Snooper’s Charter underestimates the cost and challenge of monitoring users, ISPA and Gigaclear tell MPs, while Sophos expresses security concerns
The cost of implementing the government’s revived ‘Snooper’s Charter’ will cause broadband bills to increase, a parliamentary committee has been told.
Under the planned legislation, ISPs will be forced to store web users’ browsing records for up to a year to help intelligence agencies detect potential threats to national security.
However Gigaclear CEO Matthew Hare and Internet Services Providers’ Association (ISPA) chair James Blessing told MPs on the Science and Technology Committee that the proposed Investigatory Powers Bill underestimated the cost and challenge of collecting user data.
“The indiscriminate collection of mass data across effectively every user of the internet in this country will have a massive cost,” said Hare, who said the average amount of data passing through a 1Gbps connection amounted to 50TB a year.
Unlike phone calls, where metadata such as duration and phone numbers can easily be separated from content, Hare said it was difficult to make the same distinction with IP traffic as numerous applications were used concurrently and webpages were the construct of thousands of processes.
He said the only way for this information to eventually be useful to authorities was to monitor and store all of it in real time – increasing the technical challenge.
“Even if the hardware costs are met up front, which is the established method for cost recovery, the ongoing costs of storing and looking after that data—the cost of powering servers with hard discs spinning—will still have to come out of individual end-user customer price rises,” added Blessing. “They will not be massive, but they will still be price rises.”
“The taxpayer will pay in the end one way or the other, so the citizens of the country will end up paying for being spied on,” added Hare.
John Shaw, vice president of product management at security firm Sophos also gave evidence, expressing concern that the sheer volume of data that must be collected would raise security concerns.
“You end up having to keep an awful lot of the data, even if you are not keeping the content, and that data can be very meaningful for someone wanting to use it for nefarious purposes; for example, which bank someone uses would be very obvious,” he said. “There is a lot of data in the way in which web communication would happen that gives you a bunch of clues as to the content going in there and it is very hard to separate those things. There are a lot of concerns about that.”
Are you a security pro? Try our quiz!