[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) ZDNet UK 26/10/2001: "Home Office admits data retention plans"

------- Forwarded message follows -------
From:           	"Caspar Bowden" <cb@fipr.org>
To:             	"'Ukcrypto'" <ukcrypto@chiark.greenend.org.uk>
Subject:        	ZDNet UK 26/10/2001: "Home Office admits data retention plans"
Date sent:      	Sat, 27 Oct 2001 10:53:01 +0100
Send reply to:  	ukcrypto@chiark.greenend.org.uk

Guy Kewnyey seems to havenailed what 
&q uery=data+retention#docAnchor011026001374

..have missed
Caspar Bowden                           www.fipr.org
Director, Foundation for Information Policy Research
Tel: +44(0)20 7354 2333 

Home Office admits data retention plans
18:25 Friday 26th October 2001 
Guy Kewney   

A voluntary code of practice governing how ISPs store data for law
enforcement agencies could be replaced with sweeping powers for the
Home Secretary 

The Home Office has admitted that it plans to reserve extra powers to
force ISPs to retain data about customers if its current "voluntary
code of practice" proves inadequate to deal with terrorists. 

New legislation is proposed, probably for late November, to deal with
the terrorist threat. Officially, the Home Office insists that the
only change for Internet users will be to "enable" data retention for
longer periods, and for purposes of law enforcement. 

However, civil servants have now admitted that if the system doesn't
work, the Home Secretary will be able to extend his powers, as
appropriate, without further primary legislation being needed to do

Officially, the Government has not published any information on this.
This week, it held meetings with the CBI and with the Internet Service
Providers' Association (ISPA) as a result of which the ISPA was
authorised to publish the following information: 

"Contrary to previous reports and speculation, the Government
explained that it wanted to consult industry on proposals for a
voluntary Code of Practice," said the bulletin. This code of practice
"will provide greater clarity for service providers and law
enforcement agencies regarding the types of data currently held for
legitimate business purposes and the length of time such data may be
retained for reasons of national security within the scope of Data
Protection law. The Government confirmed that data retention would not
be mandatory." 

The "previous reports and speculation" referred to by this bulletin
resulted from a leaked proposal from the National Criminal
Intelligence Service, asking the Government for hugely expanded
surveillance powers. The ISPA bulletin appears to be an official
Government assurance that no expanded powers will be sought. 

The Home Office admission doesn't directly contradict that assurance,
but it does raise the question of why officials are planning reserve
powers, and of why they didn't admit this right from the start. 

It also leaves wide open the question of what reserve power might be
deemed appropriate, and Home Office staff refused to discuss this,
saying that "the Home Secretary would have to ask Parliament for any
further powers." 

One source very close to the Government told ZDNet UK that, "it is
impossible to believe that the data currently being collected by ISPs
is of very great usefulness to law enforcement, since it is restricted
by European law." 

Currently, ISPs are not permitted to keep more than the minimum data
required for billing purposes -- which is, normally, the IP address of
the user and how long they are logged on for. It might also include
the IP address they are logged on to, and, for security purposes, data
such as the Radius security server log. 

Officially, the ISPA is very supportive of the Home Office initiative,
and the Home Office says that the information the industry has already
supplied has proved "very helpful" in surveillance of terrorists. 

This leads some experts to suggest that some of the ISPs may well have
gone beyond what European law entitles them to do. 

It's been pointed out that there is data which is stored on their
servers, but which can't legally be disclosed -- such as the contents
of mailboxes, which can be left with messages for weeks or months
until they are purged. "If they didn't actually provide the data, then
one might suggest that they failed to prevent access to it," said one
email expert. 

"There is almost certainly nothing sinister in the intentions of the
Home Office," said a consultant who advises the Government on IT
matters. "However, the Home Office is advised by a great many people,
and not all of them are primarily concerned with public privacy
matters, and they have their own agenda." 

The concern is that the Home Secretary may obtain powers, under the
proposed November anti-terrorism bill, which will enable him to simply
put forward a resolution at a later date which might extend the
current voluntary proposals. 

The extension could be literally anything, said an expert on
legislation. "It could call for data to be held longer than the 12
months which the Home Office is currently thinking of. It could call
for different types of data. And it could call for the voluntary code
to be made compulsory." 

The Home Secretary can obtain reserve powers in one of two ways. The
first allows him to put forward a resolution, which has to gain
Parliamentary approval within a month, or is lost. 

The other way allows him to gain automatic acceptance of the
resolution provided nobody objects within a month. 

------- End of forwarded message -------

To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de