Net snooping to cost UK taxpayers £100m+. A year

A Home Office minister last night brushed aside a report by MPs which calls on the government to drop Net snooping plans.

Speaking at a meeting of the All Party Internet Group (APIG), Bob Ainsworth, Minister of State for the Home Office, pledged to press ahead with a new data retention regime on ISPs.

Yesterday the APIG urged the government to think again, in a report (pdf) on Communications Data - the logging information held by phone companies, mobile operators and ISPs. The MP group's preferred option is a lower impact scheme of targeted "data preservation".

Data preservation obliges service providers to retain data on specified individuals at the request of the police. This approach is used in the US, and is favoured by UK ISPs.

Data retention obliges service providers to keep data on everyone, in case it is subsequently needed for investigations into serious crime or terrorism.

Currently, ISPs retain data only for billing purposes. But soon they will have to retain communications data for at least a year, under provision in last year's Anti-Terrorism Crime & Security Act (ATCS).

Data retained will include catalogues of Web sites visited, records of e-mail recipients, lists of telephone numbers dialled, and the geographical location of mobile phones at all times they were switched on. It does not include the contents of messages or telephone calls.

Expensive and unworkable

Last night, APIG presented the results of a public inquiry on Communications Data at a meeting in Westminster. The MP group examined the enforcement of the powers contained in the ATCS and the Regulation of Investigatory Powers Act (RIPA) [although delays mean there's no code of practice for either act yet].

The inquiry found the government had underestimated the expense of its data retention scheme, which could cost "well in excess of £100 million", and concluded that the government's approach is impractical. The evidence heard by the inquiry, and the opinions expressed by the many ISPs at yesterday's meeting, makes it clear that the proposed voluntary ATCS scheme has no hope of acceptance.

ISPs say they want to assist police in their enquiries, and do so already on a semi-regulated ad-hoc basis. But they are unconvinced by the government case that blanket data retention is needed to fight terrorism and serious crime. ISPs also express concern about the impact on customer privacy on data retention.

The minister's not for turning

The ATCS gives the Secretary of State a fallback position of introducing mandatory data retention if a voluntary scheme fails.

Home Office minister Bob Ainsworth told the meeting that the government is prepared to go down this route.

"We're discussing a code of practice with the Information Commissioner. If it's not possible to get agreement on that we'll move towards mandatory data retention," he said.

The government is set on introducing secondary legislation on data retention by the autumn. Ainsworth expressed openness to consultations with the industry on a framework for data retention, safeguards and costs. But he made clear that looking at preservation, as an alternative to data retention, is not on the government agenda.

John Gamble, chair of the data communications strategy group for the Association of Chief Police Officers, backed the minister's approach.

He said data preservation, and the current ad-hoc regime, were inadequate in the investigation of serious crime.

Police do not know at the start of an investigation the names of people who might become suspects, he pointed out.

An FBI representative at the meeting said that data preservation worked well in the US - but that's without Britain's data protection laws, the application of which means that data sometimes has to be destroyed.

Legislative tangle

The complex interplay between data retention measures in ATCS, the Data Protection Act, human rights laws and procedures for the takedown of illegal material reported through the Internet Watch Foundation complicates this area of UK law.

At the APIG meeting last night, a Cable & Wireless representative questioned why the government was consulting on a code of practice for RIPA and ATCS separately when the two are inherently linked: the question went unanswered.

So, last night's APIG meeting provided a platform for a lively debate on data retention but the government and critics in industry (backed by privacy campaigners) remain as far apart as ever.

Pressure may force the government to bend but it seems unlikely backtrack on its commitment to data retention.
The message is: you will have no privacy on the Net - get used to it. ®

UK police data requests factoids

Every year an estimated one million requests are made to telephone companies for information, according to The All Party Parliamentary Internet Group. Most concern who owns a particular phone, but there's also billing data, location and incoming phone number requests. Telcos routinely bill police for data access. Law enforcement requests to ISPs for communications data are far fewer, and charging (though becoming more common) is not universal.

External Links

All Party Parliamentary Internet Group's site, and its public inquiry into communications data retention report (PDF)
Think tank the Foundation for Information Policy Research welcome's MPs report (summary of report by privacy campaigners

Related Stories

MPs probe impact of data retention laws
UK ISPs oppose data retention
EU data protection chiefs oppose data retention moves
EU to force ISPs and telcos to retain data for one year
World leaders use terror card to watch all of us. Forever