Data retention directive "invalid"
Clive D.W. Feather
clive at davros.org
Sun Jul 13 23:36:10 BST 2014
Roland Perry said:
> I'm trying to unpick the roles of RIPA and the EU when it comes to
> mandating blanket retention. Nick Robinson is right that it [was] and EU
> Directive (and by implication not RIPA).
But you may recall that everyone was convinced it was a eurowash - the UK
knew it would never get it through Parliament, so they got the Commission
to propose it instead.
> Before RIPA one of the main ways that communications data was obtained
> related to various powers to demand evidence arising from a multitude
> [someone made a list and it was about 50] agency-specific Acts of
> Parliament. Here's an example of one which is actually post-RIPA (which
> created a certain degree of tension over the principle that all
> telecomms data post-2000 should be gathered via RIPA, but I digress):
> There was no common structure for either the authorisation regime of
> that multitude of requests, nor the way they were presented to CSPs. It
> was entirely possible to get something scribbled on the back of an
> envelope by a junior investigator, there was no regulatory oversight,
> and every CSP had to have a process in place to evaluate the credentials
> of each request including whether it was genuine or not, and there was
> no line in the sand that defined where an individual investigation ends
> and a fishing expedition starts.
> To that extent RIPA was, for comms data, a huge improvement - because
> there were standardised codes of practice, request forms, levels of
> authority and levels of probable cause, plus lists of authorised public
> authorities with pre-identified contact points benefiting from mandatory
> trained in law and technology, and auditing processes involving
> compulsory record keeping and a centrally appointed commissioner.
> I know people can pick holes in each aspect, but taken as a whole it was
> a significant paradigm change.
In fact, there was a point when the Home Office were delaying introducing
the RIPA scheme for some not-very-plausible reason, and I threatened (on
ISPA's behalf) to organize a strike by ISPs. Certainly several ISPs stopped
providing data to anyone except the police or who had a clear statutory
power to demand (as opposed to request under DPA s.29) as a first step in
putting the pressure on.
> One of the basic principles was also to keep the chain of custody of the
> product as short as possible, such that each separate public authority
> (and each police force is separate) was only able to process requests
> for its own investigative activity.
What happened to that company setting itself up as an intermediary? Howard
somebody, wasn't it? Formerly Energis or C&W, I think - he was based in
Clive D.W. Feather | If you lie to the compiler,
Email: clive at davros.org | it will get its revenge.
Web: http://www.davros.org | - Henry Spencer
Mobile: +44 7973 377646
More information about the ukcrypto