EU rules obliging ISPs to store transaction data for two years could have significant cost and privacy implications, reports Manek Dubash.
People have never been more aware of incursions into their privacy than they are today. From the growth of CCTV cameras on Britain's streets, to the numerous accounts of mislaid personal data or hacks into central databases, the security of our personal information is a growing concern.
Now there is a measure on the statute books that helps cement the government's surveillance capabilities: the EU's Data Retention Directive (DRD), which the government must implement.
The directive mandates ISPs to keep records for two years of every transaction that passes though their hands. The directive's purpose is not to force ISPs to retain data — the Regulation of Investigatory Powers Act 2000 (Ripa) kick-started that process in 2000 — but to harmonise the retention period across the EU.
Note that ISPs must retain not content but connections: the fact you sent me an email, or I called you, for example, rather than the actual email or recording of a call.
No big deal?
So what does the directive mean for ISPs, and how much will cost them to comply — and does it mean your broadband bills will go up? We contacted a number of ISPs and, while all said their customers' privacy was important, they confirmed they would be abiding by the law of the land. Most also said that the directive was no big deal, as much of this information is kept by ISPs anyway, for billing purposes.
A spokesman for Virgin Media said: "DRD is not a fundamental change in what's already done. All this data is kept as standard by ISPs — DRD just mandates a time period by which that data must be kept.
"We are discussing implementation with the Home Office. It's early on in the process."
The spokesman was unable to give a timescale for implementation of the directive, but added: "We understand the needs of law enforcement, but as a consumer-centric ISP our consumer privacy is critical. Our approach is to find the right balance between the two positions."
Crunching the numbers
Among the issues Virgin Media will be discussing with the Home Office is the cost of implementing the directive, which the ISP said it expected to be borne by the government.
BT, the UK's largest ISP, said: "This is a complex topic and we look forward to studying the detail of the government's proposals and responding in due course. We will, of course, continue to adhere to whatever rules and regulations apply to us." A spokesman added that BT was still reading the directive and that it would respond to the government rather than issue a press statement.
Be Broadband, now part of O2 and a leading local-loop unbundler, said: "We are serious about protecting our customers' privacy and information. At the same time, we have a duty in law to assist the police and others in the fight against serious crime and terrorism. We expect that other ISPs take a similar position."
One vendor of technology to the ISP community said there were other issues at stake. Duncan Pauley, chief technology officer of CopperEye, a vendor of ISP-grade indexing technology, said ISPs needed to invest...