CHAPTER 9: LAW ENFORCEMENT
was involved in common. With an effective request filter, it would be necessary only
to formulate a single, less intrusive search criterion (e.g., “Find the devices that were
in cell site area 1 on one date and in cell site area 2 on a different date”).45 Only the
data of those meeting the complex search criteria would be provided to the
investigator.
CD Bill in general
9.67.
In relation to the unenacted parts of the Communications Data Bill more generally, I
am conscious that:
(a)
There has (because of the political impasse) been very little consultation
between Government, law enforcement and service providers for more than
two years.46
(b)
In particular, the CSPs have not been shown the text of the revised draft Bill
that was prepared in early 2013; the NCA does not believe it has seen the final
draft text; and I was myself refused permission to share it (or even a summary
of it) with them.
(c)
Technology has moved on since late 2012, as (since Digital Rights Ireland) has
the legal position.
(d)
Law enforcement itself wishes to reserve its detailed position on these
proposals pending further discussions with a Government that has a political
mandate to take it forward.
Other capabilities
9.68.
The NCA identified to me a number of other capabilities for consideration. They did
so in response to my own questioning, initially of front-line investigators. These ideas
were formulated only late in the course of the Review, and it was not possible to roadtest them with other interlocutors. Nonetheless, it might usefully be considered, in any
reformulation of the law, whether it would be advantageous to provide for them.
9.69.
Data flow analysis (via network protocols such as the Cisco Systems product,
Netflow) is conducted by CSPs in order to ensure that their routers are operating
properly and efficiently by the analysis, or sample analysis, of packets passing through
them. That process analyses the attributes of each packet, including for example the
source and destination IP addresses, and records may be retained by CSPs for a few
days. They could be useful to law enforcement in a number of respects: for example
in identifying the source or route of a denial of service attack, or malware.
9.70.
Under US legislation governing “pen register” and “trap and trace”, a company may
be asked to hand over information about a user’s communications (dialling, routing,
45
46
I was given the example of a “three-scene murder” (murder site, body deposition site and location of
the burnt-out car used in the murder), in which the question could have been “Which device was at all
three sites between given dates and times?”.
The JCDCDB also criticised the consultation process prior to 2012: JCDCDB Report, para 56.
181