This is how the National Crime Agency thinks your internet connection records will look if the Snooper’s Charter passes into law

Speaking to the press at a briefing yesterday, the same day the controversial Investigatory Powers Bill - or Snooper’s Charter - continued its journey into UK law, the National Crime Agency (NCA) laid out how it wants the internet connection records (ICR) of suspects it's investigating to look, should the bill pass.

The NCA is responsible for investigating organised crime like human, weapon and drug trafficking; cyber crime; economic crime and plays an increasingly important role in investigating terrorism.


The above graphic shows how the NCA would like the internet connection records to look, namely: date, time, mobile number, source IP, source port, destination IP, destination port, postcode, and service/domain.

What this means, they claim, is that the NCA can see the context of a suspected criminal’s internet activity, rather than the content. When the Investigatory Powers Bill was first proposed this was likened to an "itemised phone bill", a definition shadow home secretary Andy Burnham described as unhelpful.

Read next: Snooper's Charter passes votes in the House of Commons - Here’s what you need to know about the Investigatory Powers Bill

Jonathan Richards, legal director at the NCA, insisted that the organisation doesn't want anyone's full web browsing history.

"It doesn’t identify the bank account number they used, the flights they booked, who they communicated with on WhatsApp," Richards said. "We would have to go through a separate legal process to get that information. This would just allow us to follow the lead through."

Mark Winsloe from the NCA explained to Computerworld UK that if police want the content of a communication they would have to use the law for intercepting a communication, which comes with a higher threshold for serious crime only. This requires necessity and proportionality considerations that are made by applying for a warrant with the Secretary of State.

Figures from the Home Office, as published by The Guardian, show there were 2,765 interception warrants authorised by ministers in 2014.

Following digital leads

Richards said that the agency needs to know the who, where, when, how and why of criminal communications.

Linking an individual to an account or an action through IP resolution, tracking suspects through cell sites and GPRS data and seeing which services or sites criminals are using are all key to how the NCA investigates serious crimes. "Comms data was used in 95 percent of criminal cases prosecuted on behalf of the NCA," Richards added.

Mark Stewart, who is working on internet connection records for the NCA, said the agency is speaking to the communications data providers (CSPs) to "find out how their networks are structured and what the solutions may look like." Stewart said that 90 percent of communications data is irrelevant to the investigations, so the filtering of these bulk data sets is important to the NCA.

"We are confident that we can get to this point through the conversations we are having with the Home Office and the CSPs, but filtering is a big issue," said Stewart. "Who is going to take responsibility for it? There are different views amongst the service providers. I suspect that regardless of whether they do anything or not we will still need to filter ourselves but that’s an issue that still needs to be resolved. There is cost associated with that."


Neil Basu, deputy assistant commissioner at the Metropolitan Police Service, said: "We are law enforcement and we need to use these powers in a digital age. More and more people aren’t communicating with calls and texts, they are communicating online, and that is creating problems."

“We understand that this is intrusive stuff. But privacy and security is an issue for Parliament. Our job never was to comment on the Investigatory Powers Bill," Basu said. "To use any intrusive technique our investigators have got to justify necessity and proportionality and we also have to explain what collateral intrusion will occur."

The bill as it stands proposes a “double lock” for oversight, where any intercept warrants will need ministerial authorisation before being put forward to a panel of judges, who will be given power of veto. This panel will be overseen by a single senior judge, the newly created Investigatory Powers Commissioner.

Home Secretary Theresa May has come under scrutiny many times during the passage of the bill, particularly regarding privacy concerns.

Shadow Home Secretary Andy Burnham told Parliament in March: "The Home Secretary said [privacy] was hardwired into the bill, but I see them as more cosmetic changes and haven’t directly answered the concerns of the joint committee." Burnham asked that the bill takes a "presumption of privacy".

Request filter

One interesting topic that came up during the discussion was the so-called "request filter".

This is a piece of software the NCA wants to build - probably using system engineers from the Home Office or external companies, according to Stewart - that would pull these internet connection records from all of the relevant communication service providers. This would essentially allow the authorities to query all of the records at once.

Despite recognising that this is an extremely powerful tool for snooping on the public, the NCA's Pauline Evans attempted to provide some reassurance. "It just allows us to ask the question," Evans said. "We still have to go through our process and authorisation for necessity and proportionality. It doesn’t give us access to the CSP's databases.”


Copyright © 2016 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019
Shop Tech Products at Amazon