Enforcing UK surveillance powers may cost over £1bn, 7 times original estimate
A Danish digital rights group told British MPs the government’s estimated cost of rolling out a new system for spying on internet users is too low and could only cover “a small part” of the population.
Denmark recently suspended plans to introduce a similar internet surveillance program after an official study by Ernst & Young (EY) found set-up costs would be much higher than originally projected.
The IT-Political Association of Denmark said in written evidence to the committee scrutinizing the Investigatory Powers Bill that Britain should expect a similarly high price tag.
“Based on the new cost information from Denmark, it seems unlikely that the Home Office budget can cover a sufficiently effective ICR implementation, unless only a small part of the British population is subjected to [ICRs].”
The revised bill, published last month, ignored criticism from MPs by expanding the most controversial powers.
The new legislation requires internet companies to collect and store everyone’s web browsing history for 12 months, and gives security services the power to hack into citizens’ computers and smartphones.
Home Secretary Theresa May estimates the Home Office would need to compensate internet companies between £130.6 million and £164.4 million to start new data systems capable of gathering and storing the public’s Internet Connection Records (ICRs).
In addition, the government projects running costs of £4.4 million to £5.6 million over 10 years.
However, the EY study from Denmark suggests costs could be exponentially higher. EY found the cost of building computer systems capable of collecting and storing ICRs would be about £19 per person.
If this figure is the same for the UK, with its 64.6 million population, it adds up to a hefty £1.2 billion price tag.
Liberal Democrat peer Paul Strasburger, who sits on the committee, called on the government to “scrap this bad idea.”
“This news about the real cost should be the final nail in the coffin for ICRs.
“The Danes found that it was about as useful as a chocolate teapot for catching criminals or preventing terrorism, and anyway it is very easy for the bad guys to evade.
“What’s worse is that collecting everyone’s data would put every British internet user at risk of having their most intimate information stolen by hackers, thieves, and blackmailers,” Strasburger concluded.
The Mirror reports a Home Office spokesperson as claiming the Danish model is not comparable to the plan outlined in the Investigatory Powers Bill.
The Home Office said an updated figure would be published before the bill is passed, but could not give a date.