The All Party Internet Group (APIG), currently comprising over
50 Members of Parliament and the House of Lords, launched a public
enquiry in November 2002 into the powers contained in the
Regulation of Investigatory Powers Act (RIPA), the Anti-Terrorism,
Crime & Security Act 2001 (ATCS), and their subsequent effect
on ISPs and communication service providers.
The legislation can require ISPs and telcos to preserve their
customers' communications traffic data for extended periods, and
gives law enforcement agencies broad powers to access such data for
the purpose of crime investigations and national security.
Communications traffic data include information such as web site
logs, e-mail addresses and dialled phone numbers, but not the
actual contents of communications.
In its report published yesterday, the APIG rejects the data
retention scheme proposed in the ATCS, claiming that the Government
has underestimated its costs, and that there are no incentives for
the industry to support it.
"We believe," the group commented, "that it will be very hard to
disburse money to the industry without significant market
distortion and the creation of financial barriers to market
entry."
The group also claims that it would not be practical to retain
all communications data "on the off chance that it will be useful
one day," and fears that the financial pressures would drive some
data processing systems abroad to escape regulation.
The report goes further to suggest that "there is significant
doubt that the whole scheme is lawful", and recommends "very
strongly" that the Home Office immediately drops its plans on
voluntary or mandatory data retention schemes.
The APIG recommends that "data preservation" would be a better
option. This is, according to the group, the term for obeying a
request for law enforcement to keep certain communications data
beyond the time when they would normally be destroyed or
anonymised.
This would mean that ISPs and telcos would be only required to
store data on individuals that police are currently investigating,
and that law enforcement would have to request such data in
advance.
The group argues that, although data preservation would still
impose a cost on the industry, this would be "considerably less
than a blanket data retention requirement."
Finally, the APIG recommends that the Government "urgently enter
into Europe-wide discussions to dismantle data retention regimes
and to ensure that data preservation becomes EU policy."
As regards RIPA, the report points out that the definitions of
different types of communications data are extremely complex, and
calls upon the Government to clarify the law's wording. No
conclusion is reached on which authorities should be given access
to communications data.
The ISPA, the trade association of UK ISPs, welcomed the report,
saying that "it has addressed the necessity and proportionality of
data retention."
The Home Office, on the other hand, said that it has not yet
interpreted the report, but there is not likely to be any change in
the law, according to a report by news agency Reuters.
The APIG report is available as a 42-page pdf at:
www.apig.org.uk/APIGreport.pdf
