» ISP News » 

UPD UK Government Publishes Details of its Draft ISP Internet Snooping Law

Posted Thursday, June 14th, 2012 (2:24 pm) by Mark Jackson (Score 3,768)
internet snooping uk

The government has today published a first draft of the Home Office’s revived Communications Data Bill, which seeks to expand the United Kingdom’s existing internet snooping laws (data retention) and force ISPs into logging a much bigger slice of everybody’s online activity (e.g. Skype access); irrespective of whether or not you’ve committed a crime.

The existing Regulation of Investigatory Powers Act 2000 (RIPA) and EU Data Retention Directive already requires broadband providers to maintain a very basic log of their customers internet and email accesses (times, dates and IP addresses) for 12 months, which does NOT include the content of your communication and only occurs after a specific request is made to the ISP (though most ISPs already keep simple short-term logs). The Home Office currently claims to receive half a million requests to intercept communications data every year.

By comparison the new bill (aka – Communications Capabilities Development Programme) has been widely expected to expand this by requiring ISPs to develop real-time access for logs of activity on social networking sites (e.g. Facebook, Twitter), online video games (e.g. World of Warcraft chat logs), Instant Messaging (e.g. MSN) and internet phone services (e.g. Skype). These logs would effectively be mandatory and not voluntary.

What does the new bill actually say?

The 123 page long bill itself replaces the dozens of currently available powers with a single piece of legislation and is thus a complex and extensive document that covers many areas. It is “estimated to lead to an increase in public expenditure of up to £1.8 billion over 10 years,” although some recent reports suggested that it might actually run into hundreds of millions, instead of close to the £2bn originally estimated. Regardless the bill itself continues to mention a figure of £1.8bn and anticipates that this will ultimately be outweighed by a benefit of £5bn – £6.2bn over the same period (it’s not clear how that was calculated).

ISPs can apparently expect to be “reimbursed for any costs of complying with [the] legislation“, yet few expect the government to fully honour this commitment. Similarly the government will not require every ISP to maintain the logs and an obligation would only be imposed “after detailed discussion and ministerial sign-off” (i.e. the biggest ISPs, such as BT, will have to comply but smaller ones might escape.. for now). It will be interesting to see whether or not people simply swap to smaller providers (many people already know how to avoid the snooping anyway).

Crucially ISPs can appeal to a technical advisory board under dispute procedures “if they feel requests made of them are unnecessarily onerous,” although in reality most ISPs would be poorly placed to make a judgement about such requests and thus it will be interesting to see whether this makes any tangible difference.

Home Secretary, Theresa May, said:

Communications data saves lives. It is a vital tool for the police to catch criminals and to protect children.If we stand by as technology changes we will leave police officers fighting crime with one hand tied behind their backs.

Checking communication records, not content, is a crucial part of day-to-day policing and the fingerprinting of the modern age – we are determined to ensure its continued availability in cracking down on crime.”

Restrictions

Theresa May has also been quick to point out that the new bill “will not enable unfettered access by the police to data about everyone’s communications“, require the creation of a new central government database to store all of its data (this idea was dropped three years ago anyway) or “provide the police and others with powers to intercept and read your emails, phone calls or check your contacts lists” (i.e. content of the communication).

Indeed the government are adamant that their bill will NOT “weaken current safeguards or checks in place to protect communications data” or “allow local authorities greater powers“. But clearly not everybody agrees.

ISPAs Secretary General, Nicholas Lansman, said:

ISPA has concerns about the new powers to require network operators to capture and retain third party communications data. These concerns include the scope and proportionality, privacy and data protection implications and the technical feasibility.

Whilst we appreciate that technological developments mean that Government is looking again at its communications data capabilities, it is important that powers are clear and contain sufficient safeguards.

We welcome the additional scrutiny the Bill will face in parliament and we will be seeking to address our key points during this process. ISPA will be working closely with its members over the coming months to ensure that the full breadth and range of industry is heard. We want to ensure that the proposals are clear, proportionate and fit for purpose.”

Jim Killock, Executive Director of Open Rights Group, said:

The government’s notes confirm that this is exactly what we expected: black boxes to intercept people’s traffic data, and poorly supervised police powers to get access to it.

Bluntly these are as dangerous as we expected, and represent unprecedented surveillance powers in the democratic world. China and Iran will be delighted.”

Access to the data

The bill states that communications data held by an ISP can only be accessed when authorised in law under the Data Protection Act 1998 or in pursuance of a court order / police warrant. Crucially it’s stated that senior “local authority” figures can no longer grant an authorisation for obtaining Traffic Data or “any communications data generated by a telecommunications operator“, unless the ISP specifically consents to it (note: the authority will usually still need to gain judicial approval first).

This still leaves access rights in the hands of Theresa May and the UK security services, which gives the government quite a bit of power to snoop.

What content will it cover?

At this point the bill starts to get a little more complicated and becomes difficult to simplify, although it defines three primary types of communications data – Traffic Data, Subscriber Data and Use Data. Suffice to say that the bill’s explanation for all of this covers many areas, largely as alluded to in the opening paragraphs, although they are still broadly focused on access logs rather than the content of your communication.

Naturally “Subscriber Data” is simply the personal details of an ISP or telephone operator’s related customer / client. The others are defined as follows.

“Traffic data” means data—

(a) which is comprised in, attached to or logically associated with a communication (whether by the sender or otherwise) for the purposes of a telecommunication system by means of which the communication is being or may be transmitted, and
(b) which—
(i) identifies, or purports to identify, any person, apparatus or location to or from which the communication is or may be transmitted,
(ii) identifies or selects, or purports to identify or select, apparatus through which, or by means of which, the communication is or may be transmitted,
(iii) comprises signals for the actuation of apparatus used for the purposes of a telecommunication system for effecting (in whole or in part) the transmission of the communication,
(iv) identifies, or purports to identify, the time at which an event relating to the communication occurs, or
(v) identifies data as comprised in, attached to or logically associated with the communication. The references in this subsection to a telecommunication system by means of which a communication is being or may be transmitted include, in relation to data comprising signals for the actuation of apparatus, any telecommunication system in which that apparatus is comprised.

(3) Data identifying a computer file or computer program access to which is obtained, or which is run, by means of the communication is not “traffic data” except to the extent that the file or program is identified by reference to the apparatus in which it is stored

“Use data” means information—

(a) which is about the use made by a person—
(i) of a telecommunications service, or
(ii) in connection with the provision to or use by any person of a telecommunications service, of any part of a telecommunication system, but
(b) which does not (apart from any information falling within paragraph (a) which is traffic data) include any of the contents of a communication.

Readers of ISPreview.co.uk are likely to be most interested in Traffic Data as that covers most of what the new bill will log in terms of your online activity. The coverage is fairly broad, albeit once again avoiding the actual content of your communication (e.g. the subject line of an e-mail or the email message itself).

However the bill does mention that it considers “website addresses” to be part of its remit, yet does not clearly define whether this is just an IP address, domain or includes full URLs (the latter is unlikely but not fully ruled out). This could be highly controversial because web addresses can contain sensitive personal data like names and phone numbers (e.g. http://example.com/signup.php?name=bob_riley&phone=12345), which would normally occur as part of a private process but could be logged.

Overall the new bill, which will be debated by ministers and peers prior to a report in November 2012, still risks running contrary to the coalition governments own May 2010 commitment to “end the storage of internet and email records without good reason“, which has now become a somewhat ironic reference to the previous Labour government’s seemingly identical (Interception Modernisation Programme).

Not to mention that the now Prime Minister, David Cameron, said before the general election that “if we want to stop the state controlling us, we must confront this surveillance state“. Perhaps “confront” was a mistype for “expand“.

Draft Communications Data Bill (PDF)
http://www.official-documents.gov.uk/document/cm83/8359/8359.asp

UPDATE 15th June 2012

Some new comments have come in that are worth reading, added below.

Chris Rogers, Operations Director at ISP Fluidata, said:

Since the Queen’s Speech last month we’ve heard a lot of complaints from ISPs about how much the proposed Communications Bill is going to cost them and how it’s going to invade privacy. The draft legislation released today makes it clear the government will fund the work that needs to be carried out to comply with the legislation, so ISPs shouldn’t be out of pocket, but the taxpayer will be.

The draft also has a lot of content about safeguards, and these are more robust than those afforded by the 2000 RIPA legislation and shouldn’t represent any more of a threat to most online users or their privacy. But we have to wonder how effective it will be in catching serious criminals, as there will always be ways for determined people to get around the system. People will seek to encrypt their activities online, or hack into other networks in order to communicate from there, making themselves untraceable.

Of course the draft does bring the existing snooping powers into the current day, tackling data communications over a wide range of methods including social messaging, VoIP and gaming platforms. In the fight against crime most people would agree that is a sensible update to the law, but the government hasn’t done a very good job in allaying public fears or dispelling the rumours and misconceptions so far.

Obviously police forces need to be able to investigate effectively, but the question remains will what is being proposed actually help catch serious crime or will it instead alienate the majority of innocent users? There is also the nagging fear that powers granted are the ‘thin end of the wedge’. Once the systems are in place to collect, log and analyse data then it is easier to later relax safeguards, or revisit the centralised government database plan. As an industry we need to watch the situation closely and ensure that none of the safeguards are watered down or dropped by parliament in the new legislation. But regardless, once powerful snooping systems have been deployed they could end up being the building blocks for all-seeing snooping in the future.”

John Wotton, Law Society President, said:

The proposals are highly intrusive and raise important legal and technical concerns. The plans, if enacted, will mean organisations being compelled to collect information about their users that they wouldn’t have previously had a reason to capture, using technology mandated by and for the purposes of the Home Office.

There are practical concerns with the provisions as well. They must be workable and proportionate. However, the Information Commissioner’s Office has, for example, already pointed out that in order to ensure the security and destruction of retained personal information it will need enhanced powers and additional resources. Such practical considerations are fundamental to making a reality of legal rights.

There are some aspects of the Draft Communications Data Bill that we welcome. It is encouraging to see the recognition of the principle that prior judicial approval should be obtained before certain authorisations to obtain the data take effect. This safeguard may need to be extended and further thought given to ensuring that confidential communications between solicitors and their clients are protected from disclosure.

We agree with the Home Secretary’s comment that the provisions in the Bill need to be “fully considered and understood” before the formal legislative process begins and we are therefore encouraged that it will be subject to pre-legislative scrutiny by a Joint Committee of both Houses. We hope that this will be a rigorous and wide-ranging exercise to which the Law Society and its members can contribute.”

Delicious
Add to Diigo
Add to Slashdot
Leave a Comment
8 Responses
  1. I love how a supposed Democratic and a state with human rights laws. wants to spy on peoples data. Now they can stop accusing iran and china of breaching human rights online as they do the same.

    And how typical of them to use the excuse of child protection and anti-terror. its not the ISP’s reponsibility to protect children. nor is it the states. its the parents in question.

    • Timeless

      well the current government are continuing to do what they do best… making U-Turns…so far every promise they made in their mementoes that they have made has turned into a lie.

  2. Bob2002

    I’ll make a couple of predictions – firstly these powers will be almost entirely used against people who aren’t terrorists or paedophiles, and secondly there will be new rules that are designed to stop people using things like VPN or TOR to keep their personal information private.

  3. Agrajag

    I can understand why the security services need to spy on criminals and terrorists, but telling them that their internet communications ARE being monitored, means that they will take appropriate precautions, which isn’t difficult TBH.

    Telling a group of people that you are spying on them seems self defeating to me.

  4. Gofast

    I wonder if those responsible for this nonsense have considered the logistics of storing and reading all the data they would be collecting?

    If this is passed I bet the Royal Mail sees a huge increase in deliveries.

    • Timeless

      those responsible used shelving the idea as an election promise.. now look what they have U-Turned on this time.

  5. Save the children!

    Whenever the government wants their way, they’ll claim it’s for the children and your personal safety. Sure, it likely does protect both instances somewhat, but it’s far from the main bullet point of what they want the bill to achieve. No one wants to be spied on, everyone with common sense knows that, yet it keeps on being pushed. They’re not incompetent innocent old fools who know nothing about the internet trying to do good. They know full well the outcome of these types of decisions. Drip, drop, drip, drop goes your freedom. Nothing to see here. Terrorism.. it’s pretty funny. You wouldn’t get it though, it’s a private joke.

    • Timeless

      in all honesty the best l can see happening is more criminalisation with weekly arrests for small things like accidentally visiting a page deemed questionable.. creeping censorship all in the name of protection.

      however what we will get is laptops left on trains with our personal details and daily lives on, or stolen flash drives from buildings which should have better security.. my bet is that once everyone knows allot will just leave the net all together or find other means to protect themselves from this and render this legislation completely useless. however regardless of how you look at this all this legislation will achieve is making more law abiding citizens into criminals while the REAL criminals continue to commit crimes.

      besides, no matter how you look at this.. they have already shot themselves in the foot.. you want to use surveillance to catch criminals then you dont begin with a press release telling them you will, after all its the most simple way to push them onto other mediums of communication.

IMPORTANT: Javascript must be enabled to post (most browsers do this automatically). On mobile devices you may need to load the page in 'Desktop' mode to comment.


Comments RSS Feed

* Your comment might NOT appear immediately (the site cache re-syncs periodically) *
* Comments that break site rules, SPAM, TROLL or post via fake IP/anon proxy servers may be blocked *
Promotion
Cheapest Superfast ISPs
  • Sky Broadband £17.40 (*27.40)
    Up to 38Mbps (25GB)
    Gift: None
  • SSE £21.00 (*41.00)
    Up to 38Mbps (Unlimited (FUP))
    Gift: None
  • PlusNet £20.49 (*30.48)
    Up to 38Mbps (Unlimited (FUP))
    Gift: None
  • Hyperoptic £21.00 (*38.00)
    Up to 100Mbps (Unlimited)
    Gift: None
  • Pop Telecom £23.99 (*33.99)
    Up to 38Mbps (100GB)
    Gift: None
Prices inc. Line Rental | View All
Poll
* Javascript must be ON to vote *
The Top 20 Category Tags
  1. BT (1472)
  2. Broadband Delivery UK (1093)
  3. FTTC (954)
  4. FTTP (874)
  5. Politics (730)
  6. Openreach (674)
  7. Statistics (630)
  8. Fibre Optic (624)
  9. Business (618)
  10. Mobile Broadband (558)
  11. Wireless Internet (490)
  12. Ofcom Regulation (464)
  13. 4G (448)
  14. Virgin Media (416)
  15. FTTH (369)
  16. Sky Broadband (348)
  17. TalkTalk (327)
  18. EE (281)
  19. Security (242)
  20. 3G (219)
New Forum Topics
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Promotion

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules