Sunday, February 10, 2013

DPI Opportunity: UK's Proposed Communication Data Bill

The UK government has a problem. Old methods of accessing "CD" [Communications data (CD) is information about a communication. It applies to telephones (both landline and mobile) and  to internet-based communications (including email, instant messaging, web browsing and social media)] are not sufficient anymore, because of this new thing. The Internet.

The Intelligence and Security Committee, headed by Rt. Hon. Sir Malcolm Rifkind (pictured), MP, published a report (below, or here) explaining the problem and the solution.

  •  "The telecommunications industry has seen radical change over the last 20 years, first with the emergence of mobile telephony, and more recently the transition to internet-based communication. The Home Office, police, and the Agencies have explained that this makes the acquisition of CD more difficult. Moreover, the current legislation governing data retention does not cover many of the new forms of communication"
  • "As we have set out, the existing legislation (RIPA) does not cover the problems of emerging technology, or provide the mechanism for asking overseas CSPs to retain CD. Consideration must, therefore, be given to a new approach"
Solution Alternatives:

(i) Alternative investigatory tools ("***  expensive ***") (ii) A voluntary approach ("the CSPs to provide the Agencies with CD") and (iii) The legislative approach ("The Government has decided that neither expanding the use of alternative investigatory tools nor pursuing a voluntary approach is feasible, and has therefore decided on the legislative route. We accept that, given the drawbacks to the two other options we have examined, this is a logical decision.")

The bill:

The main provisions of the draft Bill are:  Ensuring or facilitating the availability of communications data, Regulatory regime for obtaining data and Scrutiny and other provisions.

And here is the DPI opportunity:

"The power for the Secretary of State to serve individual notices on each CSP that will be required to retain data, specifying the details of what material the particular CSP will have to retain. This would include the ability to instruct CSPs to capture third-party content traversing their networks using technology such  as Deep Packet Inspection (DPI)"

1 comment:

  1. That could be opportunity for vendors but not telcos since they are offering security services to government for free