Monitoring means "listening in", in effect. It means the communications continues as normal, the same as if you are not monitoring, but you as the person doing the monitoring get to see a copy of some or all of what is being communicated.
Intercepting means you actually take the communications, and do things with it before sending it on. You may change where it goes, block some of it, change some of it. It is much more serious in lots of different ways than monitoring.
The problem is that the government want to be able to track who is talking to who, i.e. the communications data. I am sure they would love to see what everyone is saying as well, but they know that really is going too far to get re-elected. To be honest, what they seem to be proposing now is going to far for my view.
However, there are plenty of means of communication that are not handled by someone in the UK. Facebook and twitter and games and all sorts can mean that they would have to convince a non-UK company to provide monitoring of that communications data. They don't like this, for obvious reasons.
So they want to snoop on the communications as it passes through UK ISPs. Essentially monitoring everything, so it seems.
There is another problem - some of these non-UK companies are using encryption - i.e. https (secure web page access) like your bank uses. This means that they cannot see what is being communicated simply by monitoring in the middle. The whole idea of encryption is to stop such things.
They claim to have a way around that! Why the hell to they think they can monitor encrypted traffic? Well the answer, we think, is that they have had vendors of black boxes show them it can be done. And, in a controlled corporate environment there are ways. One way is taht you mess with the settings on everyone's computer so that you can do what is called a "man in the middle" (MITM) attack without the computers being aware of it (installing a new CA). In effect you pretend to be facebook or twitter (or your bank) when talking to your computer, and you make it believe you. Then you pretend to be you when talking to facebook, twitter, etc, and pass on the content of the encrypted communications after looking at it and taking a copy. In theory this can be done if you are in bed with the certificate authorities and get a dodgy CA. And CA found doing this would go out of business quickly though.
For me, this moves very clearly from monitoring to interception. Now you are actually messing with the communications. This is very very bad for a lot of reasons.
- It is just wrong - if you are monitoring, then that is all you should be doing
- It undermines the whole principle of secure communications and can allow real MITM attacks behind the government system
- It allows you to snoop on the bank, and anything else you want
- It is detectable by anyone that is looking, and more and more people will look
- It will break lots of things
- I creates some really nice targets for any criminals and hackers to go after
- It is technically a nightmare, including scaling issues and single points of failure
But, if you want to intercept traffic, that is a lot harder. It means that you send everything in to and back out of a black box. It means ensuring all of the communications goes via this one point, and does not have packets spread over several redundant links. It means your whole network relies on the black box working and having enough capacity to cope with the load. It also means some stupidly expensive black boxes. Looking on-line there are some expensive boxes that handle 100Mb/s of traffic and some really expensive ones that handle 1Gb/s of traffic. Even A&A's tiny network is going over 1Gb/s now. They need many orders of magnitude more in order to work with any of the larger UK ISPs. It is basically impossible but trying will break lots of stuff.
It won't actually help. There will be ways to communicate securely and without monitoring the communications traffic. There are well established systems in place for this designed to allow people working under oppressive regimes to communicate with the outside would - where being found out could get them shot. Such systems will always exist, and there is no reason to think that they will not be used.
At the end of the day, we have to consider very carefully how much freedom and privacy we want to give up. Remember, bee stings have killed as many people in the UK as terrorists so far this millennium. Think of the bees!
Update: ISPreview say "At present ISPs are already required, if requested, to maintain a very basic log of their customers’ internet website and email accesses (times, dates and IP addresses) for a year, which is made available to various government and security services via a warrant. This does NOT include the actual content of your communication." which is not quite true. We only log email that goes via our mail servers and web pages accessed on our web servers. We have not been asked to keep these logs for a year. We do not have to snoop on customers to see what web pages they access or what emails or tweets or pokes they do. This new law would require that.