Data retention directive "invalid"

Clive D.W. Feather clive at davros.org
Sun Jul 13 23:41:35 BST 2014 

Peter Fairbrother said:
> I am sure that the new regime gave a much-welcomed clarity as to what an 
> ISP should or should not do in order to comply with the law, and to that 
> extent I think it would have been welcomed whatever it contained - after 
> all, it is not the business of the ISP industry to make moral or ethical 
> judgements about what should be disclosed or retained.
> 
> Except, in a way, it is.
> 
> We use the ISPs as a layer between the rapacious policemen and data they 
> are so greedy for. That's actual EU policy.
> 
> We do not allow the police to store bulk comms data, the ISPs do that, 
> and we expect the ISPs to ensure that they do not disclose data which 
> they should not, or store data for longer than allowed.

Agree. But "should" is defined in terms of "have the correct paperwork".
One of the problems with the old scheme was that ISPs were expected to
judge whether the police "needed" any particular piece of data in order to
do their investigation (and if it turned out later that they didn't need
it, in theory the ISP was liable for breach of data protection). There's no
reasonable way an ISP can do that.

Yes, ISPs should be checking the paperwork properly, and shouldn't be
retaining data without a good reason (whether business or statutory), but
they shouldn't be expected to second-guess the requesters.

> The ISPs are paid by their customers, and to that extent they are under 
> some pressure to protect their customers' interests. However, in terms 
> of retention and disclosure, they are also paid by the policemen - and 
> therein lies a conflict of interest.

Not really. Police requests are not a significant source of profit - the
income is just to cover the costs, and in any case the number of requests
is small compared with the business overall. I would be surprised if
anyone, even BT, thought they could make enough profit from requests to pay
for generating and storing stuff they didn't otherwise need to.

> To which I note: The only part of the draft Bill which is in italics is:
> 
> "1(4)g)  the reimbursement by the Secretary of State (with or without 
> conditions) of expenses incurred by public telecommunications operators 
> in complying with relevant requirements or restrictions,"

I believe it's in italics because it's a public finance issue, and the
Lords aren't allowed to alter those bits.

-- 
Clive D.W. Feather          | If you lie to the compiler,
Email: clive at davros.org     | it will get its revenge.
Web: http://www.davros.org  |   - Henry Spencer
Mobile: +44 7973 377646

More information about the ukcrypto mailing list