CHAPTER 11: SERVICE PROVIDERS
international enforcement. The issue has its origins in the shift from traditional
telephony to internet-based communications.
11.11. A typical-UK based user will have a contract with a company, such as BT, Sky or
Vodafone, which provides a telephone line, mobile phone connection or broadband
connection. These companies own fixed infrastructure in the UK and may be required
(see Chapter 6) to cooperate with the Government in ways that facilitate interception
and the provision of communications data. When RIPA became law 15 years ago,
these companies still provided the vast majority of UK communications that would be
of interest to the security and intelligence agencies or law enforcement.
11.12. That model is changing rapidly and significantly.7 It can be very difficult to obtain data
from service providers, in particular OTT providers which are based overseas and do
not store their data in the UK. That is so especially if they are protective of their
customers’ privacy, or consider themselves inhibited from assisting by their domestic
law. The problem has been exacerbated by the common use of strong encryption,
which means that the content of communications cannot be read even if the message
is intercepted whilst it passes over infrastructure in the UK.
Views of service providers
11.13. It is convenient to look at the views of service providers in two groups: those based
overseas and those with UK infrastructure. Although there is overlap in their views,
and no complete agreement within the two groupings, they have each reached a broad
consensus and discussed it with me collectively.
11.14. A rather specific, yet important, area of complete unanimity worth highlighting was
support for the SPoC arrangement (7.39 above), which was said to act both as a
“quality filter” and as reassurance that there had been “a lot of checks and balances”.
All companies wanted it to be retained and developed. US companies described it to
me as “a model for everyone” and compared it favourably to the US system, in which
they could be contacted by any of “10,000 FBI agents, who don’t necessarily know
what they are asking for”.
Overseas service providers
11.15. Shortly after his appointment, Robert Hannigan, who became director of GCHQ in
November 2014, wrote publicly about the problem of obtaining interception product
and communications data from companies overseas (principally, in practice, the US),
and pressed for greater cooperation.8 Yet the companies for their part regard this as
essentially a problem for governments to address. The US companies said to me:
7
8
See, further, 4.7-4.10 and 4.14-4.16 above.
“The web is a terrorist’s command-and-control network of choice”, the Financial Times website, 3
November 2014.
205