DATA RETENTION URGED AS ‘MAINSTREAM,’ NOT ANTITERRORISM, LAW
Citing the tension between retaining Internet and telephone data for national security vs. other purposes, a U.K. select panel of advisers has urged the govt. to rethink part of its antiterrorism legislation. In a report issued Dec. 18, the Privy Counsellor Review Committee -- whose mandate is to review the Anti-Terrorism, Crime & Security Act 2001 (ATCS) -- said the communications data retention portion of the law should be replaced with a “mainstream” regime that limited retention to no more than one year. Access to the data, moreover, must “be subject to strict regulation, and that regulation must be properly enforced,” said the all- party committee appointed in April by Home Secretary David Blunkett.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The ATCS was passed in the aftermath of the 9/11 attacks. Part 11 sets up a legal framework to allow communications services providers (CSPs) to hold onto Internet and telephony data (which includes such things as subscriber information but not the content of e-mails and calls) for national security purposes beyond the time they normally would keep it for business uses. The act calls for CSPs to craft a voluntary code of practice, but allows the govt. to make data retention mandatory if CSPs fail to act.
But the review committee said Part 11 “does not provide a sound legislative basis for the retention of communications data because, no matter whether the retention requirements are implemented by a voluntary code or by mandatory order, the legality of access to that data for purposes unrelated to national security will remain contentious.” Retaining communications data for national security purposes is too important to be undermined by demands for access to the information for lesser reasons, the report said.
The panel acknowledged that a maximum retention period “is difficult to judge” and that, no matter what was chosen, there always would be cases that fell outside it. However, it said, limiting retention to one year would “strike a balance” by: (1) Satisfying justifiable needs for communications data to fight terrorism. (2) Being in line with Home Office proposals that varied between one year for subscriber data and 4 days for Web activity logs. (3) Limiting the curtailment of people’s privacy rights.
On the issue of who should have access to communications data, privy counselors said the current regime -- with responsibility split between an Interception (for access) and Information (for retention) Commissioner -- should be revamped to give the Information Commissioner unified oversight. Under the Regulation of Investigatory Powers Act (RIPA) public authorities may access communications data to fight crime or for other defined public purposes, but the extent of access must be proportionate to what it seeks to achieve. RIPA is a “step in the right direction where it applies,” the review panel said, “but a coherent legislative framework governing both retention of, and access to, communications data seems to be the only way of providing a comprehensive solution to this issue.”