Information Commission lambasts anti-terror bill

Sweeping measures to retain communications data for law enforcement purposes have been branded "unnecessary" by the Office of the Information Commissioner, along with the warning that such provisions are likely to infringe the Human Rights Act.

Traffic data collected under the voluntary Code of Practice will include an individual's geographical location determined through their mobile phone; the sender and recipient information from emails; a complete log of a person's Internet sessions, including their IP address; and the address of all Web sites they have visited. The intelligence would provide a complete map of a person's private life, according to the Foundation for Information Policy Research (FIPR) think tank.

The Home Office has included a provision within the Anti-Terrorism, Crime and Security Bill for communications data to be retained by service providers under a voluntary Code of Practice. But the information commissioner, Elizabeth France, has severe reservations about the proposal's compliance with Article 8 of the Human Rights Act, and is wary of implementing a voluntary mechanism that will be replaced with an imposed order if unsuccessful.

"Part 11 isn't necessary, and if it is necessary it should be made clear why," said Jonathan Bamford, assistant commissioner to the information commissioner. "It would be far better to specify the retention period in some statute rather than a voluntary code of practice, which may or may not be followed." Clause 102 of the Anti-Terrorist Bill states that if the voluntary scheme proves ineffective, the Secretary of State will be able to force communications service providers to retain data.

Under the existing Data Protection Act 1998, a communications provider must only retain traffic data for the length of time necessary for legitimate businesses purposes. This law already contains a provision for cases of national security, where personal data may be stored for longer periods of time in order to assist in the prevention or detection of crime. The Human Rights Act emphasises the need to interfere with individual's rights only in limited circumstances, and Article 8 safeguards a person's right to respect for private and family life.

"There is no pressing need for data retention powers for national security purposes," said Bamford. "Law enforcement officers have had no difficulty accessing data for (investigation of the) 11 September attacks -- communications providers have the data, and law enforcement officers have been able to decide what they need. We need to look at the real evil being addressed here."

The Office of the Information Commissioner is concerned that law enforcement officers will use the new retention measures on a day-to-day basis for minor criminal investigations. "Careful consideration must be given to ensure that the provisions are appropriate to addressing these more rountine needs," said France.

The communications data will be accessible under Chapter II of Part I of the Regulation of Investigatory Powers Act (RIPA) that is shortly to come into force, which makes it possible for law enforcement officers to access traffic data without a court order for the purposes of detecting crime and disorder, protecting public health and safety, and collecting tax, as well as for cases of national security.

See the Internet News Section for full coverage.

Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Surveillance News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Telecoms forum.

Let the editors know what you think in the Mailroom. And read other letters.