ISPs Now Spying on Users
November 3, 2005
As governments all over the
world step up the pressure for internet surveillance, we lift the
lid on the shady world of ISP enforcment and uncover the
international pressures that will be forcing them to work with
police and mysterious other bodies.
The regulation of ISPs in the UK was originally a matter for a
of Practice, established back in 2003 presumably as a mechanism
to allow the Echelon
eavesdropping project time to catch up with intensifying internet
It included a requirement for ISPs to maintain
comprehensive records of customer activities for 12 months, with the stark
warning that if ISPs refused to comply, then the law would be changed and
they would be forced to. Hardly voluntary, one might say. The rationale of
the time was to help law enforcers stay ahead of the game when tracing
pedophiles and their ilk.
That was back in 2003, and the EU now plans to compel
all ISPs throughout Europe to keep records of internet activity for 12
months, with telephone records being retained for "at least" 6
months. Their rationale as we approach 2006? To actively pursue terrorist
activity and aid “other law enforcement agencies”. Either pedophiles
have ceased to exist or they felt it suited their political agenda to milk
the threat of terrorism.
An unidentified UK ISP Blueyonder employee let slip to one of our readers
that they routinely receive lists of IP addresses that are to be monitored
for various “law enforcement” purposes, and that the resultant data was
processed and provided to those requesting it. According to the information
received, the Business Software Alliance and the BPI are amongst many
requesting such information, although requests for any data identifying
their clients go unanswered. Obviously if this is the case, it is likely to
alter dramatically with the introduction of planned new legislation. They
will simply have to comply.
Slyck decided to ask John Moorwood Senior Public Relations Manager of
Telewest - who are the owners of the hugely popular Blueyonder ISP. John
refused to enter any discussion on their use of spidering techniques of the
kind reported to us, neither confirming nor denying our report, simply
saying that “It is safe to assume that we do (so) as part of our
overview of the network, to analyze trends and usage, but I'm not prepared
to discuss and risk compromising our formal law enforcement policies"
This is of course a perfectly valid point, and so we asked him what exactly
constituted a law enforcement agency. For example, did he agree that the BPI
qualified as such, to which he responded " If it's a criminal issue,
such as commercial piracy, then the police would initiate the formal request
for identifying or personal data but we still require a court order"
We then asked if they had been called upon to collate or provide data
regarding accesses by users to specific web sites or IP addresses? John
explained “We may be asked by a third party, using a court order, to
verify the identity of a user, based on the third party's information and
evidence” , going on to add “That evidence may have been obtained
by the third party using 'honeypots' or news group posting headers, etc. We
ourselves do not specifically collate data on users' behavior, although we
do inadvertently collect some information due to day-to-day running of
operational systems such as web caches.”.
We went on to ask if they had collated data on the basis of specific
internet activity (e.g. file transfers, ftp P2P, etc). John replied “We
are constantly evaluating all forms of capacity planning systems, including
some that could identify specific application traffic types, but we have
never implemented such a system”
Accepting the need for capacity planning, we were curious why they are
evaluating new systems giving their merger with NTL and talk of takeover
bids? Surely this was time for rationalisation, and not expansion? Sensing
that perhaps John was not giving us the full picture, we tried to press him
on his peculiar choice of words such as “We ourselves do not specifically
collate data on users' behavior”. He refused to be drawn, saying "I
can't say either way, that's a matter of internal security policy and I'm
neither agreeing nor denying”
When asked how his organization handled requests for further information
(e.g. identification) regarding any specific user and how such information
was used, John replied “Like any responsible ISP, we have our own abuse
department to handle notifications of abusive behavior from our network. In
the vast majority of cases these are found to originate as a consequence of 'zombied
PCs', rather than any malicious intent by a user.
In the case of third party requests for identification, such as from the
police and other government bodies, who have the power to require us to
disclose this type of information under certain circumstances, we will
comply with any legal obligations…. Occasionally we also receive requests
to identify users from third parties who wish to pursue civil claims (e.g.
in relation to copyright infringement). In these cases, it is also necessary
for the party to obtain a court order requiring”.
We are obviously extremely grateful to John Moorwood of Telewest/Blueyonder
for his help, as far as he felt able to go. Unfortunately this doesn’t
shed much light on the changes that are being planned under new EU data
retention legislation, neither did it tell us who these "other
government bodies" were, although it suggests an underlying capability
and willingness to comply with these requirements. Remember, ISP cooperation
has only been a voluntary issue up until the present time, and this is set
to change dramatically.
Quite clearly the ISPs know which side their bread is buttered, and in
recognition of the fact that people generally want greater bandwidth for
downloading purposes (60% of all internet traffic is for filesharing,
according to Cachelogic and Big Champagne) they are perfectly happy for
their customers to continue to use their services and watch their revenue
grow. After all, unused bandwidth is absolutely no use to an ISP, it is
simply dead money.
BT (generally known as British Telecom), the UK communications giant, were
characteristically taciturn about all this when approached. Ian Read of
their Press Office refusing to comment openly on what he described as “an
enforcement debate” and in contrast with the extremely helpful staff at
Blueyonder, emails and messages to BT's Jon Carter were left unanswered at
the time of writing.
Other sources within BT have suggested that they are already well prepared
for mandatory requirements of the sort being planned by the EU, explaining
that they use similar if not identical technology to other ISPs and already
consider themselves well placed to comply with requests such as those from
“the police and other government bodies” to paraphrase
Blueyonder’s John Moorwood.
When asked how that would be possible given current data protection
legislation, our informant chillingly told us that such arrangements were
already in place. He said that a “unique identifier” would be assigned
to all those listed, and only the ISP itself would know exactly who that
referred to. Any subpoena issued against them, forcing them to identify the
individual concerned, would refer to the user only by that unique number
until the court ordered that their identity was revealed.
The fact that this has been given such detailed thought must be of concern
to all UK filesharers, for example, just who are these “other government
bodies” that people keep referring to? If they do not themselves
collate data on users' behavior, then who does? It seems quite likely that
both this practice and this means of circumventing data protection laws are
on the verge of widespread adoption, both in the UK and almost certainly
everywhere before much longer.
With 60% of internet traffic being used for filesharing, it would be wise to
anticipate proportionate enforcement effort. At no time since the birth of
the Internet has our freedom been under a greater threat than it is today.
The writer acknowledges the invaluable cooperation of Telewest/Blueyonder
and the assistance of Slyck member, Graphix, in contributing information for
use in this article.
Back To Top