Cybercops should resist seven-year itch

We told you the Regulation of Investigatory Powers (RIP)Act was a bad idea and now here's the proof. The Association of Chief Police Officers (ACPO) has...

We told you the Regulation of Investigatory Powers (RIP)Act was a bad idea and now here's the proof. The Association of Chief Police Officers (ACPO) has called on the Government to legislate for blanket storage of all digital communications for seven years.

ACPO's leaked document has civil liberties campaigners hopping mad, and represents yet another blow for those who thought the Data Protection Commission would be a guardian of our digital privacy.

Yet again the business issues are enormous. The report reveals that organised crime is so sophisticated that it uses mainstream business methods. So corporate IT users must now have their business-critical data stored - possibly by a PFI-funded outsourcing company - to satisfy law enforcement.

In the run-up to the RIP legislation there was much public debate among the law enforcement agencies in the G8 countries about the problems of 90-day "freeze and store" orders.

Internet service providers didn't like them and neither did the cybercops: they were costly, disruptive and opened the prosecution case to question, because of the selective nature of the tapping order.

The UK's law enforcement agencies want to get around this problem with the blanket storage of all data. That is, your business data: every phone call a sales person makes; every e-mail message an employee sends; every audit trail a Web-site user leaves. And not only yours. All communications terminating in the UK are to be given the seven-year storage treatment.

Yet the same report reveals that digital crime is, in fact, minuscule. The main use of crimebusting data at present is to pinpoint suspects' mobile phone use and establish evidence of criminal networks.

One telling figure in the report is the 36% by which police requests for cybertapping dropped once telcos introduced a nominal charge for data access. The cybersleuths moved to a more "intelligence-led" approach - which only makes us ask what they were doing before.

It is not ultimately a question of cost, but of confidence. To be really fair to defendants, the stored data should be trawlable by them as well as prosecution. And the idea is that defence lawyers will have the right to look at stored data.

It will be your stored data. And whether the court case involves individual or business crime, your customers' and business partners' confidence in your ability to protect their data must be called into question.

The cybersleuths' seven-year data storage itch is not the main problem. It is probably the most cost-effective technical solution to the requirements of the RIP Act.

The problem lies with the RIP Act itself. It will damage the UK as an e-business destination and undemine confidence in confidential data. It should be scrapped.

Read more on Microsoft Windows software