Data retention: Who's watching you?

The scale of requests from government authorities already accessing communications data in the UK has been revealed during a parliamentary inquiry

Numerous government agencies are already requesting communications data from ISPs, even though the relevant parts from two laws designed to regulate the practice have yet to come into force.

The scale of the situation was revealed during an inquiry in data retention by the All Party Internet Group (APIG) on Wednesday, when ISPs detailed the requests already flooding in from government agencies who want to look at the small amounts of data that are retained by ISPs for 'operational purposes'.

Communications data means IP addresses of Web sites that people visit, and email headers -- the information that contains origin and destination addresses. It is distinguished from content in the same way that a dialled telephone number is distinguished from a recording of the actual call. However, many in the industry believe communications data is just as invasive as the content because it can reveal a great deal about an individual.

AOL and Thus said that in common with most ISPs they both store communications data for their business needs, and that they receive a significant number of requests from various government agencies -- both in the UK and abroad -- for the data.

Responding to a question from APIG chairman Richard Allan, Liberal MP for Sheffield Hallam, Thus Internet expert Clive Feather said: "We're already starting to get people queuing up for even the little bits of data we currently retain." Feather said Trading Standards officers can demand access under the Trading Standards Act, Social Security officers can do so under the Social Security Act, and other agencies such as the Benefits Agency and the Serious Fraud Squad can demand access under separate powers.

Both Thus and AOL also get a lot of requests from law enforcement agencies at home and abroad to "preserve" data. Data preservation is different from data retention, said AOL's director of public policy Camille de Stempel, because it tends to deal with specific bits of communications data. "It's when you know you will need to keep a particular day's data for an investigation," said de Stempel. "It is very targeted and very proportional... and it deals only with data from the past, that we already have in our systems."

A typical routine, said Feather, is for police to request an ISP to keep a particular piece of data that would otherwise be deleted after a couple of days. "They say, 'We'll go and get the paperwork -- can you keep it for us?'" said Feather.

Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.