UK Data Retention and Investigatory Powers Bill
igb at batten.eu.org
Fri Jul 11 14:31:25 BST 2014
On 10 Jul 2014, at 21:14, Roland Perry <lists at internetpolicyagency.com> wrote:
> In article <CAK0b=2cu=0GrxSXoA8BedTPfseu0dBAv+qBxmOENd+vgYD17Qw at mail.gmail.com>, Tony Naggs <tony.naggs at googlemail.com> writes
>> I'm not really clear why a law change is required for communications data to be held for 12 months. Probably most businesses will want to hold this data for a year in order to address billing disputes & such
> Very few ISPs produce itemised bills saying who you emailed and when, or listing which web pages you went to in order to use up your 1GB/month.
I still don't follow (either technically or legally) on what basis ISPs will be able to retain logs of which websites you visited. I thought it was quite clear (and, indeed, that it was Roland who negotiated this with Simon Watkin, late of this parish) that "communications data" only covered the bit up to the first / in the URL, and that in any event that only arose when (as was much more common back then) the ISP had natural access to that data, such as when running an outbound cache (younger readers may like to ask their fathers).
I guess (conspiracy theory alert) that such logs might be generated out of the back of the Cameron-mandated content filters, but for people who are not opted in to those, on what basis would the ISP have the information? And those that are opted in to them, if the ISP were to log the URLs without redacting them at the first /, wouldn't they still fall foul of the DPA because DRIP explicitly only provides cover for retaining RIPA S.21 metadata, and everything after the / is content?
More information about the ukcrypto