From The Sunday Times, October 5, 2008 (David Leppard)
Every call you make, every e-mail you send, every website you visit – I’ll be watching you.
That is the hope of Sir David Pepper who, as the director of GCHQ, the government’s secret eavesdropping agency in Cheltenham, is plotting the biggest surveillance system ever created in Britain.
From his office in the agency’s famous “doughnut” building, Pepper is masterminding an innocent-sounding project called the Interception Modernisation Programme.
The scope of the project – classified top secret – is said by officials to be so vast that it will dwarf the estimated £5 billion ministers have set aside for the identity cards programme. It is intended to fight terrorism and crime. Civil liberties groups, however, say it poses an unprecedented intrusion into ordinary citizens’ lives.
Aimed at placing a “live tap” on every electronic communication in Britain, it will dwarf other “big brother” surveillance projects such as the number plate recognition system and the spread of CCTV.
Pepper and his opposite number at MI6, Sir John Scarlett, are facing opposition from mandarins in the Treasury and Cabinet Office who fear both its cost and ethical implications.
The spy bosses say a central database is essential to “capture” the array of communications between terrorists planning to attack Britain. Draft e-mails, chatroom discussions and internet browsing on encrypted jihadist websites are the preferred forums for Al-Qaeda cells to plan their attacks, they say. However, other officials and many in the business and academic community are wary.
A spokesman for the information commissioner, Richard Thomas, said yesterday that this summer he had called for a public debate about government proposals for the state to retain people’s internet and phone records.
“The commissioner warned that it is likely that such a scheme would be a step too far for the British way of life. Proposals that threaten such intrusion into people’s lives must be properly debated,” the spokesman said.
Despite the lack of public debate, Pepper’s officials have been aggressively marketing his plans in a round of White-hall briefings over the past few weeks.
One of their charts depicts a steep upward line showing the amount of electronic communications data that are being “captured” in the databases of hundreds of private telephone companies and internet service providers. But future projections show a sharp fall in the amount of communications data firms can, or are willing to, retain.
If this information is not centrally stored, it will disappear, making it impossible for police and intelligence agents to reconstruct the history of so-called “friendship trees” between members of terrorist cells.
The sheer scale of electronic communications today is mind-boggling. Last year 57 billion text messages were sent in the UK, up from 1 billion in 1999. The number of broadband internet connections has grown from just 330,000 in 2001 to 18m in 2007. And each day 3 billion e-mails are sent – 35,000 every second. Somewhere in that mass of data, terrorists are communicating with each other about their next attack.
At the moment the data are spread across temporary storage sites held by hundreds of private firms. To agents and police trying to detect or reconstruct what MI5 calls terrorist “attack planning”, it’s like looking for a needle in a million haystacks.
But there are mounting concerns at the Treasury about the costs of Pepper’s project. According to Richard Clayton, a security expert at Cambridge University, the system will require the insertion of “thousands” of black box probes into the country’s computer and telephone networks.
Known as Deep Packet Inspection equipment, these probes will “steal” the data, analyse and decode the information and then route it direct to a government-run database.
No one yet knows exactly how to ensure police and intelligence agencies do not abuse their access to the database.
The law on surveillance
United Kingdom Telephone and internet companies must give details of calls or web use to law enforcement agencies if a senior officer certifies that it is needed for an investigation. Last year 520,000 such requests were made. Interception may be authorised for 653 public bodies. For the security services, a minister must give approval; for the police, a chief constable.
United States The government requires a special order approved by FBI officials to demand data on telephone calls and internet use. To intercept communications it needs a court order. If there is a threat to national security, emergency wiretaps can be used for a week.