Mass surveillance ain’t cheap. Members of Parliament charged with scrutinising UK government plans to monitor online communications believe proposed laws could put the country’s tech sector at risk. The cost of collecting and storing the data would place a heavy burden on firms in that industry, they say.
Last November, home secretary Theresa May, a new law intended to firm up surveillance powers. Now the House of Commons Science and Technology Committee has published a report on the technical aspects of the bill – and found it wanting.
One of the bill’s most contentious elements is a requirement for internet service providers (ISPs) to keep a record of every website their customers have visited in the past 12 months, though not the particular pages within each site. These “internet connection records” (ICRs) would help the police and security services track what people are doing on the web and assist in investigations – and are simply the online equivalent of an itemised phone bill, says May.
Does not compute
The committee heard evidence from ISPs suggesting this is not the case, because ISPs do not routinely collect this data. “The whole idea of an internet connection record does not exist as far as internet service providers are concerned,” said James Blessing of the Internet Service Providers’ Association. The government has said it will provide £175 million over the next 10 years to cover the cost of collecting and storing ICRs, but ISPs fear this won’t be enough, putting their business models at risk.
MPs also expressed concerns that the bill fails to clarify the extent to which companies will be required toon their customers’ communications – something that may not be technically feasible – and that collaborating with government hacking (known as “equipment interference”) could lose them customers.
“As legislators, we need to be careful not to inadvertently disadvantage the UK’s rapidly growing tech sector,” said committee chair Nicola Blackwood. “The bill was intended to provide clarity to the industry, but the current draft contains very broad and ambiguous definitions of ICRs, which are confusing communications providers. This must be put right for the bill to achieve its stated security goals.”
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.