UK.gov to tap BT as data harvester
Small ISP customers to be monitored upstream
The government will call on BT and other big communications firms to monitor small ISPs' customers and keep private information on them under European data retention rules, the Home Office has revealed.
Officals fear the cost of paying every small ISP to retain every customers' communications data. Instead, they will fund BT and other bandwidth wholesalers to gather the data from their networks.
The proposed arrangements emerged last week as the Home Office published draft laws transposing the European Union Data Retention Directive (EUDRD). "A communications provider is only obliged to retain communications data under these regulations after they have received a formal notice to do so from the Secretary of State," the draft laws say.
"The Secretary of State must give a written notice... unless the communications data concerned are retained in the United Kingdom in accordance with these Regulations by another public communications provider."
A Home Office spokeswoman confirmed the laws mean higher tier providers, including BT, will be called on to act as the government's collectors, pooling pivate communications data from dozens of small reseller networks.
BT said it was examining the draft legislation and declined to comment.
The arrangement is the Home Office's solution to its dilemma of having to comply with EU law, while not wishing to fund every ISP's data retention system. At an industry meeting last year officials were unable to provide clear guidance on what small operations would be required to do once the EUDRD became UK law.
The directive, which the UK government pressed for in the wake of the 2005 London bombings, requires every ISP to retain IP addresses and session data* for a minimum of six months. The UK's draft laws set a minimum of 12 months.
Taxpayers have paid £19m in the last four years for voice communications providers to retain data on who calls whom. The Home Office estimates that retention by ISPs will cost a further £43m.
Separately this week, a legal callenge against the directive by small countries including Ireland was rejected by the European Court of Justice.
The EUDRD had been scheduled to be transposed as part of a broader Communications Data Bill, but was spun out as a stand alone statutory instrument in order to meet a March deadline.
The internet industry now awaits news of the other part of the Communications Data Bill, as it was originally envisaged. Intelligence chiefs want a vast central government database to pool retained data, and "maintain capability" to monitor communications, costing many billions.
A consultation on the plans, being developed in Whitehall as the "Interception Modernisation Programme", was scheduled to be published in January, but has so far failed to appear. A Home Office statement said: "The consultation is due to commence early this year, but a final date for the launch has still to be confirmed". ®
*Full details of the internet communications data to be retained under the UK implementation of the EUDRD are here. Scroll to Part 3.
Sponsored: Network DDoS protection