Home
 » ISP News » 

Government Consults on Changes to Soften UK Internet Snooping Law

Thursday, November 30th, 2017 (4:24 pm) - Score 793
internet spying eye

The Home Office has launched a consultation that proposes to make a number amendments to their controversial internet snooping Investigatory Powers Act 2016, which at the end of last year ran into trouble after the CJEU found that some aspects were not compatible with EU law.

The IPAct contains a variety of measures, such as one that forces broadband ISPs (e.g. BT, Sky Broadband, Virgin Media, TalkTalk) to retain basic Internet Connection Records on all of their subscribers for up to 12 months (e.g. details of all the websites / servers you’ve visited), which can then be supplied to a valid authority without a warrant (here). This occurs irrespective of whether you’re even suspected of a crime.

A preliminary Code of Practice, which was published last year, suggested that an ICR’s “core information” will most likely include the customer’s “account reference, a source IP and port address, a destination IP and port address and a time/date” (details), but it noted that some providers may be expected to collect even more than this. NOTE: Access to the content of a communication would still require a warrant.

Possible Interpretation of an ICR Log (Example)

Account ID
Date (Time) Source IP (You)
Destination IP:Port URL
1 19/01/2017 (12:01) 84.56.232.71 123.45.62.86:80-HTTP omgfakeballz.com
1 19/01/2017 (13:12) 84.56.232.71 65.123.45.90:21-FTP ftp.faketest.co.uk
65 19/01/2017 (13:14) 84.79.130.47 190.45.62.86:80-HTTP icanhasyourdata.net

However, at the end of last year the Court of Justice of the European Union (CJEU) threatened to deal a major blow to the IPAct, which it achieved by ruling that EU law does not allow “general and indiscriminate retention of traffic data and location data,” except for “targeted” use against “serious crime” (here). The civil rights group, Liberty, has also been pursuing the Government over this ruling (here).

CJEU Statement (Joined Cases C-203/15 & C-698/15)

EU law precludes a general and indiscriminate retention of traffic data and location data, but it is open to Members States to make provision, as a preventive measure, for targeted retention of that data solely for the purpose of fighting serious crime, provided that such retention is, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the chosen duration of retention, limited to what is strictly necessary.

Access of the national authorities to the retained data must be subject to conditions, including prior review by an independent authority and the data being retained within the EU

After a long wait the Home Office has today published a consultation in response to last year’s judgement and admitted that “some aspects of our current regime for the retention of and access to communications data do not satisfy the requirements of the CJEU.” The consultation also includes a number of proposed amendments and notes that some related areas are still the subject of on-going litigation, which may impact the outcome.

For example, the Home Office said that national security activities fall outside the scope of EU law and are not subject to the requirements of the CJEU’s judgement, which is still being disputed through the courts. This is quite a big catch-22 because all sorts of things, including “data for the statutory purpose of crime“, could be said to fall under the guise of national security and thus outside of EU law.

Otherwise most of the amendments appear to focus upon firming up the authorisation regime and improving oversight, which should make it harder to gain access to related data. But at the same time this doesn’t strictly appear to prevent the blanket retention of data by ISPs and telephone companies.

The Government’s definition of “serious crime” is also open to question (i.e. offences carrying a potential prison sentence of 6 months or more) and they note that the CJEU ruling did not seek to define this. The documents also reveal that communications data will no longer be collected for the purpose of public health, collecting taxes or regulating financial markets etc.

Basic Summary of Proposed Amendments

The Government has given careful consideration to the judgment and we are now consulting on proposed new safeguards to ensure we comply with the judgment while still allowing the police to use communications data to solve crimes, catch paedophiles and protect the public.

The new proposals include:

* The introduction of independent authorisation of communications data requests by a new body, known as the Office for Communications Data Authorisations, under the Investigatory Powers Commissioner Lord Justice Fulford. This body will be responsible for authorising the vast majority of communications data requests.

* Restricting the use of more intrusive communications data to investigations into serious crime.

* Additional safeguards which must be taken into account before a Data Retention Notice can be given to a telecommunications operator (e.g. setting up a new Office for Communications Data Authorisations (OCDA)).

* Clarification in the code of practice of when notification of those whose communications data has been accessed can occur.

* Additional guidance in the code of practice on the protection of retained data in line with European data protection standards.

A whole heap of tedious documents have been released to accompany and explain the many changes being proposed (see them all here), although some of them may only make sense to an experienced lawyer. Clearly not everybody is going to be convinced by the changes.

Jim Killock, Executive Director of Open Rights Group, said:

“The government has evaded the main point of the Watson judgment: they cannot keep data on a blanket basis.

Without narrowing what they keep to specific places, incidents or investigations, these changes will not meet the standards set by the courts.

Combined with the so-called Request Filter, which could be a power for a police search engine for retained data, this will remain an incredibly intrusive surveillance power, unparalleled in democratic countries.”

The consultation will now run until 18th January 2018 and it’s open to responses from telecommunications operators, postal operators, public authorities that have powers under the IPAct, as well as professional bodies, interest groups and the wider public.

Delicious
Add to Diigo
Mark Jackson

By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he is also the founder of ISPreview since 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.

Leave a Comment
11 Responses
  1. Mike

    Just use a VPN…

    • CarlT

      Meaning you completely trust some likely random company you have no comeback from to carry all your traffic and not retain and sell or otherwise misuse the records of it. Good call.

      Bar states where certain nominally harmless Internet usage can place a person in serious legal jeopardy, no, don’t use a VPN for ‘privacy’ considerations.

    • Mike

      Unfortunately they are the times we live in, where a ‘random company’ is more trustworthy/safe than your own ISP.

    • CarlT

      Exactly zero evidence to suggest that; quite the opposite given there are legal remedies open against the ISP, none against anonymous INTERNATIONAL VPN companies, but keep buying the tin foil 🙂

    • Mike

      Data retention…

  2. dragoneast

    Another politicians’ magic bullet. When will we ever learn? (Never, I know; but do we have to get ourselves into an even bigger mess, all of the time?)

  3. CarlT

    Bloody EU coming over here, telling our government they should have at least some regard for privacy.

    • Mike

      If the people of the UK want more snooping that should be their choice, are you against Independence and Democracy?

    • CarlT

      Must have missed where the UK people were asked about this matter but you carry on with the Brexit obsession. Perhaps at some point you’ll look into what democracy is and maybe even what sovereignty actually is rather than listening to Leave.EU.

      PS: Played for and got.

    • Mike

      I am a monarchist, but what I do know is that the EU isn’t really a democracy, you can choose which color rubber stamp, not the executive though.

  4. dragoneast

    Most of us would probably sell our own grandmothers (let alone our personal data) if we thought we could make a few bob out of it as well as, of course, leave the EU for the same reason.

Leave a Reply

Your email address will not be published. Required fields are marked *

IMPORTANT: Javascript must be enabled to post (most browsers do this automatically). On mobile devices you may need to load the page in 'Desktop' mode to comment.


Comments RSS Feed

* Your comment might NOT appear immediately (the site cache re-syncs periodically) *
* Comments that break our rules, spam, troll or post via fake IP/proxy servers may be blocked *
Promotion
Cheapest Superfast ISPs
  • Hyperoptic £20.00 (*22.00)
    Up to 30Mbps, Unlimited
    Gift: None
  • Vodafone £22.50 (*25.00)
    Up to 38Mbps, Unlimited
    Gift: None
  • Origin Broadband £23.61 (*31.58)
    Up to 38Mbps, Unlimited
    Gift: None
  • Plusnet £24.99 (*33.98)
    Up to 38Mbps, Unlimited
    Gift: None
  • First Utility £24.99 (*31.99)
    Up to 38Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
Poll
*Javascript must be ON to vote*
The Top 20 Category Tags
  1. BT (2019)
  2. Broadband Delivery UK (1369)
  3. FTTP (1367)
  4. FTTC (1301)
  5. Openreach (1031)
  6. Politics (1019)
  7. Business (918)
  8. Statistics (816)
  9. Fibre Optic (782)
  10. Mobile Broadband (739)
  11. Wireless Internet (684)
  12. Ofcom Regulation (682)
  13. 4G (625)
  14. Virgin Media (615)
  15. FTTH (581)
  16. Sky Broadband (476)
  17. TalkTalk (452)
  18. EE (401)
  19. Security (326)
  20. 3G (292)
New Forum Topics
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Promotion

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules