Snooping code breaks law

Industry puts pressure on Whitehall to untangle policy and support business

Industry puts pressure on Whitehall to untangle policy and support business

Telecoms firms and Internet service providers could be in breach of the UK's data protection laws if they comply with the Government's planned anti-terrorist laws, the information commissioner has warned.

The Anti-Terrorism Bill being rushed through Parliament will require communication companies to make records of their customers' e-mails, phone calls and Internet browsing habits available to the police and law enforcement agencies.

Although the Home Office plans to enforce the new regulations through a code of conduct, organisations following the code will still be at risk of enforcement action under the 1998 Data Protection Act, said information commissioner Elizabeth France. "Continued retention of communications data by a communications provider is likely to contravene the 1998 Act's requirements," she said.

ISPs are alarmed at the discrepancy between messages from the Home Office, which drafted the Bill, and the Office of the Information Commissioner.

"It's simply untenable that you have two arms of government giving conflicting advice," said Roland Perry, chief executive of the London Internet Exchange. "It is not something that should be left to a test case in two years' time when an ISP is hauled up for breaking one law by complying with another."

France said she was particularly concerned that the proposals would breach the privacy requirements of the European Convention on Human Rights.

Claims by the law enforcement agencies that data retention will assist with criminal investigations have left key questions unanswered, she said. The fact that they have not made it clear how long data needs to be retained or what types of data are important "presents real difficulties".

Telecoms firms and ISPs have raised concerns about the extra costs of storing and retrieving data, and providing access to that data to members of the public who wish to exercise their right to inspect it under the terms of the Data Protection Act.

According to experts, the legislation, once passed, could be used to require any organisation with its own telephone or data networks to retain data for law enforcement agencies.

Read more on IT legislation and regulation