The All Party Internet Group (APIG), currently comprising over 50 Members of Parliament and the House of Lords, launched a public enquiry in November 2002 into the powers contained in the Regulation of Investigatory Powers Act (RIPA), the Anti-Terrorism, Crime & Security Act 2001 (ATCS), and their subsequent effect on ISPs and communication service providers.
The legislation can require ISPs and telcos to preserve their customers' communications traffic data for extended periods, and gives law enforcement agencies broad powers to access such data for the purpose of crime investigations and national security.
Communications traffic data include information such as web site logs, e-mail addresses and dialled phone numbers, but not the actual contents of communications.
In its report published yesterday, the APIG rejects the data retention scheme proposed in the ATCS, claiming that the Government has underestimated its costs, and that there are no incentives for the industry to support it.
"We believe," the group commented, "that it will be very hard to disburse money to the industry without significant market distortion and the creation of financial barriers to market entry."
The group also claims that it would not be practical to retain all communications data "on the off chance that it will be useful one day," and fears that the financial pressures would drive some data processing systems abroad to escape regulation.
The report goes further to suggest that "there is significant doubt that the whole scheme is lawful", and recommends "very strongly" that the Home Office immediately drops its plans on voluntary or mandatory data retention schemes.
The APIG recommends that "data preservation" would be a better option. This is, according to the group, the term for obeying a request for law enforcement to keep certain communications data beyond the time when they would normally be destroyed or anonymised.
This would mean that ISPs and telcos would be only required to store data on individuals that police are currently investigating, and that law enforcement would have to request such data in advance.
The group argues that, although data preservation would still impose a cost on the industry, this would be "considerably less than a blanket data retention requirement."
Finally, the APIG recommends that the Government "urgently enter into Europe-wide discussions to dismantle data retention regimes and to ensure that data preservation becomes EU policy."
As regards RIPA, the report points out that the definitions of different types of communications data are extremely complex, and calls upon the Government to clarify the law's wording. No conclusion is reached on which authorities should be given access to communications data.
The ISPA, the trade association of UK ISPs, welcomed the report, saying that "it has addressed the necessity and proportionality of data retention."
The Home Office, on the other hand, said that it has not yet interpreted the report, but there is not likely to be any change in the law, according to a report by news agency Reuters.
The APIG report is available as a 42-page pdf at:
www.apig.org.uk/APIGreport.pdf