Security Bullet In
Communiques from the security front, sir
Tuesday 5 May 2009, 5:51 PM
Spooks get cagey over DPI
The government's eavesdropping service, after a brief bout of garrulousness, has lapsed back into silence.
After getting all hot under the collar and denying plans to monitor UK citizen's internet usage, GCHQ suddenly got very quiet about how it expected ISPs to monitor all of our traffic data.
Here are the questions I sent to the GCHQ press office today:
1. In the press release of 3 May, GCHQ states: "GCHQ is not
developing technology to enable the monitoring of all internet use and phone calls in Britain, or to target everyone in the UK." Does GCHQ, or the government, want CSPs to monitor all web communications to glean the traffic data?
2. Is it the case that GCHQ is not developing this technology, but
that private companies are developing the technology at the government's or GCHQ's behest?
3. Will CSPs be expected to perform deep packet inspection to effect the monitoring of traffic data?
4. Have 'black boxes' been installed at key points on the
communications infrastructure by CSPs, to perform deep packet inspection?
Here is the response I got:
"Protective Marking: UNCLASSIFIED
Tom
Many thanks for your enquiry: I regret to say that we have no further comment to add to the press release.
GCHQ Press office"
Hmm, no surprises there then.
Although the Home Office has repeatedly stated that it would not intercept content, what it wants ISPs to store is the traffic data, which would enable the government to build a picture of who any UK citizen is communicating with, and when, at any time. It doesn't really matter whether the database to store this information is centralised, or distributed around different ISPs.
Interception of content without due cause would be outside of the remit of the Regulation of Investigatory Powers Act (God forbid the Home Office or police should do anything illegal with data, such as store innocent people's DNA details indefinitely) -- but interception and storage of traffic data? Nothing in RIPA about that -- the spooks and the government have a free run.
After getting all hot under the collar and denying plans to monitor UK citizen's internet usage, GCHQ suddenly got very quiet about how it expected ISPs to monitor all of our traffic data.
Here are the questions I sent to the GCHQ press office today:
1. In the press release of 3 May, GCHQ states: "GCHQ is not
developing technology to enable the monitoring of all internet use and phone calls in Britain, or to target everyone in the UK." Does GCHQ, or the government, want CSPs to monitor all web communications to glean the traffic data?
2. Is it the case that GCHQ is not developing this technology, but
that private companies are developing the technology at the government's or GCHQ's behest?
3. Will CSPs be expected to perform deep packet inspection to effect the monitoring of traffic data?
4. Have 'black boxes' been installed at key points on the
communications infrastructure by CSPs, to perform deep packet inspection?
Here is the response I got:
"Protective Marking: UNCLASSIFIED
Tom
Many thanks for your enquiry: I regret to say that we have no further comment to add to the press release.
GCHQ Press office"
Hmm, no surprises there then.
Although the Home Office has repeatedly stated that it would not intercept content, what it wants ISPs to store is the traffic data, which would enable the government to build a picture of who any UK citizen is communicating with, and when, at any time. It doesn't really matter whether the database to store this information is centralised, or distributed around different ISPs.
Interception of content without due cause would be outside of the remit of the Regulation of Investigatory Powers Act (God forbid the Home Office or police should do anything illegal with data, such as store innocent people's DNA details indefinitely) -- but interception and storage of traffic data? Nothing in RIPA about that -- the spooks and the government have a free run.
Previous
