Skip to main content

Investigatory Powers Bill will not authorise third party data retention

Posted by malcolm on Thursday, October 6th, 2016 at 13:48

Last night the UK government introduced an amendment to the Investigatory Powers Bill currently going through Parliament, to make ensure that data retention orders cannot require access providers to collect and retain third party data. The Home Office had previously said that they didn't need powers to force ISPs to collect third party data (itself a concession relative to the previous government's position on the Draft Communications Data Bill), but until now refused to provide guarantees in law.

Collecting "third party data" refers to the prospect of requiring access providers to collect communications data relating to the use of an Internet-based service (as opposed to communications data relating to the connection to that service. This is most easily explained with an example.

 

Consider the example scenario where Alice, a BT Internet customer, logs on to Facebook and send a message to Bob. The fact that Alice has connected to Facebook, the time she did so and the IP address she had at the time, are all considered communications data that is part of an "Internet Connection Record". The IP Bill contains powers, for the first time, that can be used to force BT to collect and retain such records. The time of the message from Alice to Bob, and the identifying information that shows that Alice was the sender and Bob the recipient, are also communications data. The Bill, again for the first time, contains powers that could be used to force a service like Facebook to collect and retain that data: in Facebook's hands, such data is considered simply communications data. However, if the authorities were to ask BT, as the access provider, to scan data simply passing over its network so as to collect information relating to such a message on Facebook, such as the identity of Bob, then that is much more far reaching. In BT's hand's, Bob's indentity in this example is considered "third party data".

The effect of the government's new amendment, therefore, is that BT can be required to collect and retain data showing Alice has used Facebook, and Facebook can be required to retain data showing Alice has messaged Bob, but BT cannot be required to inspect Facebook traffic on its network so as to show that Alice was messaging Bob.

This will be a great relief to Internet access providers in the UK.

With over 750 members connecting from over 75 different countries worldwide, LINX members have access to direct routes from a large number of diverse international peering partners.

© London Internet Exchange, 2017 Registered office: London Internet Exchange Limited, 2nd Floor, Trinity Court, Trinity Street, Peterborough PE1 1DA United Kingdom . Registered in England, Number: 3137929
VAT Registration Number: GB 665 9580 82 Head office main telephone number Telephone: +44 (0)1733 207700 Fax: +44 (0)1733 207729

Web Design by Web Design by Bluestorm Design & Marketing

Leave Feedback

Cookies

This site uses cookies to store information on your computer. Some of these cookies are essential to make our site work and have already been set. By using our site you accept the terms of our Privacy Policy.

×