CHAPTER 9: LAW ENFORCEMENT
addresses for the purposes of resolution, but the view was expressed that destination
IP addresses are less intrusive than web logs and that service providers which do not
require even destination IP addresses for the purpose of resolution should not be
obliged to keep them.
9.59.
9.60.
9.61.
Others emphasised the point that the compulsory retention of web browsing history
could have advantages for law enforcement. As well as assisting in the resolution of
IP addresses, it could:
(a)
identify communications sites that have been used by a particular device,
thus enabling further enquiries to be carried out to establish details of their
communications through those sites; and
(b)
more broadly still, identify sites visited which might be suggestive or
corroborative of criminality: for example, sites associated with terrorism,
paedophilia or the sale of counterfeit goods.37
But it is widely accepted within the law enforcement community that:
(a)
the compulsory retention of web logs would be potentially intrusive;
(b)
the political environment (not to mention the legal environment: Digital Rights
Ireland) may not be conducive to the imposition of such an extensive obligation;
and that
(c)
there would be expense and complexity involved in making these changes (not
least in terms of training staff within law enforcement), that would only be
justified if any new power were to be extensively used.
In short, it was not submitted to me, as it was in 2012 to the JCDCDB, that “access to
weblogs is essential for a wide range of investigations”.38 IP resolution is seen as
vital, both from IP addresses to individuals and vice versa; and it was clear from my
conversations with the most senior officers that law enforcement does want a record
to exist of an individual’s interaction with the internet to which it can obtain access.
Ultimately it would argue for the retention of web logs, subject to safeguards to be
determined by Parliament, if this was identified as the best way to meet its operational
needs. But it would expect all avenues to be explored before reaching a final view on
the best solution.
Third-party data retention
9.62.
37
38
The draft Communications Data Bill in 2012 provided for UK CSPs to be required to
retain and disclose third-party data, i.e. communications being sent over the network
of a UK CSP, where the third party would not comply with the requirement to disclose
the data. This was in the expectation that some overseas service providers would not
cooperate with requests from UK authorities and that therefore a back-up capability
The MPS also told me, in April 2015, that web logs “may assist in discovering on line bookings for
travel (assist surveillance), interest in property purchase (asset recovery) or financial dealings
(evidence of principal offence or criminal asset recovery)”: a very broad range of sites indeed.
JCDCDB Report, para 85.
179