Monday 24 November 2014

Communications data in the parliamentary spotlight again

Finally – after a two year wait, another of the recommendations in the report I helped the Joint Parliamentary Committee on the Draft Communications Data Bill agree upon will make a little more headway.

First, a recap.

During the autumn of 2012, the Committee reviewed the thorny issue of IP address resolution. It gave what was has just been announced by Home Secretary Teresa May the green light.

This is what the report said:

73. As outlined in paragraph 65, Home Office officials eventually told us in public evidence that they would like clause 1 to enable them to access two specific types of data: subscriber data relating to IP addresses and web logs.

74. Subscriber data relating to IP addresses is the information that makes it possible to trace who is using an IP address at a given point in time. An IP address is a numerical label assigned to a device connected to the internet (e.g. a computer, smart phone or printer). The IP address of a device is not constant; it may change frequently and be shared between several devices. The originating IP address of a communication is routinely gathered in many types of internet transaction, but if the CSP does not hold information on which of its subscribers held which IP address at a particular point in time it is very hard for law enforcement authorities to prove an association between an action on the internet and a particular individual. Not all United Kingdom providers currently obtain all the data necessary to trace which subscriber is using which IP address. During the course of our inquiry we heard of various circumstances in which the lack of this data has impeded investigations. We accept that if CSPs could be required to generate and retain information that would allow IP addresses to be matched to subscribers this would be of significant value to law enforcement. We do not think that IP address resolution raises particular privacy concerns.

75. We recommend that a narrower clause 1 should allow notices to be served on CSPs requiring them to generate and retain subscriber data relating to IP addresses.

This was one of the 38 issues that the report recommended be addressed. Obviously, not all of the recommendations required changes in the law before they could be implemented, and work is already underway to implement most of those that don't require legislative change.

Quite why we have had to wait so long for this eminently sensible recommendation to be implemented is something that only the Home Secretary can explain. I’m certainly not aware that the main political parties have ever challenged it.  They didn’t at the time of the report’s publication – and they haven’t done so since. Evidently, it is not easy to find the parliamentary time to change laws, these days. 

Will the ability to trace what device is using an IP address at a given point in time be of significant value to law enforcement investigators? – Quite probably.

Will it enable law enforcement investigators to better understand the types of communications that suspects are engaged in? – Quite probably.

Will it enable law enforcement investigators to break encryption tools applied by targets who use their devices for nefarious purposes? – Probably not.

But will it be useful to law enforcement investigators in other ways? Oh yes!

And are you going to tell me what they are?  Oh no.


I've just noted that the (usually) reliable Register has reported that a Liberal Democrat spokesperson has commented:

This announcement is welcome news but comes after months of Conservative foot dragging. They always bang on about new security powers but have done nothing about IP addresses since we called for it in Spring 2013.

I don't think its right for the Lib Dems to take all the credit for today's announcement. They didn't "call for it" first. The Joint Parliamentary Committee did.