How the UK plans anti-terror phone, email monitoring

How the UK plans anti-terror phone, email monitoring

Summary: The UK -- according to reports -- is to follow suit with its American cousins in H.R. 1981, by aiming to force ISPs and phone companies to retain communications data for one year.

SHARE:

If you haven't heard of H.R. 1981, it wouldn't surprise many.

Overshadowed by the SOPA and PIPA bills that went before Congress, shortly before they were shelved, H.R. 1981 aims to keep track of Internet users' activities for one year in case it proves useful for law enforcement.

Also known as the "Protecting Children From Internet Pornographers Act 2011" from the same Rep. Lamar Smith, it was approved by a House committee last year, in what would be the most privacy invasive bills the U.S. Congress has supplied to date.

And now the British want a go at it.

A new anti-terrorism plan, as uncovered by the Telegraph, would force phone companies, mobile operators, and Internet providers to store phone calls data, text messages, emails and traffic data for a year, in a bid to prevent terrorism and fight crime.

The domestic security service MI5, the foreign intelligence service MI6, and the signals and electronics eavesdropping agency GCHQ are all thought to be working on the plans with the UK Home Office.

The report --- which did not cite sources --- said that security and intelligence services in the UK would have "real-time" access to data. The phone companies and broadband providers would have to store the data themselves, but there are no immediate plans for a centralised database.

It is not clear whether social media or international calls will also be monitored under the plans. However, it was revealed last month that the U.S. FBI is looking to monitor all public information posted on social networks, such as Facebook, Twitter, and MySpace.

While the company-stored databases would not record the contents of calls, texts or emails, the numbers and the contacts addresses in emails would be stored --- once again referring to the "contact not content" rule that intelligence services are interested in.

The UK government has been working on this proposal for two months, and could be announced as soon as May, the newspaper notes.

The UK's Home Office and the Ministry of Justice declined to comment at the time of publication. But let's take a look at the logistics and practicalities of this.

In a nutshell: it's entirely possible. Considering we do not have a constitutionally bound Fourth Amendment which would guard against unreasonable searches, should it reach enough opposition, it could still not make it through Parliament.

Let's say that it does, however.

Under current legislation, the Regulation of Investigatory Powers Act (RIPA) 2000 is used to acquire data, in a similar fashion to the U.S.' Patriot Act.

There are two key ways for a UK law enforcement agency or intelligence service to acquire user data, depending on that kind of data --- without court order --- by way of using RIPA.

The "interception of a communication" allows wiretaps and the interception of communications, and is often reserved for issues relating to national security. The only ones allowed to do this are the intelligence services, MI5, MI6, GCHQ, and the almighty powerful HM Revenue and Customs, the UK's tax and customs enforcement agency, and some select others. This method requires the authorisation from the Home Secretary, and does not require a court order.

The "use of communications data", however, is a lot looser and less defined, and allows a broader scope of data acquisition under the heading of "the purpose of preventing or detecting crime or of preventing disorder". It allows only the information about a communication to be collected, not the contents of that communication, as described above. This method requires the authorisation of only a senior member of that authority, and does not require a court order.

As you can see from Wikipedia's exhaustive list of organisations --- some of which you may not even know exist --- it allows dozens of names of government agencies, and even more localised police forces, to invoke RIPA to access such communications data without due judicial process.

While there is due process, and the RIPA process is carefully monitored, audited, and regulated, it still does not require a judicial body, such as a court, to oversee the process of data acquisition by law enforcement bodies or intelligence agencies.

If you thought H.R. 1981 was bad, spare a thought for your British cousins across the pond.

Image source: No Life Before Coffee/Flickr.

Related:

Topics: Browser, Collaboration, Enterprise Software, Mobility, Piracy, Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • I watched a program on the TV the other night

    "World's dumbest People" type of thing. It had camera footage of some guy in London, drunk off his butt, falling, slipping, tumbling down steps and over hardrails, pretty much anyway you could fall, this guy this guy did (and lived).

    The footage followed him from the place he was ejected from, all the way to his house.

    Then it hit me - how many cameras had to be in place to be able to litterally follow somebody their entire route home?

    People want to complain about things here, between this story and that footage, I wonder if we're really actually worse then other places?
    William Farrel
  • RE: How the UK plans anti-terror phone, email monitoring

    Our Government wages wars abroad and then steals our liberties in the name of national security. They want to regulate the internet "in the name of copyright law," to combat piracy they say. Well Senator Hatch wants to be a pirate himself. He wants the Government to start blowing up computers without due process by the hundreds of thousands.
    http://www.dethronehatch.com/orrin-hatch-is-no-friend-of-the-internet/
    fightingleg