Control: How to carry out surveillance on third party transactions

Everything you do will be intercepted: The tech behind the Home Office plans

Everything you do will be intercepted: The tech behind the Home Office plans

I've just spoken with one of the few civil liberties people who seems to understand both technology and the law, and they had an interesting perspective on the Home Office surveillance proposals.

Of course, we don't know really know what the proposals are yet – we've just the odd leak to the press about 'real-time' access. Try calling up the Home Office and asking about it, if you fancy a laugh. What we do know is that authorities want access not just to telephone records and emails but to communication on newer technology, like Skype and Facebook.

Quite how they would access that information has not been mentioned, but experts tell me the only possible way to do so is through 'deep packet inspection', where a black box recorder is put on Internet Service Providers. The result of that change? Every single thing you do online is intercepted. Interception will be the norm, the only question is whether the authorities bother to look.

Why would they use this system? Well, the government's problem is that while it can ask your phone provider for telephone bills, getting access to information on Facebook or other social media sites is more difficult because most of them are based in other jurisdictions. So instead of making deals with each firm, you would keep track of all the information at the ISP source using the black boxes.

If accurate, the surveillance being discussed would need an appropriate warrant under Ripa [the Regulation of Investigatory Powers Act], because it amounts to an interception. That directly contradicts what ministers have been saying.

Of course, we don't actually know that this is what they're planning because the Home Office, while keen to leak to certain sections of the press, suddenly gets very coy when you start asking questions back. Even during the Home Office consultation in 2009, for legislation which the coalition is now bringing back from the dead, there was little information about how any of this information would be secured.

Presumably, the Home Office wants as few details out as possible when parliamentarians vote on the matter, so the debate can be restricted to people on the radio screaming about catching paedophiles and terrorists. In fact, this morning's leaked Liberal Democrat briefing paper encouraged MPs to rely on stories about catching paedophiles. Keep the story on that level, and you've a good chance of doing whatever you want. After all, who doesn't want to catch paedophiles?The last thing the Home Office wants is for techies and legal experts to get together and figure out precisely what it is they're actually going to do.

But there are strong hints. Firstly, I'm informed that deep packet inspection is the only technologically feasible way of securing information about third party online transactions – ie Facebook, Skype etc. Unless you're going to establish deals with every online company, you'll need a blanket approach. That's where deep packet inspection comes in.

Secondly, that Lib Dem briefing paper alludes to this technique, albeit with Orwellian terminology. "Where there is no business case for communication service providers to gather this data," the briefing reads, "the government will provide financial and technical assistance to allow it to be collected on companies' local systems."

Finally, although deep packet inspection did not even feature in the Home Office's 2009 consultation, it was mentioned in a couple of news items to newspaper journalists at the time (the Telegraph and the Sunday Times I think, but I haven't had time to look for the pieces yet).

Of course, if they use this technology to intercept all internet transactions on the internet, you'll just have to take their word for it that they won't read the content of the message as well. There will be nothing stopping them. I'm sure that's a comforting thought.