There was some mention of costs in the recent Communications Data Bill committee hearings and I also ran across an interesting Freedom of Information request on the costs of the current system, so I thought I’d take a look at them side by side. Which system gives better value for money, the existing Data Retention or the proposed Communications Data Bill?
Cost-per-request under the Data Retention Directive
There are three pieces of useful information here. Firstly is the evidence of Charles Farr, Director General of the Office for Security and Counter-Terrorism. From his answer to Question 6 in oral evidence to the Communications Data Bill Committee: “As you know, we have put, based on our survey of the relevant organisations, a figure of 25% of data that organisations would like to get access to but cannot.” (In other words, 75% of the data is available)
Secondly is Question 10 from Michael Ellis MP: “in 2010 there were over half a million requests for communications data: 552,550.” In combination with the above 75%, that gives around 414,400 successful requests in 2010.
And finally, we have a Freedom of Information response to Caspar Bowden from which we have the yearly cost of running the Data Retention programme. Taking an average for 2009-10 and 2010-11 (Presumably Fiscal years) we find an average for 2010 of £13.15 million.
That’s quite a simple calculation to do: Each successful data request has a data retention cost of £31.76.
Cost-per-request under the Communications Data Bill
Again, Charles Farr has given us some useful information here. In response to question 9, he believes they will “improve our coverage to a figure of what we think should be in the region of 85%, as opposed to 75%, which is where we are now”.
I’ll be generous here and assume they actually get an immediate 10% increase, although even Mr. Farr admit that’s not likely and they won’t see the 85% figure until 2018. That means an extra 55,255 requests for data would be successful based on their figures.
As for the cost, Dr Julian Hupperts Question 73 states “The Home Office estimate is that the cost of this Bill as it currently is would be £1.8 billion over the next 10 years.”
So that’s £180 million a year for 55,255 more successful requests – or £3258 per request, over 100 times more expensive than under the current data retention regime.
So this additional cost is all the “black boxes” snooping on people, right?
Not according to Richard Alcock, Director of the Communications Capabilities Development Programme. From question 73: “The majority of the costs are around data retention. Over 50% are associated with working with communications service providers in the UK, to establish data retention stores.” It would seem that despite their claims that the new bill is mostly about improving data retention, their idea of data retention is significant more expensive (And thus much more extensive?) than the current system.
This discrepancy presumably explains why, despite complaints that much of the existing problem is that the Data Retention Directive is “ambiguous” and does not go far enough
But what about the benefits? There is a claim (Question 76) that this will have a benefit of £600 million per year. When asked to justify this by Dr Julian Huppert MP, Charles Farr included the phrase “We then attached a monetary value to lives saved”. In other words, it’s not a saving, just an analysis of the benefits. We do not have the raw numbers as the Home Office have not released them, so we can not assess if that “value” of lives saved is actually better spent not snooping on people, but in hospitals.
If we assuming the Home Office are being honest in response to Freedom of Information requests, it may simply be that the £1.6 billion figure is made up. (This would not be the first time we have caught someone making up such figures) When I requested a breakdown of the costs of the proposed system, they claimed it would take in excess of 100 hours to compile the information. Which rather sounds like “We do not have this”.