Written evidence submitted Keith Alexander Mallen (IPB 12) I am a private individual. You might associate me with others who have similar concerns about this Bill and wider matters. As far as I am concerned I act independently but could not claim others opinions do not influence my own. I would like to think I can rationalise sides of arguments but perhaps this submission suggests otherwise. I have a Joint Honours Degree in Applied Science, Physics and Chemistry. A Higher National Certificate in Electronics and Communications Engineering. I have been employed as an Electronics Assembler, Test Technician and Design Engineer. Worked on an IT Hell Desk and get to fix other peoples computers. There is more but none of the previous qualifies me as an 'Expert'. Please refer to the Conclusion for a Summary. Contents Section 01) Definition of an ICR. Section 02) The Domain Name System. Section 03) Domain Name Servers. Section 04) Parental Controls. Section 05) WireShark. Section 06) WireShark and DNS. Section 07) WireShark, DNS and Parental Controls. Section 08) The ISP Cost Fallacy and WireShark. Section 09) The ISP Cost Fallacy and Tape Storage. Section 10) The Pre-Fetch Problem. Section 11) The Third Party Content Problem. Section 12) The IP Address Problem. Section 13) The Criminal/Other Element Problem. Section 14) Who Gets 'Targeted'? Section 15) The Itemised Telephone Bill Fallacy. Section 16) The Value of Data Fallacy. Conclusion Annex 1) My personal ICR. Section 1) Definition of an ICR If I am to understand correctly then an Internet Connection Record or ICR comprises a Time, Source and Destination. The Time is when the Source Visits a Destination. The Source is the IP Address from which the Visit originates. The Destination is the Top Level Domain where the desired Content is Hosted. The ICR does not include or permit recording of Content. Section 2) The Domain Name System Content is stored on The Internet at locations identified by IP Addresses represented as Numbers. Humans are not very good with Numbers so a System is provided whereby Names are Translated to Numbers. Section 3) Domain Name Servers Domain Name Servers provide the aforementioned Translation Service. All of the Major Internet Service Providers, ISPs, implement their own Domain Name Servers, DNS. Equipment provided to end users is tied to the ISPs Domain Name Servers. Section 4) Parental Controls All of the Major ISPs are now required to implement Parental Controls whereby, if enabled, access to certain Destinations on The Internet can be blocked. Parental Controls are based on the Domain Name System. These controls are already paid for, in place and operating. Section 5) WireShark WireShark is a freely available Open Source Network Protocol Analyser. I have installed it on my Desktop Computer. It allows me to monitor my Network Traffic. In effect I am performing an Interception of Communications on myself. Section 6) WireShark and DNS I can set up WireShark to Filter the Information it collects. In the following example I am only Time Source Destination Protocol Length 0.000 192.168.1.2 192.168.1.1 DNS 77 Standard query 0x58e8 A stackoverflow.com Domain Name System (query) Time Source Destination Protocol Length 0.031 192.168.1.1 192.168.1.2 DNS 157 Standard query response 0x58e8 A 104.16.34.249 Domain Name System (response) collecting DNS or Destination Requests. It has been 'edited for clarity'. The previous resulted from me using my Web Browser to visit the site stackoverflow.com and in order to get there my browser made a Domain Name System (query) to the DNS Servers provided by my ISP, SKY, and those Servers provided a Domain Name System (response)telling my Web Browser the Location, IP Address 104.16.34.246, of that particular Page. Section 7) WireShark, DNS and Parental Controls In the previous example 'Source' and 'Destination' might cause some confusion. The numbers do not reference the SKY Domain Name Servers but represent my Home or Local Area Network. Standard query 0x3c57 A www.southern-charms.com Standard query response 0x3c57 A 90.207.238.183 GET /lola/photos.htm HTTP/1.1 HTTP/1.1 302 Found Standard query 0x59a6 A block.nb.sky.com Standard query response 0x59a6 CNAME nmbs1.sky.com A 80.238.6.34 GET /?domain=www.southern- charms.com&categories=PORNOGRAPHY&match_user_blacklist=false HTTP/1.1 With Parental Controls switched on, The previous, again edited for clarity, resulted from me using my Web Browser to try and visit, www.southern-charms.com/lola/photos.htm My Web Browser requests the Location of www.southern-charms.com but the SKY DNS, along with the Parental Control System, recognises that this might be pornography and returns an incorrect IP address, 90.207.238.183, owned by SKY. My Web Browser goes to that IP address and asks for /lola/photos.htm, The Content, and since it is now looking in the wrong place it ultimately ends up on a SKY Block Page. In part the above was to remove confusion about 'Source' and 'Destination' in the WireShark Log. I am in fact relying on the DNS as supplied by my ISP. More importantly it demonstrates how my Web Browser, and for that matter other 'services' that I use operate in respect of DNS queries. Specifically they only request, as per Section 1), the IP address of the Top Level Domain and, unless any other interference occurs, that is all the ISP gets to see. There is no record of the Page or its Content. This is the definition and requirement of an Internet Connection Record, ICR, and the ISPs have already implemented, paid for and have in place a system that can provide those ICRs. Section 8) The ISP Cost Fallacy and WireShark Certain ISPs have presented evidence to previous committees expressing their concerns in respect of the cost of implementation of a system capable of providing ICRs. It should be apparent from the above that they already have the technical capability to do this. What appears to be missing is the cost of recording and storage of Data for the proposed period of Twelve Months. The amount of Data is claimed to be 'massive'. As previously suggested I set up WireShark to only record DNS Location Requests from my computer. I might qualify as an 'above average' user in terms of browsing and logged those Requests for just over One Hour. On export the resulting Text File had a size of 1 Mega-Bytes but contained information that would not be relevant to an ICR. I wrote a program to strip the superfluous information out. The following shows the results at the 0.000 192.168.1.2 stackoverflow.com 0.658 192.168.1.2 rpc.advfn.com 0.739 192.168.1.2 cdn.sstatic.net 0.767 192.168.1.2 www.gravatar.com 0.845 192.168.1.2 i.stack.imgur.com 2.712 192.168.1.2 chat.stackoverflow.com 2.712 192.168.1.2 meta.stackoverflow.com - - 3652. 192.168.1.2 www.sharesmagazine.co.uk 3652. 192.168.1.2 research.moneyam.com 3652. 192.168.1.2 comparison.moneyam.com 3652. 192.168.1.2 twitter.com 3652. 192.168.1.2 www.facebook.com 3667. 192.168.1.2 rpc.advfn.com 3757. 192.168.1.2 rpc.advfn.com beginning and end of the session. This is, in effect, an ICR gathered over One Hour of browsing. Time in seconds, Source IP Address and Destinations. Again note that my Local Area Network address, 192.168.1.2, ultimately gets reported to my ISP as my assigned and external Wide Area Network address, 87.81.177.97. The size of the associated Text File is 33 Kilo-Bytes. A Text File is not be the most efficient way of storing data and there are other techniques that would reduce the size further. For example de- duplication. Otherwise working with the 33KB figure, 33K(Hourly DNS) X 24(Hours) X 365(Days) X 60 Million(UK Population) = 1.7x10^16 bytes That would be 17,000 Tera Bytes of Data to be stored for one year assuming the whole of the UK population is the average ME and the whole of the UK population has an Internet connection, uses it 24 hours a day for 365 days a year and only gets their Internet connection through a single ISP. It does indeed sound like a big number but some perspective is required. Section 9) The ISP Cost Fallacy and Tape Storage A quick Google, apparently it became a verb some time ago, suggests that Tape Storage costs 1 US Cent per Giga Byte. 1.7x10^16 ÷ 1x10^9 ÷ 100 = US$170,000 Which appears to be slightly shy of the UK£174,000,000, by a factor of one thousand, that the Government is offering and wildly below the £Billions the ISPs are saying this will cost. You have to be able to write the Data to Tape in the time that is available. The IBM TS1150 is capable of a Sustained Transfer Speed of 1265GB/Hr or 1.27x10^12 bytes/Hr 33K(Hourly DNS) X 60 Million(UK Population) = 1.98x10^12 bytes/Hr The capability is quite close, 1.98x10^12 required versus 1.27x10^12 achievable so we run two storage units in parallel. Again this assumes all the users all the time just using one ISP. The solution seems easily achievable and at a cost orders of magnitude less than that proposed by the Government and even more so compared to that suggested by the ISPs.