Data retention directive "invalid"

Peter Fairbrother zenadsl6186 at
Fri Apr 11 13:52:45 BST 2014

On 11/04/14 13:12, Roland Perry wrote:
> In article <5347AC78.8080206 at>, Peter Fairbrother
> <zenadsl6186 at> writes
>> On 11/04/14 07:52, Roland Perry wrote:
>>> In article <534705C6.6040306 at>, Peter Fairbrother
>>> <zenadsl6186 at> writes
>>>> If an ISP has agreements with the Home Office regarding distributing
>>>> data to Police forces etc, I don't think these can be enforced.
>>> Data disclosure is disjoint from retention, and is covered by RIPA. It's
>>> not an agreement, but an obligation (on receipt of the necessary
>>> paperwork).
>> Ah, I wasn't clear - what I meant was if an ISP deletes its data then
>> any contracts made under the CoP regarding data distribution (eg re
>> SPOCs, payments etc) would be unenforcable, as the ends of the
>> contract necessarily involve unlawfulness (ie retaining the data).
> Describing as either "distribution" or a "contract" is wrong.

I'm pretty sure there are contracts between the Home Office and the 
SPOCs regarding eg payments for storing data, payments for access to 
stored data, and so on.

Those would have been made, and the data provided, under the aegis of 
the CoP or the Regulations - if they weren't then the ISPs would have 
been acting unlawfully in retaining the data.

>>>> Certainly they cannot be enforced if the CoP is invalid, and probably
>>>> not otherwise if it is only partly disproportionate, which it almost
>>>> certainly is.
>>> I don't think disclosure is conditional on how you happened to have the
>>> data. If the data exists, it can be required to be disclosed.
>> There is no penalty under RIPA for failing to distribute the data if
>> they don't have it.
> It's not distribution, it's access-on-demand.

The ISPs give/gave out data. To my mind that's distribution, but if you 
don't like the word "distribution" then replace it with providing data 
under an access-on-demand regime, or whatever you like - it doesn't 
change the legal situation.

>> And, I don't think they have to distribute the data under RIPA anyway
>> - it would be disproportionate.
> You've made up this "distribution" thing.

Ok, I'll rephrase - an ISP doesn't have to give Plod data for criminal 
investigation purposes even if the paperwork is otherwise fine and RIPA 
says they have to,  because that would be disproportionate.

That any better?

-- Peter Fairbrother

More information about the ukcrypto mailing list