Internet service providers will have to retain details of Internet
communications, including e-mail, under U.K. law which came into force on
Retention (EC Directive) Regulations 2009 require service providers to
retain details of user Internet access, e-mail and Internet telephony for 12
months. ISPs must also be able to respond to access requests by law enforcement
and other designated authorities.
The details of U.K. citizens' communications to be retained include which
Web sites people have visited or attempted to visit; the sender, recipient, date
and time of e-mails; and the caller and recipient of Internet telephone
In addition, the regulations state that telecommunications companies must
also retain details of all fixed and mobile telephony usage, including the
geographical location of the caller.
These regulations supercede the Data Retention (EC Directive) Regulations
2007, which required fixed and mobile telephony data retention, but did not
require the retention of Internet communications.
Privacy campaigner Simon Davies, director of Privacy International, told
ZDNet Asia's sister site ZDNet UK on Monday that data preservation, in which ISPs and telcos retain the
data of specific suspects rather than of all citizens, would have been "less
privacy intrusive and achieves the same objectives".
"It's not necessary to retain all of that data," he said.
Davies noted that retention of data could lead to local authorities
using that data in a similar way to their use of the Regulation of Investigatory
Powers Act (RIPA). Local government has been criticized by various agencies,
including the U.K. Home Office, for using the legislation to monitor
people putting their bins out, or dog-fouling.
"Once the data is held under this particular regime, you will probably find
it will be used for a whole range of other purposes, just as RIPA has been,"
Davies said. "With data preservation, what would not have occurred is the gross
infringement of local authorities using that data to investigate dog-fouling or
Davies added that public trust in government may be eroded if communications
data is misused by local authorities.
The Home Office said in a statement on Monday that it does not want to
see data retention or RIPA powers "being used to target people for putting their
bins out in the wrong day or for dog-fouling offences". However, legitimate
actions would include local authorities using data to target "dodgy traders",
fly tippers and noisy neighbours, the Home Office said.
Currently, covert surveillance, such as accessing the data retained under the
Retention (EC Directive) Regulations 2009, can be authorized in local
authorities by junior executive officers. The Home Office said it is considering
raising the level of authorization to senior executives, with possible oversight
by elected councillors.
Home secretary Jacqui Smith said in December that the Home Office
would consult on use of RIPA. This consultation would occur "shortly", the
Home Office said.
The HomeOffice statement added that retention of communications data was
necessary as a crime-fighting and anti-terrorist tool. "This data is a vital
tool to investigations and intelligence gathering in support of national
security and crime," the statement said. "Communications data allows
investigators to identify suspects, examine their contacts, establish
relationships between conspirators and place them in a specific location at a