What do you think about communications data collection and storage?

John Lamb ukcrypto at chiark.greenend.org.uk
Mon, 27 Apr 2009 13:11:42 +0100 

On Mon, Apr 27, 2009 at 11:37:34AM +0100, Watkin Simon wrote:
> We want your opinion on how public authorities should be allowed to
> collect and store essential communications information in order to
> prevent crime, and catch and prosecute criminals.  

Whether public authorities should be allowed to collect and store
communications information is presumably a foregone conclusion. How
about rarely, and with a court order? 

> We've launched a consultation that suggests new ways for phone companies
> and internet service providers to collect and store data. The
> information they collect helps us catch criminals, find missing people
> and protect children from paedophiles.

The consultation features both paedophiles and terrorists, but sadly not
with enough detail to determine whether the data collected really did
make a difference; are we expected to just take the case studies at face
value? The Glasgow airport "bomb attack" is mentioned, an attack which
as far as I recall didn't really involve a bomb and resulted in serious
injuries to nobody except the perpetrators. I imagine being caught on
fire outside the airport did more to secure his subsequent conviction
than any communications data. I would be concerned if the other examples
are of similar quality.
 
> The consultation, called 'Protecting the public in a changing
> communications environment' aims to find the right balance between
> privacy and security by suggesting ways to maintain our ability to
> collect and store communications data. It explicitly rules out setting
> up a single storage place for all communications data.
 
Perhaps "Protecting the government from a changing communications
environment" would have been more apt.
 
> Instead, it suggests that we legislate to allow communications service
> providers (CSPs) to collect and keep information, including
> communications data from third parties, which might be needed by police
> and other public authorities. It also suggests that CSPs organise this
> data, so that police, security services and other law enforcement
> agencies can access the information they need more quickly and easily.

Surely you intend to compel, rather than allow, CSPs to store this data,
otherwise why would they bother? Organising the data sounds like it
would greatly increase the scope for abuse, as data from disparate
systems (e.g. billing information and DHCP records) would be grouped
together whether it was needed by the police or not. In most companies
these would be sufficiently separate that few if any employees would be
able to access both, but creating a new database containing the collated
information will change that. 

> http://www.homeoffice.gov.uk/about-us/news/communications-data-consultation

So the official definition of communications data now contains the word
paedophile? <sigh>

My favourite part of the PDF was the assertion "Printed on Paper
containing 75% recycled fibre content minimum."

john