The Government announced 10 days ago that it would put a law
through Parliament that would make compulsory the recording of UK
internet usage and the keeping of the information for up to a
year.
It has now emerged that Home Office officials have proposed a
plan whereby that data would be stored by the Government in a
purpose-built database, and not by individual internet service
providers (ISPs). The plan has not been approved by ministers and
remains just one proposal, according to reports.
‘If the intention is to bring all mobile and internet records
together under one system, this would give us serious concerns and
may well be a step too far," said Jonathan Bamford, assistant
Information Commissioner. "We are not aware of any justification
for the state to hold every UK citizen’s phone and internet
records."
The Data Retention Directive is an EU law which orders the
monitoring and keeping of telecoms records for between six and 24
months to assist police investigations.
The UK has already implemented the Directive as it relates to
phone calls but the new law will implement it in relation to
internet usage, including email and internet telephony.
Only the facts about a communication – who sent it and who
received it, from where to where and at what time – will be
recorded, and not the content of the communication. The UK has
until 2009 to implement the Directive fully.
The idea has met with some concern in the wake of Government
data security breaches and the known challenges of operating any
database on such a massive scale. Privacy expert Dr Chris Pounder
of Pinsent Masons, the law firm behind OUT-LAW.COM, said that the
plan would involve greater central Government power and less
independent scrutiny.
"One advantage of a centralised database of telephone and email
contacts is that the Government would have control of costs. It
would not have to pay the telcos for data retention and all the
contentious arguments about retention costs are avoided," he
said.
"The downside is the risk of weakened supervision. For example,
under the now defunct Interception of Communications Act 1985, the
telcos could volunteer communications data to the authorities. This
was changed under the Regulation of Investigatory Powers Act
(RIPA), so that the telcos were obliged to provide communications
data on request by the authorities."
"However, each request under RIPA could be evaluated by the
telcos and they were in a position to query excessive requests,"
Pounder said. "Now, under the Government proposals, this limited
independent evaluation of each request would not occur."
The ICO is also worried about the amount of power over the
information that the move would give the Government.
"We have real doubts that such a measure can be justified, or is
proportionate or desirable," said Bamford. "Such a measure would
require wider public discussion. Proper safeguards would be needed
to ensure that the data is only used for the proper purpose of
detecting crime."
The Government's recent record on keeping personal data private
has not been good. HM Revenue and Customs lost 25 million people's
personal details in November, while a contractor to the DVLA lost
three million drivers' personal details in December. The Army has
also lost significant amounts of data from lost or stolen
laptops.
The telecommunications database would be one of a number
currently planned by the Government. If it becomes policy it will
join the ID
Card's audit trail database tracking the use of public
services, a children's database, a central repository of CCTV
images and a database of medical records.
Data protection training: find out about our
data protection training courses.
