Wednesday 20 August 2008

Am I frightened? No. I'm terrified.

Now it's officially called IMP. That no longer stands for Interface Message Processor, which has an honourable place in the history of the internet, but for Interception Modernisation Programme, which I fear will not. Or, as per El Reg, the überdatabase. I refer to the plan to start keeping all of our electronic communications in one giant shoebox. It will be big, that is not in question; in fact it will be enormous. And, of course, we're not allowed to know how enormous because the government can use both of its favourite excuses - commercial sensitivity AND security implications. Must have been a red letter day for the civil servant who realised that one. From the House of Lords (look about two thirds of the way down, or do a search on "Northesk"):

"The interception modernisation programme (IMP) will require a substantial level of investment which will need to tie in with the Government's three-year CSR periods. The scale of overall economic investment is very difficult to calculate because of the complexity of the project and wide ranging implementation solutions currently being considered.

"Given this complexity and the commercial and national security sensitivities, the precise costs of the programme cannot be disclosed. Further detail on budgetary estimates for the IMP will, however, become available once the draft Communications Data Bill is published."

The government excuse is that in the days of complex communications and increased threat we need to keep up our capability. Others argue that we're not just keeping up, we're opening up unparalleled opportunities for snooping. That includes the Information Commissioner's Office, from whom I quote:

"If the intention is to bring all mobile and internet records together under one system, this would give us serious concerns and may well be a step too far. We are not aware of any justification for the state to hold every UK citizen’s phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable. Such a measure would require wider public discussion. Proper safeguards would be needed to ensure that the data is only used for the proper purpose of detecting crime.

"We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky; the more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen. Defeating crime and terrorism is of the utmost importance, but we are not aware of any pressing need to justify the government itself holding this sort of data. If there is a problem with the current arrangements, we stand ready to advise on how they can be improved, rather than creating an additional system to house all records."

What terrifies me is the meeting together in one place of four of the worst features of government, particularly the current lot:

- their almost unparalleled capacity to cock up large scale IT projects
- their winning way with data security
- the inevitability of mission creep where data held by government is concerned
- the inevitability of mission creep, both lawful and unlawful, where snooping powers are concerned.

I will not be sleeping more soundly in my bed as a result of this.

No comments: