First come black boxes, then comes the abuse.

In a legal process filed earlier this week, American campaign group the Electronic Frontier Foundation (EFF) has highlighted the dangers of allowing the Government to install it’s own ‘black box’ hardware into the communications network – as currently proposed by the draft Communications Data Bill.

The EFF is currently pursuing a lawsuit against what it alleges is the US government’s illegal mass surveillance program and has now produced three whistleblowers. All former employees of the National Security Agency (NSA) – they confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the “secret room” at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.

These ‘intercept centers’ are exactly the same kind of equipment that will be required to enact the Communications Capabilities Programme, and are specifically provided for in the draft legislation. Once they are installed, there is nothing stopping either domestic agencies or malicious attackers using them to store communications data (indeed, where data is encrypted this may be necessary) or re-purposing them to actively monitor who is visiting certain websites or communicating with certain email addresses, in real time.

After all, it is not difficult to see the argument being made that once communications data is stored, storing content is a small step requiring a few teaks to the language of legislation – for exactly the same paedo-terrorism arguments we have heard in the past few weeks.

We warned earlier this week about how dangerously naive the Home Office’s plans were, carrying a risk of either doing huge damage to internet security, or becoming a multi-billion pound white elephant. (Given past Whitehall IT projects, our money is on the latter.)

The wider risk is now becoming clear – once these pieces of hardware are installed, it is a matter of time before they are either abused (particularly worrying given the draft Bill makes no provision for the boxes to be auditable by an external body)

Indeed, this was exactly what happened in Greece when the interception capability of software on the Vodafone network was activated by unknown external operatives. The phone calls of members of the Greek cabinet, senior police and defense officials and the Prime Minister. The bugging software was thought to be active in the weeks leading up to the 2005 Athens Olympics and wasn’t discovered for seven months.

The only way to protect privacy and our freedoms is for these boxes to never be installed and service providers to store less data about us – which is why Big Brother Watch will be campaigning to have the entire draft Bill dropped.