Data Retention Regulations in the Lords

Richard Clayton ukcrypto at chiark.greenend.org.uk
Thu, 26 Mar 2009 18:07:09 +0000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This doesn't seem to have been mentioned yet..

Tuesday's debate from the House of Lords on the Regulations to transpose
the Data Retention Directive into UK Law is online at:

<URL:http://www.publications.parliament.uk/pa/ld200809/ldhansrd/text/903
24-0011.htm#09032466000331>

and is well worth reading. Their Lordships were well-briefed (mainly I
think by readers of this list) and got a number of points across.

In particular Baroness Neville-Jones picked away at the rather fuzzy
distinction between comms data and content, and the Earl of Northesk
mentioned "layers 2 to 7 of the OSI seven-layer model" (which must be a
first for either chamber!)

The Baroness also asked:

   "Will service providers have to record every attempt to access an e-
   mail server, even if no e-mail is sent or received, and will they
   have to retain data in respect of spam e-mail? Some estimates say
   that 90 to 95 per cent of all e-mail traffic transmitted is spam. If
   so, what are the cost implications? If it is not to be included, how
   are ISPs to distinguish between proper e-mails and spam?"

to which she got the answer from the minister (Lord West of Spithead)

   "spam is not retained. ISPs already deal with spam and are able to
   tell the difference between that and other data"

which is extremely pragmatic... but not what the Directive or the
Regulations actually say!  Doubtless the notices which the Home Office
issue will say "just retain comms data for real email not for spam", the
ISPs will obey and it will be up to Brussels to notice if the
transposition is defective!

Lord West also seems to believe that the Regulations will force ISPs to
"codify" data, which being interpreted means that they will have to
implement systems based on ETSI standards to permit standardised
requests for data to be replied to in a standardised form.

Again he is probably correct in practice because (AIUI) any ISP that
takes the Home Office shilling to implement a retention system will be
forced down the ETSI path -- however, I can't see anything in the
Regulations per se to make this true, so any ISP that funded their own
system would have a free hand.

Anyway, at the end of the debate there was a division (which is unusual)
but the Government won 93:89 (which is very usual indeed, it's decades
since an affirmative SI was rejected).  However, the very small size of
the majority may act as a warning shot for upcoming initiatives on the
IMP...

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBScvETZoAxkTY1oPiEQI9nwCeJjBoz5TwtA5coYLK6TJBouTpSMIAoPNO
+rsRU7L4aac2eDSOaMXt3XIb
=8BXv
-----END PGP SIGNATURE-----