Gov't may track all UK Facebook traffic

Fri Mar 20 04:06:27 PDT 2009

http://www.zdnet.co.uk/misc/print/0,1000000169,39629479-39001093c,00.htm

Gov't may track all UK Facebook traffic

18 Mar 2009 13:41

Home Office minister Vernon Coaker has said the government is considering
recording the traffic data of all UK citizens on social-networking sites,
including Facebook, MySpace and Bebo

The UK government is considering the mass surveillance and retention of all
user communications on social-networking sites including Facebook, MySpace,
and Bebo.

Home Office security minister Vernon Coaker said on Monday that the EU Data
Retention Directive, under which ISPs must store communications data for 12
months, does not go far enough. Communications such as those on social
networking sites and instant messaging could also be monitored, he said.

"Social-networking sites, such as MySpace or Bebo, are not covered by the
directive," said Coaker, speaking at a meeting of the House of Commons Fourth
Delegated Legislation Committee. "That is one reason why the government are
looking at what we should do about the Intercept Modernisation Programme,
because there are certain aspects of communications which are not covered by
the directive."

Under the EU Data Retention Directive, from the 15 March, 2009, all UK
internet service providers (ISPs) are required to store customer traffic data
for a year. The Intercept Modernisation Programme (IMP) is a government
proposal, introduced last year, for legislation to use mass monitoring of
traffic data as an anti-terrorism tool. The IMP has two strands: that the
government use deep packet inspection to monitor the web communications of
all UK citizens; and that all of the traffic data relating to those
communications are stored in a centralised government database.

The UK government has previously said that communications interception was
"vital", and has hinted that social-networking sites may be put under
surveillance. However, responding to a question from Liberal Democrat MP Tom
Brake, Coaker said that all traffic data on social-networking sites and
through instant messaging may be harvested and stored.

"The honourable member for Carshalton and Wallington will also know the
controversy that currently surrounds the Intercept Modernisation Programme,"
said Coaker. "I look forward to his support when we present Intercept
Modernisation Programme proposals, which may include requiring the retention
of data on Facebook, Bebo, MySpace and all other similar sites."

Deep packet inspection, the second strand of the IMP, involves intercepting
and examining the contents of all data packets that flow over a network. In
Monday's meeting, Coaker said the government still intends to have a
consultation on whether to inspect and then store all internet traffic data
in a centralised government database.

"What is the point of having a consultation if, as the honourable gentleman
implies, the government have already made up their mind to have a central
database?" said Coaker. "We have not made up our mind. We have said we will
consult on a variety of options."

Opposition to the government's IMP proposal has been fierce. Cambridge
University computer security expert Richard Clayton told ZDNet UK on
Wednesday that the government proposal to monitor social-networking traffic
was "extremely intrusive".

"The question is whether it's necessary or proportionate, and the short
answer is no, it doesn't look that way," said Clayton. "If the government
wants to make us safer, having a few more police on the electronic beat would
be a good idea."

Clayton said that the problem for the government is that the Data Retention
Directive only applies to data held by internet service providers, but that a
large number of people don't use ISPs' systems to communicate, instead using
online services including webmail and social-networking sites. Servers may be
located in different jurisdictions, said Clayton, and data-retention times
may be short.

"The government wants to collect all of this data on everybody, just in
case," said Clayton. "Suppose you use hotmail.pk, and you blow up the Houses
of Parliament. The government would have to persuade the Pakistani
authorities to turn over the logs, which may then turn out only to have been
retained for three days."

However, Clayton believes that the cost of harvesting this information, which
would involve all UK internet infrastructure providers and ISPs having 'black
boxes' to monitor data, would be prohibitively expensive. Clayton said that
taxpayers' money would be better spent on the police, who could target
investigations to those they suspect of criminal activity, rather than on
performing blanket surveillance of everybody.

"To deploy deep packet inspection equipment isn't cheap b the word 'billion'
is appropriate," said Clayton. "It took the Home Office the best part of a
year to find B#3m for the Police e-Crime Unit. That's what is wrong with this
picture."

Web inventor Sir Tim Berners-Lee also opposes the use of deep packet
inspection to inspect people's data. Berners-Lee told ZDNet UK last week that
the internet should not be "snooped" upon.

"If [third parties] are using the data for political ends or commercial
interest, there we have to draw the line," Berners-Lee said. "There's a gap
between running a successful internet service and looking inside data
packets."