Spooks, snoopers, and the Communications Data Bill

Inside the Enterprise: Privacy bodies have raised their concerns about the proposed law. But the impact on business also needs further scrutiny.

Governments, in many ways, are in a no-win situation when it comes to security and privacy.

The growth of electronic communications has made it harder – and in some cases impossible – to track the actions of criminals and terrorists. The days of steaming open envelops or rudimentary taps on phone lines really do seem to belong in the era of John Buchan's 39 Steps, rather than in the world of email, Facebook and BBM.

Law makers and investigators argue that they need new powers, in order to stay ahead of a tide of electronic information. Privacy advocates, though, argue that governments tapping into that information poses a real risk to individuals' rights.

There are particular concerns about the Bill's first clause, which gives the Home Secretary power to order service providers retain any form of electronic communications data. A Parliamentary Joint Committee, which reviewed the Bill, has suggested that the clause should be narrowed, and more restrictions placed on which public sector bodies can demand to see communications data.

The new law meant storing everything that users did on line for 12 months on the off-chance that one of them might turn out to be a criminal.

But even if the scope of the Bill is narrowed, there are still real concerns about the potential costs of implementing the measures, and storing and producing communications data. If internet service providers and online services are forced to store more data for longer, and produce that data for government agencies, there will be costs. Those costs are likely to be passed on to their customers, both businesses and consumers.

"For business generally it would have meant that many more companies would need to set up storage facilities to warehouse vast amounts of data that are not currently being stored," notes Patrick Clark, a partner in the IT, Telecoms and Competition group at law firm Taylor Wessing.

"Operators, ISPs and social networks will be relieved that the CDB does not now look like it will be enacted in its current form," he adds. "The new law essentially meant that they could be required to store historical data of everything that users did on line for 12 months, essentially on the 'off-chance' that one of them might turn out to be a criminal."

Then there is the question of the exact scope of the bill. Access to emails or user logs on social networking sites is one thing; storing traffic from IM services or VoIP calls is quite another. Technology experts have also questioned whether, under the Bill, service providers might be forced to store – and then hand over – location-based information.