UK gov seizes data on 100m calls, 1m users, a year

Police and other UK government agencies are demanding personal data concerning over 100 million phone calls, subscriber data on almost a million consumers and an unknown quantity of email and Internet logs, every year, claims Privacy International. The data, to be unveiled today at Scrambling for Safety 6 at the London School of Economics, is based on estimates supplied by the Home Office, Ministerial statements, legal experts, the communications industry and the All Party Internet Group of MP's, and according to Privacy International director Simon Davies is "very much on the low side... We literally halved the Home Office estimate... just to be on the safe side."

The organisation reckons that the information seized could total a billion individual items of data, including credit card numbers, dialled numbers and location data from mobile phone service providers. One individual's file could include thousands of items, which together would paint a picture of contacts, friendships, interests, transactions, movements and personal information. And because companies store information on you for years, what you've been up to all that time can be checked out by the police, and any other agency the Home Office deems eligible.

From the data available it does not currnetly seem possible to produce estimates of how the monitoring zeroes in within the total annual catch. A reasonable assessment of the current state of the technology, together with an educated guesstimate of the enforcement agencies' likely priorities would lead one to believe that a rather smaller group of individuals' communications data will be the primary focus. In years gone by, however, such suspected subversives have included several who are now senior members of the British government, and the steady increase in the number of government organisations with the ability to demand personal data will inevitably increase the amount of data seized, and broaden the scope of monitoring.

Once you've attracted their attention, they'll more likely than not take a 'collar the lot' approach to data seizure (as opposed to just calmy sitting down and figuring how they're most likely to find out why you apparently didn't pay that parking fine), and once they're sitting on a huge pile of data they can't easily deal with, technology will more and more intervene. So you have a million people a year who might have done something wrong (how many might that be over, say, five years?), so let's just trawl the lot and see if we can find out what that might be.

The Home Office, bless 'em, has been approving all of this without legal authority and in defiance of the Data Protection Act, and has so far not been conspicuously successful - despite its best efforts - in legitimising the position. Its attempts to widen the list of authorities with the ability to access communications data failed last year after a public outcry, and now it's 'consulting.' According to Privacy International the two published consultation documents so far indicate that the current surveillance regime is likely to become universal.

As we noted yesterday, Privacy International is encouraging UK consumers to try to retrieve the information held on them. Details of this can be found here. ®