By Tom Espiner, 6 April 2009 17:26
NEWS
Internet service providers will have to retain details of internet communications, including email, under UK law which came into force on Monday.
The Data Retention (EC Directive) Regulations 2009 require service providers to retain details of user internet access, email and internet telephony for 12 months. ISPs must also be able to respond to access requests by law enforcement and other designated authorities.
The details of UK citizens' communications to be retained include which IP address people have been assigned, plus log-in and log-off times; the sender, recipient, date and time of emails; and the caller and recipient of internet telephone calls.
In addition, the regulations state that telecommunications companies must also retain details of all fixed and mobile telephony usage, including the geographical location of the caller.
These regulations supersede the Data Retention (EC Directive) Regulations 2007, which required fixed and mobile telephony data retention, but did not require the retention of internet communications.
Privacy campaigner Simon Davies, director of Privacy International, told silicon.com sister site ZDNet UK on Monday that data preservation, in which ISPs and telcos retain the data of specific suspects rather than of all citizens, would have been "less privacy intrusive and achieves the same objectives".
"It's not necessary to retain all of that data," he said.
Davies noted that retention of data could lead to local authorities using that data in a similar way to their use of the Regulation of Investigatory Powers Act (Ripa). Local government has been criticised by various agencies, including the Home Office, for using the legislation to monitor people putting their bins out, or dog-fouling.
"Once the data is held under this particular regime, you will probably find it will be used for a whole range of other purposes, just as Ripa has been," Davies said. "With data preservation, what would not have occurred is the gross infringement of local authorities using that data to investigate dog-fouling or littering."
Davies added that public trust in government may be eroded if communications data is misused by local authorities.
The Home Office said in a statement on Monday that it does not want to see data retention or Ripa powers "being used to target people for putting their bins out on the wrong day or for dog-fouling offences". However, legitimate actions would include local authorities using data to target "dodgy traders", fly tippers and noisy neighbours, the Home Office said.
Currently, covert surveillance, such as accessing the data retained under the Data Retention (EC Directive) Regulations 2009, can be authorised in local authorities by junior executive officers. The Home Office said it is considering raising the level of authorisation to senior executives, with possible oversight by elected councillors.
Home secretary Jacqui Smith said in December that the Home Office would consult on use of Ripa. This consultation would occur "shortly", the Home Office said.
The Home Office statement added that retention of communications data is necessary as a crime-fighting and anti-terrorist tool. "This data is a vital tool to investigations and intelligence gathering in support of national security and crime," the statement said. "Communications data allows investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time."
Comments
There are 4 comments. Join the discussion
1. anonymous
Can anyone avoid this situation by using an overseas ISP and thus retain confidentiality for his/hers email account etc?
2. Richard Davies
I completely agree that this type of data retention should be used only on someone that has been identified as a suspect in a crime etc.
To store everyones data will not only waste valuable storage space / bandwidth; it will also cost the tax payer a fortune.
What a waste of time and money storing so much info on people like my mother; is it critical that they know about her weekly bowling activities? I think not. But storing that info will cost something. Times this amount by millions and you have another disaster looming!
Also, like people said in the article...the potential for abuse is huge and from my point of view, I thought that we already distrust the government as they have previously proved they can't be trusted!?!
3. karen challinor
the consultation on RIPA that will occur "shortly" will not take place until after Labour win the election, because they aren't planning any limitations on it's use and they know this will lose them votes
as for retaining email and IP telephony details, time to look at TOR & PGP perhaps
then if the government really want to read my encrypted emails they can come and ask me for the key, with all the ensuing publicity that will bring
4. Richard
How about providing a proper anti scam service?
Rather than snooping on all of our legitimate emails and web usage so as to combat "noisy neighbours" etc.;
Why does the UK government not provide an effective mechanism for reporting ghastly spam and internet scams?
One email I received on Sunday, asked me to receive a sealed box from overseas - in return for a large "payment."
Maybe this was yet another financial scam, but perhaps it was an attempt to smuggle something nasty into the UK?
Either way, investigating and stopping these scams & spam would be far better than spending yet more hundreds of millions on yet more government snooping and databases.
It would also be good if all unwanted spam from UK government agencies & quangos contained the statutory "unsubscribe" mechanisms!