UK police check ISP records

Police officers from the UK National Hi-Tech Crime Unit (NHTCU) have asked internet service providers (ISPs) and telcos to keep records of all communications made on 11 September, the day of the US terrorist attacks.

The NHTCU has asked only for logs of the communications, not their content. The unit said it was not looking for specific information but that the measure was a precaution in case it could help US investigators. The FBI obtained warrants on Wednesday to access logs of several US ISPs.

UK Data Protection laws mean that only those records needed for billing purposes are kept for longer than 48 hours, prompting the NHTCU's request.

Although not required to do so by law, UK ISPs are likely to put aside their general objections to retaining data records and comply with the request. Should they refuse, the police would be forced to try and obtain a court order under exemption 29 of the Data Protection Act to compel them.

The ISP Association has told its members that the Information Commissioner's office believes that "the request from the NHTCU is lawful and proportionate in the circumstances".

Caspar Bowden, director of think tank the Foundation for Information Policy Research, told vnunet.com that "in the current climate [the NHTCU is] unlikely to meet much opposition".

Data records retention is currently subject to fierce debate in both the UK and Europe. Indeed it has split Brussels, with European Union (EU) ministers and European Commission (EC) officials adopting opposing positions.

EU ministers are backing law enforcement authorities' demands to extend laws to aid criminal investigations, while the EC supports the position of civil rights groups and carriers/ISPs, which have argued that current laws suffice and that the proposed extensions go far too far.

Requests like today's, however, will soon become redundant. Once the Regulation of Investigatory Powers Act comes into full force in the UK next year, senior police officers will be able to authorise their own orders requiring ISPs to disclose retained records.