On 1 April, 2012, the UK press reported that the UK Home Office is preparing to propose new legislative reform of the communications data monitoring law, in the Queen’s Speech in May.  The press reports, and the response from the Home Office on 3 April 2012, provided some further details on a programme that was first announced (without detail) by the current Government in October 2010 in the Strategic Defence and Security Review.  The programme, which resembles a predecessor plan under the prior Labour Government named the “Interception Modernisation Programme”, is now known as the “Communications Capability Development Programme” (CCDP). 

Although the details of CCDP are not yet fully known — and are still the subject of ongoing political debate — the intent behind CCDP is clear.  The current law, the Regulation of Interception Powers Act 2000 (RIPA), enables UK law enforcement to request “communications data” — that is, data about the “who”, “how”, “when” and “where” of a communication, rather than the “what”, its contents — from internet service providers (ISPs) and telecommunications companies without a warrant.  RIPA also places such companies under a reasonable duty to obtain and supply such data where requested.  These rules are separate from the “interception of communications” regime in RIPA, which allows authorities to intercept the content of a communication under statutory authorisation or warrant. 

The problem with this framework, according to the Home Office, is that RIPA was designed before many modern methods of communication, including “instant messaging, online social networks, and online role-playing games”, were widely used.  Novel forms of communication have proliferated, and ISPs now only rarely use billing models based on itemised Internet use — so ISPs and telecommunications companies collect and possess an ever-smaller small slice of the communications data that UK law enforcement would like to request.  Increasingly, the remainder of such data is instead held by foreign web-based service providers and foreign ISPs.  In some cases, such as some online games, communications data may only become accessible through the use of “Deep Packet Inspection” technologies, that can allegedly distinguish between the content of a communication and communications data (but may, in the process of distinguishing, effectively “intercept” the content of a communication).

In the face of these challenges, the Home Office may intend to propose that ISPs be required to collect more types of communications data.  Such collection may entail the installation of a new generation of “black boxes” in ISP infrastructures (a “black box” is a piece of equipment that would allow UK law enforcement to directly access data held by ISPs).  Web-based service providers, such as online social networking sites and web-based email providers, might also be placed under an obligation of cooperation similar to that imposed on ISPs.  These proposals are, however, not yet confirmed by the Home Office in writing.  At the latest, we expect that further details will be published when the Queen’s Speech is given on 9 May 2012.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.