Home Office backs seven-year data retention laws
The Home Office is planning to introduce new surveillance laws that would allow communications traffic data to be stored for up to seven years.
According to sources familiar with the issue, the Home Office is supporting the proposed EU Telecommunications Directive in order to widen the scope of UK electronic data retention laws. The outcome could result in a change to the Regulation of Investigatory Powers Act (RIPA), so that "non-specific" communications data would be saved for a seven-year period.
The revelation dates back to a National Crime Intelligence Squad (NCIS) report leaked to The Observer in December 2000, which called for the establishment of a traffic data warehouse where communications data would be stored for seven years. Every law enforcement and intelligence group in the UK signed the legislative request, but the Home Office has repeatedly denied its endorsement of the submission.
Speaking at the Information Security Solutions Europe (ISSE) conference, Caspar Bowden, director of the Foundation for Information Policy Research, claimed that the Home Office has been secretly endorsing the initiative.
"Patricia Hewitt, the former E-Minister, said in December that it was not the government's view that the NCIS idea should be implemented -- but Statewatch has it on good authority that the UK government has in fact been an enthusiastic supporter of trying to pass the EU directive," said Bowden.
Tony Bunyan, editor of Statewatch, confirmed that a leaked European Council report reveals that "the UK Home Office has been leading the way" in trying to push through the EU Telecommunications Directive. But the British government has only admitted to its support of an informal European agreement, which called for the retention of telecommunications data for at least 12 months.
"The Home Office would like to introduce this [the seven year rule] into law, but it doesn't know how to proceed politically," said Bowden.
The final part of RIPA, which refers to the interception of communications data, is scheduled for implementation later this year. The EU Telecommunications Directive is likely to be approved by the European Parliament in December -- Bowden and Bunyan think it likely that the Home Office will use this opportunity to widen the scope of RIPA so that traffic data can be retained longer. Last week, the National Hi-Tech Crime Unit (NHTCU) asked UK ISPs to retain all traffic data for the next month, in order to assist with investigations relating to the US terrorist attacks. But the demands were made under a provision of the Data Protection Act intended only for matters of national security. "RIPA gives them the right to do certain things based on specific warrants, but there is nothing to allow for the general retention of data," said Bunyan.
"The government is now in a hiatus -- it is a bit unlikely that they will proceed with formal changes to RIPA before they see what happens on the table in Europe," said Bunyan. "They will work on informal agreements which will cover them for the next six months or so...and will then go in conjunction with the Europe-wide directive."
According to Bowden, it also seems likely that the Home Office will try to expand the definition of "traffic data" to include the full URL. It was recently decided that in the case of RIPA, the term should only refer to the IP number of a Web server, or the home page address of a Web site. But the NCIS report -- published after the implementation of RIPA -- recommended that it wanted the power to retain traffic data "as proposed in the draft provisions of Clause 20, Part 1, Chapter II, RIPA."
"Once they decide to change one thing [in RIPA], they can change many," said Bunyan.
See the Surveillance News Section for the latest headlines.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.