UK Government will store all phone, Internet traffic data

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

An announcement on 19 May 2008 by the UK government may herald the next
step in governmental attempts to grab hold of traffic data. Despite
the strongly negative reactions against the EU data retention
directive, which governments must transpose into national law by 15
March 2009, the UK government (which has been a key driver of data
retention) now demands even more.

Gordon Brown wants all traffic data – itemised phone bills, mobile
phone records and Internet traffic logs – to be collected and stored
in a central government database. The plan, which appeared in Monday’s
Times, has been criticised by the opposition as `more of a threat to
our security than a support’ while the privacy regulator said that
`We are not aware of any justification for the State to hold every UK
citizen’s phone and internet records’ and opined that the proposal
`may well be a step too far’.

The UK Regulation of Investigatory Powers Act already enables public
officials to obtain traffic data from service providers, and has come
in for recent criticism as the scope of its use has become clear.
When it was passed in 2000, only nine organisations were allowed to
use it but that number has risen to 792. For example, a local council
has used it to check whether a child lived within a school’s catchment
area.

In private briefings to ISP and telco staff, government officials have
said they want to trace criminals’ contact networks faster and more
cheaply, and having all traffic data on one database will be much more
convenient than having to make repeated enquiries of multiple phone
companies, ISPs and other service providers. They also want to make
global enquiries such as `show me everyone in the UK who sent emails
at 21:07, 21:22 and 21:55 last Tuesday’. The ISPs for their part have
complained that harvesting large quantities of data that they do not
at present keep for business purposes will require massively expensive
network re-engineering. There are also serious doubts about the UK
government’s ability to build a system capable enough to cope with
billions of emails, texts and phone messages, given its long history
of failed software projects.

One argument behind the data retention directive was that a purely
national system of data retention could not be very effective, as ISPs
would simply move their operations to other Member States to save the
cost of compliance. It remains to be seen whether the same arguments
will once again be used to argue for centralised data retention on a
European scale. It is also quite unclear whether a government
database of all citizens’ phone and Internet records is consistent
with European law.

`Big Brother’ database for phones and e-mails (20.05.2008)
http://business.timesonline.co.uk/tol/business/industry_sectors/telecoms/article3965033.ece

Anti-terror law used to snoop on fishermen (14.05.2008)
http://www.telegraph.co.uk/news/uknews/1952551/Anti-terror-law-used-to-snoop-on-fishermen.html

Government orders data retention by ISPs (15.05.2008)
http://www.out-law.com//default.aspx?page=9121

EDRI gram: Data retention for one year for UK telecom companies (1.08.2007)
http://www.edri.org/edrigram/number5.15/data-retention-UK

(Contribution by Ross Anderson – EDRi-member FIPR -UK)