http://h30565.www3.hp.com/t5/UK-Article ... /ba-p/3645 It’s the (Digital) Economy, Stupid: why the CCDP is Bad News for Businessby EmmaByrne on 14-05-2012 03:46 AM - last edited on 14-05-2012 03:49 AM by Administrator richi
Recent projections suggest that 12% of UK GDP will come from eCommerce within the coming months. But if the Communications Capabilities Development Programme (CCDP) Bill is enacted, that could change, according to industry experts. Emma Byrne listens to the fears of digital entrepreneurs who stand to lose out if the CCDP passes.
*
The CCDP Bill, to be announced in the Queen’s Speech, will have to drive a coach and horses through SSL/TLS encryption to work. This will undermine over a decade of trust-building in online business. It will also create lucrative “honeypots” of transaction data, which risk luring unscrupulous data-thieves. Added to that, every startup with an app or a widget may have to build in access for digital surveillance. Will this stifle innovation in the UK?
The CCDP Bill would permit national security agents and the police to use deep packet inspection techniques on all data that pass through UK ISPs. While the CCDP provisions do away with the “centralised database” that 2008’s Intercept Modernisation Programme provided for, the rest of the powers in the Bill have a familiar ring to them. Industry experts, entrepreneurs and smaller ISPs are voicing their disquiet but, according to the panel at last week’s Scrambling for Safety conference, the government is sending stakeholders mixed messages about what CCDP has in store.
According to Emma Draper, a spokesperson for the event organisers, “Based on our conversations with MPs and leading experts, we understand that there are two prongs to this new policy. … CCDP is likely to require that third party services [e.g., Facebook and Google] grant government agencies access to data [and to install] black boxes at ISPs and network providers to monitor and store all communications data…kit that performs deep packet inspection (DPI).”
Security expert, Professor Ross Anderson, pointed out that DPI is useless unless the government plans to subvert SSL/TLS encryption. “This is the reason that, in India, the government demands access to all keys,” he said.
...
