The UK’s draft Investigatory Powers Bill Part 2

We looked at the UK's draft Investigatory Powers Bill recently, looking at the complex issue of secret government-mandated "back doors" into encryption software.

But this isn't the only problem with the bill, as pointed out in technical evidence supplied by the head of the UK ISP Andrews & Arnold, Adrian Kennard.

Apart from the obvious privacy issues, one of Kennard's main complaints concerns the Internet Connection Records (ICRs) that are required to be kept by ISPs. According to the draft bill, "an ICR is a record of the internet services a specific device has connected to, such as a website or instant messaging application".

He points out that this is largely useless information with today's Internet, as phones are often connected to services such as Twitter or Facebook for hours, days or even weeks on end. So knowing that someone connected to a service at a specific time is not a very useful thing to know. And yet there are significant compliance issues, particularly for the smaller ISPs.

Kennard also notes that five years of extensive logging of similar data in Denmark was concluded to be of little value to law enforcement agencies by the Danish Ministry of Justice - in fact according to the report "the implementation of session logging proved to be unusable to the police".

Finally, as technology progresses Kennard expects the value of these logs - already small - to decrease further.

Let's hope that the technical experts are listened to as the bill is debated and revised before being presented to parliament in 2016.

Posted by John Faulds in