Device user data retention laws to be introduced in UK

Out-Law News | 24 Nov 2014 | 2:35 pm | 2 min. read

Internet service providers will be required to retain information detailing the IP addresses of internet users under proposed new UK anti-terrorism laws.

The Counter-Terrorism and Security Bill is expected to be introduced before the UK parliament later this week.

IP or 'internet protocol' addresses are assigned to each device that connects to the internet and is used to ensure web traffic reaches the device of the user that requests the content.

Speaking on the BBC's The Andrew Marr Show on Sunday, home secretary Theresa May said that the new data retention plans would be just a part of the new powers that law enforcement bodies need to combat terrorism and other serious crimes.

"The terrorism legislation that we are going to be introducing will cover a number of issues because we have been looking at what further capabilities we need to deal with the increased threat that we now see," May said. "One of them is this issue of IP addresses identifying the users of certain access to the internet. This is in step but it doesn't go all the way to ensuring that we can identify all the people we need to."

"Even with these IP addresses being within the legislation, it will still be the case that the National Crime Agency, CEOP and others will still not be able to identify everybody who is accessing illegal content on the net," she said.

The new Counter-Terrorism and Security Bill proposals are also expected to outline provisions which, if introduced, would prohibit UK insurance companies from reimbursing others for the cost of terrorist ransoms, according to media reports.

"Our position is clear – ransom payments to terrorists are illegal under UK and international law," May said, according to the Guardian. "Agreeing to meet the demands of barbaric groups like Isil would only put many more lives at risk. These measures will ensure the UK remains at the forefront of global efforts to put an end to the practice."

The issue of data and surveillance has proved controversial in the past. The UK government was forced to step back from plans to introduce a new Communications Data Bill, despite support from law enforcement agencies, following a backlash by privacy campaigners.

However, the UK government managed to fast-track a new Data Retention and Investigatory Powers (DRIP) Act through parliament in July. The Act enables the UK home secretary to force public telecommunications operators to store 'communications data' if they consider the data retention is "necessary and proportionate" to help law enforcement agencies detect and prevent terrorism and other serious crimes or for serving other limited purposes specified under the existing Regulation of Investigatory Powers Act.

'Communications data' concerns the traffic data surrounding phone and internet communications, such as the source of a communication, its destination, date, time, duration and type. They do not relate to the content of communications, which is protected by other laws. Under the Act, telecoms companies could be asked to store the data for up to a year. The new rules enable the government to compel operators based outside of the UK, as well as those based within the country, to comply with data retention orders made in accordance with the new rules.

However, the DRIP Act is the subject of an ongoing legal challenge brought by civil rights campaigners Liberty on behalf of two MPs, David Davis and Tom Watson.