The UK Government has ditched a plan to force ISPs to conduct mass surveillance of their users.
Former British Prime Minister Theresa May previously served as Home Secretary during a particularly difficult period for national security when there was a particularly high prevalence of terror attacks. A number of ministers and intelligence agencies called for increased data collection to help combat this scourge.
May intended to introduce a bill named the Draft Communications Data Bill (nicknamed the Snoopers’ Charter or Snooper’s Charter) during the 2012–13 legislative session that would have required ISPs and mobile phone companies to maintain records of each user’s internet activity – including social media, email correspondence, voice calls, internet gaming, and mobile phone messaging services – and store the records for 12 months.
The draconian bill faced stiff opposition for invading users’ right to privacy.
Nick Clegg, Deputy Prime Minister at the time, withdrew his support for the bill in April 2013 saying “a law which means there would be a record kept of every website you visit, who you communicate with on social media sites … it is certainly not going to happen with Liberal Democrats in government”.
However, the Liberal Democrats didn’t remain in government. Following the Conservative victory in May 2015, May introduced a new Investigatory Powers Bill later that year which was similar to the Draft Communications Data Bill but with more limited powers and additional oversight.
Attempts to increase the data collected about UK internet users and/or reduce the oversight required to access such information have never completely gone away, which brings us to where we’re at today.
A draft of the Electronic Communications (Security Measures) Regulations 2022 bill once again included the controversial plan to log records about internet users. Fortunately, ISPs pushed back on the more intrusive elements as part of a public consultation.
The latest version of the bill still includes a 13-month logging requirement but only for “security critical functions” of telcos and ISP networks that can help with “post-incident analysis and other such activity.”
Large ISPs will have until 2025 to implement the logging while smaller telcos will be given five years.
“There is still uncertainty about what the final measures will be, and there is likely to be pushback from telcos on the most challenging or costly aspects of implementation,” commented Warren O’Driscoll, Head of Security Consulting at NTT DATA UK.
“Whatever the final outcome, the legislation will require a significant culture and maturity change across the industry.”
Want to learn more about 5G and the opportunities it presents from industry leaders? Check out 5G Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.