Foundation for Information Policy Research
Tue 25th April 2000
News Release - FOR IMMEDIATE USE
(director of FIPR)
+44 (0)20 7354 2333
THIRTY MILLION (or more) TO TAP THE INTERNET IN THE UK
The Home Office quietly released the “Smith Report” on the Thursday before Easter, hoping that no-one would notice that their own consultants have put a £30 million price tag on tapping the Internet. A hastily assembled cover note says the report is not Government Policy, but the consultants clearly have an inside track on Home Office thinking.
The Smith Group’s 72 page report, snappily entitled “Technical and Cost Issues Associated With Interception of Communications at Certain Communication Service Providers” identifies three schemes for intercepting traffic on the Internet. Their “active scheme” just intercepts email at an ISP’s server; their “semi-active” and “passive” schemes are two ways of intercepting all of an individual’s traffic, email, web browsing, voice-over-IP etc.
The consultants recommend that all ISPs should have to deploy the email interception scheme (the lowest level of capability – which would miss popular “Web-based” e-mail services), with their detailed estimates of the costs working out as:
large ISP £113,300 in the first year and £44,700 per annum thereafter
small ISP £ 44,700 in the first year and £19,400 per annum thereafter
The costs are split about half-and-half between the Government and industry, but with an estimated 400 ISPs in the UK work out to a substantial £17 million in the first year.
The report also expects the largest ISPs to provide the capability to intercept all Internet traffic. The estimate of the cost for a “passive” interception at a single large ISP works out at £1,384,000 for the first year, with the ISP having to find the larger part of this. FIPR queries the likelihood that the cost will be as low as this – since the consultants seem to have the naïve idea that ISPs run an interceptable backbone at STM1 (155Mbs) speeds, when the large ISPs actually have complex distributed networks, with STM4 connections becoming commonplace.
The consultant’s intermediate cost “semi-active” scheme involves routeing all traffic to be intercepted away from the main network so that it passes a special interception point. The report is written on the basis that a single such place can be used. FIPR believes that the special routeing will “give the game away” and that the scheme will need one special point per facilities centre. For a typical large ISP spread over five sites, this scheme has a first year cost at a bargain basement £436,000.
FIPR estimates the total first year cost of using “passive” or “semi-active” schemes to intercept the traffic at the 20 largest UK ISPs to be at least another 17 million pounds. Adding in the email interception that the report recommends makes the total cost to the economy at least £34 million, with the ISP industry – hardly the most profitable set of companies one could find - having to fork out about £20 million of this.
Caspar Bowden, Director of the Foundation for Information Policy Research, said:
"The Government has been telling us for weeks that the million pound price-tags put on interception were just scare-mongering. Now their own consultants think it will be more than £30 million – and that’s only the beginning, before the next wave of broadband e-commerce is rolled out in 2001, with 3rd generation mobile Internet (UMTS) following in 2002.
It also does not take into account the cost to the tax-payer of processing and safeguarding the intercepted material, or answer the basic question of whether interception will continue to be useful for law-enforcement as encryption becomes widely used for personal and business applications.
The terms of reference also constrained the approaches that the consultants were allowed to consider - they weren’t allowed to comment on how much cheaper it would be to intercept via phone lines or mobile networks rather than at the ISP. They’ve clearly no idea how diverse and complex large ISP networks can be – and most crucially they’ve not assessed whether all this money will net them anything more than encrypted email and secure, unreadable, web traffic.
The last time the Government released a report on Maundy Thursday it was the utterly discredited “Trusted Third Party” proposal for mandatory key-escrow in 1997. Let’s hope this latest expensive folly can be forgotten even more quickly.”
The “Smith Report” can be found on the Home Office web site at: