DRIP - UK Data Retention and Investigatory Powers Bill

Peter Fairbrother zenadsl6186 at zen.co.uk
Sat Jul 12 16:54:56 BST 2014

On 12/07/14 15:06, Peter Sommer wrote:
> Very useful analysis in a blog by Graham Smith as "Cyberleagle":
> http://cyberleagle.blogspot.co.uk/2014/07/dissecting-emergency-data-retention-and.html
> Peter Sommer

Three points: first, I don't think he makes enough of the redefinition 
of "communications service"  in clause 5 - which as far as I can see 
includes eg an advertising agency whose service includes creation and 
management of communications (advertisements) to be transmitted by a 
telecomms system:

Or Google ads, for that matter.

Or a web page designer. Or a million more people.

I don't know whether that is deliberate power grab or just sloppy 
drafting - but it really cannot be allowed to stand.

Second, ss.1(6)(b) gives the Secretary of State a new power to regulate 
disclosure of retained data in a manner entirely apart from RIPA.

Now he already has some powers to regulate disclosure under RIPA and 
other legislation, so why does he need more? This is a new power, 
without the limitations in RIPA, and does not replace any power in the 
2009 regulations.

Third, under ss.1(7) and ss.1(4)(d) the Secretary of State can regulate 
data retained under the ACTSA regime, and how it can be disclosed, in 
any way he likes - without time limit, or limits as to who or when it 
may be disclosed.

As far as I can tell, this would include weblogs - there does not seem 
to be any limitations as to types of data to be retained here, as it 
does not only cover "relevant" data.

Again, a new power, not replacing an existing one which is to be removed.

But apart from those points, I think Graham Smith's analysis is pretty 
good stuff.

-- Peter Fairbrother

More information about the ukcrypto mailing list