FC: U.K. police want power to keep email, phone records for 7 years

[Declan McCullagh <declan () well com>]

[Fascinating, and horrifying. Politech readers will recall that a similar, 
though shorter, recordkeeping requirement has been included in some drafts 
of the Council of Europe treaty, which the U.S. Department of Justice 
heartily supports. (http://www.politechbot.com/p-01136.html) Fortunately in 
the U.S., it'll be harder for such a requirement to pass constitutional 
muster because of our Third Amendment. :) Also note that instead of 
standing up for privacy rights and opposing such a move, the U.K. Data 
Protection Commissioner seems to be merely saying that such record-keeping 
must be "put on a clear legal footing by statute." Thank heaven we don't 
have such a commission here in the U.S. -- it would give Americans a false 
sense of security, if the U.K. situation is any indication. Some excerpts 
are below. --Declan]

********

> From: [anonymous]
> Date: Sun, 3 Dec 2000 19:31:39 +0000 (GMT)
> To: declan () well com
>
> Declan,
>
> The controversial NCIS paper as described in todays London Observer can
> be found at:
>
> http://cryptome.org/ncis-carnivore.htm
>
> Sorry I have to do this anonymously. I'm sure you'll understand why.

********

> From: "Alan Docherty" <alan () netfreedom org>
> To: "Declan McCullagh" <declan () well com>
> Subject: Secret plan to spy on all British phone call
> Date: Sun, 3 Dec 2000 13:13:45 -0000
>
> Declan,
>
> It's little surprise that the British secret services are eager to increase
> their powers to intercept emails and telephone calls. This story from the
> Observer suggests that the government may be sympathetic to new powers.
>
> We've already had one piece of legislation this year, the Regulation of
> Investigatory Powers Act, which has made it is easier for the state and
> employers to read emails. Britain is looking less and less like a modern
> democracy every day.
>
> Alan Docherty
>
> Editor
> Internet Freedom News
> http://www.netfreedom.org
>
>
>
> Secret plan to spy on all British phone calls
> Kamal Ahmed, political editor
> Sunday December 3, 2000
> The Observer
>
> Britain's intelligence services are seeking powers to seize all records of
> telephone calls, emails and internet connections made by every person living
> in this country.
>
> A document circulated to Home Office officials and obtained by The Observer
> reveals that MI5, MI6 and the police are demanding new legislation to log
> every phone call made in this country and store the information for seven
> years at a vast government-run 'data warehouse', a super computer that will
> hold the information.
>
> The secret moves, which will cost millions of pounds, were last night
> condemned by politicians and campaigners as a sinister expansion of 'Big
> Brother' state powers and a fundamental attack on the public's right to
> privacy.
>
> Last night, the Home Office admitted that it was giving the plans serious
> consideration.
>
> Lord Cope, the Conservative peer and a leading expert on privacy issues,
> said: 'We are sympathetic to the need for greater powers to fight modern
> types of crime. But vast banks of information on every member of the public
> can quickly slip into the world of Big Brother. I will be asking serious
> questions about this.' Maurice Frankel, a leading campaigner on per sonal
> data issues, called the powers 'sweeping' and a cause for worry.
>
> The document, which is classified 'restricted', says new laws are needed to
> allow the intelligence services, Customs and Excise and the police access to
> telephone and computer records of every member of the public.
>
> It suggests that the Home Office is sympathetic to the new powers, which
> would be used to tackle the growing problems of cybercrime, the use of
> computers by paedophiles to run child pornography rings, as well as
> terrorism and international drug trafficking.
>
> Every telephone call made and received by a member of the public, all emails
> sent and received and every web page looked at would be recorded.
[snip. --DBM]
> http://www.observer.co.uk/Print/0,3858,4099838,00.html

***********


********

Excerpts from GCHQ document:

6.3 The total retention period for non-specific data before mandatory 
deletion should be seven years. *[6.1.6]

7.1 Legislation should require CSPs either to retain data inhouse, or have 
the option to outsource retention to a Trusted Third Party; either a 
Government run Data Warehouse or to a private contractor's facility. [6.2.5]

Data less than 12 months old should be available live;
After 12 months, data to be archived and retained for a further 6 years.

1.1.1 This submission has been drafted by the Chairman of the ACPO Police 
and Telecommunications Industry Strategy Group[1]. Its principles are 
supported by ACPO, ACPO(S), HM Customs and Excise, the Security Service, 
Secret Intelligence Service and GCHQ ("the Agencies"). The view of these 
agencies is that law enforcement has a sound business case for the 
substantial retention of communications data.

1.1.4 Informal discussions have also taken place with the Office of the 
Data Protection Commissioner (DPC). Whilst they acknowledge that such 
communications data may be of value to the work of the Agencies and the 
interests of justice, they have grave reservations about longer term data 
retention. The DPC believe that where there is no longer a CSP business use 
for such data, existing legislation requires the long-term retention of 
communications data to be put on a clear legal footing by statute.

1.2.2 Communications data is becoming increasingly important to provide 
evidence to establish innocence. Premature deletion will seriously 
compromise the interests of justice. Communications data has a unique value 
to promoting a safe and free society. This provides the overriding 
justification for longer-term retention.

2.3.1 Criminal elements have exploited the advances in telecommunications 
to mask their activities; in particular organised terrorist groups, drug 
traffickers, migrant smugglers, paedophiles, money launderers, race hate 
groups and computer hackers, all of whom are major concerns to the LEAs and 
Government. Retention of data that provides evidence of transaction, 
association or conspiracy and the routing of the communication is vital.

2.5.1 In those cases where police and customs have been building their case 
over a number of years, such as in offences of drugs importation, deletion 
could provide the Prosecution with an unfair advantage. If CSPs delete data 
within 12 months, by the time the matter is brought to a close with 
arrests, data that the Prosecution has not obtained but which the Defence 
could rely on to corroborate potential alibis will have been irretrievably 
lost.

3.3.1 It is important to include transparency in the law to ensure the 
public is aware of the impact of data retention on their personal privacy. 
In the context of Article 8, ECHR, this is essential. Retention legislation 
would also provide a better-defined statutory framework within which the 
Office of the Data Protection Commissioner (DPC) can operate, making it 
clearer to enforce and conduct their own investigations.

5.1.1 We should not restrict ourselves by trying to define the type of data 
required for law enforcement, intelligence and criminal justice purposes. 
Advances in telecommunications technology, both in respect of telephone and 
Internet services, mean that precise language that defines data now may 
quickly become outdated and too narrow. The material should be defined in 
open terms, potentially using the same updated language as the European 
Directive, e.g.: Subscriber data, Calling Line Identifier (CLI), Billing 
data, Traffic data, and Location data, However, in relation to Internet 
related data, definitions in the Directive do not include such vital 
material as: Routing Logs; and Dynamic Internet Protocol Address 
Allocation, etc. Agreement will be needed to ensure that the provisions of 
Clause 20, Part 1, Chapter II, Regulation of Investigatory Powers Act can 
be interpreted as widely as possible to include all Internet related data. 
[Recommendation 4.1] Legislation should require every CSP to retain all 
communications data originating or terminating in the UK, or routed through 
the UK networks, including any such data that is stored offshore.

6.3.2 At the G8 Conference in Paris in May 2000, the Italian Delegation 
explained the "Italian Solution" for data retention. Their Government and 
Telecommunications Industry are proposing a national communications data 
warehouse to store data from CSPs. This reflects the view expressed by some 
UK experts who consider the only way forward is to create a Government 
agency run "UK National Communications Data Warehouse". They estimate that 
a £3 million investment would be needed. A parallel can be drawn with a 
similar Home Office initiative, the National DNA Database, in which the 
Government invested £3.4 million in start-up costs.

6.3.5 As an alternative, others suggest it may be less politically 
sensitive to set up data warehouses operated by CSP sub-contractors. This 
could avoid suggestions over the Government's collection of personal data. 
A number of commercial interests have already entered into discussions with 
CSPs to invest in such business ventures.

7.1.2 We recommend that the Home Office and DTI work with experts from the 
Agencies, CSPs, ISPs, the CCRC and the Office of the DPC to reach a 
decision quickly on "Data Retention" and develop a statutory framework for 
the retention of communications data. Although the law enforcement 
arguments for retention of data are critical, its use for a range of other 
purposes should not be forgotten.




-------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------