On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu

Saturday, 10 December 2011

Interception Modernisation Programme (IMP) to return, again. Version 2.2?

Update 13-Dec: Just heard from another source that government plans have a new title.  IMP becomes the Communications Capabilities Development Programme (CCDP)...

Multiple sources indicate the controversial Interception Modernisation Programme (IMP) first floated in 2008 and appearing in revised form in 2009 is to resurface when Parliament returns from its Christmas break.

The original plan was to create a huge centralised database of "communications traffic data" (sites visited, people emailed, etc).

Version 2 in 2009 scaled back on data centralisation, but increased what was to be collected.  The ISPs would keep the data, only handing it over to police and local council school admission compliance officers, dog wardens etc so long as they produced a warrant piece of paper from their boss signed under the Regulation of Investigatory Powers Act.

But the little black boxes to be installed within ISPs under IMP v2 would have been capable of reading much more, including who was writing to whom via webmail services, etc, using a technology called deep packet inspection.

Sources tell me the current plan is similar to version 2, a central database is still off the table. ISPs will keep the extra data gathered "as they do now, under the data retention rules".  But it's not the same as data retention. Data retention obliges ISPs and other communications service providers to store only the traffic data generated as part of their normal business.

Drilling deeper

IMP requires new equipment to be installed to "drill deeper" into the data stream, then obliges ISPs to store this data.  I'm told the focus is personal/direct messages sent via social media websites and instant messenger services.

On the surface officials want ISPs to install equipment to record who we're communicating with. The new capability is needed given a shift away from traditional email towards cloud email and services like Facebook, Google+ etc.  ISPs will be compensated for the equipment, data storage and each data access request from money already set aside for cyber security projects new money (claims a third source). (Updated 12/12/11)

But this argument doesn't bear close inspection, since a lot more traffic these days is encrypted, sometimes by default, than in 2009 when this plan first surfaced.  Most web email services, Skype, Google+ and Facebook allow users to connect more securely, using https://

Whilst it's theoretically possible for most governments to read https:// traffic in transit, replacing the SSL certificate of the original website with one generated on the fly in collusion with a friendly local Certification Authority (CA), I'd be gobsmacked if this was to happen in the UK; it introduces far more security holes than it fixes.  Besides, it might only serve to drive a new generation of encryption and certification technologies based on distributed trust.

Which begs the question what is the government really planning, and why?  I've heard measures will be introduced via a parliamentary bill focussing mainly on national security and not via the ongoing process to develop a new Communications Bill.

The Communications Bill Green Paper is also due to hit Parliament in January, but my contacts tell me IMP V2.2 will be pushed through in a separate process with officials hoping for IMP v2.2 to be operational before the Communications Bill is finalised in 2013, which could be significant.

Censorship, too?

There's a possibility the push to get ISPs to install little black boxes now, under the guise of national security, could then later be exploited in the Communications Bill to e.g. force ISPs to block websites from a government-mandated list of "rogue" sites.

I'm told the list will be governed by a court process and would come under the government's Prevent strategy; e.g. focus on "hate crimes" such as incitement to commit racial hatred and other extremist causes.

The UK embarked on the slippery state-ordered censorship slope this summer when a court ordered ISP BT to block Newzbin on grounds of copyright infringement.  Similar plans in the US, the Stop Online Piracy Act and Protect IP Act, look doomed after a public outcry over free speech.  The supposedly free-speech-friendly replacement OPEN Act is designed to hit criminal piracy enterprises in the pocket by blocking advertising and payment services.

In the UK websites can - for the time being at least - only be blocked on copyright grounds under controversial Section 97A of the Copyright, Designs and Patents Act.

This could change with the forthcoming Communications Bill.  It's also worth nothing that the BPI are once again pushing for the additional copyright website blocking powers lying dormant in sections 17 and 18 of the Digital Economy Act to be activated, despite website blocking being rubbished by an Ofcom study.  The BPI said in response (pdf) to a recent consultation "We would call on the Government to swiftly implement the Sections 3 to 18 of the Digital Economy Act". (Note the inclusion of 17 and 18; Parliament has so far only authorised Sections 3-16.)

One good thing (!!) to come from court-ordered web censorship would be the blocking of all gossip about the sex lives of footballers...

However, in the not-so-good bucket (!!) would be a nationwide porn blocking filter I hear is also still on the cards for the upcoming Communications Bill, in an attempt "to appeal to female voters".  At issue here isn't access to porn but the very real risk of over-blocking when Vodafone blocked popular underwear resellers with their on-by-default "adult" content filter.

Another lobbying scandal in the making?

Another possible reason for the new push on interception modernisation is simply lobbying by manufacturers of the specialised equipment necessary to implement the scheme.  Tens Hundreds (updated 12/12/11) of millions of pounds of public money will be spent installing deep packet inspection boxes capable of interpreting data streams in real time, and only a handful of equipment manufacturers sell such items compliant to standards demanded by the Home Office.

It's easy for a salesman or lobbyist to down-play problems cause by encryption; "oh yes, Minister, our system can see inside encrypted traffic".  Technically it can, but we definitely don't want to go down a route of forged SSL certificates if we value cyber security and e.g. the integrity of our online banking system, etc.

With well over half a billion pounds allocated from the UK treasury plus a reported $60bn in the US for cyber security, if I were a well-paid lobbyist working for one of these companies I wouldn't be doing my job properly if I wasn't brushing over problems with encryption and over-emphasising the risks from not doing something now that would help catch future terrorists and lingerie purchasers.

Here's a thought: perhaps the budget would be better spent on recruiting cyber talent and analysts than lining the pockets of equipment manufacturers?



  1. The original IMP budget was said to be £16bn. Wonder if that's still knocking around Whitehall, looking for a home?
    The other point is deep packet inspection capability is now built into silicon. The boards that make up switches and routers come with it baked in. It has to be to handle the traffic volume in real time. All the operator has to do is switch it on and bleed the "interesting" traffic to a storage farm for analysis.
    This makes surveillance much cheaper and faster, allowing one to do more with less - the usual benefits of applying ICT to a problem.

  2. The "figure knocking around Whitehall" is "less than £2bn".

    No-one seems to be encouraging debate about what the country gets for that £2bn, given all the seriously organised criminals and international threats upped their game after Washington and others pushed blanket interception as a tool to fight terrorism.

    This has nothing to do with "national security" - once you exclude domestic policing, financial well-being of the nation and social order from the "national security" category.

  3. 9-II = false flag. 7-7 = false flag. The terr0ri5ts are our government everybody knows this to be true. Black box = back door, will be used by hackers and foreign governments. This is a total threat to national security but a useful tool to have complete control over you, your friends and your family.


Comments will be accepted so long as they're on-topic, do not include gratuitous language and do not include personal attacks or libellous assertions.

Comments are the views of the commentator and not necessarily the view of the blog owner.

Comments on newer posts are not normally pre-moderated and the blog owner cannot be held responsible for comments made by 3rd parties.

Requests for comment removal will be considered via the Contact section (above) or email to editorial@slightlyrightofcentre.com.