Broadband will impede cybercops

Always-on Internet connections will increase cybercrime, but reduce police powers

Britain's cybercops are concerned that "always-on" Internet connections will jeopardise their access to vital ISP traffic data needed to crack down on online crime.

The take-up of broadband in Britain will remove the need for Internet Service Providers (ISPs) to hold personal data on their customers due to a simplified billing model, essentially removing important intelligence for police officers.

Principles contained within the Data Protection Act 1998 require that customer information obtained by ISPs should only be processed for limited purposes such as billing. It also states that only non-excessive information can be held on an individual for a limited period of time, whilst it is required for legitimate business purposes.

"The Association of Chief Police Officers (ACPO) is worried that that they may lose a valuable resource in the future -- some police would like ISPs to keep traffic data for policing, but that is bad data protection, and ISPs shouldn't be keeping this information," said Iain Bourne, strategic policy manager for the data protection commissioner.

Speaking at a European Commission forum on cybercrime last Wednesday, detective chief superintendent Keith Ackerman, chairman of the UK Internet Crime Forum said that the police were unable to track down 500 members of a child porn ring because of the 1995 European directive requiring ISPs to delete all traffic data after a call.

Peter Sommer, research fellow at the London School of Economics, who acted as an expert defence witness at the Operation Cathedral trial in January, is concerned that law enforcement requests for an amendment to the existing directive are disproportionate to the benefits that such powers would bring to police operations.

"We have to remember that the British National Crime Squad (NCS) was able to bring Wonderland to a successful conviction using laws less powerful than the Regulation of Investigatory Powers Act (RIPA)," he said.

The Data Protection Commissioner is adamant that any amendment to the directive should be subject to parliamentary scrutiny rather than gradually evolving through the "back door". "It costs a hell of a lot of money for ISPs to keep enormous [amounts of] trafficking data -- it's not a simple matter of extracting data as the process is very time consuming," said Bourne.

Growing police concerns about the disposal of criminal intelligence held by ISPs is championed by Jim Reynolds, former head of the Paedophile Unit at New Scotland Yard. "Everyone is talking about criminal activity on the Internet, and the police and ISPs have a part to play in ensuring the Net is a safe and lawful place," he said. "It has got to be wrong that ISPs are disposing of valuable intelligence data. ISPs have to take some of the blame as they are not understanding police problems."

Traffic data obtained by ISPs includes records of Internet access by customers. The data can prove that someone went to an illegal Web site, providing evidence of criminal activity. ISPs are currently saying that they are not willing to hold customer information for longer than necessary. The British government is also maintaining that the current situation does not justify a change to data protection legislation or an increase of police powers in this area.

Are your children in danger on the Internet? Find out with the Web of Porn Special

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read other letters.