Investigatory Powers Bill

Written Evidence submitted by Stuart Johnson, Director, Logic Ethos Ltd. (IPB 24)

Investigatory Powers Bill.

I run a small I.T. company, providing secure communications, and software to large and small businesses. I have been involved with data communications from the pre-internet days, of the Post Office Prestel service, in the early 80's.

There are two areas of the IP Bill which concern me.

1. Bulk Equipment Interference

As a software and hardware supplier, under this new bill, we would no longer be able to assure our customers, our products are as secure as our competitors outside of the UK. Customers requiring the very best security, such as those in the financial sector, would have to assume all such products from the UK could be compromised.

To a buyer of I.T. equipment, "Made in Britain" would be met with suspicion.

To a supplier of I.T. equipment, "Made in Britain" would not be something to proudly display.

To an I.T. engineer, "Made in Britain" runs the risk of having to compromise equipment under a gagging order.

To an investor, manufacturing I.T equipment, "Made in Britain" comes with additional risk.

To a hacker, "Made in Britain" would be seen as fair game.

2. Bulk data collection

From our own business standpoint, we are not concerned by the direct consequences of bulk collection. If our customers demand it, we can switch to datacenters in Ireland or Germany.

But we do see this as a waste of public money, and a loss of confidence in UK I.T. products and services, at a time when we are about to see the explosive increase in the Internet of Things (IOT).

Today’s communication hardware & software is moving in a direction which makes, "Internet Connection Records" (ICRs), less useful, than is being presented. End-to-end encryption, and emerging distributed technologies, will quickly diminish their usefulness.

Last week, we saw the launch of Ping21. The first global decentralised, autonomous monitoring service. Any user operating one of these nodes, from home, office, or café, will generate ICRs that are completely meaningless, and swamp the ICR database with useless information. The former director of the NSA, William Binney warned the UK parliamentary select committee, that too much data makes it harder to find anything meaningful out of the noise. Here is the first new technology to emerge since his statement, to show that the noise will increase, and this is just the beginning.

Projects in active development right now, such as Maidsafe, OpenBazaar, Etherium, Rootstock, IPFS, combined with the Internet of Things will create exponentially more network connections, over the coming years, and autonomously.

I have not seen any ICR cost forecasts that take into account this exponential growth in connections. IBM forecast up to 1 trillion devices woldwide in the next decade. http://www.slideshare.net/BernardKufluk/a29-introduction-to-ibm-internet-of-things-foundation

3. Our recommendations

Drop all bulk activities, and encourage the use if IPV6 for better targeted approach.

Remove "Equipment Interference" from the bill entirely.

March 2016

 

Prepared 24th March 2016