Further to Sophie’s post last week on the potential impact of the Counter Terrorism and Security Bill (‘CTSB’) proposed last month by the UK government, one of our research colleagues at the University of Southampton (Neil Brown) has made available a consolidated version of the Data Retention and Investigatory Powers Act (‘DRIPA’) 2014. The text – which can be downloaded here – incorporates the amendments that the current text of the CTSB would make if passed in its current form.
As a reminder, part 3 of CTSB as proposed would amend DRIPA by expanding the types of communications data generated or processed in the UK by public telecommunications operators in the process of supplying telecoms services that must be retained upon a notice being served on them by the Secretary of State. Clause 17 of CTSB is particularly noteworthy in providing that, in addition to the existing communications data requirement under DRIPA, operators would have to retain “relevant internet data”. This is defined as “data that relates to an internet access service or an internet communications service, and that may be used to identify, or assist in identifying, which internet protocol address, or other identifier, belongs to the sender or recipient of a communication”. Identifier, in turn, is defined as any “identifier used to facilitate the transmission of a communication“. In the explanatory statement to the Bill, the government explains that this requirement could cover the provision of port numbers or MAC (media access control) addresses of devices.
Where it gets trickier, as Sophie points out in her post, is whether this implies a requirement for public telcos to retain translation data-logs in respect of the provision of carrier grade NAT services. Furthermore – while the proposal currently specifically excludes the retention of certain application log data (e.g. web log data, such as URLs of websites visited) – the obvious question on everyone’s lips in the UK, and further afield, is whether this expansionary trend in relation to the mandatory retention of communications data by ISPs heralds the floodgates opening in a more dramatic way in the future.
With the issues raised in DRIPA to be revisited by the UK Parliament next year, alongside the more controversial draft Communications Bill, this topic is sure to be a burning topic of discussion in 2015. Watch this space!