Business Regs surveillance & privacy

Legislation encourages tidal wave of new ISPA members – life jackets at the ready

It’s a funny old world. A judge orders ISPs to cut off access to Pirate Bay and visitor numbers to the site increase by 12 million. A government says it wants to increase the amount of regulation on the internet and the membership of the trade association shoots up.

The membership of ISPA normally hovers just under the 200 mark. The nature of our industry is that companies are bought out or merge with others to get scale. So in any given year the we get perhaps 10 or 15 new members but 10 or 15 disappear off the UK internet map and on the whole the number stays the same – ish.

Things are changing. The threat to the  industry stemming from potentially onerous new regulations placed upon service providers, such as the upcoming Communications Bill Green Paper, has prompted six new service providers to join ISPA in the space of one month. This is a veritable tidal wave in the scheme of things.

ISPs are wanting to get involved in the debate in the way that they haven’t before. If the internet industry had lobbied as much as the Rights Holders, the Digital Economy Act would not look the same as it does now. ISPs can’t afford to stay quiet when it comes to the Communications Bill. The issue is not only one of privacy for individual citizens. It isn’t even the overhead put on the industry by government rules – these overheads tend to get paid for by the government and potentially ISPs would get some nice new network upgrades out of it all (though the disruption to normal service would be enormous).

It’s both of the above but it is also about the shape and competitiveness of the whole UK internet sector – one that politicians proudly trumpet as a world leader. Up until now any legislation that might be onerous on industry has only been applied to the big consumer ISPs – the DEAct drew the line at 500,000 subscribers, other initiatives set the bar even higher. Only a few ISPs have been instructed to adhere to the Data Retention Directive even though it supposedly is meant to be adopted by all. Government has taken a pragmatic view on this – there is a law of diminishing returns where it becomes almost as expensive to store the data of a few thousand subscribers as for hundreds of thousands. It’s not the cost of the storage. It’s the cost of the system development that has to go with it.

In order for a counter terrorism initiative to meet the needs notionally described by the authorities every ISP in the country would have to be included. This means that every ISP would have to record all the personal information of its customers as laid down by a law (that we haven’t yet seen the text of I know but we have been given strong hints).

Now in the normal run of things ISPs come and ISPs go. You can actually set up as an ISP with a little bit (ok quite a bit but it can all be learnt) of technical knowledge and some commercial nouse.  The kit required is fairly minimal – most systems are available in open source format. Add a couple of routers and  some interconnects to BT and the internet and you’re away. If a startup is also required to support surveillance systems then this is likely to be a serious barrier to market entry. It would be too much hassle. Also what is to stop a potential terrorist setting up an ISP and bypassing the surveillance?  They learnt to fly commercial airliners to use as bombs.

Do we then decide that only fit and proper people can set up ISPs? Who decides who is fit and proper?  This would be an industry which over time would shrink to the few larger ISPs who have been able to buy up everyone else.

And all this to support an ideal. A system that will catch terrorists before they get anywhere with their evil plans. I too support this ideal. I am that kind of guy. Were I ever to appear on Miss World then my stated ambitions would be to travel and achieve world peace.  In this case I have to be realistic that for many obvious reasons I will never be a Miss World contestant, just in the same way that the government should realise that any attempts they make to counter terrorism by the blanket application of technology won’t work. That technology has too many ways around it. It won’t do what they want it to do.

The victims of the Communications Bill will be the ordinary people that the government is seeking to protect. They risk losing their privacy in a way that they have never done before. The price is too high.

The argument will be that the data will be very tightly secured. Do you trust them to do this?  How often do we see reports in the media about laptops left on trains with whole databases of medical records, national insurance records? Or dongles lost carrying similar data. It will happen. Nothing is totally secure. The only secure way to protect this data is not to keep it in the first place.

If you are an ISP and not a member of ISPA you should join and get active in the Comms Bill debate. If you are the customer of an ISP, as everyone reading this post will be, you should tell your MP that if he or she supports surveillance that invades your personal privacy you will vote against him at the next election.


Trefor Davies

By Trefor Davies

Liver of life, father of four, CTO of, writer, poet,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.