CHAPTER 9: LAW ENFORCEMENT
course reveal, as critics of the proposal point out, that a user has visited a pornography
site, or a site for sufferers of a particular medical condition, though the Home Office
tell me that it is in practice very difficult to piece together a browsing history, see further
14.23-14.38 below.
9.55.
I am not aware of other European or Commonwealth countries in which service
providers are compelled to retain their customers’ web logs for inspection by law
enforcement. I was told by law enforcement both in Canada and in the US that there
would be constitutional difficulties in such a proposal. The new Australian data
retention law is drafted in such a way as to ensure that “service providers cannot be
required to keep information about a subscriber’s web browsing history”.33
9.56.
The Communications Data Bill proposed the compulsory retention of web logs, but
foundered on disagreements within the coalition Government on whether such a
provision would intrude too far into privacy, particularly in view of the possible risk that
web log data “may be hacked into or may fall inadvertently into the wrong hands”.34
The JCDCDB expressed no view on the policy issue, concluding that it was for
Parliament to decide where to strike the balance, and urging the Home Office also to
consider:
“whether it would be technically and operationally feasible, and cost effective,
to require CSPs to keep web logs only on certain types of web services where
those services enable communications between individuals”.35
9.57.
In the meantime, and pending reconsideration of the law which is set to expire at the
end of 2016, the retention of web logs has been expressly prohibited by CTSA 2015.36
9.58.
The law enforcement bodies which spoke to me required the ability to resolve IP
addresses, but some were unwilling to be prescriptive about how this could best be
achieved. It was recognised that some service providers may require destination IP
33
34
35
36
Acquisition Code. However there are arbitrary elements to that definition – for example sport.bbc.co.uk
(no ‘www.’) takes you to the same place as www.bbc.co.uk/sport.
Destination IP address: All devices connected to the internet have an IP address. In terms of a technical
hierarchy, these sit below the url address, allowing the url to function, and are also used for more than
just web surfing. A log of IP addresses can tell you what websites and individual has viewed but some
services (e.g. Google) are hosted on multiple IP addresses while some IP addresses may host more
than one website. A log of IP addresses can also tell what communication apps/services an individual
has accessed e.g. Whatsapp or Facebook Messenger. Apps and services do not generally have url
addresses.
DNS server logs: A DNS (domain name system) translates a domain within a url addresses (typed by
average web browsers) into the IP addresses used by a computer to make the connection.
http ‘GET’ messages: These are machine-to-machine messages that facilitate the transfer of information
when viewing web pages
IP service use data (summarised service use/category information, frequently derived from network
management systems) CSPs can profile customers’ web history using network management systems,
for example by comparing a customer’s browsing history against pre-set parameters to define the types
of services they have been accessing.
Telecommunications (Intercept and Access) Amendment (Data Retention) Act 2015, s187A(4)(b),
excludes from the retention obligation information obtained by the service provider as a result of
providing the service “that states an address to which a communication was sent on the internet, from
a telecommunications device, using an internet access service provided by the service provider”.
JCDCDB Report, para 86.
Ibid., para 88.
CTSA 2015 s21(3)(c).
178