DRIP
Peter Fairbrother
zenadsl6186 at zen.co.uk
Thu Jul 10 19:26:05 BST 2014
On 10/07/14 12:44, James Harrison wrote:
> https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/328939/draft-drip-bill.pdf
>
> ... and the notes:
> https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/328940/draft-drip-notes.pdf
Thanks for the links.
>
> Thoughts so far? At first glance it looks like this gives the government
> a considerably wider remit in terms of what retention notices may
> require providers to retain.
>
Yep, a bit of a landgrab.
_BUT_ *Note* that the only types of communications data to which Section
1 applies is "relevant" data, which is actually the same types of
communications data which came under the previous regime, ie the types
of data in the Schedule to the The Data Retention (EC Directive)
Regulations 2009 - so it doesn't directly affect any new types of data.
See ss.2(3) (below) and
http://www.legislation.gov.uk/ukdsi/2009/9780111473894/schedule
However it does affect what can be done with that data.
In more detail:
[][][][][][][][][][][] Section 1
Subsections 1(1) and 1(2). These subsections give the the Secretary of
State the power to issue Notices requiring a communication service
provider to store "relevant" communications data.
There are no limitations (other than what the Secretary considers to be
"necessary and proportionate") on the types of communication data which
these Notices may cover, or how long [1] that data must be stored for.
There are some similar powers in existence, but they are far more
limited. This is a very large expansion of existing powers.
[1] the 12 month maximum retention period to which a regulation may
apply applies to regulations made under subsection 1(3) - but it does
*not* apply to notices under subsection 1(1).
-----------------
Subsections 1(3) to 1(5) authorise the Secretary of State to make
Regulations about the retention of "relevant" communication data.
However the *only* restriction on the Regulations he can make is a 12
month maximum period for which data is to be stored for under the
Regulations - there are *no* other restrictions at all, not even the
usual "necessary and proportionate".
This is an expansion of existing powers.
---------------------
Subsection 6 restricts the times when a communications provider may
disclose data stored under the regulations or a notice to those
circumstances outlined in RIPA chapter 2 or under a court order - but it
also introduces yet another new power which allows the Secretary to make
regulations, of any kind, under which disclosure may (or must) be made.
--------------
I'm not sure what subsection 1(7) is about, anyone?
(7) The Secretary of State may by regulations make provision, which
corresponds to any provision made (or capable of being made) by virtue
of subsection (4)(d) to (g) or (6), in relation to communications data
which is retained by telecommunications service providers by
virtue of a code of practice under section 102 of the Anti-terrorism,
Crime and Security Act 2001.
---------------
[][][][][][][][][][][] Section 2
Subsection 2(1) contains some definitions. I haven't looked closely at them.
Subsection 2(2) distinguishes between unsuccessful call attempts and
unconnected calls, but doesn't actually explain the difference.
Subsection 2(3) says that Section 1 only applies to types of comms data
as in Schedule 1 of the The Data Retention (EC Directive) Regulations
2009. I don't know why that's hidden away there rather than being in
Section 1.
----------------------
[][][][][][][][][][][] Section 3
Section 3 is about trying to get around some EU Competencies issues by
redefining the economic well-being of the UK as a matter of national
security (which may not be in the jurisdiction of the ECtJ - but it is
the ECtJ which decides whether or not it is in its jurisdiction).
[][][][][][][][][][][] Section 4
Is about extraterritoriality, I haven't read it in detail.
[][][][][][][][][][][] Section
Redefines "telecommunications service" in what seems to me to be a
pretty insane way - as I read it, it includes my computer as I am typing
this. Not when I send it, but while I am typing it. It includes anyone
who is creating something which may be transmitted, eg a television
producer or a recording artist, or anyone who is using web creations
software.
-- Peter Fairbrother
More information about the ukcrypto
mailing list