Data retention directive "invalid"

Clive D.W. Feather clive at davros.org
Sun Jul 13 23:36:10 BST 2014 

Roland Perry said:
> I'm trying to unpick the roles of RIPA and the EU when it comes to 
> mandating blanket retention. Nick Robinson is right that it [was] and EU 
> Directive (and by implication not RIPA).

But you may recall that everyone was convinced it was a eurowash - the UK
knew it would never get it through Parliament, so they got the Commission
to propose it instead.

> Before RIPA one of the main ways that communications data was obtained 
> related to various powers to demand evidence arising from a multitude 
> [someone made a list and it was about 50] agency-specific Acts of 
> Parliament. Here's an example of one which is actually post-RIPA (which 
> created a certain degree of tension over the principle that all 
> telecomms data post-2000 should be gathered via RIPA, but I digress):
> 
> http://www.legislation.gov.uk/ukpga/2001/11/section/1
> 
> There was no common structure for either the authorisation regime of 
> that multitude of requests, nor the way they were presented to CSPs. It 
> was entirely possible to get something scribbled on the back of an 
> envelope by a junior investigator, there was no regulatory oversight, 
> and every CSP had to have a process in place to evaluate the credentials 
> of each request including whether it was genuine or not, and there was 
> no line in the sand that defined where an individual investigation ends 
> and a fishing expedition starts.
> 
> To that extent RIPA was, for comms data, a huge improvement - because 
> there were standardised codes of practice, request forms, levels of 
> authority and levels of probable cause, plus lists of authorised public 
> authorities with pre-identified contact points benefiting from mandatory 
> trained in law and technology, and auditing processes involving 
> compulsory record keeping and a centrally appointed commissioner.
> 
> I know people can pick holes in each aspect, but taken as a whole it was 
> a significant paradigm change.

Indeed.

In fact, there was a point when the Home Office were delaying introducing
the RIPA scheme for some not-very-plausible reason, and I threatened (on
ISPA's behalf) to organize a strike by ISPs. Certainly several ISPs stopped
providing data to anyone except the police or who had a clear statutory
power to demand (as opposed to request under DPA s.29) as a first step in
putting the pressure on.

> One of the basic principles was also to keep the chain of custody of the 
> product as short as possible, such that each separate public authority 
> (and each police force is separate) was only able to process requests 
> for its own investigative activity.

What happened to that company setting itself up as an intermediary? Howard
somebody, wasn't it? Formerly Energis or C&W, I think - he was based in
Leeds.

-- 
Clive D.W. Feather          | If you lie to the compiler,
Email: clive at davros.org     | it will get its revenge.
Web: http://www.davros.org  |   - Henry Spencer
Mobile: +44 7973 377646

More information about the ukcrypto mailing list