On 1 April, 2012, the UK press reported that the UK Home Office is preparing to propose new legislative reform of the communications data monitoring law, in the Queen’s Speech in May. The press reports, and the response from the Home Office on 3 April 2012, provided some further details on a programme that was first announced (without detail) by the current Government in October 2010 in the Strategic Defence and Security Review. The programme, which resembles a predecessor plan under the prior Labour Government named the “Interception Modernisation Programme”, is now known as the “Communications Capability Development Programme” (CCDP).
Although the details of CCDP are not yet fully known — and are still the subject of ongoing political debate — the intent behind CCDP is clear. The current law, the Regulation of Interception Powers Act 2000 (RIPA), enables UK law enforcement to request “communications data” — that is, data about the “who”, “how”, “when” and “where” of a communication, rather than the “what”, its contents — from internet service providers (ISPs) and telecommunications companies without a warrant. RIPA also places such companies under a reasonable duty to obtain and supply such data where requested. These rules are separate from the “interception of communications” regime in RIPA, which allows authorities to intercept the content of a communication under statutory authorisation or warrant.
The problem with this framework, according to the Home Office, is that RIPA was designed before many modern methods of communication, including “instant messaging, online social networks, and online role-playing games”, were widely used. Novel forms of communication have proliferated, and ISPs now only rarely use billing models based on itemised Internet use — so ISPs and telecommunications companies collect and possess an ever-smaller small slice of the communications data that UK law enforcement would like to request. Increasingly, the remainder of such data is instead held by foreign web-based service providers and foreign ISPs. In some cases, such as some online games, communications data may only become accessible through the use of “Deep Packet Inspection” technologies, that can allegedly distinguish between the content of a communication and communications data (but may, in the process of distinguishing, effectively “intercept” the content of a communication).
In the face of these challenges, the Home Office may intend to propose that ISPs be required to collect more types of communications data. Such collection may entail the installation of a new generation of “black boxes” in ISP infrastructures (a “black box” is a piece of equipment that would allow UK law enforcement to directly access data held by ISPs). Web-based service providers, such as online social networking sites and web-based email providers, might also be placed under an obligation of cooperation similar to that imposed on ISPs. These proposals are, however, not yet confirmed by the Home Office in writing. At the latest, we expect that further details will be published when the Queen’s Speech is given on 9 May 2012.