UK campaigners claim the Government has reacted to the terrorist
attacks of last September with an unprecedented attack on civil
liberties.
Soon after the attacks, the Government sent a request under the
Data Protection Act to all UK-based Internet service providers and
telecommunications companies asking them to retain all
communications traffic data for a month.
The request was extended in part through the Anti-terrorism, Crime
and Security Act passed last December, which the Government has
sought several times to make permanent and compulsory.
These requests, which are not legally binding, sought to track the
path and locations of data traffic. However, the Regulation of
Investigatory Powers Act (RIPA), which was passed in July 2000,
could be used to look deeper into the content of communications
traffic data.
RIPA, which is still in the process of being implemented, requires
ISPs in the UK to track all data traffic passing through their
computers and to route it to the Government Technical Assistance
Centre at MI5.
Under the provisions of RIPA, the Home Secretary can demand
encryption keys to any and all data communications, with a prison
sentence of two years for those who do not comply with the order.
The European Union is now considering proposals that include the
retention of all communication information for a year.
The US government would not get away with similar proposals, said
Ian Brown, spokesman for the Foundation for Information Policy
Research in London.
"In the US, all they can do is gain access to the information that
ISPs keep for a few weeks for doing their billing. The government
can't tell them to keep all that information. They wouldn't get
away with it if they tried - there would be outrage. But here it
was just pushed through."
However, the actions of UK politicians have provoked a reaction
from the public and some IT and telecoms professionals.
Public outcry last June forced the Government to back down on
proposed legislation that would extend the powers of RIPA by giving
access to confidential online information to seven Whitehall
departments, every local authority in the country and all of the
NHS agencies in Scotland and Northern Ireland.
That idea has not been dropped, but the Government has backed off
for now.
The Government insists the events of 11 September were not the
reason for the new legislation. "RIPA is about access to data, not
about data retention, and wasn't in any way, shape or form in
reaction to 11 September," a Home Office spokeswoman said.
"Not all parts of RIPA have been enacted yet and the consultation
about extending access to additional government departments will be
brought before Parliament again, though at this point we have no
idea when that may be," she added.
"They've pulled back, but it's only temporary," said Roger Bingham,
spokesman for civil rights group Liberty.
The retention of data by UK ISPs is still done on a voluntary basis
and the Government has promised not to consider legislation to make
it compulsory until there has been a "lengthy consultation period
with industry", according to the Home Office.