that happens. That doesn’t mean that LibDem MPs have “gone native”. It means they’ll discuss them in public and kill them there, and not in private. Secondly, don’t let it become a campaign of misinformation. I’ve heard there are already one or two organisations have put out some inaccurate information based on outdated plans, which won’t help discussions further down the line if they become the focus of discussion when they’re already dead and buried.

(On the flip side, if there are MPs being illiberal: It’s open season. Regardless of party)

In terms of next steps, the Home Affairs Select Committee has written to the Home Secretary, Theresa May, asking for more detail of what’s proposed. She should have responded today and hopefully the committee will publish both their questions and the response on Tuesday, before a full session to question her on the topic.

In parallel to this, some draft clauses will be forthcoming over the next few weeks which is the first time we’ll have something concrete to critique properly. It may be the Home Affairs Select Committee that works on this, or it might be another committee specificity formed to discuss this bill, but the key is the MPs working on it should have the chance to be fully educated on it. One memorable quote from this evening was that “any group that knows what they’re talking about won’t make daft decisions“. I hope that’s true.

Once the draft clauses are in the open, we can finally decide if what they’re thinking of doing is acceptable and call down upon them the wrath of the community if they’ve got it wrong.

From the Queen’s Speech today, there will be “measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public, subject to scrutiny of draft clauses“.

More information has been released by the Home Office, which I’ve included below, (Edited to add: This isn’t a draft bill, it’s just vague background notes on what they might like) but it’s not particularly helpful: It just refers to “an updated framework for the collection, retention and acquisition of communications data”. Which, frankly, could mean anything from minor fiddles with the way ISPs provide information we already hold all the way to full-blown and widespread interception.

I am pretty sure they intend the more Orwellian scenario, but do not want to admit this in writing yet.

There is a section on “appropriate independent oversight”, but the interception of communications commissioner does not appear to have done much good to date so I cannot see this as a positive contribution. (See Mark Pack’s post giving six reasons why the post is a failure for a good discussion on this)

And a “Technical Advisory Board” mentioned, but the role of that body seems to be just someone for the ISPs to talk to in order to figure out the impact of the proposals. My experience of these things is that the industry will have a much better idea of what it’s doing than any government-appointed body!

There is another conference call for LibDem bloggers tonight which I shall report back on, but I doubt we will see much clarification on the above.

Draft Communications Data Bill
“My Government intends to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public, subject to scrutiny of draft clauses.”

The purpose of the draft Bill is to:

• The draft Bill would protect the public by ensuring that law enforcement agencies and others continue to have access to communications data so that they can bring offenders to justice.

What is communications data:

• Communications data is information about a communication, not the communication itself.
• Communication data is NOT the content of any communication – the text of an email, or conversation on a telephone.
• Communications data includes the time and duration of the communication, the telephone number or email address which has been contacted and sometimes the location of the originator of the communication.

The main benefits of the draft Bill would be:

• The ability of the police and intelligence agencies to continue to access communications data which is vital in supporting their work in protecting the public.
• An updated framework for the collection, retention and acquisition of communications data which enables a flexible response to technological change.

The main elements of the draft Bill are:

• Establishing an updated framework for the collection and retention of communications data by communication service providers (CSPs) to ensure communications data remains available to law enforcement and other authorised public authorities.
• Establishing an updated framework to facilitate the lawful, efficient and effective obtaining of communications data by authorised public authorities including law enforcement and intelligence agencies.
• Establishing strict safeguards including: a 12 month limit of the length of time for which communications data may be retained by CSPs and measures to protect the data from unauthorised access or disclosure. (It will continue to be the role of the Information Commissioner to keep under review the operation of the provisions relating to the security of retained communications data and their destruction at the end of the 12 month retention period)
• Providing for appropriate independent oversight including: extending the role of the Interception of Communications Commissioner to oversee the collection of communications data by communications service providers; providing a communications. service provider with the ability to consult an independent Government/ Industry body (the Technical Advisory Board) to consider the impact of obligations placed upon them; extending the role of the independent investigatory Powers Tribunal (made up of senior judicial figures) to ensure that individuals have proper avenue of complaint and independent investigation if they think the powers have been used unlawfully.
• Removing other statutory powers with weaker safeguards to acquire communications data.

Existing legislation in this area is:

• Regulation of Investigatory Powers Act 2000
• The Data Retention (EC Directive) Regulations 2009

Devolution:
The Bill would apply to England, Wales, Scotland and Northern Ireland and relates to non-transferred matters.

Blog posts relating to Tuesday night’s conference call: (In no particular order)

• Zoe O’Connell, Complicity – The party machine’s view on communication interception
• Jennie Rigg, Miss S B – I’ve Just Got Off The Phone After a Conference Call With the Office of the DPM and More on the CCDP thing, and on LibDemmery in general.
• Jonathan Calder, Liberal England – Some unsolicited political advice for Nick Clegg
• Richard Morris, A View From Ham Common – Observations on last night’s conference call with the great and the good.

A few prior to that call, or not related to it:

• Zoe O’Connell, Complicity – People’s Democratic Republic of Liberal Democracy
• Nic Prigg’s Blog – An Open Letter to the LibDem Party Leadership!
• Spineless Liberal – Don’t Patronise Me – Or Spy on Me
• Julian Huppert on LibDemVoice – Safeguards to control state surveillance
• James Firth, Slightly Right of Centre – Government internet snoop plans in a small a nutshell as I can manage and Confusion over warrants, surveillance powers and the intrusiveness of traffic data
• Caron’s Musings – E-mail and web snooping idea – why I’m worried
• Mark Pack – Walking: it’s time to take action on this major terrorist threat and Government snooping plans: why I’m not outraged, yet
• Mark Pack on LibDemVoice – The wheels are coming off the online monitoring bandwagon
• Jon Walls, Contrasting Sounds – The CCDP: the many ways in which it is mistaken

Later additions to this list:

• Jennie Rigg, Miss S B – “New” Government Plans to Snoop on Email and Social Networks: Tinfoil Hat Time?
• Legion’s Eagle – Aargh!!!. “Myth Two” is a particularly important point
• A C McGregor, Leading Lines – An Insult to my Freedom

Mainstream press, firstly prior to the call:

• Nick Clegg’s Interview on World at One (Transcript by Richard Morris, A View from Ham Common)
• New Statesman (The Staggers) – Clegg must speak up against web snooping
• The Sun – Terrorism debate: Are GCHQ set to spy on you?
• Daily Mail – Promises betrayed, and this stealthy slide into Big Brother Britain
• The Guardian – Nick Clegg tried to head off Lib Dem revolt over email surveillance plans
• The Guardian Letters Page – Liberal Democrat MPs stand up for data privacy

And a couple from after: (Note the difference in tone!)

• The Guardian – Nick Clegg attacks ‘blunderbuss’ Tories
• New Statesman (The Staggers) – Clegg ups the volume on civil liberties
• The Times (£) – We’ll let Liberty rule on internet snooping, says Clegg

Last night there was a conference call between policy advisors within the LibDem party and the more vocal grass-roots, such as myself, on current proposals to extent interception powers. It was more than a little enlightening and certainly heated at times. It included the Senior Policy Advisors, (SPAds) special advisors and policy unit staff who are Liberal Democrats, but work alongside the Civil Service. Much of the job of a SPAd for example is to tell a Civil Servant that they’re proposing something the minister won’t stand for, without having to worry the minister too much about it. It’s also confidential so the minister doesn’t have to worry about negative press coverage because a Bernard Woolley civil servant has had a dumb idea.

That system has broken down here. The Civil Service have resurrected their nice plans from under the Labour Government, tweaked them a bit and put them under the noses of the new crop of advisors. But the Civil Servants don’t understand this either, so the briefings they have been giving are rather one-sided. (That’s not me being charitable by the way – they are not being all Sir Humphrey. I’ve met some of these people and they really don’t understand it.)

Miss S B has also written about the call on her blog and that’s worth a read too, along with the comments, for more on the political rather than technical/policy side.

Here is what the policy bods think is being proposed

The current situation is that the security services and police can request information from service providers that they already hold. I’ll skip the detail, but depending on the service provider they can get some idea about some phone calls made or received and emails from at least the last few days, potentially up to two years worth.

They can’t do this in all cases, for example Skype, World of Warcraft chat (Apparently this has been used by drug dealers) or similar. Even Disney’s Club Penguin for young kids could be used in this way, as the Three Lions film demonstrated.

So they want to “normalise” the situation and catch up with technology with the new programme so they retain the ability they already have.

On the call, someone from the policy/SPAd side actually used the phrase “terrorists and paedophiles” to justify increasing powers. This is the 21st Century equivalent of Godwin – any law not involving actual abuse of kids that requires “OMG PAEDOPHILES!” to justify probably should never be enacted or even ever discussed again.

Here is what is actually being proposed

The briefings have been one-sided, as I’ve noted. As a result, claims of “scaremongering” by Nick Clegg and that the coverage is “complete nonsense” by Lynne Featherstone is probably in line with what they are being told by the Civil Service and what they genuinely believe they are discussing.

It is also wrong.

We had to explain it several times, but it was clear that the policy folks did not understand they were shifting the balance between retaining and obtaining. At the moment, service providers can hand over information they already retain in the course of normal business and require an interception warrant from the Secretary of State to obtain anything more than this.

The new proposals would oblige service providers to obtain information that they currently don’t – basically, to dive into the contents of the traffic we’re carrying to figure out not only that you’re sending traffic to a Google mail server or World of Warcraft, but what that traffic really does.

One analogy that has been used is asking Royal Mail to record all mail, with details of who sends mail to whom, which is already pretty bad from a civil liberties perspective. But it is actually worse than that, because we are being asked to open all the mail and check to see if the envelope actually contains another letter inside to be forwarded on to someone else. Or not just record that you rang a voicemail service, but listen in on the call to see who left you messages.

And they think we can create a system to open these letters and listen in on these calls without risking also creating a system that might be able to read or listen to the content. And that we’re able to guarantee keeping the data secure – on a system that by necessity has to be connected to the internet – once collected.

To give them credit, the policy folk did say that this was a red line they were not willing to cross. However, they do not yet accept (Because Civil Servants tell them otherwise) that this is what is actually being proposed. If we can can convince them of this, by convincing them that the party grass roots does know what it is talking about on technological issues, I would expect the plans would get dropped pretty quick.

The situation now

There has been a degree of back-tracking from the top in response to a level of grass-roots reaction that has surprised them. Initially, it seems there were plans to announce legislation (Without consultation?) in the Queen’s speech. That’s now been watered down to “draft legislation” and vague noises about “consultation”, but it is not clear what the form of that draft legislation or consultation would be.

So it’s not hopeless. But we do still need to keep the pressure on those at the top to make sure they can’t change surveillance powers without being held properly accountable not to the civil service, but to the wider party.

Sadly, I don’t have time to write at length (again) about the leaked plans to keep a database of everyone’s communications. Ironically this is becase I’m busy today running the very thing the spooks want to snoop on, the internet. My own views are on record anyway, as my first speech at LibDem conference was in favour of this amendment on the topic and I’ve blogged about it before.

Here’s a quick summary of the plans: They’re ill-conceived and illiberal. I have yet to see one good argument for the proposals as they all seem to boil down to TERRORISTS EXIST or once this morning PEDOPHILES EXIST. There is little evidence that these plans will help, as my personal experience has shown – plod came to me asking for communications information under existing legislation several months after kicking in the doors of some terrorists. No snooping, no interception warrants under existing powers, just “good old fashioned policing”.

I didn’t have the data after that long, unsurprisingly. Perhaps we could spend some of the money on currently leaked plans to train police better in dealing with online crime instead?

But I am worried, even if Mark Pack isn’t. Yet.

Not that worried, as I’m always skeptical as every time plans like these come up, it’s always “confidential briefings” and assurances from journalists that they have a “reliable source”, so we don’t really know what’s going on.

But it’s pretty obvious someone wants more power than they currently have. Did someone on “our side” leak the plans to try to kill them as Jennie suggests? If so, good on them. I don’t even mind if the LibDems take some flack for it if it means we kill it.

But they didn’t tell the rest of us and caught many off guard, which might explain the rabbit-in-headlights response from the top of the Liberal Democrat party.

Or did someone on “the other side” leak it test the waters and soften us up for what is to come in advance of the Queen’s speech? I would hope that the reaction has made them see the error of their ways, but I know that is a misplaced hope.

I’ll close with a message to anyone at or near the top of the LibDem party reading this: We’re a broad church, with people from both the left and right, so topics like the economy are bound to cause splits.

But this one shouldn’t be difficult. To make it easy, we put the clue in the name of the party: Liberal Democrats. Please let’s not go all “People’s Democratic Republic”, a code phrase for a communist dictatorship, where we dispose of ideas we like least in the title.

I’m starting to think that some of the folks over at The Register are permanantly wearing tin foil hats, based on yesterday’s latest post on the Interception Modernisation Programme. They tell us that “Government measures to massively increase surveillance of the internet will be in place within five years” and quote quite selectively from a Home Office document, specifically “key proposals [will be] implemented for the storage and acquisition of internet and e-mail records“.

They link to the Home Office business plan, but I’m guessing they didn’t expect people to actually read the source. Here’s the bit they quoted from in more detail…

5. Protect people’s freedoms and civil liberties – Reverse state interference to ensure there is not disproportionate intrusion into people’s lives
…
5.2 Introduce safeguards against the misuse of counter-terrorism and security legislation

• i. Undertake and publish a review of counter-terrorism and security legislation, working with the Department for Communities and Local Government on the Regulation of Investigatory Powers Act
• ii. Implement key recommendations

5.3 End the storage of internet and email records without good reason

• i. Develop and publish proposals for the storage and acquisition of internet and e-mail records
• ii. Implement key proposals, including introducing legislation if necessary

It starts looking a little less like there’s a real story there when you look at the source in full and we’re back to the same situation as before. Whilst I’m slightly concerned about what’s to come based on the not entirely definitive answer from David Cameron in PMQs, If there is some more information that they’re privy to that indicates the IMP is back, they’re not sharing it with us, the public. Of course, some people are so invested into the “IMP is back” culture by now that they’re forced into attacking anything that’s announced as actually being the IMP, even if it isn’t, thus detracting from any reasonable debate on how to improve the current, less than ideal, situation.

Dr Huppert MP is attempting to find out more (Questions 214 and 215) so hopefully we should find out for sure soon.

On the topic of the not-Interception Modernisation Programme, which I shall geekily call the Pling-Imp from now on, Dr. Julian Huppert MP asked a question in Prime Ministers Questions on Wednesday on this topic:

Can the Prime Minister reassure the House that the Government have no plans to revive Labour’s intercept modernisation programme, whether in name or in function, and that he remains fully committed to the pledge in the coalition agreement to reverse the substantial erosion of civil liberties and to roll back state intrusion?

The response from the Prime Minister was somewhat more equivocal than I would have liked and didn’t really address the point:

I would argue that we have made good progress on rolling back state intrusion in terms of getting rid of ID cards and in terms of the right to enter a person’s home. We are not considering a central Government database to store all communications information, and we shall be working with the Information Commissioner’s Office on anything we do in that area.

Even Labour only briefly considered the centralised database and it had been dropped by May 2009, so this isn’t really news. I understand that Dr.Huppert has submitted followup written questions, which he referred to on Twitter and also in yesterday’s debate on the Internet and Privacy. Unfortunately it seems that questions are not published until the answers are submitted so we do not yet know what has been asked.

Edited to add: Since I put up this post, I’ve been contacted by the Open Rights Group in relation to the below paragraphs saying that they didn’t intend to suggest we were spreading misinformation, but that we were being supplied with misinformation.

So, does it sound like the Pling-IMP is back? The Open Rights Group are “convinced” that this is the case. Following republication of parts of my blog posts on Lib Dem Voice, they went on to quite publicly suggest we were spreading misinformation. This annoys me for two reasons. Firstly, the ORG are guilty of spinning the facts to the point of misinformation themselves. Their original petition, which they are still advertising widely, mentions a two billion bound price tag which we now know is inaccurate. The wording of the petition also suggests government interception, when of course we all know that was ruled out back in 2009 in favour of mandating ISPs to perform the interception.

Secondly, and more importantly, although I expect random and unsubstantiated attacks from the more tribal members of the opposition I would regard the Open Rights Group as being on the same side. I can understand their suspicion of anything that comes of Government given we did have over a decade of increasingly illiberal measures, but there’s no indication that the current crop of ministers have gone native.

For anyone from the Open Rights Group that’s reading this: Right now, you are annoying members of the party in power most likely to be sympathetic to your cause and you’re annoying the technical staff at ISPs. We are on your side and we would like your help. Please quit with the hyperbole aimed at us, because if we give up and go home you’ll be dealing with the Conservatives and Business leaders instead.

Yesterday’s debate in Parliament gives you a clue to the Conservative view on this. Although not as keen on state control in general as the last government, they are inclined to care more about Google Streetview because no business relationship exists between the public being photographed and Google. As soon as you have a business relationship – customer and ISP – they really don’t seem quite so interested. After all, shouldn’t competition within the market should deal with any issues?

Back to the Pling-IMP. I am a fan of evidence-based policy but if there is any evidence that it’s back, it is not being shared it with us. All we have to go on so far is that there is some sort of wide-ranging consultation afoot, with no price tag either high or low attached. It’s being conducted by the same Home Office communications group that undertook the original IMP study, but that’s hardly surprising as I would not have expected the Milk Marketing Board to have been given this task.

The Prime Minister’s answer definitely concerns me. I would have preferred a statement that they are not currently planning on asking ISPs to capture any more information or store what they have for any longer. But it’s not worrying enough that I’m going to get all righteous before the consultation is even out.

After all, it’s still just as impractical to achieve now as it was last year.

I have no doubt that whatever consultation is released, there will be those that seize upon any little word in it that suggests interception of any sort might perhaps be changed in some way other than completely getting rid of it. I do hope that does not happen too much because it detracts from making changes for the better and what is going on now is bad and needs to be changed. We should not be locking up teenagers for possibly forgetting passwords. Nor should the Regulation of Investigatory Powers Act give City and Borough Councils the same powers as police and the security services to access information held by service providers.

The problems in this area stem in part from misunderstanding about what is possible. “Making better use of data we already have” is one item I’m told is definitely within scope of the upcoming consultation, but it’s hard to be constructive when one is rabidly denouncing any attempt to discuss the matter before we even know the questions.

We have a new government in power and should be encouraging debate on existing laws, not stifling it.

Following my last post on the topic, I dropped a note to the Home Office contacts I had, such that they are, asking if what has been announced as part of the Strategic Defence and Security Review was in fact the Interception Modernisation Programme. For those who haven’t been following, that’s the innocent sounding name for the last governments plan to build a database with details of every EMail, Facebook message, Instant Message, Internet phone call and anything else they can manage.

Today I had the reply: In short, no. It’s not the IMP.

This is the sort of responsible fact checking that you’d think the Telegraph might do before running a story on the topic. Or the Independent. Even the Guardian. Twice. No, sorry, that’s three stories.

Of course, there will be more to it than that but the main message I took away from the 10 minute phone call was that what has been announced is not intended to be picking up from where they left off. Instead, it’s a new initiative with it’s own consultation.

This new initiative will last months and the fact that they apparently “understand a lot more than they did five years ago” hopefully means the questions they ask will be more informed in the first place. Cynically, I could not help but think while on the call that it also means they understand the current government isn’t going to be quite such a walkover on Civil Liberties as the last lot.

What else in scope for this consultation? Right now, it’s hard to tell. We certainly haven’t seen the last of IMP-like suggestions as I’m sure the Security Services are still going to want something but I was repeatedly assured that what is on the cards is wider in scope than before. Alongside the usual government consultation objectives such as “value for money”, we have “What is technically possible?” and “How can we make better use of existing data and powers?”

I would hope there is a chance to influence current policy to create a more liberal approach, given that the current kick-in-the-door-first, ask-questions-later policy just results in locking up teenagers who allegedly can’t remember a password after a few months. On the flip side, past dealings with the security services mean I’m far from complacent.

We shall have to wait and see.

It is in the news yesterday – courtesy of The Telegraph – that the innocent sounding “Interception Modernisation Programme” is apparently to be revived. I for one am skeptical that the revival of the programme is really happening as the source does not specifically say it is the Interception Modernisation Programme that’s back – it just nebulously mentions a “programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain communication data and to intercept communications“.

Certainly I hope it really is not the Orwellian IMP. This was envisaged under the last government and I sat through a Home Office presentation on the issue back in May 2009 in which we did go some way, I believe, to ensuring the IMP was shelved.

Firstly, to correct some of the reporting I’ve seen: No reliable source I have seen has suggested that the content of every mail is to be stored and certainly it did not feature in the Home Office presentation. It is only the envelope – the to, the from and the subject line – that they’re interested in. OK, so technically this doesn’t sound too hard to do and in fact I, with my ISP hat on, do this today. If a customer rings up and has a problem with sending or receiving mail, I can look at the logs and see what they have tried to send and receive for the last few days. Scaling that to a year’s worth of data just becomes a matter of adding more disk space, but these days your average home PC could store the data for a year for a good sized ISP without too much trouble.

The reality of what the Home Office intended with the IMP is far worse however. What it set out to do is record the detail of every email, every internet phone call, every Facebook message, every Twitter direct message, every Instant Message and so on so that if Law Enforcement want information on a user they can build up a pretty good picture of who someone has been talking to. Because these services are not run from the UK, the Home Office can’t make them do anything so they’re asking the Service Providers sitting in the middle to do the work instead. Only this isn’t possible in the way they think it is.

I rather suspect the Home Office have been spending too much time watching reruns of “Spooks” rather than researching the issue properly.

Before I go on, I should explain the type of people that the Home Office were presenting to back in May 2009. Typically, when government goes to talk to service providers it seems to talk to “Compliance Managers” and directors at large corporations, who are likely not interested front-line technical reality of running a Service Provider. This was not such an audience. There were probably fifty to a hundred people in that room. Without even leaving our seats, the number of people there who did not possess the very real knowledge and capability to cripple large portions of the internet in less than sixty seconds was quite possibly two. Specifically, the two people from the Home Office who stood up on the stage.

The explanation of how this would work presented by the Home Office largely boils down to handwave-handwave big magic box handwave-handwave. They didn’t really have a solution to the problem that all the data and everything else is in a proprietary format that some programmer thought was a good idea while hyped up on Mountain Dew at 3am. As long as it works for whatever application they’re developing, it’s not supposed to be easy to snoop on and they’re likely to change it at any moment. That’s before we get into the problems of all the little Facebook applications and one-off custom bulletin boards.

The Home Office think that Service Providers can do this. The question I asked them was this: Why do you think we can do this. Because, basically, we can’t. The technical Home Office presenter seemed to believe he’d seen this capability. We had a show of hands: How many people in the room – and these are the people that run the Internet, not the managers – can do this. Nobody raised their hands.

The debate elaborated on the detail of this, but boiled down to one thing: the Home Office thought that we already had the ability to get this data for “Network Planning purposes” and had seen the likes of Phorm and Cleanfeed which look vaguely similar, if you ignore all the inconvenient technical data. On the “Network Planning” front, I do need to know how much data people are using so that I can make sure the pipes are big enough. However, I don’t care if that 5 Gigabytes of data you just downloaded are the detailed technical schematics of a nuclear reactor from one Mr.B.Laden or a video of your grandkids in the back garden last summer. 5 Gigabytes is just 5 Gigabytes.

Sure, to some extent I care where it goes. UK traffic is easier (By which, of course, I mean cheaper) to handle than US traffic for example. So we’ll get really into the detail of the data and sample one packet in a thousand. Or one in ten thousand. Or one in a million – we just don’t need the ability to look at every packet to get a pretty good feed for what’s going on. As one attendee put it, if you want to know if an email was sent, you have about the same odds of catching the right packet as you do from buying a lottery ticket. And even then we just know you talked to a server that happened to be owned by Google, or by Facebook, or by Skype. It might host some dodgy terrorist bulletin board but on the same server are quite possibly knitting patterns for woollen jumpers and photos of the 19:47 Express from Dundee.

We don’t know and, frankly, with a technical hat on we Just Don’t Care.

Lets have a look at the obvious counter-arguments that suggest we can do this:

• Cleanfeed – the system BT invented to try to filter out kiddy porn. For a start because you just need to visit an encrypted web site and it’s not filtered. It also functions by only diverting and examining traffic to addresses known to contain bad content and leaving the rest well alone so it doesn’t have to scale to every piece of data that flows across the network. And finally, it just looks at the URL you type into your browser and that’s predictable and easy to do – no digging around in the internals of the data to find out who Facebook messaged who.
• Phorm – the user behaviour tracking and advertising system. Somewhat bigger in scale in that it attempts to intercept a bigger proportion of traffic. But you still don’t need every detail in a useful, loggable form to do this. Just the fact that the phrase “woolly jumper patterns” pops up reasonably often in the streams from a user that you did get around to sampling is enough to pop up advertisements for subscriptions to Knitting Weekly.
• Your Employer – really, they probably can’t do most of what they claim to do as the fear of redundancy keeps most people in line. Some have the resources to do quite a bit, most notably those regulated by organisations such as the Financial Services Authority. But as well as quite a lot of money for a relatively small user base, it’s because they have one big advantage that they control your PC and can install extra software on there to allow monitoring of even encrypted web sites and they can also just block you from doing things they can’t monitor.
• The Great Firewall of China – Huge numbers of staff involved, all sorts of legal implications if you break through it. And yet people still manage

It all starts looking a bit bleak for IMP and a few months after that meeting, it was abandoned.

If this really is the IMP resurrected, the Home Office have solved some pretty major technical hurdles and I look forward to their announcement of some magic hardware in the not too distant future. In the mean time, I suspect that the likes of Facebook will be checking out the costs of rolling out encryption hardware for anyone accessing their services from the UK.

Update: I have a couple of old addresses from the Home Office dating back to this consultation – I have dropped them an email to ask if this really is the IMP resurrected. It occurred to me as I did that the Strategic Defence and Security Review is Ministry-of-Defence driven whereas the original IMP was via the Home Office. I don’t know if there is anything in that.