Data retention directive "invalid"

Roland Perry lists at
Sat Apr 12 12:12:23 BST 2014

In article <48CD028A501A45BEB16D41DCEAF60BF2 at MaryPC>, Mary Hawking 
<maryhawking at> writes
>I'm getting a bit confused.
>I have a Home Office contract with Demon:

Oh, very good.

>as far as I know there is no volume restriction.
>Why does Demon need to keep any traffic data on my use of this service -

Traffic data is where to/from, generally, rather than the quantity.

Although the ISP I migrated away from this week was definitely 
monitoring my usage of email in case I was a spammer. The volume of data 
was unlimited, but I could only send something like 500 emails a day.

>apart from requirements from the Home Office?

It's possible Demon might also be monitoring email traffic data (not the 
contents) as part of a wider anti-abuse policy, and also to be able to 
answer questions like "why wasn't that email I sent yesterday 
delivered". But I have no recent information about that sort of thing.

Then there's the difference between "Unlimited", "truly Unlimited" and 
"completely Unlimited - apart from a fair use policy". Sorry, I made 
that last one up.

>Mary Hawking
>Retired from NHS on 31.3.13 because of the Health and Social Care Act 2012
>"thinking - independent thinking - is to humans as swimming is to cats: we
>can do it if we really have to."  Mark Earles on Radio 4
>blog And Fred!
>-----Original Message-----
>From: Roland Perry [mailto:lists at]
>Sent: 11 April 2014 13:12
>To: ukcrypto at
>Subject: Re: Data retention directive "invalid"
>In article <5347AC78.8080206 at>, Peter Fairbrother
><zenadsl6186 at> writes
>>On 11/04/14 07:52, Roland Perry wrote:
>>> In article <534705C6.6040306 at>, Peter Fairbrother
>>> <zenadsl6186 at> writes
>>>> If an ISP has agreements with the Home Office regarding distributing
>>>> data to Police forces etc, I don't think these can be enforced.
>>> Data disclosure is disjoint from retention, and is covered by RIPA. It's
>>> not an agreement, but an obligation (on receipt of the necessary
>>> paperwork).
>>Ah, I wasn't clear - what I meant was if an ISP deletes its data then
>>any contracts made under the CoP regarding data distribution (eg re
>>SPOCs, payments etc) would be unenforcable, as the ends of the contract
>>necessarily involve unlawfulness (ie retaining the data).
>Describing as either "distribution" or a "contract" is wrong.
>>>> Certainly they cannot be enforced if the CoP is invalid, and probably
>>>> not otherwise if it is only partly disproportionate, which it almost
>>>> certainly is.
>>> I don't think disclosure is conditional on how you happened to have the
>>> data. If the data exists, it can be required to be disclosed.
>>There is no penalty under RIPA for failing to distribute the data if
>>they don't have it.
>It's not distribution, it's access-on-demand.
>>And, I don't think they have to distribute the data under RIPA anyway -
>>it would be disproportionate.
>You've made up this "distribution" thing.

Roland Perry

More information about the ukcrypto mailing list