U.K. pauses before implementing sweeping surveillance scheme

Published 16 October 2008

The U.K. government said it wanted to give law enforcement sweeping power to collect electronic data as a measure to prevent terrorism; the government now says it will engage in consultations to make sure citizens’ privacy is not violated

The U.K. government has decided to take slow down a proposal which would have given law enforcement sweeping power to collect electronic data as a measure to prevent terrorism. The proposal, in the Communications Data Bill, would allow the government to collect data on phone calls and other electronic communication. The government planned to put the proposal in Parliament’s upcoming legislative agenda, but on Wednesday chose instead to conduct a consultation next year due to concerns about intrusive monitoring of private citizens. “It’s a sensitive issue, and there needs to be a proper public debate,” a Home Office spokesman said Thursday.

Jeremy Kirk reports in PCWorld that Home Secretary Jacqui Smith said on Wednesday the legislation is needed because of the difficulty in collecting evidence against terrorists. “These are not like other criminal investigations,” Smith said during a speech at the Institute for Public Policy Research. Law enforcement “put a very high premium on pre-emptive intelligence because we are trying to stop a criminal act and not investigate one which has already taken place.”

Smith denied critics’ charges that the government seeks a super database. “There are no plans for an enormous database which will contain the content of your e-mails, the texts that you send or the chats you have on the phone or online.”

The Communications Data Bill, the details of which have not been made public, is modeled in part on European Union Directive 2006/24/EC, which requires that communication providers retain a vast array of data including IP (Internet Protocol) address, physical address and user ID used for communications such as e-mail. The actual content of the communication should not be retained, but data around how it was sent and when should be retained for at least six months and up to two years, the directive says.

Kirk writes that at least one senior Microsoft executive doubts how helpful collecting Internet communications would be for law enforcement, as hackers have different techniques to undermine a user’s PC and make it appear a victim is involved in a scheme when they are not. Jerry Fishenden, Microsoft’s U.K. National Technology Officer, wrote that e-mails can be spoofed and computers can be infected with malicious software. A Web feature called “pre-fetch” lets one Web site command a person’s browser to pull up another Web site in the background, a feature that speeds browsing. The point is that pre-fetch works without the knowledge of a user, Fishenden wrote. An innocent blog entry could, for example, trigger a bomb-making Web site to be called up in the background, which would then be logged by the ISP. “Legitimately you would know nothing about it, but try telling that to someone knocking on your door at four o’clock in the morning waving a printout from the ISP showing you regularly frequent ‘known terrorist Web sites’,” Fishenden wrote.