What impact will Counter-Terrorism Bill have on UK Internet
Security through obfuscation is a common trick and to some extent now we can actually read the detail of the Counter-Terrorism and Security Bill 2014-15 and how it relates to Internet providers we are still not sure what the impact really will be. It is this confusion that has lead to the press and ministers using varying language to describe the measures, often instilling a sense of fear and invoking war type language.
For those with a degree in Law feel free to have a read of the bill which is set for its second reading in the House of Commons. We have read it and the extract relevant to the Internet is shown below, and when reading it bear in mind this quote made with respect to RIPA 2013 "I do not think the ordinary person or Member of Parliament would be able to follow the Act without a lawyer" - Sir David Omand, former Director of GCHQ.
17 Retention of relevant internet data
- Section 2(1) of the Data Retention and Investigatory Powers Act 2014 (temporary provision about the retention of relevant communications data 20subject to safeguards: definitions) is amended as follows.
- In the definition of “relevant communications data”—
- for “means communications data” substitute “means—communications data”;
- after “Regulations” insert “, or relevant internet data not falling within paragraph (a),”;
- the words from “so far as” to the end of the definition become full-out words beneath the new paragraphs (a) and (b).
- After the definition of “relevant communications data” insert—““relevant internet data” means communications data which—
- 30relates to an internet access service or an internet communications service,
- may be used to identify, or assist in identifying, which internet protocol address, or other identifier, belongs to the sender or recipient of a communication (whether or not a person), and
- is not data which—
- (i)may be used to identify an internet communications service to which a communication is transmitted through an internet access service for the purpose of obtaining access to, or running, a computer file or computer program, and
- is generated or processed by a public telecommunications operator in the process of supplying the internet access service to the sender of the communication (whether or not a person);”.
- In addition—
- before the definition of “communications data” insert—““communication” has the meaning given by section 81(1) of the Regulation of Investigatory Powers Act 2000 so far as that meaning applies in relation to telecommunications services and telecommunication systems;”;
- after the definition of “functions” insert— ““identifier” means an identifier used to facilitate the transmission of a communication;”;
- after the definition of “notice” insert—““person” includes an organisation and any association or combination of persons;”.
- Subsections (1) to (4) are repealed on 31 December 2016.Section 17 from Counter-Terrorism and Security Bill
So what do we think it means, basically any service provider be they a traditional ISP or a Wi-Fi hot-spot or mobile provider will have to retain logs of when and which account IP addresses are handed out to. Exactly how long and in what format access will have to be provided in appear to be unknown quantities. As things stand providers generally retain authentication logs, hence who the copyright infringement letters finally find their way to an account holder, so one presumes this is about ensuring that providers archive the data rather than just clearing the logs from a device every few months.
It seems to exclude the recording of any information about where people are visiting with their Internet service, which has previously been a sticking point when similar legislation has been attempted. While authentication information is useful, it tells no-one about those accessing open with weakly secured Wi-Fi networks, particularly as all the IP assignment logs tell you is the account involved.
Of course the problem with the language used is that a lawyer can probably come up with a dozen different meanings and maybe that is why it is written this way, but after the previous problems with RIPA and 'abuse' one would have hoped to start out the journey to a law with something a little clearer.
If we go back to the days when cheap printing and leaflets handed out in public were a key information source, the printed word was considered dangerous and subversive. The Internet is still at that stage it seems.