Data retention directive "invalid"

Mary Hawking maryhawking at tigers.demon.co.uk
Sat Apr 12 09:52:55 BST 2014 

I'm getting a bit confused.
I have a Home Office contract with Demon: as far as I know there is no
volume restriction.
Why does Demon need to keep any traffic data on my use of this service -
apart from requirements from the Home Office?

Mary Hawking
Retired from NHS on 31.3.13 because of the Health and Social Care Act 2012
"thinking - independent thinking - is to humans as swimming is to cats: we
can do it if we really have to."  Mark Earles on Radio 4
blog http://maryhawking.wordpress.com/ And Fred! 
http://primaryhealthinfo.wordpress.com/2013/11/02/freds-saying-you-just-dont
-get-it/  

-----Original Message-----
From: Roland Perry [mailto:lists at internetpolicyagency.com] 
Sent: 11 April 2014 13:12
To: ukcrypto at chiark.greenend.org.uk
Subject: Re: Data retention directive "invalid"

In article <5347AC78.8080206 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>On 11/04/14 07:52, Roland Perry wrote:
>> In article <534705C6.6040306 at zen.co.uk>, Peter Fairbrother
>> <zenadsl6186 at zen.co.uk> writes
>>> If an ISP has agreements with the Home Office regarding distributing
>>> data to Police forces etc, I don't think these can be enforced.
>>
>> Data disclosure is disjoint from retention, and is covered by RIPA. It's
>> not an agreement, but an obligation (on receipt of the necessary
>> paperwork).
>
>Ah, I wasn't clear - what I meant was if an ISP deletes its data then 
>any contracts made under the CoP regarding data distribution (eg re 
>SPOCs, payments etc) would be unenforcable, as the ends of the contract 
>necessarily involve unlawfulness (ie retaining the data).

Describing as either "distribution" or a "contract" is wrong.

>>> Certainly they cannot be enforced if the CoP is invalid, and probably
>>> not otherwise if it is only partly disproportionate, which it almost
>>> certainly is.
>>
>> I don't think disclosure is conditional on how you happened to have the
>> data. If the data exists, it can be required to be disclosed.
>
>There is no penalty under RIPA for failing to distribute the data if 
>they don't have it.

It's not distribution, it's access-on-demand.

>And, I don't think they have to distribute the data under RIPA anyway - 
>it would be disproportionate.

You've made up this "distribution" thing.

-- 
Roland Perry

More information about the ukcrypto mailing list