Home Secretary Charles Clarke has acknowledged the fears of ISPs over new data retention legislation, and called for a continuing dialogue between government and industry to "understand the business point of view". But the Home Office continues to resist calls to give the Internet industry a legal guarantee that they will be reinbursed for increasing costs of compliance with the new law.
The data retention directive that the UK, Ireland and Sweden pushed into EU law last month means that telecommunications companies and ISPs will have to save information about customers' phone calls and electronic communications for up to two years.
The scope of data to be retained has been expanded to include the geographical location of parties sending and receiving communications, which ISPs say has greatly increased the burden on them.
Speaking at the Internet Service Providers Association annual parliamentary advisory forum in Westminster on Tuesday night, the Home Secretary said he recognised ISP's concerns that their economic competitiveness would be affected by having to store data, and that the need for compliance would affect technological development.
"ISPs are working in a highly competitive marketplace, and are rightly concerned with this legislation," he said. "They have two concerns: economic constraints on competitiveness, and constraints in developing technology [caused by this directive]," Clarke said. "We want to work with industry closely to carry forward this legislation. We look forward to working with you, and need dialogue to understand the business point of view."
Clarke said the Government was not prepared to backtrack on the legislation, as it was needed to combat serious crime. "This is the massive imperative we face: if we try to fight terror or serious organised crime, we are dealing with criminals who have sophisticated and up-to-date technology to achieve their aims. We combat this by collecting intelligence. The bottom line is, we must try and use information to contest crime. We're not prepared to drop that."
ISPs are concerned about the costs of both retention and retrieval, particularly because there is no codified model for paying them.
"There is a concern that the directive makes no provision for reimbursement to ISPs for extended data retention. Data retention is not simply about disk drives. The development, management, and security costings must be taken into account," said Emeric Miszti of Tiscali.
Currently, ISPs negotiate individually with the government for data retention costs. Simon Watkin, a Home Office official working with the covert investigation policy team and the crime reduction and community safety group, said that no formal model for payment was needed. At present, some ISPs are being reimbursed by the government.
"Do we need a model for payment? At the moment our discussions are bespoke to providers. We want to carry on what we've been doing, covering the costs of our volunteers. Costs are different for different people, and at the moment some of the big people cover costs themselves," said Watkin.
The Home Office also recognised that the development of technology may affect the legislation, and that the legislation may affect the development of technology.
"Our toughest problem is future-proofing, as there will be a massive change in technology. We request that all engage with us," said Clarke.
Richard Allan, head of government affairs at Cisco and former Liberal Democrat MP, asked the Home Secretary for an assurance that businesses that don't already retain data won't have to in the future.
"I can't give an absolute commitment to that because it is unclear to what extent, how, and when systems will be extended. Businesses may have to configure new systems to conform to the directive," said Clarke.