The Data Retention (EC)
Regulations were approved by the House of Lords on Tuesday and
signed into law by Home Secretary Jacqui Smith on Wednesday. The
Regulations transpose into UK law most of the European Union's Data
Retention Directive.
The new law is intended to ensure that security services have a
reliable log of mobile and fixed-line phone calls to be used in
investigations, and relates not to the content of calls but only to
records of their occurrence.
Though all telecoms firms keep data for a period, the
Regulations are designed to ensure a uniform approach across the
industry.
"Communications data, such as mobile phone billing data, have a
proven track record in supporting law enforcement and intelligence
agency investigations and are a vital investigative tool," said
Lord Bassam of Brighton, who proposed the adoption of the
Regulations this week in the House of Lords. "They provide evidence
of associations between individuals and can place them in a
particular location. They also provide evidence of innocence."
"Without this data, the ability of the police and the Security
Service painstakingly to investigate the associations between those
involved in terrorist attacks and those who may have directed or
financed their activity would be limited," said Bassam. "The police
and the Security Service’s ability to investigate terrorist plots
and serious crime must not be allowed to depend on the business
practice that happens to be employed by the public communications
provider that a particular suspect, victim or witness used. These
draft regulations will ensure that, regardless of which public
communication provider supplies the service, the communications
data will be available."
The Regulations will come into force on 1st October, two weeks
after the deadline set by the EU, but they will not apply to
internet traffic data.
The Home Office conducted a consultation on the Regulations with
the public and industry and said that the telecoms industry told it
that the collection of internet data was too complicated to be
include in the current rules.
In fact the Internet Service Providers' Association (ISPA) told
the Home Office that it believed the current Regulations could
never be used for ordering the retention of internet data.
"Many respondents felt that the complexity surrounding the
internet make the draft Regulations an inappropriate framework for
implementation of the internet aspects as this would present
particular technical and resourcing issues," said a Government
response to the public consultation. "The Internet Service Provider
Association (ISPA) commented that 'the draft regulations as they
stand would not enable implementation of the internet aspects of
the Directive'."
"The respondents cited specific examples such as the increased
difficulties in replicating the 'end to end' picture of
communications data, the difference in the cost profile for storage
and retrieval of Internet communications and the need for a strong
business case, if the retention period for IP data is set at 12
months."
The Directive allows member states to extend the rules to
internet data at a later date, provided these rules are in force by
15th March 2009.
