The new law could allow GCHQ to monitor UK internet logs in real time to tackle fraud

UK’s signal and cyber intelligence agency GCHQ could monitor UK national internet traffic logs in real-time to identify online fraud and stop criminals in the act, according to a new law before the government .

The scheme could amount to the sea change in philosophy and practice demanded by MPs last year, when a fraud inquiry and the justice system reported that the government’s current approach had failed.

The fraud is estimated to cost the company at least $4.7 billion each year (about $5.3 billion) in financial terms and cause an immeasurable amount of personal harm and distress to its victims. However, according to the inquiry, less than 8% of reported crimes are investigated, which found that the level of police attention is inadequate to address the scale, complexity and evolving nature of the fraud.

Questions are raised both about the technical feasibility of the operational case proposed by GCHQ, and about the impact that the new use of Internet connection records (ICRs), a type of data that telecoms operators in the UK may be required to keep until a year would have on civil liberties.

ICRs are a form of metadata that the UK government can force companies to keep on internet services their customers have connected to. They can show which device (and therefore person) is connected to an Internet service and when, but they are not intended to collect what content the person has accessed.

Currently, ICRs can only be used to identify a person suspected of a crime and not to develop new suspects. The government’s proposal to allow the use of ICRs to facilitate target discovery was recently scrutinized by David Anderson, the former independent reviewer of terrorism legislation, who said the Home Office had only alluded to this issue in the broadest terms rather than discussing it explicitly when commissioning its independent review.

Despite the government’s lack of clarity, in the course of the review Anderson’s team received a working case from GCHQ on how power might work:

ICRs could be used, for example, to search for devices that connect simultaneously to legitimate banking applications and malicious checkpoints. Such behavior could indicate that financial fraud is in progress. Better access to ICRs could allow intelligence services to detect such activities more effectively and to inform LE colleagues of the identity of potential fraudsters and any associated organized crime groups. Reporting suspicious behavior in this way can lead to steps being taken to prevent criminals from defrauding their intended victims.

In addition to tackling fraud, GCHQ has provided a scenario in which the new power could be used to identify perpetrators of child sexual abuse by obtaining records of people who have engaged in particular combinations of online behavior and sharing that information with partners. of the police forces.

Anderson, a member of the House of Lords, wrote that his review team were also shown national security scenarios for which detection and identification by ICRs would make a big difference, but these are impossible to share publicly. without harming operations and capacity.

Technical obstacles

Beyond the mention of improved access in the GCHQ operational case, the agency scenario does not go into detail on the technical challenges facing ICRs, which would appear to make a real-time system extremely unlikely.

Although the Investigatory Powers Act which introduced ICRs was passed in 2016, as of 2023 they are still not widely used in Britain. Anderson said ICRs require significant effort, cost, and skilled resources to implement well, which has meant that progress toward getting ICRs operational has been slow.

Collecting and using ICR is not a simple task. It requires telecom operators to collect and store the correct network records and investigators to make good quality queries and inferences from those records. As internet usage shifts to mobile phones, connecting to the internet via home and public Wi-Fi and 3G/4G/5G, and as network operators continually change the internal architectures of their networks, the difficulties to exploit the ICR increase.

Furthermore, it is often suggested that customers will increasingly be able to frustrate ICR collection by various means that allow them to browse the Internet without disclosing their IP addresses. A telecom operator described ICRs to the review team as a gold-plated solution that will take a long time to generate.

Steven Murdoch, a professor of security engineering at University College London, told Recorded Future News: ICRs are certainly a powerful tool for identifying behaviour, but as a result they are very privacy intrusive. If their scope of use by intelligence agencies expands from national security to other crimes, one wonders whether the level of privacy violation is justified.

Anderson recommended introducing the new power that allows intelligence services to request a warrant to locate suspects or persons of interest when necessary and proportionate for a national security or serious crime investigation, but citing how the Home Office had only hinted at this increase in powers, Anderson also said that any such proposal should receive proper pre-legislative scrutiny.

A Home Office spokesman said the department was very grateful to Anderson and his team for their work on this report. We are now carefully evaluating his recommendations to inform proposals for future legislation.

Get more information with the

Registered future

Cloud intelligence.

Learn more.

Alexander Martin

Alexander Martin is the UK publisher of Recorded Future News. Previously he was a technology reporter for Sky News and is also a member of the European Cyber ​​Conflict Research Initiative.

#law #GCHQ #monitor #internet #logs #real #time #tackle #fraud
Image Source :

Leave a Comment