DRIP

Peter Fairbrother zenadsl6186 at zen.co.uk
Thu Jul 10 19:26:05 BST 2014 

On 10/07/14 12:44, James Harrison wrote:
> https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/328939/draft-drip-bill.pdf
>
> ... and the notes:
> https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/328940/draft-drip-notes.pdf

Thanks for the links.

>
> Thoughts so far? At first glance it looks like this gives the government
> a considerably wider remit in terms of what retention notices may
> require providers to retain.
>

Yep, a bit of a landgrab.


_BUT_ *Note* that the only types of communications data to which Section 
1 applies is "relevant" data, which is actually the same types of 
communications data which came under the previous regime, ie the types 
of data in the Schedule to the The Data Retention (EC Directive) 
Regulations 2009 - so it doesn't directly affect any new types of data.

See ss.2(3) (below) and
http://www.legislation.gov.uk/ukdsi/2009/9780111473894/schedule


However it does affect what can be done with that data.







In more detail:


[][][][][][][][][][][] Section 1


Subsections 1(1) and 1(2). These subsections give the the Secretary of 
State the power to issue Notices requiring a communication service 
provider to store "relevant" communications data.

There are no limitations (other than what the Secretary considers to be 
"necessary and proportionate") on the types of communication data which 
these Notices may cover, or how long [1] that data must be stored for.


There are some similar powers in existence, but they are far more 
limited. This is a very large expansion of existing powers.

[1] the 12 month maximum retention period to which a regulation may 
apply applies to regulations made under subsection 1(3) - but it does 
*not* apply to notices under subsection 1(1).

-----------------


Subsections 1(3) to 1(5) authorise the Secretary of State to make 
Regulations about the retention of "relevant" communication data.

However the *only* restriction on the Regulations he can make is a 12 
month maximum period for which data is to be stored for under the 
Regulations - there are *no* other restrictions at all, not even the 
usual "necessary and proportionate".

This is an expansion of existing powers.

---------------------


Subsection 6 restricts the times when a communications provider may 
disclose data stored under the regulations or a notice to those 
circumstances outlined in RIPA chapter 2 or under a court order - but it 
also introduces yet another new power which allows the Secretary to make 
regulations, of any kind, under which disclosure may (or must) be made.



--------------

I'm not sure what subsection 1(7) is about, anyone?

(7) The Secretary of State may by regulations make provision, which 
corresponds to any provision made (or capable of being made) by virtue 
of subsection (4)(d) to (g) or (6), in relation to communications data 
which is retained by telecommunications service providers by
virtue of a code of practice under section 102 of the Anti-terrorism, 
Crime and Security Act 2001.


---------------



[][][][][][][][][][][] Section 2

Subsection 2(1) contains some definitions. I haven't looked closely at them.

Subsection 2(2) distinguishes between unsuccessful call attempts and 
unconnected calls, but doesn't actually explain the difference.

Subsection 2(3) says that Section 1 only applies to types of comms data 
as in Schedule 1 of the The Data Retention (EC Directive) Regulations 
2009. I don't know why that's hidden away there rather than being in 
Section 1.

----------------------


[][][][][][][][][][][] Section 3


Section 3 is about trying to get around some EU Competencies issues by 
redefining the economic well-being of the UK as  a matter of national 
security (which may not be in the jurisdiction of the ECtJ - but it is 
the ECtJ which decides whether or not it is in its jurisdiction).



[][][][][][][][][][][] Section 4

Is about extraterritoriality, I haven't read it in detail.


[][][][][][][][][][][] Section

Redefines  "telecommunications service" in what seems to me to be a 
pretty insane way - as I read it, it includes my computer as I am typing 
this. Not when I send it, but while I am typing it. It includes anyone 
who is creating something which may be transmitted, eg a television 
producer or a recording artist, or anyone who is using web creations 
software.




-- Peter Fairbrother

More information about the ukcrypto mailing list