
Question
There's much hoopla over this but is it any different than the police and security forces having access to your telephone conversations and call history (as long as warrants are needed just like for phonecalls)
The Queen has detailed the government's upcoming programme of law-making on a grey day darkened by the gloom of a double-dip recession and plans to massively increase surveillance of the internet in the UK. Opening the new session of Parliament, Her Majesty confirmed on Wednesday that "draft clauses" would be introduced to …
That's the problem, we don't really know what it entails yet, and it likely won't contain any technical detail as that will be left to the ISPs to implement (and pass the cost on to us customers).
The real problem is that it is likely to be blanket monitoring in retrospect (that is your past years worth of internet activity will be available, could be more), whether or not the requirement is a warrant, everyone is being watched and recorded.
The assurances that it won't contain message data, just comms data, is a lie. At some point in the system everything will be looked at. A packet may contain part of another protocol and the whole thing needs to be read and stored until enough data is available to reconstruct that 'communications data' but that may also include lots more bedsides. The rest may not get stored for long, but it is read at some point...
Yes there is a difference.
You might speak to perhaps a few tens of people by phone, but these days much more communication is done via email so maybe it would be fair enough that email addresses are captured with warrants required for their contents. I could just about live with that, although I'd prefer not to.
But this bill wants logs of every website address too, the equivalent of following someone about to see where they go. Query strings give away even more information. All without any warrant apparently. I guess website addresses will become more obfuscated.
What opening post delivered by Royal Mail? Why not if it's all for our own good?
Remember that this information will be logged and saved in advance.
So acess to call records & call content via a court order means that they will gain access to your records for as far back as the phone company have them (5 years ?). Also they could tap your phone to record your phone calls.
Now under this proposal they will log all the sites you visit, the content of all the emails you send and much more. They then have to get a court order to access that data but it would be already there on their equipment.
However it's not like there are 3rd parties involved (eg BT) so it would be trivial to lower the requirements. Putting this into the phone context everyone knows it's comparable to them recording all your phone calls (& text msgs) and then promising that they'll ask before listening to them.
reproducing the answer (to "is it any different") "From Lawful to Massive Interception: Aggregation of Sources" Slide (c) Amesys 2008
Features: ........Lawful Interception....Massive Interception (CCDP)
-----------------------------------------------------------------------
Recording target's communications..OK.................OK
Social Network for targets...............OK.................OK
Search in the past for newly identified targets.........OK
Identification of new potential suspects.................OK
Discovery of new targets on:
- Keywords.........................................................OK
- Key topics........................................................OK
- Social Network..................................................OK
Information synthesizer & top-level intelligence......OK
Creation of intelligence notes for the Authority......OK
Full Country traffic monitoring..............................OK
Behavioural analysis of Data Flow........................OK
(geo)Localisation.............................................OK
Multi-captor system..........................................OK
Privacy should be "on" by default, with an option to snoop only in exceptional circumstances*. The proposal is to set privacy to "off" by default.
* Granted, every government writes its own terms of meaning for "exceptional circumstances" but the right to privacy should be there first and foremost.
Or even just using webmail over https on servers located in some country which is less than friendly to the UK (Argentina, France, somewhere like that). And of course persuading all your <insert terrorist organisation of choice here> buddies to do the same.
Wait... they already do that :-(
Looks like a business opportunity to me. Start researching Swiss law now, for a service you can sell to respectable people who worry about journalists, PIs and spouses getting access to logs that are supposed to be for MI5 only.
Swiss, because they're a country that will cooperate with law enforcement agencies, but where they still believe in privacy. The really bad guys will find other more bribeable jurisdictions ... or possibly, put their servers afloat in the Pacific garbage patch or in orbit!
No market since around 1975.
Such a one time pad is only useful if you never reuse the pad. You've also got the problems of generating the CD contents, duplicating these and sending these around by trusted courier (That's similar to how the UK diplomatic service did it. I've seen their old paper punched tape OTP machinery in use up to the seventies now on display at Bletchley Park).
You are now doing much, much better having a new long enough key (128 bits or longer) randomly generated and exchanged using the Diffie Hellman protocol at the start of each session and securely disposed of at the end of a session. Secure disposal of the key after the session means that plod who calls around and obtains all known secrets after the session has ended (e.g. using RIPA or some other kind of rubber-hose cryptanalysis) has no way of decrypting his copy of the encrypted stream; this property is called 'perfect forward secrecy'. Diffie Hellman on its own doesn't protect against a man in the middle attack (e.g Eve pretending to Alice she is Bob while also pretending to Bob that she is Alice), so you need to use DH key exchange in connection with RSA signature or similar to authenticate the other end.
... I will also investigate investing in a VPN; though I can see a few years down the line that'll be the next area the government targets with legislation. It's an uncomfortable fact but as the internet becomes more imbedded in everyday objects & surveillance technology improves our lives will come under ever more scrutiny. Most people haven't kicked up a fuss so whatever government is in power will implement this.
Obviously you have something to hide..... I'm sure running Tor will get you onto at least one list.
Slight tangent, I wonder how many Tor nodes are spook run ? Can someone running all the nodes from request to exit node trace source and target IP ? I'm sure I read that was a Tor weakness so if I was wanting to monitor Tor I'd have a server room packed with as many nodes as possible modifed to try and trace requests.
"Obviously you have something to hide..... I'm sure running Tor will get you onto at least one list."
So what? What will they do, stop my flying to the USA? Fat chance... I'm not flying there anyway. If I want that kind of "intimate attention" from another person, I'll buy the girlfriend flowers and a nice dinner.
"Slight tangent, I wonder how many Tor nodes are spook run ?"
Probably a lot, but it doesn't matter. Data inside the network is encrypted, and data leaving the network only has the data you put into it readable by the exit node. Those folk who were caught in the drug sale sting gave out their shipping details. As is typical of data protection, "they" only get as much data as you give them. Encrypt the data before sending it (HTTPS anyone?) and don't go applying for credit or accessing your personal email account, and nobody will know who you are anyway.
Just making the point that running Tor makes you look like a "Bad Person" in some people's eyes.... and running Tor may one day be a amber/red flag in someone's data warehouse report. Just take steps to hide the Tor useage.
Who said anything about the USA ?
This is the UK goverment and they'll just knock on your door (possibly heavily) if they want to chat.
Question answered, cheers
> I'm not sure why people keep going on about SSL, it is completely readable when you
> have intercepted the entire communication from it's initiation.
No it isn't, you'd need access to the private certificate on the server to decrypt it. Only the public certificate is sent out, to allow the other end to encrypt stuff.
You can do a 'man-in-the-middle', where you decrypt SSL on the way then re-encrypt it, but it'll set the alarm bells off in the browser as the server name won't match the destination address.
"I'm not sure why people keep going on about SSL, it is completely readable when you have intercepted the entire communication from it's initiation."
If you do know how to break current SSL implementations, then please publish your reproducible attack method in full. Your publications and conference keynotes would then be worth a considerable amount of dosh. I'm also not including manipulating the CA system to get a false signed cert which we all know is doable but expensive to the CA that gets caught doing this, see Diginotar.
"Most people haven't kicked up a fuss.."
Most people do not understand their computer, let alone the impact of such a bill.
We all know how to obfuscate information using techniques already mentioned here. But your mum/aunt/grandmother/etc... have no clue. Its 'normal peoples' conversations being impacted. Those 'underhanded' persons will already be implementing counter surveillance techniques.
It's a waste of time and money really.
I expect them to do a Digital Economy bill on this one, make no mistake we will get it because its in the speech regardless of how unpopular it is. Even if they have to sneak it through the disgrace that is the Parliamentary "Wash up" to get it on the books we will have it forced on us.
What's the betting that p0rn filter comes along with this as well.
So maybe they can explain this
To quote:
"May and her department have tried to bat aside criticism from civil liberties groups by saying that "no emails would be read in real-time"."
To support
"The proposed bill described communications data as being "information about a communication, not the communication itself"."
If there is no communication content held, then how can they say that no email will be read in real-time, implying that they can (or will) be read after 'real-time' ie 1 seconds later by a person or batch job.
this puts me in mind of the Great Wall of China, unfortunately not the nice stone one......
Now, where is that tin foil hat of mine....
I'd hazard a guess that Her Maj is a bit more technically clued-up than you'd think.
Maybe not to the level of most of us reading tech news sites like this, but I'm sure she'll at least know how to switch on a PC and do a bit of casual web browsing in between her royal duties. Probably won't stretch to downloading torrents though!
> anyone thinks that old Liz actually has a clue about anything
She's far more clued-up than you might imagine.
She was a driver/mechanic during the war, and she was introduced to email before most of the rest of us.
That she talks such utter bollocks in the "Queen's Speech" is down to it being written by the government, not by the monarch.
Vic.
We already provide secure email, comms and IT services to UK companies, the more the merrier. :).
The problem of an evident lack of control, transparency and trustworthy oversight is not new, just that the process to legalise the abuse has now started. Any UK company that outsources IT to a UK based or controlled organisation already has the risk of backdoor intercept - compel the IT provider and the company in question may never find out (the magic word remains "terrorist").
Not a good position to be in if discretion is part of your business. Banks, lawyers, medical practises..
How about a little background process that , every 30 minutes or so, would google "ANARCHY BOMB TERRORIST BESTIALITY AL-QUEDA SEXTRAFFIC" and bounce off a random half-dozen of the websites produced?
A million or two PCs doing that 24/7 ought to fuck up the statistics a bit.
I'm actually semi-serious about this. Of course it would need to be more sophisticated than I'm making it, but is there any reason why this shouldn't happen? Going by my experience, there are enough people (even non techies) objecting to the bill to suggest there would be enough of a user base to make a difference.
My coding skillz are rusty as fuck these days, but I reckon even I could put together something like this.
@Seamon - I see that as not much more than a modification to SETI - and I agree that it's not only feasible, but becoming rather a good idea. The master node would be populated with new search terms as and when they become relevant, to be spat out to all the client devices. The fact that the other post above points out the anti-google effect merely gives it a legitimate purpose.
Yes, seriously this would work. I even mentioned this approach to a "home office" official and they were kind enough to reward my query with a wince.
Random traffic dilution is part of the legal, honest, truthful defence - not just against gchq/nsa total information grab but will also counteract the google bubble effect (where everything offered to you is pre-screened and biased on who they percieve you to be and what your internet social class and disposable income is)
We just need LOTS of random tools to mitigate workfactor reduction...
From the article "...obtaining of communications data by authorised public authorities including law enforcement and intelligence agencies". Note the ""including* law enforcement and intelligence agencies" part. Who else are they giving access to on top of these? Local council? Government quangos? Anyone with an open purse?
Wonder how long until son-of-News-Of-The-World gets access to the complete list as and when they want? About the only thing we could hope for is that a bunch of the power-mad MPs end up being burned by what will end up being held under this proposed law.
Terrorists and terrorist supporters of course - aka Saudi and Pakistan. You see, Its all about marketing: there would be no justification for all of this "security" if we don't get more effective terrorists than the underpants bomber!
... just like they happen to catch a terr'ist just about at the same time people are beginning to doubt the effectiveness of the TSA-grope-down!
Some of this from BBC and some from the REG
"no emails would be read in real-time" (REG) - well most people use webmail over https which wont tell you anything about where its destined, where its from or its contents and the rest use SMTP which if they use packet capture and its not encrypted can be read plain text.
Not to mention that "in real time" doesn't mean they wont do as media does with TV and delay it by 5 minutes which would get round it.
"laws date back to 2000 and they are not equipped to cover social media, Skype and other methods of communication." (BBC) - yes and these changes wont help that since yet again we're using encrypted connections to a website.
"However, the police would be able to see which websites someone had visited." (BBC) - not if they just simply use a proxy, VPN or even Google translate!!!
"information about a communication, not the communication itself". (REG) - in most cases they are the same thing.. eg Email, you've got to inspect the actual packets being sent to extract the address details other wise all you can see is he\she sent an email to MX server blah and that's the end of the trail.
The safe guards are a joke as well
"Measures to prevent unauthorised access" (BBC\Draft Bill) - This has got be the funniest bit of all, they can secure their own websites, NHS data, and regularly lose information including plans for terrorists raids..... are you really going to trust them with your data.
These measure\bill will do nothing to help combat terrorism, they will just snoop on the regular people. Terrorists arent exactly stupid and we are all well aware they use encryption, sat phones, voip.... the list goes on.
> well most people use webmail over https which wont tell you anything about where its
> destined etc...
If you're using webmail, all the information will be on the webmail provider's server for ever, and will be handed over to Government types with very few questions asked. Webmail is probably the *least* secure way of doing email unless it's your server.
> Skype and other methods of communication." (BBC) - yes and these changes wont help
> that since yet again we're using encrypted connections to a website.
And again, details will be handed over by Skype etc. on request, assuming there isn't a direct tap into them already.
They were caiught with their pants down by the use of BlackBerry Messenger to organise the riots a while back, they are determined that it won't happen again. They people they *say* it's targetted at already know how avoid getting caught
We have been told that this is only to catch terrorists, child molesters and serious criminals. I don't see what it is you are all moaning about. After all, this is the same reason we all agreed to the extradition law to send these same heinous people to the US. It isn't like you are going to ever have the plod bash your door down for helping your mates share a few TV programs.
We have been told that this is only to catch terrorists, child molesters and serious criminals.
How do you know someone is a terrorist, is a molester or is a serious criminal without reading the contents?
"plod bash your door down for helping your mates share a few TV programs." all of SOCA's latest success stories have been raids for hacking and file sharing
It's perfectly simple, they only want the email subjects, senders and recipients. They also only want the destination websites and the query strings. No use whatsoever, where's the harm?!
When the fuss dies down, that's when they'll sneak some really nasty shit through! Oh sorry, we just need the content of those emails now too and oh, the content of the pages you pulled through as well. Tell you what, make it an offence to use a PC/tablet/mobile without a UK Gov registered ID! Finally no PC use without a webcam switched on and any attempt to turn it off will be met with the stiffest penalties. Don't even think about TOR or HTTPS, we need the unencrypted data from those too please as you have nothing to hide right?
This is the thin edge people and the beginning of the end my dear friends.
a (previous) Home Secretary is on-record as saying that they don't just want to read e-mail - but they'd also like to access all the unsent e-mails that people are composing in their clients, the Drafts folder - the things that people start writing but then think, Naah, won't bother with that. I suppose the Trash/Wastebin contents are also needed for verification.
I conjecture that Total Information Awareness is the name of the CCDP game, remember the "Do you have your TIA badge displayed citizen? - or do we have to shoot you?"
A family member grew up in a repressive regime, that mass murdered; at school the teachers would ask leading questions about family life at home - to see if a 3am rendition visit was necessary. The family DID listen to external shortwave radio - but due to diligence, internal briefings and sticking to stories, they were never discovered or I wouldn't have my children!
I trust the UK government with my data, most of it, most of the time. BUT in a decade I might not - .
There seems to be some misunderstanding:
E-mail contents are not going to be logged.
However a record of each e-mail sent/received will be logged.
If we only consider e-mail comms for a moment...
I'm guessing they want to be able to go to an ISP and say give me all the records sent to/from an IP address (that represents an ISP subscriber) (or a physical installation address)
Presumably they are expecting said ISPs to install DPI hardware to do this given that e-mail could be sent or received through any server - often not the ISP's e-mail server.
How then does this cope with SSL encrypted comms - which are widespread even for home users using POP3 / SMTP, not to mention HTTPS webmail portals (eg g-mail)!
All they would be able to log in these cases is user X communicated with an e-mail server at IP address Y at time Z. (not the actual sender or recipient) That's only any use if the owner of the e-mail server also falls under the jurisdiction of this law. Presumably you'd only be guessing that its e-mail comms based upon the port used. If it used a non-standard port you wouldn't know that, and hence wouldn't log the communication as it would fall outside the scope of the law.
Anyway this is all speculation until details emerge, but it seems very difficult to achieve what they want - even ignoring the use of VPNs (which are widely used for legitimate purposes!)
SSL/https mail is the reason for the bill - they can simply order Goolge or whoever to hand over the details from their end. Otherwise they could just tap the cables as they do now and not require any public legislation.
Of course if you used encrypted mail to some server in Iran or Pakistan or Columbia then they wouldn't have any power to compel those organisations to hand over the data, But what kind of UK user would bother having an account on a server like that?
I don't understand what you mean. For an email to be private, both clients, both servers and every routing server in between needs to be using encrypted comms. The only place this happens is if all of the above falls inside one company. In which case, there is already sufficient law in place to request details.
The bill is aimed at ISPs to monitor comms on the fly. Not at service providers like Google mail. We can already order Google to hand over details.
Note I say "we" as in our government. Not "they" as in "I disclaim all responsibility because I'd rather sit on my arse bitching on a website than actually protesting, educating or otherwise resolving this issue".
MAN IN THE MIDDLE attacks are trivial when you as a state have persuaded your local Root certificate authority to issue you a whole bunch of 'fake' but functioning certificates so that the state can impersonate any server that you wish to HTTPS to.
I'm already running certificate patrol on FF but need an additional out-of-band certificate hash comparison service with distant users of the same VPN, HTTPS.
> SSL encrypted comms - which are widespread even for home users using POP3 / SMTP
Encrypted SMTP is currently quite weak - although a key exchange does occur, it is rarely verified against a root certificate. Thus a MITM attack could supply its own key to the sender, and the data is effectively in the clear for that attacker.
I expect to see much more TLS verification in the coming years.
Vic.
even 64GB USB flash is now down to $40 - but when the citizens are paying for the many CCDP boxes anyway it's irrelevant how much they cost or how many yottabytes are needed
The internet is a toy/Minecraft/angrybirds/smartphones - but it is trending inevitably to be the backdrop to everything hard & infrastructural in our lives. With the planned future amounts of data there is a risk of even subtle state discrimination, clever algorithms to effect social genocide, politicide: like Lady Porter's housing/voting 'experiments' on steroids {see Porter v Magill [2001] UKHL 67, [2002] 2 AC 357}. (she eventually lost)
WHAT social control circuit-breakers and enforced measurable lifetime neutrality are being designed into CCDP by renowned philosophers, musicians, artists and lateral-thinkers to counterbalance all the clever packet-engineering?
You mean GCHQ and the home office haven't made a best social practise privacy impact assessment on the total information awareness projects? FAIL or at least DISCUSS!
Apart from the principle of the thing, which is fucking awful, the draft bill says very little to pick over - the definition of communications data seems to only consider e-mail and telephone communications. No mention of web-sites visited.
It's a very poor starting point for any form of technical discussion. I look forward to the proper draft bill.
I wonder how long this new surveillance regime will survive if some malware gets distributed which (invisibly) does the equivalent of browsing something much like the above every couple of seconds (or milliseconds), and ignores the error responses. Their logs will fill up with the random hexadecimal strings.
Some infinitessimal part of which might be steganographically concealed messaging?
"I wonder how long this new surveillance regime will survive if some malware gets "
Simple.
Forever. The people who *want* it are basically *senior* current or former civil servants in the Intelligence and security services.
IE Oxford PPE graduates, not Cambridge CS grads.
They'd view it as the price of protecting the British people from *themselves*.
I love how they say they want to record the details of the communications ok so person a emails mail box b that sits outside of the UK where the spooks cant touch it. No big deal its a single email.
But what's not seen is the mail box B has forwarders onto mailbox C in another safe haven which in turn has forwarders onto all the undesirables that GCHQ want to know if people are contacting.
So from their point of view person A is doing nothing suspect at all but all the stuff they want to capture is beyond their reach.
I don't see this bill helping law enforcement agencies half as much as some people would have you believe, maybe a few stupid petty crooks may fall foul of it, same way they would with phone tapping etc. But in the mean time is a major cost and expense to the ISP industry and treads all over our civil liberties.
Time to send lots of random lol cat pictures with encrypted stenography messages in saying F U GCHQ.
I had been in touch with my MP, a Lib Dem, about this. He stayed in contact with me until a couple of weeks ago when he suggested that the idea was simply going to be buried. I have no reason to think that he was being disingenuous; tories weren't happy with this let alone Lib Dems, who should be allergic to this type of idea.. Yet now the thing rises again, same as it did under Labour etc. It makes you wonder who is calling these shots, and the degree to which the "security forces" are under parliamentary control.
I have written to my MP again pointing out among other things that treating all people as suspects in this way will be interpreted as additionally holding them in contempt. One would have thought that the lesson from the council elections, with the electorate clearly telling the Condems that they had better take a different route, would have been learnt.
You might find the odd Tory like David Davies who has a clue , but bluntly for all their neo-liberal anti-"big government"/"nanny state" rhetoric, the Tories have NEVER been opposed to extending state *control* of the populace when they've been in power. The Lib Dems aren't any better; their "allergies" have turned out to be largely posture without substance.
On past form the spooks already do this, And the search engines record all our curiosities, more about that later.
But this is a grotesque intervention in the world of ideas. The British Library keep no record of your requests.
Journalists and politicians will have reason to fear that wherever their minds take them online someone else sympathetic to the government will publish first.
And search engines, I do not investigate potential inventions because to do so would give it away. A search query could be held as prior publication, so nullifying a patent, or worse, the invention could easily be recognized from the search terms so stolen and patented first. This is inhibiting, and not very nice.
Pretty sure that if you get caught sending these it would be classed as "conspiracy to whatever" or something.
Memo to self, test this theory by sending said random number disks to some journalist or other, putting return address of some unoccupied address or other and see if Feds turn up.
AC/DC
Note this is from the same government that is currently bemoaning the Freedom of Information Act. They can know every little personal detail about us, but we are not to know what they are up to with their special advisors, 'best men,' old school chums, and corporate donors.
If you oppose this, please sign the official e-petition at: http://epetitions.direct.gov.uk/petitions/32400
There are at least two key parts to this 'draft' bill, both heinous IMHO:
(1) The surveillance/snooping/spying by the government listeners and the requirement for (UK) ISPs and mobile phone companies to make their log databases available for real-time snooping, supposedly with the caveat that Home Secretary Theresa May or a judge can sign a warrant to do so (certainly not comfortable with any Home Secretary being able to do this without having to pass a legal test). Note, only the body/content of the e-mail/call would not be real-time (if you believe government assurances).
(2) The entry and hearing of communications data evidence in secret closed courts (hence Justice Minister Ken Clarke's argument that the US is more likely to be willing to share secretly collected [via waterboarding at Guantanamo or rendition exercises?] evidence with the UK if it will not end up in open court.)
Also, they talk about "collection" and "retention" of these communications data details (header metadata if you will). What is the likelihood of the return of the giant central GCHQ database that the previous Labour government, and which, the Cameron-led Tories and Clegg-led Liberal Democrats opposed? How else would they be able to feasibly data mine through the massive volumes of data scattered across a rather diverse set of ISP logs and mobile phone company call details?
And how are they going to impose this on suppliers who store such data outside the UK, in countries where such rights to privacy are enshrined in their constitutions, e.g. Scandinavian countries? And what is the point of getting header data, unless you wish to
Lastly, if anyone has actually watched some of the MPs questioning IT industry executives in the Select Committees, you would realise what an abysmal lack of technical understanding these folks have. And we are to trust them to review any proposals?
The "terrorists" and "paedophiles" scare tactic is just that. Do not fall for it. Please sign the petition and let your voice be heard, before we allow then to take away our last remnants of privacy!
Remember when the Anti-Terrorism laws were only for catching Terrorists and serious criminals? Now Councils use it to check if people are overloading their garbage or a case last year where a family was spied on for six months because the council suspected (incorrectly) that the family had placed a child in a school out of catchment area and had lied about their address.
Oh yes, lots of use to catch terrorists...
And so it will be with this.
Shame nobody mentioned the "CC your email to Theresa May" Facebook page campaign that ran on May 1st. That did amuse me somewhat and seems to have been moderately successful in swamping the Home Office's email system.
£12Bn
Only listed number for price of the IMP, which was for a centralised DB.
I think merging the outputs from the various ISP hosted systems will bump that up a bit. But that part is secret, not the £2bn the govt say they will give ISPs to do their work.
http://www.theregister.co.uk/2008/10/07/detica_interception_modernisation/
Number of terror suspects former head of MI5 said they had listed 4400.
Number of UK terror suspects watched by MI5 in 2007 2000 (likely to have grown a bit by now).
http://news.bbc.co.uk/1/hi/uk/6613963.stm
Number of UK terrorist deaths 2000-2012
52 victims of 7/7/5 bombings. 4 bombers
http://www.theinsider.org/news/article.asp?id=0472 only lists the victims.
Jean Charles de Menezes 22/7/5 Intelligence FUBAR.
Northern Ireland 2 8/3/9
http://www.guardian.co.uk/uk/2009/mar/08/northern-ireland-soldiers-killed-antrim
Total 59 in 12 years..
Estimated value of a human life
http://en.wikipedia.org/wiki/Value_of_life
$6m (US DoT)
$7.9 (US FDA)
UK average lifetime earnings at average UK salary 18-70 @ £26,244 £1364688
UK population 2010 62.3million
http://www.ons.gov.uk/ons/rel/npp/national-population-projections/2010-based-projections/sum-2010-based-national-population-projections.html
So the UK govt plans to spend £1m *each* to watch these suspects (Note that's just the stuff for the ISP'. There is *no* stated figure for the GCHQ end of the bill). or they will spend £33.8m each to save 1 life.
Or it plans to watch *every* person in the UK because 0.0032% *may* actually do something that will endanger other peoples lives, possibly. It will spend at *least* £2Bn to do so.