UK considers law to force ISPs to retain and surrender user records

The UK is considering enacting a law to force internet service providers (ISPs) to retain user records and hand them to security agencies if needed

The UK government is considering enacting a law to force internet service providers (ISPs) to retain user records and hand them over to the police or security services if required.

The proposed Anti-Terrorism and Security Bill requires ISPs to retain information linking internet protocol (IP) addresses to individual users.

This will enable law enforcement officers to know who was using a computing device or mobile phone at any given time.

The Home Office says the proposed measures will improve national security by enabling police and security services to identify terror suspects, child sex offenders, hackers and cyber bullies.

Supporters of the bill argue it will enable authorities to identify vulnerable people such as children using social media to discuss suicide.

Communication Data Bill resurrected

But opponents of the bill see it as an attempt by home secretary Theresa May to revive the Communications Data Bill critics dubbed “the snooper’s charter".

The Communication Data Bill sought to force service providers to keep data about online conversations, social media activities and mobile calls, but government scrapped it after the Liberal Democrats said they would oppose it.  

The joint parliamentary committee that strongly criticised the “snooper’s charter” recommended linking subscribers’ data to IP addresses to enable more targeted surveillance.

The Liberal Democrats have welcomed the new proposals, but ruled out agreeing to the "much wider and disproportionate proposals" previously mooted, reports the BBC.

"There is absolutely no chance of that illiberal bill coming back under the coalition government - it's dead and buried,” a spokesman for the Liberal Democrats said.

The Labour Party said giving police powers to access IP addresses should be accompanied by "appropriate oversight, providing sufficient checks and balances".

Industry figures say law will not work

James Massey, chairman of the Internet Service Providers Association, said the plans could cost the industry "tens if not hundreds of millions" but are unlikely to catch paedophiles or terrorists.

He said the plans may catch people who post annoying or distasteful things on social media, but not those who know how to hide their online activities.

Technical experts said the proposals will not work because of the ability to mask IP addresses and route traffic through alternate networks around the world.

Another flaw in the plan is that individual devices do not have their own IP addresses, but are assigned one each time they go online. The same addresses may be used by different devices at different times.

Massey said the home secretary should have consulted the ISPs when formulating the proposals, which are expected to be put before parliament on 26 November 2014.

The proposed bill comes just four months after the Data Retention and Investigatory Powers legislation, known as the Drip bill, was rushed through parliament.

The legislation requires domestic and foreign internet and phone companies to store all communications data relating to UK citizens.

The bill was fast-tracked after the prime minister struck a deal with Labour and the Liberal Democrats to support the process in exchange for a list of safeguards and undertakings.

Read more on Privacy and data protection