The U.K. Home Office today released its draft code of practice on data retention, scrapping its planned extensions to the Regulation of Investigatory Powers Act (RIPA) following an outcry from civil liberties groups and the general public.
Under RIPA — dubbed the ‘snoopers charter’ — only the police, intelligence services, Customs and Excise and the Inland Revenue had the power to require Internet service providers (ISPs), telcos and postal operators to hand over detailed information on customers on request. But the government’s proposed plans extended this power to many more bodies, including local authorities, Trading Standards, the Financial Services Authority and seven Whitehall departments.
“The Home Secretary promised a fundamental rethink of our approach to regulating the access of public bodies to communications data. We have listened and delivered. We are tailoring the amount of access to the need for it to ally the concerns of members of the public about intrusion into their personal records,” says Bob Ainsworth, Home Office minister.
Among the government’s proposals is a so-called ‘double lock’ safeguard where access to certain information is only granted after prior approval by an independent judicial third party, such as the Communications Commissioner.
It also recommends restricting the information public authorities are granted access to and the reasons given that allow these bodies to see limited data in the first place. What’s more, only designated people within those public bodies will be granted access.
A large number of departments including the Department of Health, the Department of Trade and Industry and the Royal Mail Group have requested the power to demand stored information. Bodies that will be granted access will be announced at the end of the consultation process.
Regular checks by the Communications Commissioner will be put in place to ensure the system is not abused and a new criminal offence of unlawful access to data will be introduced to make sure no one takes advantage of their new powers.
On the issue of the period over which ISPs and telcos should retain data, the Home Office today agreed to a maximum period of 12 months for telco data down to four days for web activity logs.
But today’s draft consultation paper failed to provide any remedies for the cost concerns raised by ISPs. NTL for example, estimated it would cost around