Computerworld

UK to push for law to retain all communications data

ISPs would be required to retains data for online services they don't directly provide
  • Jeremy Kirk (IDG News Service)
  • 10 November, 2009 07:51

The U.K. government said Monday it plans to push for a law requiring service providers such as ISPs to retain data about instant messages, e-mail and other electronic communications.

The government argues that knowing the participants, timing and method of a communication -- but not its contents -- is vital in protecting the public from serious crime and terrorism.

"It is a highly technical area and one which demands a fine balance between privacy and maintaining the capabilities of the police and security services," according to a statement attributed to David Hanson, minister of state for security, counter-terrorism, crime and policing.

“We will now work with communications service providers and others to develop these proposals and aim to introduce necessary legislation as soon as possible.”

The government formulated its position after it asked public authorities, private companies and the public for their views on how communications data should be collected, under what authority and how it should be stored.

Showing the deep concerns about privacy among the British public, some 90 respondents out of 221 did not answer the questions on the basis that they were opposed to any kind of surveillance imposed by the government.

Under the plan, the government would require service providers to retain all communications data, even that related to third-party services which are accessed using their networks.

The government says that existing European Union legislation -- the E.U. Data Retention Directive -- does not go far enough and only covers the services provided by the network provider. Under that directive, data must be retained for 12 months.

"This is a 'third-party' relationship, and the company providing the broadband access has no responsibility under the DRD to retain third-party data," according to the government's response to the consultation.

The data collected would be stored by the service providers and not in a central database. It hasn't been determined how long service providers would be required to hold the data.

Government authorities would be able to request data under the Regulation of Investigatory Powers Act of 2000, which mandates rules for accessing communications data.

It is expected service providers would have to spend as much as £2 billion (US$3.34 billion) to implement technology to comply with a new law requiring data to be retained.

"The government will work with communications service providers to develop solutions which minimize the potential disruption to their business," the government statement said.

The Labour government's data retention plan, however, could potentially be disrupted by an election. There isn't a fixed date for the next general election but it must take place before June 3, 2010, according to the Electoral Commission.

The Conservative Party is expected to pose a strong challenge to Labour, which has been in power for 13 years.