CHAPTER 14: EXPLANATIONS
(a)
the precise definition of the purposes for which such records should be
accessible, and the relative importance of those purposes;
(b)
the extent to which those purposes can in practice be achieved under existing
powers (e.g. the inspection of a seized device), by less intrusive measures than
that proposed27 or by data preservation, i.e. an instruction to CSPs to retain the
web logs or equivalent of a given user who was already of interest to law
enforcement;
(c)
the precise records that would need to be retained for the above purposes, and
how those records should be defined;28
(d)
the steps that would be needed to ensure the security of the data in the hands
of the CSPs;
(e)
the implications for privacy;29 or
(f)
the cost and feasibility of implementing the proposals.
14.34. That is perhaps not surprising, given that political will has been lacking to progress
the issue. I am sympathetic to the operational case made to me by law enforcement,
particularly in relation to the objectives at 14.32(a) and (b) above, and particularly if it
is the case that a person’s web browsing history cannot readily be deduced from the
data that is retained.30 The point was also made to me that even the sight of a person’s
web browsing history to the first slash (or equivalent), while unquestionably invasive
of privacy, might be thought by some to be not necessarily more so than the sight of
a person’s phone log and/or location data.31
14.35. But privacy concerns are extremely strongly-felt in this area, as the international
comparative picture makes clear, and it is clear to me (as it was to the JCDCDB, which
came to no conclusion as to the acceptability of requiring web logs to be retained) that
a good deal more preparatory work needs to be done. Before any detailed proposal
is made, it will need to be carefully thought through and road-tested with law
enforcement, legal advisers and CSPs. Outside technical experts, NGOs and the
public should be consulted and given a full opportunity to comment. A strictly
27
28
29
30
31
For example, the purpose at 14.32(b) could in principle be achieved by requiring the retention of
details relating only to communications sites: the JCDCDB Report of December 2012 recommended
that the Home Office “should examine whether it would be technically and operationally feasible, and
cost effective, to require CSPs to keep web logs only on certain types of web services where those
services enable communications between individuals”: para 88.
The NCA was reluctant to ask specifically for web logs to the first slash, making the point that
destination IP addresses (which are numeric rather than textual, and analogous to a postcode rather
than a house address) might be sufficient for some purposes (or for some CSPs). It also pointed out
that the term web logs is inappropriate for non-web-based OTT apps that use IPs but not urls.
The Home Office emphasised to me that what they describe as a web log is far less informative (and
thus immediately intrusive) than e.g. an Internet Explorer web browsing history, but acknowledged also
that if there is an operational requirement it may, by using very sophisticated analysis tools, be
possible to identify a specific page or group of pages visited. Independent experts broadly confirmed
that position to me. The extent to which that “stickiness” is a guarantee of privacy, and will remain so
as technology develops, is obviously vital to the proportionality of the proposed requirement.
Thus reducing the risk of intrusion if the data were to fall into the wrong hands.
Phone logs as well as browsing histories can tell when someone has contacted Alcoholics Anonymous
or an AIDS helpline. But the development of a society which depends more on the internet than it ever
did the telephone, together with specific factors such as the widespread use of pornography sites, may
add further sensitivity to browsing histories.
266