(More detailed information on these retention times is available here)
In December 2001, the Parliament approved the Anti-terrorism Crime and Security Act 200 (ATCS)
This law allows the Home Secretary to issue a code of practice for the voluntary “retention of communications data by communications providers” for the purpose of protecting national security or preventing or detecting crime that relates to national security.
It only applies to data that is already being held by the Communication Service Providers (e.g ISP/telecomms) for business purposes. The Code of Practice was first approved in December 2003
The government has since proposed modifying the ATCS and RIPA to make data retention mandatory and expanding its use to include serious crimes, not just terrorism offenses.
A leaked submission by the police and intelligence services to the Home Office in 2000 proposed a seven-year data retention policy, however this has not been followed up and the current voluntary times remain.
Despite the government constantly pushing data retention times, and increasing surveillance and interception, to stop the ever present threat of terrorism, the reality is that the data will almost certainly be used for reasons other than prevention and detection of terrorism.
An opinion commissioned by the Information Commissioner’s Office (ICO) found that the access to information retained under the act for non-national security purposes would violate human rights and would be unlawful.
Who has access to this data?
Despite this the government had fully intended to allow a whole host of government agencies to access the data, from local police to the local council. And in June 2002, the Home Office stated that the list of government agencies allowed under RIPA to access communications data was being extended to over 1,000 different government departments including local authorities, health, environmental, trade departments and many other public authorities.
The ICO stated that “I clearly cannot carry out meaningful oversight of so many bodies without assistance“, following this and the pubic outcry of so many people accessing so much information the then Home Secretary (David Blunkett) withdrew the order. Though the governments intentions and mindset were clear. Monitor everyone and give access to even the smallest council.
Data Retention Times
The code provides for the following retention time periods:
- SMS, EMS and MMS: Data retention period 6 months.
- Email: Data retention period 6 months
- ISP Logs: Data retention period 6 months
- Web Activity Logs: Data Retention period 4 day
More detailed information on these retention times is available here.
Interception of Communications
Before the ATCS 2001 Act was created the government created RIPA, Regulation of Investigatory Powers Act, which covers a variety of aspects including encryption and interception of communications. Section 12 of RIPA makes it an obligation of CSP (Communication Service Providers) to maintain an ability to intercept traffic” and “content” of communications, which then allows the govermenment to monitor communications as and when needed, or the in the case of Echelon, all of the time.
RIPA is often in the news for its repeated misuse by councils, from covertly following families, to ensure they go to the right school, to setting up cameras and covert surveillance to monitor dog fouling.