Devastating technical rebuttal to the Snoopers Charter

The Snoopers Charter is the UK Tory government's proposal to force ISPs to retain records of all their customers' online activities, and the government has used the excuse of the Paris attacks to call for its immediate passage despite the fact that the £175m/year the government has budgeted to defray ISPs' costs is not even close to enough to pay for the massive surveillance effort, meaning that Britons' ISP bills are set to soar if it passes.

While the privacy-minded and business-minded arguments against the Snoopers Charter have dominated the debate, Adrian Kennard (the head of the outstanding UK ISP Andrews and Arnold) has sent the government a cogent, devastating letter outlining the technical problems with the data-retention proposal. Kennard points out that the Bill's authors just don't understand how TCP works, how mobile apps work, and how the mismatch between the bill's mandates and the technical reality of today's Internet make it a useless, expensive, invasive exercise in futility.

He recounts that, in the Home Office briefing this week, the example of a girl going missing was used once more to illustrate why the authorities want to be able to see which services she accessed just before disappearing, in the same way that they can track her phone calls. But Kennard and the other ISPA members pointed out this example betrayed a lack of understanding of how the Internet works today:

"If the mobile provider was even able to tell that she had used twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a day, and probably Facebook as well. This is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay."

He also pointed out that the main protocol used online, TCP, can maintain a connection for hours or even days at a time, and that others such as SCTP and MOSH are designed to keep a single connection active indefinitely even with changes to IP addresses at each end, Kennard discusses several other technical problems, for example the widespread use of encrypted connections, concluding with this zinger:

"It seems clear that the retention of any sort of 'Internet connection record' is of very limited use at present. The current proponents of this logging do not understand how the Internet works. Experience of Denmark for 10 years suggests that it is not useful. It is also clear that over time the availability of such logs and usefulness of the logs will diminish."

UK ISP boss points out massive technical flaws in Investigatory Powers Bill
[Glyn Moody/Ars Technica]

Written evidence regarding Investigatory Powers Bill. [Adrian Kennard/Andrews and Arnold]