New legislation being drafted will force Internet providers to retain data for a year and hand this over to police, intelligence agencies and HM Revenue & Customs. The argument being that this will enable them to counter terrorism, paedophilia and fraud. So, how will this be implemented.
“The data would include the duration, time originator and recipient of a communication and the location of the device from which it was made. It would not include the content of messages – what is being said. Officers would need a warrant to see that. ”
The first question would be, does the data stored have to include the content of the messages. It is unclear whether ISPs are required to do this.
Secondly, what would be done about encrypted conversations. Certain protocols could be deciphered if the ISP installs a “middle-man” certificate, or would decipher messages on request. Eg, Gmail provides encryption for users. If both recipient and sender are using gmail, email messages intercepted would be in encrypted form, and not easily cracked without access to Google’s certificate. These powers are UK powers, so would the UK authorities have the power to access a foreign company’s encryption certificate? Google pulled out of China when the Chinese government tried to censor search results.
However, the real question is whether it would make a difference to serious criminal organisations, and I would say no. Criminal organisations are already using means to evade surveillance. They use zombie PCs (botnets) where unsuspecting users’ pcs are hijacked for criminal purposes. This is commonly fraud, but could also be used for other purposes. You can also buy your own encryption certificates, or use “self-signed” ones. There is no known way to decrypt a strongly password protected certificate in a reasonable timeframe.
The use of encryption also avoids the automated scanning of millions of emails for keywords etc. Finding criminals these way would be like finding a needle in a haystack, when you don’t even know which barn the haystack is in.
Heavy handed legislation only makes life more difficult for the law-abiding. Just like the annoying copyright notices you see in some DVDs are not even seen by criminals, as they edit that bit out, but the innocent purchasers of DVDs are forced to watch this.
Criminals are usually found out by talking to people.