How the UK plans anti-terror phone, email monitoring

The UK -- according to reports -- is to follow suit with its American cousins in H.R. 1981, by aiming to force ISPs and phone companies to retain communications data for one year.
Written by Zack Whittaker, Contributor

If you haven't heard of H.R. 1981, it wouldn't surprise many.

Overshadowed by the SOPA and PIPA bills that went before Congress, shortly before they were shelved, H.R. 1981 aims to keep track of Internet users' activities for one year in case it proves useful for law enforcement.

Also known as the "Protecting Children From Internet Pornographers Act 2011" from the same Rep. Lamar Smith, it was approved by a House committee last year, in what would be the most privacy invasive bills the U.S. Congress has supplied to date.

And now the British want a go at it.


A new anti-terrorism plan, as uncovered by the Telegraph, would force phone companies, mobile operators, and Internet providers to store phone calls data, text messages, emails and traffic data for a year, in a bid to prevent terrorism and fight crime.

The domestic security service MI5, the foreign intelligence service MI6, and the signals and electronics eavesdropping agency GCHQ are all thought to be working on the plans with the UK Home Office.

The report --- which did not cite sources --- said that security and intelligence services in the UK would have "real-time" access to data. The phone companies and broadband providers would have to store the data themselves, but there are no immediate plans for a centralised database.

It is not clear whether social media or international calls will also be monitored under the plans. However, it was revealed last month that the U.S. FBI is looking to monitor all public information posted on social networks, such as Facebook, Twitter, and MySpace.

While the company-stored databases would not record the contents of calls, texts or emails, the numbers and the contacts addresses in emails would be stored --- once again referring to the "contact not content" rule that intelligence services are interested in.

The UK government has been working on this proposal for two months, and could be announced as soon as May, the newspaper notes.

The UK's Home Office and the Ministry of Justice declined to comment at the time of publication. But let's take a look at the logistics and practicalities of this.

In a nutshell: it's entirely possible. Considering we do not have a constitutionally bound Fourth Amendment which would guard against unreasonable searches, should it reach enough opposition, it could still not make it through Parliament.

Let's say that it does, however.

Under current legislation, the Regulation of Investigatory Powers Act (RIPA) 2000 is used to acquire data, in a similar fashion to the U.S.' Patriot Act.

There are two key ways for a UK law enforcement agency or intelligence service to acquire user data, depending on that kind of data --- without court order --- by way of using RIPA.

The "interception of a communication" allows wiretaps and the interception of communications, and is often reserved for issues relating to national security. The only ones allowed to do this are the intelligence services, MI5, MI6, GCHQ, and the almighty powerful HM Revenue and Customs, the UK's tax and customs enforcement agency, and some select others. This method requires the authorisation from the Home Secretary, and does not require a court order.

The "use of communications data", however, is a lot looser and less defined, and allows a broader scope of data acquisition under the heading of "the purpose of preventing or detecting crime or of preventing disorder". It allows only the information about a communication to be collected, not the contents of that communication, as described above. This method requires the authorisation of only a senior member of that authority, and does not require a court order.

As you can see from Wikipedia's exhaustive list of organisations --- some of which you may not even know exist --- it allows dozens of names of government agencies, and even more localised police forces, to invoke RIPA to access such communications data without due judicial process.

While there is due process, and the RIPA process is carefully monitored, audited, and regulated, it still does not require a judicial body, such as a court, to oversee the process of data acquisition by law enforcement bodies or intelligence agencies.

If you thought H.R. 1981 was bad, spare a thought for your British cousins across the pond.

Image source: No Life Before Coffee/Flickr.


Editorial standards