Alfrado
Member
Dear Members.
Thanks for your patience in reading this lengthy post. I am a new member to this website and I was initially attracted by the in-depth coverage of Investigatory Powers Act 2016 by Mark Jackson, then decided to become a firm follower of this very informative community dedicated to digital security and liberty.
At the moment, as you may know, I have been struggling to understand in what ways the ISPs in the UK are currently complying with the new law in practical terms, namely Investigatory Powers Act 2016. At the moment, it seemed like there's a sequence of ongoing legal battles between different NGOs and government with regard to lots of amendment on the new law. It has caused so many confusions on me since I have been always hoping to get a clearer view of this law.
So, after reading tons of pages from the official copy of the law, I had no choice but to seek expertise from you guys. Anyway, here are my core questions wishing to be addressed in an understandable language through your help:
1. ABOUT ICRs
They said ICRs are basically"account reference, a source [Internet Protocol] and port address, a destination IP and port address and a time/date”.
What do they exactly mean, did they only mean the DNS?
They said they would be using such data for investigation in relation to Crime.
There have been scandals lately involved with Facebook who is not doing enough of censoring harmful materials on their platform. Would this mean every innocent Facebook user now would need to face the scrutiny of being suspected as cybercriminal online just because of these ICRs with the irresponsible Facebook?
2. ABOUT Retention Period of Data
According to multiple lines of the various published documents in connection with the Investigatory Powers Act 2016. They said that Data may be retained for a maximum of 12 months.
From what I have learned that my ISP (Three) always keep the communication for a year, but I would be curious to know how long does Virgin keep the data for the purpose of retention before destroying them.
Secondly, I want to know if the period of 12 months IS the absolute maximum length of time that any of these government agencies could process upon on; Or they can just keep filing new retention notices on the same data one 12 months after another 12 months..or even eventually archive the data forever somewhere else?
Does the law say explicitly that no matter the progression of any external intervention, all data to be retained in a secure and confidential manner for 12 months have to be destroyed after this period elapses? I couldn't the original script from the law itself, but on another source here.
For example, the communication data generated by ISP between Jan - Dec 2017, can only be stored, processed and even investigated within the timeframe of Jan - Dec 2017, they cannot act upon it beyond this period except destroying them.
The reason I asked about the question above was that I wanted to have solid confidence in my ISPs' commitment to removing any of the customers' data once the 12 months period elapses no matter what.
So am I really interpreting the "12 months retention period rule" correctly?
Once again, thanks for your patience in reading this lengthy post and I wish to hear all of your precious answers, guidance and feedbacks. An answer by Mark Jackson will be hugely appreciated.
Many thanks.
Thanks for your patience in reading this lengthy post. I am a new member to this website and I was initially attracted by the in-depth coverage of Investigatory Powers Act 2016 by Mark Jackson, then decided to become a firm follower of this very informative community dedicated to digital security and liberty.
At the moment, as you may know, I have been struggling to understand in what ways the ISPs in the UK are currently complying with the new law in practical terms, namely Investigatory Powers Act 2016. At the moment, it seemed like there's a sequence of ongoing legal battles between different NGOs and government with regard to lots of amendment on the new law. It has caused so many confusions on me since I have been always hoping to get a clearer view of this law.
So, after reading tons of pages from the official copy of the law, I had no choice but to seek expertise from you guys. Anyway, here are my core questions wishing to be addressed in an understandable language through your help:
1. ABOUT ICRs
They said ICRs are basically"account reference, a source [Internet Protocol] and port address, a destination IP and port address and a time/date”.
What do they exactly mean, did they only mean the DNS?
They said they would be using such data for investigation in relation to Crime.
There have been scandals lately involved with Facebook who is not doing enough of censoring harmful materials on their platform. Would this mean every innocent Facebook user now would need to face the scrutiny of being suspected as cybercriminal online just because of these ICRs with the irresponsible Facebook?
2. ABOUT Retention Period of Data
According to multiple lines of the various published documents in connection with the Investigatory Powers Act 2016. They said that Data may be retained for a maximum of 12 months.
From what I have learned that my ISP (Three) always keep the communication for a year, but I would be curious to know how long does Virgin keep the data for the purpose of retention before destroying them.
Secondly, I want to know if the period of 12 months IS the absolute maximum length of time that any of these government agencies could process upon on; Or they can just keep filing new retention notices on the same data one 12 months after another 12 months..or even eventually archive the data forever somewhere else?
Does the law say explicitly that no matter the progression of any external intervention, all data to be retained in a secure and confidential manner for 12 months have to be destroyed after this period elapses? I couldn't the original script from the law itself, but on another source here.
For example, the communication data generated by ISP between Jan - Dec 2017, can only be stored, processed and even investigated within the timeframe of Jan - Dec 2017, they cannot act upon it beyond this period except destroying them.
The reason I asked about the question above was that I wanted to have solid confidence in my ISPs' commitment to removing any of the customers' data once the 12 months period elapses no matter what.
So am I really interpreting the "12 months retention period rule" correctly?
Once again, thanks for your patience in reading this lengthy post and I wish to hear all of your precious answers, guidance and feedbacks. An answer by Mark Jackson will be hugely appreciated.
Many thanks.