Small ISPs 'probably' won't receive data retention order following IP Bill

Unless they do...


The government “probably won’t” force internet service providers with no history of working with the intelligence services into retaining internet records following wide-ranging new powers passed in the Investigatory Powers Bill, the Home Office has said.

Last week the Investigatory Powers Bill - dubbed the Snoopers Charter - passed, which will require internet providers to record the websites and apps to which their customers connect. It is due to become law by the end of 2016.

It has been widely criticised by technology companies across the board, including Apple and Google.

Speaking at the Internet Service Providers Association conference, Chris Mills, former IP Bill manager at the Home Office, said: "The important thing is if we are not already talking to you about internet connection records, we probably won’t be."

He claimed the IP Bill was mostly about updating existing legislation and putting it in one place and wasn’t about changing the requirements for industry.

“The one new one power of the bill requires the retention of internet records, but that is about filling a capability gap law enforces have identified.”

He said: "It will not affect every ISP, far from it."

But Chris Beeson, who also worked on the IP Bill at the Home Office, admitted that ISPs not already working with the spooks shouldn’t rule out being approached in the future.

“If we are not in conversation with you already… it is possible law enforcement will put a case [forward],” he said. “[That] does not mean someone will turn up on your doorstep with a retention notice,” adding there will be a "period of negotiation with the Home Office" asking what the ISP will need to do to change its network.

“We will do that in a collaborative way,” he said. He added that there were no "numerical criteria" for deciding whether intelligence could be gained from a particular network, adding that if the police and intelligence services deemed there was, then a judge would decide if the "gains are proportionate" and would then consider serving a notice.

Mills noted that the government provides for "cost recovery" for providers which have to change their networks to comply with the new powers. “So it is not in our interest to ask you to do unreasonable things as we will have to pay for them,” he said - adding that the process would have to be signed off by a judge.

However, ISPs have pointed out that the current wording of the bill does not explicitly state that all costs would be recovered - instead it mentions “appropriate costs” which could be open to interpretation. For a small provider, that would not necessarily include the man hours spent having to update its network.

The science and technology committee has discussed the potential £2bn annual cost of data harvesting on the tech industry.

Asked what duty the provider has to inform their customers of the data retention, Mills said: “There is no obligation to inform customers, in fact it would be unlawful to do so.” He said such a disclosure would incentivise targets to move providers.

Beeson said providers could make a case as to the necessity and proportionality of data retention after collection – which would allow collateral data to be deleted.

"The request would then delete all that stuff, so we don’t end up with all the outlying data being retained.” ®

Similar topics


Other stories you might like

  • Chip shortage forces temporary Raspberry Pi 4 price rise for the first time

    Don't worry, only the 2GB model is affected: Increasing by ten bucks to $45

    The price of a 2GB Raspberry Pi 4 single-board computer is going up $10, and its supply is expected to be capped at seven million devices this year due to the ongoing global chip shortage.

    Demand for components is outstripping manufacturing capacity at the moment; pre-pandemic, assembly lines were being red-lined as cloud giants and others snapped up parts fresh out of the fabs, and the COVID-19 coronavirus outbreak really threw a spanner in the works, so to speak, exacerbating the situation.

    Everything from cars to smartphones have felt the effects of supply constraints, and Raspberry Pis, too, it appears. Stock is especially tight for the Raspberry Pi Zero and the 2GB Raspberry Pi 4 models, we're told. As the semiconductor crunch shows no signs of letting up, the Raspberry Pi project is going to bump up the price for one particular model.

    Continue reading
  • Uncle Sam to clip wings of Pegasus-like spyware – sorry, 'intrusion software' – with proposed export controls

    Surveillance tech faces trade limits as America syncs policy with treaty obligations

    More than six years after proposing export restrictions on "intrusion software," the US Commerce Department's Bureau of Industry and Security (BIS) has formulated a rule that it believes balances the latitude required to investigate cyber threats with the need to limit dangerous code.

    The BIS on Wednesday announced an interim final rule that defines when an export license will be required to distribute what is basically commercial spyware, in order to align US policy with the 1996 Wassenaar Arrangement, an international arms control regime.

    The rule [PDF] – which spans 65 pages – aims to prevent the distribution of surveillance tools, like NSO Group's Pegasus, to countries subject to arms controls, like China and Russia, while allowing legitimate security research and transactions to continue. Made available for public comment over the next 45 days, the rule is scheduled to be finalized in 90 days.

    Continue reading
  • Global IT spending to hit $4.5 trillion in 2022, says Gartner

    The future's bright, and expensive

    Corporate technology soothsayer Gartner is forecasting worldwide IT spending will hit $4.5tr in 2022, up 5.5 per cent from 2021.

    The strongest growth is set to come from enterprise software, which the analyst firm expects to increase by 11.5 per cent in 2022 to reach a global spending level of £670bn. Growth has fallen slightly, though. In 2021 it was 13.6 per cent for this market segment. The increase was driven by infrastructure software spending, which outpaced application software spending.

    The largest chunk of IT spending is set to remain communication services, which will reach £1.48tr next year, after modest growth of 2.1 per cent. The next largest category is IT services, which is set to grow by 8.9 per cent to reach $1.29tr over the next year, according to the analysts.

    Continue reading

Biting the hand that feeds IT © 1998–2021