British Web-Tracking Scheme 'Unworkable'
The London Internet Exchange (Linx), which counts ISPs among its 330-plus internet partners, on Tuesday severely criticised the government's plans, known as the Interception Modernisation Programme (IMP).
The dynamic nature of web protocols would make the interception of web traffic for the entirety of the UK impractical, Linx's head of public affairs, Malcolm Hutty, told silicon.com sister site ZDNet UK.
"Web-based protocols can change without notice," Hutty said, adding that while some protocols, such as email, are relatively stable, others are proprietary, change frequently, and are complex.
"It will often be extremely difficult to reverse-engineer web protocols," he said. "Almost every website is a sophisticated communications application."
Under the IMP, the government would require communications service providers (CSPs) to log all the websites people visit. That proposal is also unworkable, due to the scale of the task, said Hutty. While it is relatively trivial to reverse-engineer web communications in order to pinpoint a single website that one individual has visited, monitoring the browsing habits of an entire country is a different matter, he noted.
Hutty also said that government plans to have communications service providers (CSPs) cross-reference all communications data will not work.
The government wants CSPs to store details of all communications, including voice, text, VoIP, instant messaging and email. This data would then be linked together to build a map of who is communicating with whom, then presented in a form accessible to law enforcement. However, the technological complexity of such a scheme makes it impractical, said Hutty.
"Linking that data implies a lot of data-mining," said Hutty. "To have the advance capability of calling up a profile is a big ask."
Hutty said that under the current data-retention directive, CSPs are required to store a limited number of details about communications, which can be made available to law enforcement upon request. However, he said that many CSPs have struggled to provide even this limited amount of information in one format, as each of their systems is different.
"The main telcos have found it difficult to standardise the format [of data] to hand over to law enforcement," said Hutty. "The level of complexity of standardising the format in linking [data as proposed under IMP] is orders of magnitude more difficult than under current data-retention law."
Hutty noted that the government does not know how much interception data is being collected and used by the public sector at present.
"The Home Office is not able to collect detailed information [about data use] under the existing regime," said Hutty. "The scale of access to communications data as a whole is not something the Home Office knows. They don't have a system of auditing across the board."
The government launched a consultation document outlining the IMP in April. Linx on Monday publicised its response to the consultation, lambasting the project. The organisation said CSPs would suffer "unreasonable" costs in a project that would intrude on people's privacy.
'Unprecedented' level of intrusion
"The volume of data the government now proposes CSPs should collect and retain will be unprecedented, as is the overall level of intrusion into the privacy of the citizenry," said the Linx response. The government is also unclear about what it wants to achieve, Linx said.
"We do not believe sufficient information has been given to say with confidence whether we will support or oppose the government approach [to IMP]," Linx said in the document. "Following discussions with officials, we do not even have confidence that 'a government approach' even exists - it appears that even the basic conceptualisation of the Interception Modernisation Programme is in flux."
The Information Commissioner's Office (ICO) also expressed concerns about the scheme.
"The ICO recognises the value that communications data has for the prevention and detection of crime and the prosecution of offenders," the data watchdog said in a statement on Tuesday. "However, this in itself is not a sufficient justification for mandating the collection of all possible communications data on all subscribers by all communication service providers."
The Home Office on Tuesday declined to comment on the Linx and ICO criticisms of IMP. However, a Home Office spokesperson said that all responses to the consultation, which closed on 20 July, were in the process of being collated. The Home Office summary of the responses will then be published, said the spokesperson, who declined to give a timescale.
Experts from the London School of Economics criticised the IMP on technological grounds in June.