» ISP News » 

Government Consults on Changes to Soften UK Internet Snooping Law

Thursday, November 30th, 2017 (4:24 pm) - Score 1,889

The Home Office has launched a consultation that proposes to make a number amendments to their controversial internet snooping Investigatory Powers Act 2016, which at the end of last year ran into trouble after the CJEU found that some aspects were not compatible with EU law.

The IPAct contains a variety of measures, such as one that forces broadband ISPs (e.g. BT, Sky Broadband, Virgin Media, TalkTalk) to retain basic Internet Connection Records on all of their subscribers for up to 12 months (e.g. details of all the websites / servers you’ve visited), which can then be supplied to a valid authority without a warrant (here). This occurs irrespective of whether you’re even suspected of a crime.

A preliminary Code of Practice, which was published last year, suggested that an ICR’s “core information” will most likely include the customer’s “account reference, a source IP and port address, a destination IP and port address and a time/date” (details), but it noted that some providers may be expected to collect even more than this. NOTE: Access to the content of a communication would still require a warrant.

Possible Interpretation of an ICR Log (Example)

Account ID
Date (Time) Source IP (You)
Destination IP:Port URL
1 19/01/2017 (12:01) omgfakeballz.com
1 19/01/2017 (13:12) ftp.faketest.co.uk
65 19/01/2017 (13:14) icanhasyourdata.net

However, at the end of last year the Court of Justice of the European Union (CJEU) threatened to deal a major blow to the IPAct, which it achieved by ruling that EU law does not allow “general and indiscriminate retention of traffic data and location data,” except for “targeted” use against “serious crime” (here). The civil rights group, Liberty, has also been pursuing the Government over this ruling (here).

CJEU Statement (Joined Cases C-203/15 & C-698/15)

EU law precludes a general and indiscriminate retention of traffic data and location data, but it is open to Members States to make provision, as a preventive measure, for targeted retention of that data solely for the purpose of fighting serious crime, provided that such retention is, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the chosen duration of retention, limited to what is strictly necessary.

Access of the national authorities to the retained data must be subject to conditions, including prior review by an independent authority and the data being retained within the EU

After a long wait the Home Office has today published a consultation in response to last year’s judgement and admitted that “some aspects of our current regime for the retention of and access to communications data do not satisfy the requirements of the CJEU.” The consultation also includes a number of proposed amendments and notes that some related areas are still the subject of on-going litigation, which may impact the outcome.

For example, the Home Office said that national security activities fall outside the scope of EU law and are not subject to the requirements of the CJEU’s judgement, which is still being disputed through the courts. This is quite a big catch-22 because all sorts of things, including “data for the statutory purpose of crime“, could be said to fall under the guise of national security and thus outside of EU law.

Otherwise most of the amendments appear to focus upon firming up the authorisation regime and improving oversight, which should make it harder to gain access to related data. But at the same time this doesn’t strictly appear to prevent the blanket retention of data by ISPs and telephone companies.

The Government’s definition of “serious crime” is also open to question (i.e. offences carrying a potential prison sentence of 6 months or more) and they note that the CJEU ruling did not seek to define this. The documents also reveal that communications data will no longer be collected for the purpose of public health, collecting taxes or regulating financial markets etc.

Basic Summary of Proposed Amendments

The Government has given careful consideration to the judgment and we are now consulting on proposed new safeguards to ensure we comply with the judgment while still allowing the police to use communications data to solve crimes, catch paedophiles and protect the public.

The new proposals include:

* The introduction of independent authorisation of communications data requests by a new body, known as the Office for Communications Data Authorisations, under the Investigatory Powers Commissioner Lord Justice Fulford. This body will be responsible for authorising the vast majority of communications data requests.

* Restricting the use of more intrusive communications data to investigations into serious crime.

* Additional safeguards which must be taken into account before a Data Retention Notice can be given to a telecommunications operator (e.g. setting up a new Office for Communications Data Authorisations (OCDA)).

* Clarification in the code of practice of when notification of those whose communications data has been accessed can occur.

* Additional guidance in the code of practice on the protection of retained data in line with European data protection standards.

A whole heap of tedious documents have been released to accompany and explain the many changes being proposed (see them all here), although some of them may only make sense to an experienced lawyer. Clearly not everybody is going to be convinced by the changes.

Jim Killock, Executive Director of Open Rights Group, said:

“The government has evaded the main point of the Watson judgment: they cannot keep data on a blanket basis.

Without narrowing what they keep to specific places, incidents or investigations, these changes will not meet the standards set by the courts.

Combined with the so-called Request Filter, which could be a power for a police search engine for retained data, this will remain an incredibly intrusive surveillance power, unparalleled in democratic countries.”

The consultation will now run until 18th January 2018 and it’s open to responses from telecommunications operators, postal operators, public authorities that have powers under the IPAct, as well as professional bodies, interest groups and the wider public.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
11 Responses
  1. Mike says:

    Just use a VPN…

    1. CarlT says:

      Meaning you completely trust some likely random company you have no comeback from to carry all your traffic and not retain and sell or otherwise misuse the records of it. Good call.

      Bar states where certain nominally harmless Internet usage can place a person in serious legal jeopardy, no, don’t use a VPN for ‘privacy’ considerations.

    2. Mike says:

      Unfortunately they are the times we live in, where a ‘random company’ is more trustworthy/safe than your own ISP.

    3. CarlT says:

      Exactly zero evidence to suggest that; quite the opposite given there are legal remedies open against the ISP, none against anonymous INTERNATIONAL VPN companies, but keep buying the tin foil 🙂

    4. Mike says:

      Data retention…

  2. dragoneast says:

    Another politicians’ magic bullet. When will we ever learn? (Never, I know; but do we have to get ourselves into an even bigger mess, all of the time?)

  3. CarlT says:

    Bloody EU coming over here, telling our government they should have at least some regard for privacy.

    1. Mike says:

      If the people of the UK want more snooping that should be their choice, are you against Independence and Democracy?

    2. CarlT says:

      Must have missed where the UK people were asked about this matter but you carry on with the Brexit obsession. Perhaps at some point you’ll look into what democracy is and maybe even what sovereignty actually is rather than listening to Leave.EU.

      PS: Played for and got.

    3. Mike says:

      I am a monarchist, but what I do know is that the EU isn’t really a democracy, you can choose which color rubber stamp, not the executive though.

  4. dragoneast says:

    Most of us would probably sell our own grandmothers (let alone our personal data) if we thought we could make a few bob out of it as well as, of course, leave the EU for the same reason.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Vodafone £19.50 (*22.50)
    Speed 38Mbps, Unlimited
    Gift: None
  • NOW £20.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • Hyperoptic £20.00 (*25.00)
    Speed 50Mbps, Unlimited
    Gift: Promo Code: BIRTHDAY10
  • Shell Energy £21.99 (*30.99)
    Speed 35Mbps, Unlimited
    Gift: None
  • Plusnet £22.00 (*38.20)
    Speed 36Mbps, Unlimited
    Gift: £60 Reward Card
Large Availability | View All
Cheapest Ultrafast ISPs
  • Gigaclear £24.00 (*49.00)
    Speed: 300Mbps, Unlimited
    Gift: None
  • Vodafone £24.00 (*27.00)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Community Fibre £25.00 (*27.50)
    Speed: 200Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: Promo Code: BIRTHDAY10
  • Virgin Media £28.00 (*52.00)
    Speed: 108Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3554)
  2. BT (3021)
  3. Politics (1937)
  4. Building Digital UK (1925)
  5. FTTC (1887)
  6. Openreach (1835)
  7. Business (1690)
  8. Mobile Broadband (1478)
  9. Statistics (1408)
  10. FTTH (1365)
  11. 4G (1276)
  12. Fibre Optic (1172)
  13. Virgin Media (1167)
  14. Wireless Internet (1159)
  15. Ofcom Regulation (1147)
  16. Vodafone (845)
  17. EE (834)
  18. 5G (770)
  19. TalkTalk (769)
  20. Sky Broadband (747)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact