IMP or CCDP? Who cares, it's still storing your data

Filed Under: Data loss, Law & order

Eye spy image, courtesy of ShutterstockWith a new moniker and tweaked scope, another version of the Interception Modernisation Programme (IMP) is making its way back on to the UK's legislative agenda.

Dropping the IMP tag, it's now the slightly less ominous sounding Communications Capabilities Development Programme (CCDP).

This programme's resurgence might come as a surprise. When the Labour party was in power and pushing the IMP, the Conservatives and Liberal Democrats were rightfully very critical of it, terming it "reckless".

When the Conservative-Liberal Democrat coalition was formed in May 2010 and assumed power, one of the commitments they made was:

We will end the storage of internet and email records without good reason.

This promise didn't last long, and the wheels were officially set in motion back in October 2010 when a programme was added to the Strategic Defence and Security Review to:

Preserve the ability of the security, intelligence and law enforcement agencies to obtain communication data and to intercept communications.

So perhaps the British government has made big changes? Maybe this new programme is different? Unfortunately not, according to Jim Killock, Executive Director at the Open Rights Group:

"Labour's online surveillance plans have hardly changed but have been rebranded. They are just as intrusive and offensive."

Man on phone, courtesy ShutterstockThe Telegraph reports that the CCDP will require mobile and landline telcos and ISPs to create databases to store communications data for a year, for use by security services.

This data will define the "who, when and where" of data subjects, including email addresses, IP addresses, phone numbers, time, location, data sender and recipient.

The Telegraph also notes how bodies like GCHQ, MI5 and MI6 will use the databases to monitor email and text traffic in "real time".

Importantly, social networking data would be included in the database, including private messages sent on sites like Twitter and online gaming environments like Xbox Live.

While the actual content of calls, texts and emails wouldn't be stored, it means the companies and law enforcement are brought together in an even closer working relationship and incorporates companies into public policing practices, despite their lack of public accountability and transparency.

Home OfficeAccording to Home Office documents, the plans will be published by the end of April 2012, and implemented by the end of June 2015.

I'm sure more debate will ensue when details are drafted and released. But there are a few concerns at the outset.

Security is a big issue. Although distributing databases around different ISPs and telcos is more secure than the government's original idea of one huge central database, there are still problems.

The databases would presumably be prize hacking targets, and the resulting collateral impacts for privacy would be huge. Mass disclosures of personal data would compromise a lot of individuals' rights, especially when data from social networks is included in the pot.

Another big practical concern is the financial burden on ISPs and telcos from this scheme; who will bear the costs?

In an interview with ZDNet, Professor Peter Sommer highlighted some of the costs, including the initial installation of the 'black box' interception equipment and the cost of maintaining and regularly updating interception algorithms.

Importantly he raises a poignant question about the scope of the programme:

An ISP only sees a stream of data going into a particular home hub, and the data needs to be sorted out... is it communications data or content? Are you asking ISPs to retain everything?

The agencies already have the ability to obtain and intercept the data they need under existing laws and access processes. So the expensive, unnecessary and draconian tool like the CCDP really is difficult to justify, from a privacy perspective.

The potential for scope creep highlights the disproportionate use of mass surveillance techniques.

Storing everyone's communications data "just in-case" it comes in useful for an investigation is an inefficient and unjustifiable approach.

Eye spy and man on phone images, courtesy of Shutterstock.

, , , , , ,

You might like

3 Responses to IMP or CCDP? Who cares, it's still storing your data

  1. No 1984 · 921 days ago

    This behaviour is unacceptable not to mention illegal. There are some organisations trying to stop this invasion of Privacy. The Open Rights Group are spear heading a campaign o try and make people aware of this.

    Please join their face book group https://www.facebook.com/groups/307346099323703/

    and sign the petition to stop this going ahead http://www.openrightsgroup.org/

  2. Terry · 920 days ago

    Never mind 'legal'. Is it DEMOCRATIC? Are the democratic majority in Britain likely to support or oppose this measure?

    I have a suggestion for Open Rights and other groups campaigning against this proposal. Organise an opinion poll with a reputable polling organisation. It's the nearest thing to democracy we ever get in Britain.

    If the government challenges the results, challenge the government to have a referendum on their proposal. If they refuse and go ahead with it, organise a revolution.

  3. 4caster · 920 days ago

    I would like my ISP to store my outgoing emails. It would save me the bother of having to back them up, and would enable me to recover them onto a different computer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lachlan Urquhart is a legal academic from Edinburgh, Scotland who has completed an LL.B at the University of Edinburgh and recently concluded a postgraduate LL.M in Information Technology and Telecommunications Law at the University of Strathclyde. For more articles from Lachlan, visit his blog.