UK.gov to impose data retention dragnet on ISPs
Consultation? What consultation!
The Government is to impose a controversial Net surveillance regime on service providers, despite widespread industry criticism that its dragnet data retention approach is costly and unworkable.
On Friday (Sept. 12) the Home Office announced the results of a consultation on a code of practice for the voluntary retention of communications data that reveal the Government remains unmoved by the arguments of the ISP community, civil libertY activists or many backbench MPs.
Currently, ISPs retain data for billing purposes only. But soon they will have to retain communications data for at least a year, under provisions in last year's Anti-Terrorism Crime & Security Act (ATCS).
Data retention obliges service providers to keep data on everyone, in case it is subsequently needed for investigations into serious crime or terrorism.
Data retained will include catalogues of Web sites visited, records of e-mail recipients, lists of telephone numbers dialled, and the geographical location of mobile phones at all times they were switched on. It does not include the contents of messages or telephone calls.
In a January report by the All Party Internet Group (APIG) of backbench MPs criticised data retention and urged the Government to consider a lower impact scheme of targeted "data preservation", where service providers retain data on specified individuals at the request of the police. This approach is used in the US, and is favoured by UK ISPs.
APIG's inquiry found the government had underestimated the expense of its data retention scheme, which could cost "well in excess of £100 million", and concluded that the government's approach is impractical.
Despite many such criticisms during the six-month consultation, the Government's commitment to data retention remains intact.
Friday's paper proposes that data should be retained for a maximum period of 12 months and identifies different time limits for retention of different types of data. If this voluntary arrangement proves unacceptable to the industry, the Government will look to make such data retention compulsory.
Home Office minister Caroline Flint said: "The Government believes that retention of communications data under the Anti-Terrorism Crime and Security Act is crucial in the fight against terrorism.
"The code of practice being placed before Parliament produces a balance between what is required to combat terrorism and what is reasonable to ask industry to deliver," she added.
The view aired during the public consultation make it clear that the proposed voluntary ATCS scheme has no hope of acceptance. Civil liberties campaigners have expressed disappointment that promised safeguards had not been included in the regulations.
Simon Davies, director of Privacy International, said the Government had "betrayed the consultation process".
Ian Brown, of FIPR, said since the ATCS was only passed as emergency legislation, the Government should return to Parliament to allow a fuller debate on data retention. As things stands, the controversial rules are set to be imposed on an unwilling ISP community by executive order.
Phil Zimmermann, of PGP fame, described data retention as a threat to civil liberties. He fears that data retention measures might be imposed in US service providers, in parallel with those being contemplated in the UK, via "Patriot Act II", the Bush Administration's next version of anti-terrorism legislation. ®
Sponsored: The Nuts and Bolts of Ransomware in 2016