Archived Content

The following content is from an older version of this website, and may not display correctly.

Telcos and internet service providers (ISPs) in the UK will be required by law to keep ‘relevant internet data’ as well as other communications data under draft new anti-terrorism legislation now before parliament.

ISPs will be required to retain information detailing the IP addresses of internet users.

The Counter-Terrorism and Security Bill was put before the UK parliament this week. IP addresses are assigned to each device that connects to the internet and are used to ensure web traffic reaches the device of the user that requests the content.

Theresa May said that the new data retention plans would be just a part of the new powers that law enforcement bodies need to combat terrorism and other serious crimes.

Keeping track of us all
"The terrorism legislation that we are going to be introducing will cover a number of issues because we have been looking at what further capabilities we need to deal with the increased threat that we now see," May said. "One of them is this issue of IP addresses identifying the users of certain access to the internet. This is in step but it doesn't go all the way to ensuring that we can identify all the people we need to.

"Even with these IP addresses being within the legislation, it will still be the case that the National Crime Agency, CEOP and others will still not be able to identify everybody who is accessing illegal content on the net," she said.

The issue of data and surveillance has proved perennially controversial. The UK government abandoned its 2012 proposal, the  Communications Data Bill, also known as the Snoopers' Charter, despite support from some law enforcement agencies, following a backlash by privacy campaigners.

However a new Data Retention and Investigatory Powers (DRIP) Act was passed by parliament in July. The Act enables the UK home secretary to force public telecommunications operators to store 'communications data' if they consider the data retention is "necessary and proportionate" to help law enforcement agencies detect and prevent terrorism and other serious crimes or for serving other limited purposes specified under the existing Regulation of Investigatory Powers Act.

According to legal technology experts Pinsent Masons 'Communications data' concerns the traffic data surrounding phone and internet communications, such as the source of a communication, its destination, date, time, duration and type. They do not relate to the content of communications, which is protected by other laws. Under the Act, telecoms companies could be asked to store this ‘meta’ data for up to a year.

The new rules could allow the government to compel operators based outside of the UK, as well as internal operators, to comply with data retention orders made through the new rules.

The DRIP Act is the subject of an ongoing legal challenge brought by civil rights campaigners Liberty on behalf of two MPs, David Davis and Tom Watson.

According to the new Bill, 'relevant internet data' is defined as "communications data which relates to an internet access service or an internet communications service" and which "may be used to identify, or assist in identifying, which internet protocol address, or other identifier, belongs to the sender or recipient of a communication (whether or not a person)".

'Relevant internet data' is not considered to be data that "may be used to identify an internet communications service to which a communication is transmitted through an internet access service for the purpose of obtaining access to, or running, a computer file or computer program" and which telcos either generate or process when "supplying the internet access service to the sender of the communication (whether or not a person)".

The new provisions, if enacted, are planned to be temporary and repealed at the end of 2016. The coalition government wants to fast-track the legislation through parliament with little or no discussion.

Who pays and does it work?
One of the questions it opens up but leaves unanswered is: ‘Who pays the storage costs of this vast amount of information - the government or the hosts who are being asked to ‘keep’ this data?" If the ISPs and telcos cannot store the enormous amount of data churned out will GCHQ or the UK Government’s ally the USA National Security Agency offer to store it for them?

The new data retention obligations would "allow relevant authorities to link a public internet protocol (IP) address to the person or device using it at any given time. While telcos have to "keep allocated IP addresses" under the DRIP Act already, the use of this data for any criminal or anti-terror action has been widely criticised as it is not sufficient to identify who made a connection where an IP address is shared.

"Communications data has played a significant role in every security service counter-terrorism operation over the last decade," the government said. "Enabling the retention of relevant internet data will close one element of the gap in the retention of communications data by communications service providers, thereby helping law enforcement agencies to carry out their functions."

Concerned observers have pointed out that the government (and social media sites) have already got detailed information which is being used against recent home-grown terrorists, but often MI5 has either missed the relevance or, in the case of Lee Rigby’s killers, actually released them from custody to kill.

It is for these reasons that some civil liberties campaigners are against giving the authorities carte-blanche to hoover up vast pools of data which, given previous examples, they will be unable to intelligently interrogate.