FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
------- Forwarded message follows ------- From: "Caspar Bowden" <cb@fipr.org> To: "'Ukcrypto'" <ukcrypto@chiark.greenend.org.uk> Subject: ZDNet UK 26/10/2001: "Home Office admits data retention plans" Date sent: Sat, 27 Oct 2001 10:53:01 +0100 Send reply to: ukcrypto@chiark.greenend.org.uk
Guy Kewnyey seems to havenailed what http://www.vnunet.com/News/1126471 And http://globalarchive.ft.com/globalarchive/article.html?id=011026001374 &q uery=data+retention#docAnchor011026001374
..have missed -- Caspar Bowden www.fipr.org Director, Foundation for Information Policy Research Tel: +44(0)20 7354 2333
http://news.zdnet.co.uk/story/0,,t269-s2096285,00.html Home Office admits data retention plans 18:25 Friday 26th October 2001 Guy Kewney
A voluntary code of practice governing how ISPs store data for law enforcement agencies could be replaced with sweeping powers for the Home Secretary
The Home Office has admitted that it plans to reserve extra powers to force ISPs to retain data about customers if its current "voluntary code of practice" proves inadequate to deal with terrorists.
New legislation is proposed, probably for late November, to deal with the terrorist threat. Officially, the Home Office insists that the only change for Internet users will be to "enable" data retention for longer periods, and for purposes of law enforcement.
However, civil servants have now admitted that if the system doesn't work, the Home Secretary will be able to extend his powers, as appropriate, without further primary legislation being needed to do so.
Officially, the Government has not published any information on this. This week, it held meetings with the CBI and with the Internet Service Providers' Association (ISPA) as a result of which the ISPA was authorised to publish the following information:
"Contrary to previous reports and speculation, the Government explained that it wanted to consult industry on proposals for a voluntary Code of Practice," said the bulletin. This code of practice "will provide greater clarity for service providers and law enforcement agencies regarding the types of data currently held for legitimate business purposes and the length of time such data may be retained for reasons of national security within the scope of Data Protection law. The Government confirmed that data retention would not be mandatory."
The "previous reports and speculation" referred to by this bulletin resulted from a leaked proposal from the National Criminal Intelligence Service, asking the Government for hugely expanded surveillance powers. The ISPA bulletin appears to be an official Government assurance that no expanded powers will be sought.
The Home Office admission doesn't directly contradict that assurance, but it does raise the question of why officials are planning reserve powers, and of why they didn't admit this right from the start.
It also leaves wide open the question of what reserve power might be deemed appropriate, and Home Office staff refused to discuss this, saying that "the Home Secretary would have to ask Parliament for any further powers."
One source very close to the Government told ZDNet UK that, "it is impossible to believe that the data currently being collected by ISPs is of very great usefulness to law enforcement, since it is restricted by European law."
Currently, ISPs are not permitted to keep more than the minimum data required for billing purposes -- which is, normally, the IP address of the user and how long they are logged on for. It might also include the IP address they are logged on to, and, for security purposes, data such as the Radius security server log.
Officially, the ISPA is very supportive of the Home Office initiative, and the Home Office says that the information the industry has already supplied has proved "very helpful" in surveillance of terrorists.
This leads some experts to suggest that some of the ISPs may well have gone beyond what European law entitles them to do.
It's been pointed out that there is data which is stored on their servers, but which can't legally be disclosed -- such as the contents of mailboxes, which can be left with messages for weeks or months until they are purged. "If they didn't actually provide the data, then one might suggest that they failed to prevent access to it," said one email expert.
"There is almost certainly nothing sinister in the intentions of the Home Office," said a consultant who advises the Government on IT matters. "However, the Home Office is advised by a great many people, and not all of them are primarily concerned with public privacy matters, and they have their own agenda."
The concern is that the Home Secretary may obtain powers, under the proposed November anti-terrorism bill, which will enable him to simply put forward a resolution at a later date which might extend the current voluntary proposals.
The extension could be literally anything, said an expert on legislation. "It could call for data to be held longer than the 12 months which the Home Office is currently thinking of. It could call for different types of data. And it could call for the voluntary code to be made compulsory."
The Home Secretary can obtain reserve powers in one of two ways. The first allows him to put forward a resolution, which has to gain Parliamentary approval within a month, or is lost.
The other way allows him to gain automatic acceptance of the resolution provided nobody objects within a month.
------- End of forwarded message -------