Data retention: Who's watching you?
Published: 13 Dec 2002 17:03 GMT
Numerous government agencies are already requesting communications data from ISPs, even though the relevant parts from two laws designed to regulate the practice have yet to come into force.
The scale of the situation was revealed during an inquiry in data retention by the All Party Internet Group (APIG) on Wednesday, when ISPs detailed the requests already flooding in from government agencies who want to look at the small amounts of data that are retained by ISPs for 'operational purposes'.
Communications data means IP addresses of Web sites that people visit, and email headers -- the information that contains origin and destination addresses. It is distinguished from content in the same way that a dialled telephone number is distinguished from a recording of the actual call. However, many in the industry believe communications data is just as invasive as the content because it can reveal a great deal about an individual.
AOL and Thus said that in common with most ISPs they both store communications data for their business needs, and that they receive a significant number of requests from various government agencies -- both in the UK and abroad -- for the data.
Responding to a question from APIG chairman Richard Allan, Liberal MP for Sheffield Hallam, Thus Internet expert Clive Feather said: "We're already starting to get people queuing up for even the little bits of data we currently retain." Feather said Trading Standards officers can demand access under the Trading Standards Act, Social Security officers can do so under the Social Security Act, and other agencies such as the Benefits Agency and the Serious Fraud Squad can demand access under separate powers.
Both Thus and AOL also get a lot of requests from law enforcement agencies at home and abroad to "preserve" data. Data preservation is different from data retention, said AOL's director of public policy Camille de Stempel, because it tends to deal with specific bits of communications data. "It's when you know you will need to keep a particular day's data for an investigation," said de Stempel. "It is very targeted and very proportional... and it deals only with data from the past, that we already have in our systems."
A typical routine, said Feather, is for police to request an ISP to keep a particular piece of data that would otherwise be deleted after a couple of days. "They say, 'We'll go and get the paperwork -- can you keep it for us?'" said Feather.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
63 out of 91 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
