Critics of UK “Snoopers Charter” Claim Massive Technical Flaws

This post is also available in: עברית (Hebrew)

Adrian Kennard, head of UK ISP Andrews & Arnold, an Internet service provider, has warned of major technical issues with the proposed Investigatory Powers Bill (also known as the Snoopers Charter), first brought up a few years ago in the UK. The proposed legislation would require providers of internet services (ISPs and mobile companies) to retain records of users’ internet usage activities for at least a year and conduct mass-surveillance of internet activity with little to no legal oversight.

Kennard, along with other representative of the UK Internet Service Providers’ Association (ISPA) presented their objections to the proposed law to the UK Home Office, on the grounds of several technical, ethical, and privacy related issues.

Kennard charges that the Internet Connection Records proviso, which would require ISPs to store records for 12 months and lies at the heart of the bill, is largely meaningless for modern online services.

The Home Office has repeatedly used a hypothetical example of a girl going missing to illustrate why authorities require access to records of which services she accessed prior to the disappearance, much like the access available to phone records. Kennard points out that this example demonstrates a severe lack of understanding of the workings of the modern internet:

“If the mobile provider was even able to tell that she had used twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a day, and probably Facebook as well. This is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay.”

The preponderance of protocols designed to keep an active connection at all times, as well as the widespread use of encrypted communication, can make such records meaningless. Modern devices change IP addresses frequently, hopping between different ISP and mobile networks, and with the traffic being obfuscated ISPs have little hope of tracking where users connect to.

“It seems clear that the retention of any sort of ‘Internet connection record’ is of very limited use at present. The current proponents of this logging do not understand how the Internet works. Experience of Denmark for 10 years suggests that it is not useful. It is also clear that over time the availability of such logs and usefulness of the logs will diminish,” Kennards adds.

It is evident that some form of monitoring of the internet is necessary to combat crime and terrorism, however it seems like the Snoopers Charter misses the mark. It would impose an undue burden on service providers, without adding to intelligence agencies capabilities of monitoring criminal activity online.