Data retention directive "invalid"

Roland Perry lists at internetpolicyagency.com
Fri Apr 11 14:48:53 BST 2014 

In article <5347E59D.30904 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>> Describing as either "distribution" or a "contract" is wrong.
>
>I'm pretty sure there are contracts between the Home Office and the 
>SPOCs regarding eg payments for storing data, payments for access to 
>stored data, and so on.

SPoCs are employed by the police to format requests made under RIPA (and 
maybe other laws too).

Their opposite numbers within industry are generally known as "police 
liaison units".

I don't think any of these have corporate contractual obligations 
(although the law says the individuals should have employment contracts, 
obviously).

>Those would have been made, and the data provided, under the aegis of 
>the CoP or the Regulations - if they weren't then the ISPs would have 
>been acting unlawfully in retaining the data.

Again, the processes of retaining and disclosing data are quite 
separate.

>>>>> Certainly they cannot be enforced if the CoP is invalid, and probably
>>>>> not otherwise if it is only partly disproportionate, which it almost
>>>>> certainly is.
>>>>
>>>> I don't think disclosure is conditional on how you happened to have the
>>>> data. If the data exists, it can be required to be disclosed.
>>>
>>> There is no penalty under RIPA for failing to distribute the data if
>>> they don't have it.
>>
>> It's not distribution, it's access-on-demand.
>
>The ISPs give/gave out data. To my mind that's distribution, but if you 
>don't like the word "distribution" then replace it with providing data 
>under an access-on-demand regime, or whatever you like - it doesn't 
>change the legal situation.

Distribution implies providing material that might be trawled by fishing 
expeditions [traditional piscene analogy there]

>>> And, I don't think they have to distribute the data under RIPA anyway
>>> - it would be disproportionate.
>>
>> You've made up this "distribution" thing.
>
>Ok, I'll rephrase - an ISP doesn't have to give Plod data for criminal 
>investigation purposes even if the paperwork is otherwise fine and RIPA 
>says they have to,  because that would be disproportionate.
>
>That any better?

No, the proportionality test only applies to the request, not the reason 
they might have had the data to start with.
-- 
Roland Perry

More information about the ukcrypto mailing list