UK police ask for traffic data from ISPs

The National Hi-Tech Crime Unit has asked ISPs to retain communications data for the next month, to aid the US terrorist investigations

British Internet Service Providers (ISPs) have been asked to preserve all communications data held on their systems from the day of the attacks on the World Trade Center in anticipation of an FBI request for intelligence.

The National Hi-Tech Crime Unit (NHTCU) has asked UK ISPs to retain all traffic data for the next month, in order to assist with the terrorist investigations. The request refers only to logs of emails sent and received since 11 September -- a separate interception warrant would be needed to access the content of the emails.

The NHTCU has offered its assurance that this is a precautionary measure, and will only access the information in accordance with specific legal authority. A spokeswoman at the ISP Association said: "We believe that the request is legal and proportionate."

The Data Protection Act usually prevents ISPs from retaining data about their customers, despite ongoing efforts by the European Council to force communications providers to keep records of all voice and data communications of their citizens for up to seven years. Under current data protection principles, traffic data can only be retained for 30 days -- the current legal period deemed acceptable for billing purposes. The data then has to be erased or made anonymous as soon as this need is fulfilled.

"There is a provision in the Act for anything which affects national security -- which would probably be applicable now considering the extreme circumstances, and that people are talking about going to war," said Jonathan Bamford, assistant information Commissioner. "In the very least, a crime has been committed -- and exemption from the Act would come into play in any instance where the disclosure of traffic data is likely to prejudice the prevention or detection of crime."

Data controllers are not legally obliged to hand over the requested traffic data at this stage, but a court order or the interception powers written into Regulation of Investigatory Powers Act (RIPA) could be enforced if necessary. It is, however, unlikely that ISPs will stand in the way of attempts to gain intelligence on the horror of last week's terrorist attacks on New York and Washington. Last Wednesday, a spokesman at AOL UK confirmed, "if the authorities come to us with the appropriate paperwork requesting information, we will comply."

American ISPs are already cooperating with FBI investigations into the terrorist attacks. Last week AOL and EarthLink confirmed that they had handed over the relevant traffic logs.

See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.