IT managers fear for their servers

As the annual number of public sector requests for communications data begins to emerge, IT managers have expressed concerns that police could seize their servers.

Under legislation such as the Regulation of Investigatory Powers Act and the Anti-Terrorism, Crime and Security Act, law enforcement agencies can request data from public communication service providers (CSPs), such as telcos and internet service providers (ISPs).

But there are fears that the definition could be extended to include large corporates because of the number that operate their own communication networks.

"It's a naive view that all our emails are routed via an ISP," said Ian Batten, IT manager at a large technology firm which he requested was not named.

"In my next annual risk assessment, I shall be warning my board of the danger of having our servers confiscated. If the police consider us to be a CSP it becomes a real risk for us, and would be crippling to our business."

Without proper safeguards, businesses could find themselves embroiled in complex data storage and access issues, said Philip Virgo, secretary general of Eurim, the parliamentary IT lobby group.

Civil rights campaign group Privacy International estimates that investigative agencies are now making around a million requests a year for telephone billing data, email logs, personal details of customers and records showing the location where mobile phone calls have been made."And the number of requests for access is increasing," said Simon Davies, the organisation's director.