Out-Law News 1 min. read
07 Aug 2008, 6:14 pm
In 2003 Parliament agreed a code of practice for the retention of communications data by the telecoms industry. The Anti-terrorism, Crime and Security Act (ATCSA) of 2001 and the EU's 2007 Data Retention Directive both made it possible for the Government to pay grants to service providers to cover the cost of keeping that data though they did not demand payment.
Security minister Admiral Lord West has released information about the amounts the Government has paid in grants to telcoms firms for keeping that data.
In 2007 10 grants were made totalling £8.3 million. In the first year of the scheme, 2004, four grants were made which accounted for just £84,582 in total. In the first seven months of this year £4.1 million was paid out in five grants.
The average grant size was £17,000 in 2004 and rose to £830,000 by 2007.
Security researcher Richard Clayton obtained the figures from the Home Office after he said they were not published alongside the Parliamentary answer in the record of debates, Hansard.
When he published the figures on an IT security mailing list, Clayton suggested an explanation for the increase in average grant.
"What you're seeing is much larger entities obtaining money for data retention," he wrote on UK Crypto. "Note that this is in the run up to the time when the mobile companies and telcos had to move to retaining data for a year; whereas one might suspect that 2004 was all about tiny little ISPs."
The EU's Data Retention Directive orders countries to pass laws ordering telecoms companies to keep information about phone calls and internet access. Countries can choose to mandate a retention period of anywhere between six and 24 months.
From 2007 onwards the Government issues some grants which it says are related to ATCSA and some which it said are related to the EU Directive.
"In October 2007, the Data Retention (EC Directive) Regulations 2007 came into force and many former ATCSA grants payments are now made under those regulations," said its Parliamentary statement.
The information gathered by the Government when it makes requests for this data relates only to what connections have been made over networks, not the content of phone calls or internet sessions.
The Government is said to be considering creating its own database of connections information, though a proposed database has not yet become Government policy.
Privacy and data security activists and experts have opposed the move, fearing that a single Government controlled database would be vulnerable to attacks or errors leading to information leaks.
