In-depth

Spooks, snoopers, and the Communications Data Bill

Inside the Enterprise: Privacy bodies have raised their concerns about the proposed law. But the impact on business also needs further scrutiny.

Governments, in many ways, are in a no-win situation when it comes to security and privacy.

The growth of electronic communications has made it harder and in some cases impossible to track the actions of criminals and terrorists. The days of steaming open envelops or rudimentary taps on phone lines really do seem to belong in the era of John Buchan's 39 Steps, rather than in the world of email, Facebook and BBM.

Law makers and investigators argue that they need new powers, in order to stay ahead of a tide of electronic information. Privacy advocates, though, argue that governments tapping into that information poses a real risk to individuals' rights.

There are particular concerns about the Bill's first clause, which gives the Home Secretary power to order service providers retain any form of electronic communications data. A Parliamentary Joint Committee, which reviewed the Bill, has suggested that the clause should be narrowed, and more restrictions placed on which public sector bodies can demand to see communications data.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The new law meant storing everything that users did on line for 12 months on the off-chance that one of them might turn out to be a criminal.

But even if the scope of the Bill is narrowed, there are still real concerns about the potential costs of implementing the measures, and storing and producing communications data. If internet service providers and online services are forced to store more data for longer, and produce that data for government agencies, there will be costs. Those costs are likely to be passed on to their customers, both businesses and consumers.

"For business generally it would have meant that many more companies would need to set up storage facilities to warehouse vast amounts of data that are not currently being stored," notes Patrick Clark, a partner in the IT, Telecoms and Competition group at law firm Taylor Wessing.

"Operators, ISPs and social networks will be relieved that the CDB does not now look like it will be enacted in its current form," he adds. "The new law essentially meant that they could be required to store historical data of everything that users did on line for 12 months, essentially on the 'off-chance' that one of them might turn out to be a criminal."

Then there is the question of the exact scope of the bill. Access to emails or user logs on social networking sites is one thing; storing traffic from IM services or VoIP calls is quite another. Technology experts have also questioned whether, under the Bill, service providers might be forced to store and then hand over location-based information.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020