CHAPTER 9: LAW ENFORCEMENT
was needed. The Home Office gave an oral commitment to UK CSPs that “the Home
Secretary will invoke the third party provisions only after the original data holder has
been approached and all other avenues have been exhausted”.39
9.63.
UK CSPs were described by the JCDCDB as “rightly very nervous about these
provisions”,40 and remain sceptical. The Government made a commitment that UK
CSPs would not be required to store or decrypt any encrypted communications. But
the routine encryption of communications has increased significantly since 2012:
though it is still not universal, sophisticated encryption is used by a growing number
of drug traffickers, fraudsters and child sex offenders. Given doubts as to whether
valuable communications data could be retrieved from encrypted services,41 the utility
of this proposal needs to be re-assessed for a post-Snowden world, particularly in
view of its high anticipated cost.42
9.64.
Law enforcement bodies generally support the views of the UK CSPs in looking
primarily for fuller cooperation from overseas service providers as a solution to the
problem of combating criminals who use their services, whilst understanding that this
will not always be possible and that the Government needs to stay alert to other
possibilities. Law enforcement is also conscious that the proposal of third party data
retention was a particularly expensive one, and that its utility will be peculiarly
susceptible to technological developments. It may therefore be that this aspect of the
Communications Data Bill is no longer judged to be the priority that it once was, even
within the law enforcement community. I would note, finally, that once again the
compulsory retention of such data is excluded in the new Australian data retention
law.43
Request Filter
9.65.
The 2012 Bill made provision for a “request filter”, which would in effect allow a
complex search of all companies’ retained data to be made following a single request.
This, it was said, would speed up investigations, minimise collateral intrusion and
reduce error. It would also have made a devolved system in which the service
providers each retain their own subscribers’ data into something closer to the central
database that was originally envisaged in 2008,44 though the security advantages of
locating the data in different places would still have been maintained.
9.66.
A typical scenario for the use of a request filter would be where an investigator needed
to establish a connection between people and events, which currently would involve
asking service providers separately for the data on many individuals to establish who
39
40
41
42
43
44
Ibid., para 109.
Ibid.
Ibid., para 93.
Total anticipated economic costs of the Communications Data Bill over the 10 years from 2011/12
were estimated by the Government as £1.8 billion: the JCDCDB Report agreed with Microsoft that this
cost was likely to “have multiplied grotesquely” (para 258).
Service providers are not required to keep “information or documents about communications that pass
‘over the top’ of the underlying service they provide, and that are being carried by means of other
services operated by other service providers”: note to Telecommunications (Intercept and Access)
Amendment (Data Retention) Act 2015, s187A(4)(c).
The then Government planned to require communications data to be stored for a year in a single
purpose-built database: see JCDCDB Report, para 5.
180