Retaining communications content – a very British saga

The UK government has confirmed proposals to introduce more sweeping powers in order to record the content of our conversations over the Internet and emails. Internet service providers will be asked to keep records of all emails and messages on social networking sites as well as conversations over services such as Skype. Authorities will require a court order if they want to listen to or read content, but GCHQ, the government's eavesdropping centre will be allowed to monitor on demand every phone call, text, email and website accessed in real-time. Much of this has arisen from the recent riots which were fed by social media.

The devil, of course, is in the detail, and for me it's a case of deja vue!

13 years ago I was a member of the AEB's (Alliance for Electronic Business) negotiation team that lobbied hard to soften the impact on business of the Labour Government's Regulation of Investigatory Powers Act (RIPA). The Act, which is still in force stops the unlawful interception of communications data - the log information (not content) relating to sending and receiving electronic communications such as email and voice calls. Together with my colleagues from the CBI, Direct Marketing Association, Intellect and GS1, we argued that such far-reaching powers needed to have enough checks and balances to stop abuse. Interviewed on CBS, I was pitched against one of the White House security advisors who strenuously defended the position of Blunkett's Government. I could never work out the paradox of a left-wing government with a right-wing policy!

For all its faults, introducing RIPA was, in principle the right thing to do in order to safeguard our 'democratic freedoms', whatever this means these days - some politicians tend to use the term with nauseating frivolity!  The fast changing pace of technology required us to update our surveillance laws to help detect and deal with serious cyber crime and cyber terrorists, although people do forget that RIPA is not the only UK intrusive anti-privacy measure. But, interception and retention of communications data was in line with other countries' thinking, manifesting in such measures as the European Union's retention of communications regime.

But whether the checks and balances are good enough is another question. The system allowed newspapers to get away with phone hacking for many years and encouraged councils to waste the tax payers' money on silly monitoring such as checking times when dustbins were put out. Content retention is a far more intrusive measure than that of log data. It will be an outrageous move if council officials and other insignificant players can use the snooping powers meant to combat international cyber terrorism and e-crime. I thought the Coalition government had already put a stop to this.

What do the proposals mean for online business? Certainly service providers are fast becoming the new cyber police (see also the Digital Economy Act and the peer-to-peer file sharing issue) which, if taken too far, may break the confidential and trusted relationship enjoyed between supplier and consumer. How much would the new regime cost a service provider to retrieve the content from storage and what processes will be in place to hand information over to the authorities?

I'm also concerned that taking out a court order is always one-sided. For example, a summons or warrant is issued by an informant who lays information on oath. It is therefore essential that only nominated magistrates with the correct training to ask the right questions are allowed to issue court orders. How the proposed regime interacts with the current one will be interesting.

Of course, let's remember that we all want the right to be able to walk down the street without fear of crime or terrorism, and the authorities need the appropriate tools  to defend this right on our behalf. What the public can never know is how effective such anti-privacy laws are in keeping us safe...