In February, the London Telegraph published a story about how the UK government (once again) wanted the ability to obtain "details of every phone call and text message, email traffic and web sites visited online." The information, to be stored by telecom companies and Internet service providers for one year, would not contain the contents of the phone calls, emails, text messages, etc., but would contain the telephone numbers and email addresses of the senders and receivers. The justification was that UK security services needed the information to combat terrorism.
When the story came out, there was the usual flurry of condemnation on invasion of privacy grounds, but there wasn't much of a general uproar. Personally, I think few people expected the government to actually follow through with the scheme, given that previous attempts to monitor phone calls and Internet use had proven to be both expensive and a major vote loser. But it seems like the UK government has perennial desires to emulate Orwell's Big Brother persona.
This week, again according to the Telegraph, the UK government surprised everyone by announcing an even more radical scheme. It wants Internet companies to install hardware that will allow the security services to monitor all phone and Internet traffic in real-time. Again, call and Internet content wouldn't be accessible (at least not without a warrant).
A government spokesperson stated that:
"It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public. We need to take action to maintain the continued availability of communications data as technology changes."
The current Conservative-Liberal Democrat Coalition government was immediately called hypocritical since this proposal basically mirrors that of the previous Labour government. At the time, both Conservatives and Liberal Democrats criticized the invasion of an individual's privacy. Even a former head of the MI5 accused the UK government of pushing the country towards a police state.
Trefor Davies, the founder and chairman of the UK ISP Timico, wrote in yesterday's Telegraph that the proposed surveillance plan was "expensive, impractical, totalitarian." Davies noted that there were a myriad of ways around the proposed monitoring, and that Internet and phone customers are not going to be happy paying for the additional cost of this surveillance. The government estimates that it will cost at least £200 million a year, although that is likely an underestimate.
A backlash against the proposal seems to be growing rapidly (including inside the Liberal Democrat party), and it will be interesting to see whether this government will back-off before it generates lasting voter anger. It is already fighting hard against a recent scandal which portrays it as the party of the rich and powerful; the surveillance proposals only serve to amplify that portrayal.
Maybe the UK government should learn to be patient, follow the CIA's lead and just wait until citizens "spy on themselves"—a time that appears to be fast approaching.
Update (05 April 2012):
A Risk Factor reader (thanks, Anders) let me know that there is already an EU-directive in place requiring EU telecom operators to save traffic data for 60 days. Sweden, he says, did not comply with the directive and was brought to the EU court for not doing so. Its parliament was forced as a result to put the directive into law.
The UK Coalition government seems to be softening its position on imposing the new surveillance requirements by saying that its proposal will receive a full public review. Whether this means it will back-off completely is yet to be seen, but there is probably a good chance that it won't be implemented at least this year.
Contributing Editor Robert N. Charette is an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Along with being editor for IEEE Spectrum’s Risk Factor blog, Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.