As expected the UK government has used today’s Queens Speech (State Opening of Parliament) to outline the revival of a £2bn plan to expand the reach of existing ISP based internet snooping laws (data retention) to log a much bigger slice of your online activity (e.g. Skype and Facebook access); regardless of whether or not you ever committed a crime.
It’s critical to point out that the current Regulation of Investigatory Powers Act 2000 (RIPA) and EU Data Retention Directive already requires ISPs to maintain a log of your internet website and email accesses (times, dates and IP addresses [sender / recipient]) for 12 months, which is only accessible via an interception warrant. But this does NOT include the actual content of your communication.
The Queen Said:
“My government intends to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public, subject to scrutiny of draft clauses.”
The new Communications Capabilities Development Programme (CCDP), which was originally called the Interception Modernisation Programme (IMP) under the previous Labour government (before a backlash of criticism forced it to be shelved), seeks to go a lot further by extending the current requirement to include real-time access to logs for social networking sites (e.g. Facebook, Twitter), online video games (e.g. World of Warcraft chat logs), Instant Messaging (e.g. MSN) and internet phone services (e.g. Skype).
Furthermore the new rules also threaten to log the address (URL) of your website visits too (it’s unclear whether this will include full URLs or stop at the domain name), which is highly controversial because web addresses can contain sensitive personal data like names and phone numbers (e.g. http://example.com/signup.php?name=bob_riley&phone=12345); this would normally occur as part of a private process but could still be logged by the government’s system.
Jim Killock, Executive Director of the Open Rights Group (ORG), said:
“These plans will turn the Internet into a vast surveillance tool. From a beacon of freedom, the net could become an instrument of creeping control.
The plans treat every citizen as a suspect, and then ask us to trust that government employees will do no wrong.
We expect the plans to endanger whistleblowers and journalists’ sources. We need stricter safeguards, not easier access. Police sign offs for data access is simply too weak.”
The security services (MI5, MI6 etc.) are understood to have lobbied hard for the revival of these measures, although the changes will at least be “subject to scrutiny” (debated) and a warrant is still required to access the content. As already known, there will also be no central government database. Instead ISPs will be responsible for maintaining a local log of such activity, which might require new kit to facilitate the stricter requirements (the costs of this could be at least partly funded by the government).
More details should be revealed when the full Draft Communications Bill is released. Meanwhile criminals will probably adopt more effective VPN and encryption methods to avoid detection.