Security vendors have responded sceptically to news that the UK government wants to set up a ‘Big Brother’ super-database logging every telephone call, email, text message, and website visit made by the country’s 60 million citizens.
The idea has emerged from a Home Office proposal that is being considered for inclusion in the forthcoming data communications bill, due for announcement by ministers in November’s Queen’s Speech.
The authorities have already discussed the logging with large ISPs, which would be required to keep the records for 12 months, handing them over for inspection if a court authorised such action.
The information stored would not include the content of emails and calls, only the fact that they were made from certain endpoints at a specified time. These could be used by police to analyse call and communication patterns by and between suspects.
“You’ve got to admire the government’s gall in attempting to bring in yet another 'super-database' with public confidence still in tatters over recent lapses in data protection,” said Jamie Cowper of PGP Corporation.
“Surely it would be more logical to initially focus on fixing the existing databases and proving their security before introducing new ones?”
In his view logging calls could prove controversial if it involved US companies, which might not trust the government to secure the logs to high enough standards. The potential for abuse, however trivial, would be obvious.
Richard Archdeacon of Symantec was also sceptical about security, although he believed that the HMRC CD disc loss had changed attitudes at the highest levels of government.
“There has been a sea change in recent months. A detailed look has been taken, splitting data between systems,” in order to make systems more secure, he said.
“With such a vast amount of data that the Government is looking to store, they have to be very clear with their policies and have a very strict data loss prevention programme in place."
BT, presumably a major participant in the scheme should it come to pass, was typically non-committal, saying in an email that "We have been aware of the proposal for some time and are in discussion with the Home Office about implementation."
What might cause more problems is the opinion of the country’s Information Commissioner, Jonathan Bamford.
"This would give us serious concerns and may well be a step too far. We are not aware of any justification for the state to hold every UK citizen's phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable,” he was quoted as saying.
"We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky – the more data that is stored the bigger the problems when the data is lost, traded or stolen."
Bamford was embarrassed when it emerged that had he had not been properly informed of the HMRC incident by the department, despite their being a requirement for such serious breaches to be reported to him immediately.