Report of the Independent Surveillance Review
17
instance, if a call is made between two individuals, the telephone numbers used,
duration of the call, and geographic locations of the sender and receiver would all
constitute communications data, but not the conversation itself. In relation to Internet
communications, the technical identifiers associated with data packets (such as a user’s
IP address) constitute communications data.
1.41
The existing legislation recognises three types of communications data:46
•
•
•
1.42
Traffic data: Data attached to a communication for the purpose of transmitting
it, and which could identify the sender and recipient of the communication, the
location from which and the time at which it was sent, and other related material
Service-use information: Data relating to the use made by any person of a
communication service; this is the kind of information that appears on a CSP’s
itemised billing document to customers
Subscriber information: Data held or obtained by a CSP in relation to a customer;
this may be the kind of information which a customer typically provides when
they sign up to use a service (for example, the recorded name, address and bank
account details of the subscriber of a telephone service).
CSPs currently retain large quantities of this communications data for internal business
reasons (such as customer billing or improvement of services) or to comply with
legislative requirements (the set data-retention period of twelve months laid out in the
Data Retention and Investigatory Powers Act 2014, for instance). This data can be useful
to government, law-enforcement and intelligence agencies – and designated persons
within these public authorities can authorise communications data requests from
the relevant CSP.
Content Data
1.43
Content data refers to the information which forms the substance of a piece of
communication. In comparison to communications data, access to content data has
traditionally been thought to be more intrusive, requiring permission in the form of
a warrant signed by a secretary of state.47 As described above, the increasing use of
sophisticated encryption methods has made content increasingly difficult to access.
CSPs are increasingly anxious to encrypt their content data as a guarantee to customers
that it will not be accessed by anyone other than the intended recipient.
1.44
In March 2015, the ISC acknowledged growing concerns over whether the distinction
between communications data and content data is still meaningful, and whether
changes in technology have meant that access to communications data is now just as
46. Anthony May, Report of the Interception of Communications Commissioner: March 2015
(London: The Stationery Office, 2015), p. 43.
47. There are circumstances in which content data can be obtained through other means. See,
for example, the Regulation of Investigatory Powers Act 2000, s.1(5)(c), s. 3 and 4.