Privacy and IT security experts have reacted with horror to reported government plans that would see UK citizens' internet and telephony usage details stored in a massive centralised database.
As details begin to emerge about the Communications Data Bill, included in very detail-light form in last week's draft Queen's Speech, the Home Office on Tuesday declined to deny reports suggesting it wanted such a database. Initial interpretations of the draft bill had internet service providers (ISPs), rather than the government, holding such data, but it now appears that Home Office officials may want their own database.
To come into line with the requirements of the European Data Retention Directive, introduced in 2006, UK communications providers have, for some time, had to retain telephony data — who the subscriber is; who he or she was calling or texting; when the communication took place, and so on — for a minimum period of one year. The government held off on applying the same requirements to internet-usage data, and it is that data that is particularly affected by the new Communications Data Bill, set to come into force by the end of March 2009.
At first appearances, the bill requires certain data — logon and logoff information, how long the user was online for, who was emailed and when, and the user's IP address — to be held by ISPs for six months, with users' basic subscriber data to be held for at least one year. This sort of data is retained by many ISPs for their own internal purposes, and many ISPs already voluntarily hold the data to make available to law-enforcement officials, the intelligence community and the taxman.
"I've worked at a number of ISPs and this is day-to-day activity anyway," said Gareth Niblett, head of information security at the Kingston-upon-Hull-based ISP KCom. Niblett pointed out that the Home Office intended to pay ISPs back for any costs they might incur in keeping such data longer than they had in the past, a situation he described as "certainly better than in Ireland or other places where there is no financial support for delivering and operating such a platform".
However, a spokesperson for the ISP Association (ISPA) told ZDNet.co.uk on Monday that the association was still "looking to find out what's meant" by certain phrases in the draft legislation, particularly the part referring to a need to "modify the procedures for acquiring communications data and to allow this data to be retained".
On Tuesday, an article in The Times provided a possible interpretation of this phrase, claiming Home Office officials wanted to establish a centralised database for telephony and internet usage information under the auspices of...