Tuesday, October 07, 2008

It's still going to be unworkable

I know I said come back Wednesday but hey, I had a spare few minutes and thought "why not!?". I've just noticed that the whole Internet monitoring thing has come up again. I've said before how unworkable I think it will be, and I stand by that. Even if you were only recording source, destination and protocol details (i.e. the remote TCP port someone accessed), you would have, literally millions and millions of records each day.

When you add in the requirement to have a rolling 12 months, you're talking about a data warehouse of insane proportions in administrative overhead and performance, and that assumes it isn't encrypted. If it were encrypted you then have the overhead required to not only run a query on it but also decrypt the data on the fly.

The usefulness of such a system would be next to pointless as a result, even if it did have masses of clever indexing. I wouldn't even like to hazard a guess on how long it would take to back the thing up either. The fundamental problem with this is that you'd have to record every single packet in order to make it hold data that you could easily pinpoint to something.

There are just over 65,000 TCP ports that one can connect to with a service. It is very unlikely that a terrorist is going to be using standard ports for network services as well, that would mean recording everything if you really wanted to have total scope of monitoring. It's nuts.

18 comments:

Obnoxio The Clown said...

I think you're missing the point here Dizzy: my take on this is that it has nothing to do with catching terrorists and everything to do with cowing the average citizen who is not net-literate by letting them know that big brother is watching them.

I'm pretty sure they're going to monitor only the standard ports and they're going to dredge up (or make up) some people from time to time to show us all that it's working. At some point the technology will catch up, and we'll all be used to it already.

Henry Crun said...

Dizzy, you should know by now that the "surveillance system" will have been sold to the govt. by one of the bell-ends at some consultancy like EDS or Crapita - without any thought given to the technical details at all but rather sticking a finger in the air, coming up with a prices and then adding lots of zeroes to it.

The conversation of drinkie-poos at some fundraiser or cocktail party would have gone like this:

Govt Minister: These bloggers are getting out of hand being nasty to Gordon

Consultant: What you need is a system to monitor all email and internet traffic to track them down.

Govt. Minister: Can you do that?

Consultant: Of course we can but it will cost a gazillion pounds and 3 Mayfair call girls.

Govt. Minister: And if we dress it up as fight against terrorism/reducing CO2 emissions/reducing child poverty, Alistair will sign off the budget.

Cocksucking Consultant: Kerrrrching!

Anonymous said...

Might it not turn out to be reocrding only of what some heuristics deem important, with weight given to a list of suspects and their contacts? In other words, the equivalent of warrantless wiretaps, the information being recorded just in case it is useful on that fashionable excuse for pursuing official hunches "a risk-based assessment", but deemed not to have been intercepted and therrefore not requiring any approval, till it is looked at later.

Not a sheep said...

They want to know everything that we do; it is about control, but will be justified under the pretext of fighting crime. Just wait for the usual helpful fools spouting "if you have nothing to hide...", "if it prevents one serious crime...." and "will nobody think of the children?". These arguments are spurious, but who dares say that?

Letters From A Tory said...

I remember your article in The Times on this. It may well be too big to manage, but sadly that won't stop the government from spending billions before coming to the same conclusion.

Anonymous said...

You leave them alone Dizzy they know what they are doing NOT, just think the of the fun geneologists will have in years to come going through all this data it will be a gold mine for them esp the political ones.

Pyers said...

Dizzy Dizzy ...

uint16_t th_dport; /* destination port */


65536 ports :-)

Just a techie being pedantic

Richard Holloway said...

"It's nuts"
So are ID cards, an NHS database and a women who thinks proximity to a country gives her extra knowledge about it... Alas it doesn't stop those who know very little about each of the different fields (IT/security, medical records/IT and foreign affairs) from telling us all what they are going to do with them.

Anonymous said...

Isn't it amazing to watch NuLab still insanely thinking it can control everything from the centre?

It is as if the collapse of the USSR & the birth of the Internet had never happened.

Too late, too slow & too centralised. Socialism is dead - not Capitalism.

John of Enfield

dizzy said...

pyers, typo duly corrected, give me a break, am on holiday! :)

Anonymous said...

Essentially, this is a government trying to recreate pretty much what Google does, using more expensive equipment and much stupider people.

Google succeeds by employing the best and the brightest of the techie community, by acting a little like a benign cult to keep said techies on board and on message (managing techies is like herding cats normally), and by continually updating, upgrading, automating and improving its internal systems.

EDS, Crapita and the motley sucklers at the public teat cannot hope to compete, and indeed probably don't even intend to; they will instead be punting to pretend to develop a system like this in order to milk the Labour government for all they can get before the programme gets shit-canned by a cash-strapped Tory government.

Like the ridiculous ID cards, the ludicrous NHS mega-database and the European Union, this idea is a moneymaker that will struggle to its feet shakily like a B-movie zombie, totter about menacingly for a while and maybe hurt a few people too stupid to get out of the way, then collapse in flames as death inevitably overtakes it.

Pity we can't do the decent thing and put it out of its misery now and save ourselves a lot of money into the bargain...

Anonymous said...

Do the Tories actually have a front bench

BBC Question time - Hezza

Newsnight last night - Lamont

Newsnight tonight - Ken Clarke

The Tory party - the silent ones

Andrew Zalotocky said...

The main use for this system would probably be social network analysis. Look at who is talking to whom, who is posting on which Islamist web sites, who knows who, and so on, in order to build up a picture of the people involved in Islamist activity. There would be some tech-savvy terrorists who would use encryption, anonymous proxies, etc., but there would also be plenty of idiot rageboys who have the potential for violence but not the skills to cover their tracks. They in turn would lead to the recruiters and organisers who indoctrinate the disaffected into becoming walking munitions.

Capturing and indexing the content of all communications would be impossible, but if all you really want to do is to spot connections in order to find out whose communications might be worth examining in more detail it's not actually necessary. Monitoring at that level needn't be as difficult as processing the 15 petabyes of data the LHC is expected to produce every year, or the huge amount that Google handles.

As "anonymous" points out this monitoring system would also act like a warrantless wiretap, ensuring that the security services had all the legal and technical means they needed to monitor anybody at any time.

Of course, the same approach could be used against organised crime and clowns, so there's plenty of potential for scope creep. It will inevitably go hugely over budget and will inevitably be abused by somebody at some point. But there's every likelihood that it will actually work.

Anonymous said...

@ anon 17.28

If you follow through on the Google model of search engine return success of barely 2 digits or less of total percentage of available data, it's a safe bet any proposed government effort will yield even worse results.

Anonymous said...

They in turn would lead to the recruiters and organisers who indoctrinate the disaffected into becoming walking munitions.

Yes that's the idea, but my, the idea is stupid and packed with the endless potential of confirmation bias. You have swallowed the big-bureaucracy view of terrorism and crime as "organised" in the sense that, say, big bureaucracies are organised.

DWMF said...

When this idea was previously put forward in 2003 or thereabouts, I immediately dubbed it the "SPAM Warehouse". Anyone with the merest IT knowledge can see the stupidity of this idea. Anyone honest that is.

Alex said...

Dizzy, The Government's logic is probably not can I develop a grand all-encompassing scheme, because as you indicate the scale of that project would be massive, but rather how much monitoring do I get for £X billion. When they have to justify that sort of cost for minimal benefit the business case will look weak.

Conand said...

Dizzy I'm glad you've torn yourself away from your hols to write about this.
I read about the GCHQ plan and thought 'that is crazy! What does Dizzy Think?'
On a related but totally flippant point, a hairdresser in Cheltenham was once heard to say, 'I don't know what they do at GCHQ but they shouldn't be listening to people's private telephone converstions!'
Presumably she meant that they should instead be attempting to monitor all internet activity in the UK.