CHAPTER 9: LAW ENFORCEMENT
or eye witness evidence, data retention is often the only way to start a criminal
investigation. Generally, data retention appears to play a central role in criminal
investigation even if it is not always possible to isolate and quantify the impact
of a particular form of evidence in a given case.”26
Even the CJEU, which invalidated the EU Data Retention Directive in April 2014,
described data retained under the Directive as “a valuable tool for criminal
investigations”. The court which rendered the Dutch data retention law inoperable in
March 2015 added that “the detection of certain types of crimes rely almost exclusively
on the use of historical telecommunications data”.27
IP resolution
9.48.
In CTSA 2015 Part 3, Parliament extended the scope of compulsory data retention by
service providers to include the data that are needed to link an IP address with the
device that was using that address at a particular time. The issue was explained as
follows in the Explanatory Notes to the Bill:
“[IP] address resolution is the ability to identify who in the real world was using an
IP address at a given point in time. An IP address is automatically allocated by a
network provider to a customer’s internet connection, so that communications can
be routed backwards and forwards to the customer. [CSPs] may share IP
addresses between multiple users. The providers generally have no business
purpose for keeping a log of who used each address at a specific point in time.”28
9.49.
There was unanimous support from law enforcement for this change. The data that
must now be retained are communications data that relate to an internet access
service (e.g. home broadband, mobile internet or public WiFi) or an internet
communications service (e.g. internet telephony, internet email, instant messaging),
and that:
“may be used to identify, or assist in identifying, which [IP] address, or other
identifier, belongs to the sender or recipient of a communication (whether or
not a person)”.29
There is however an exception, which was explained as follows in the Explanatory
Notes:
“Subsection (3)(c) specifically prevents a telecommunications operator
providing an internet access service from retaining under this legislation data
26
27
28
29
European Commission, “Frequently asked questions: the Data Retention Directive”, (April 2014).
See 5.62 and 5.67, above.
Counter-Terrorism and Security Bill, Explanatory Notes, November 2014, para 121.
CTSA 2015 s21(3)(b). In the words of the Explanatory Notes of 8 January 2015: “Such data could
include data required to identify the sender or recipient of a communication (which could be a person
or a device), the time or duration of a communication, the type, method or pattern of a communication
(e.g. the protocol used to send an email), the telecommunications system used or the location of such
a telecommunications system that the person was communicating from. An IP address can often be
shared by hundreds of people at once – in order to resolve an IP address to an individual other data
(“other identifier” in this clause) would be required. Data necessary for the resolution of IP addresses
could include port numbers or MAC (media access control) addresses.”
176