October 16, 2008

Government defends plans for database of emails and phone calls

But says content of messages and calls will not be stored

By Jeremy Kirk

---

Home secretary Jacqui Smith has confirmed plans for a database of emails and phone calls, but said the government will first wait until it launches a consultation next year.

The government plans to track the communication made, but not its content, Smith said, in a concession to serious concerns that have been voiced over the plans.

Critics contend that allowing the government to create a "super database" that logs e-mails, phone calls and web site visits raises privacy concerns as well as potential security problems over how the data would be stored.

"It's a sensitive issue, and there needs to be a proper public debate," a Home Office spokesman responded. Smith said on Wednesday the legislation was needed because of the difficulty collecting evidence against terrorists.

"These are not like other criminal investigations," Smith said during a speech at the Institute for Public Policy Research. Law enforcement "put a very high premium on pre-emptive intelligence because we are trying to stop a criminal act and not investigate one which has already taken place".

Smith denied the government seeks a super database containing the content of calls and emails, saying that instead it wanted to track habits. "There are no plans for an enormous database which will contain the content of your e-mails, the texts that you send or the chats you have on the phone or online."

Collecting data such as the location and identity of someone making a phone call "is vital to fighting terrorism and combating serious crime," she said. The government also wants to be able to track the use of social networking and online gaming sites.

The government has not made a draft of the Communications Data Bill publicly available. However, it is modelled in part on European Union Directive 2006/24/EC, which requires that communication providers retain a vast array of data including IP (Internet Protocol) address, physical address and user ID used for communications such as e-mail.

The actual content of the communication should not be retained, but data around how it was sent and when should be retained for at least six months and up to two years, the directive says.

The directive was propelled in part by the July 2005 terrorist attacks in London. EU countries were required to comply in part with the directive by September 2007, but can delay the Internet access and e-mail monitoring until March 2009.

The Open Rights Group, a nongovernmental group that monitors Internet-related privacy and legal issues, said it supported the government's decision for a consultation.

"Creating this database would drastically alter the relationship between the citizen and the state, handing national security and law enforcement agencies immense power to invade the private lives of ordinary people," wrote Becky Hogge, the group's executive director.

At least one senior Microsoft executive doubts how helpful collecting Internet communications would be for law enforcement. Hackers have a variety of techniques that could undermine a user's PC and make it appear a victim is involved in a scheme when they're not.

E-mails can be spoofed and computers can be infected with malicious software, wrote Jerry Fishenden, Microsoft's UK National Technology Officer.

For example, a Web feature called "pre-fetch" lets one Web site command a person's browser to pull up another Web site in the background, a feature that speeds browsing.

But pre-fetch works without the knowledge of a user, Fishenden wrote. A blog entry could trigger a bomb-making Web site to be called up in the background, which would then be logged by the ISP (Internet Service Provider).

"Legitimately you would know nothing about it, but try telling that to someone knocking on your door at four o'clock in the morning waving a printout from the ISP showing you regularly frequent 'known terrorist Web sites'," Fishenden wrote.

Newsletters

Sign up to our Weekly Round-Up for the past week’s not-to-be-missed news analysis and insight delivered straight to your inbox.