Here’s an interesting thought for all of us on CCDP-day:
It’s obvious to geeks that the equipment which performs CCDP-mandated logging will have to be:
- a synthesis of hardware and software
- reasonably standardised
- reasonably secure (doubtless the Home Secretary will say “very secure”)
- permit secret-but-authenticated access to the police, security services and council dog-catchers to query the databases
…re: the latter: you don’t want to tip off some suspects within an ISP by letting them see that they are the subject of an enquiry.*
So let’s call this hardware the SpookBox 5000.
It will need to be a certified system – ie: built to a secure specification, include special crypto hardware like tamper-resistant keystores, tested, and then put in a tamperproof box/rack so it can’t be faffed-about with – because it will be trusted by government agencies and they like to have that sort of thing.
Therefore the SpookBox 5000 – plus a “free market” handful of “competing” solutions, making perhaps three in total – will be built by a small number of (trustworthy) British vendors, certified, have a huge price tag attached in order to reflect their “secure” qualities, and then sold to each and every major ISP, one or more for each and every Point-Of-Presence they have.
Dozens of SpookBox 5000s (and service contracts) sold to a captive market who must have them, by law.
This is what is known in the IT hardware-manufacturing trade as a license to print money.
In the Network Service Provider trade it’s known as massive cost overheads and a barrier to market entry.
Solution: CCDP logfile collection should be to an open-standards specification with no mandated implementation, and the proposal should be bent to accomodate this.
Or the whole thing should be thrown out for being the illiberal behemoth that is is.
* presumably access to the CCDP logging system itself would not be recursively logged by CCDP, that would be silly/exponential.