3 December 2000. Thanks to Anonymous.
See related news reports:
Secret plan to spy on all British phone calls
http://www.observer.co.uk/uk_news/story/0,6903,406191,00.html
EDITORIAL: Spied on from cradle to grave
http://www.observer.co.uk/leaders/story/0,6903,406160,00.html
Roger Gaspar
Deputy Director General
NCIS Chairman
ACPO Police and Telecommunications Industry Strategy Group
On behalf of
A.C.P.O. and A.C.P.O (S)
H.M. CUSTOMS & EXCISE
SECURITY SERVICE
SECRET INTELLIGENCE SERVICE, AND
G.C.H.Q.
21st AUGUST 2000
1.1 Joint Position
1.2 Value of Communications Data
1.3 Summary of Issues
1.4 Action Requested
2.1 Critical Value of Communications Data
2.2 Data Retention - Strategic Requirement
2.3 Data Retention - Tactical Requirement
2.4 Data Retention - The Interests of Justice
2.5 Wider Context - Right to Fair Trial
2.6 Comparison with Forensic Advances in DNA
3. DATA RETENTION - CURRENT SITUATION
3.1 Impact of Legislation
3.2 International Dimension
3.3 Need for Clarity in Law
4.1 Code of Practice and Manual of National Standards
5.1 Type of Data that Should be Retained
5.2 Two Distinct Categories of Data
5.3 Specific Data
5.4 Non-specific Data
6.1 Data Retention - How Long?
6.2 Data Retention - Who Should Hold the Data
6.3 Data Retention - Trusted Third Parties
6.4 Data Retention - Trusted Third Parties - Comment
6.5 Costs
6.6 Cost Analysis
6.7 Operational Impact on CSPs
6.8 Retention of Data Obtained by Police and Customs
CONFIDENTIAL APPENDIX
Submitted under separate cover to the Minister only.
[ ] cross reference with the relevant section in the Business Case.
1. A clear legislative framework needs to be agreed as a matter of urgency. A statutory duty is the only basis upon which an efficient mechanism for data retention can be established. [1.1.4]
2. Equal statutory obligation on every CSP to retain communications data for the same periods. [3.3.3]
3. Government to provide additional funding; (i) to support CSPs set up data retention systems and, (ii) help Agencies meet increasing cost recovery charges for data. [6.3.3] and [6.5.2]
4. WHAT TYPE OF DATA SHOULD BE RETAINED?
4.1 All communications data generated in the course of a CSP's business or routed through their network or servers, involving both Internet and telephone services, within a widely interpreted definition of "communications data" as proposed in the draft provisions of Clause 20, Part 1, Chapter II, Regulation of Investigatory Powers Act. [5.1.1]
4.2 Legislation should require every CSP to retain all communications data originating or terminating in the UK, or routed through the UK networks, including any such data that is stored offshore. [5.1.1]
5. WHY SHOULD DATA BE RETAINED?
5.1 In the interests of justice to preserve and protect data for use as evidence to establish proof of innocence or guilt. [1.2.2]
5.2 For intelligence and evidence gathering purposes to maintain the effectiveness of UK Law Enforcement, Intelligence and Security Agencies to protect society. [1.2.1]
6. HOW LONG SHOULD DATA BE RETAINED?
6.1 Communications data generated by or routed through a CSP's network should be retained for real time access by the CSP (or contractor) for a minimum period of 12 months*;
6.2 Once data is 12 months old, it should be archived for retention, either in-house or by a Trusted Third Party agency or contractor, and retained for a further six-year period*;
6.3 The total retention period for non-specific data before mandatory deletion should be seven years. *[6.1.6]
7. WHO SHOULD RETAIN THE DATA?
7.1 Legislation should require CSPs either to retain data inhouse, or have the option to outsource retention to a Trusted Third Party; either a Government run Data Warehouse or to a private contractor's facility. [6.2.5]
7.2 In the interests of verifying the accuracy of data specifically provided for either intelligence or evidential purposes, CSPs should be under an obligation either to provide appropriate certification at the time or retain the original data supplied for a period of seven years, or for as long as the prosecuting authority directs. [5.3.3]
7.3 CSPs should have the option to either store archive data inhouse, or transfer it to an agency or contractor, who will then take full responsibility for access, retrieval, formatting, forensic integrity and production in evidence at Court. [6.2.4]
7.4 Subject to the requirements of the Criminal Procedures and Investigation Act 1996, or as directed by the Crown in Scotland, the Law Enforcement Agencies should be provided with the legal authority to maintain their own data bases of communications data lawfully obtained for specific investigations subject to the following retention conditions:
Access is subject to the provisions of RIPA;A designated chief officer has oversight;
Data less than 12 months old should be available live;
After 12 months, data to be archived and retained for a further 6 years.
Review to ensure that the purpose for which it is retained is still relevant. After 7 years all data must be deleted. The Commissioner proposed under RIPA should be similarly able to audit applications to access the archives. [6.8.5]
8. INTERIM ACTION
The Home Secretary should write to the Managing Directors of each UK CSP advising them of the need for agreement on a statutory framework; and the requirement to retain data and not to delete it in the meantime. (Potential expansion of the provisions of Section 94(1) Telecommunications Act 1984). [3.1.6]
1.1.1 This submission has been drafted by the Chairman of the ACPO Police and Telecommunications Industry Strategy Group[1]. Its principles are supported by ACPO, ACPO(S), HM Customs and Excise, the Security Service, Secret Intelligence Service and GCHQ ("the Agencies"). The view of these agencies is that law enforcement has a sound business case for the substantial retention of communications data.
1.1.2 On behalf of their respective companies, the Police Liaison Units (or their equivalent) in a number of leading UK Communications Service Providers (CSPs) and Internet Service Providers (ISPs) have been consulted on the proposals put forward in this paper. The CSPs involved include: British Telecommunications PLC; BT Cellnet; NTL/Cable and Wireless, Vodafone, One 2 One, and Orange PCS. Discussions have also taken place with individuals from a range of ISPs. It would be inappropriate to comment on their individual reactions. However, in general terms, they currently reserve their positions stating that this is a public interest policy matter for the Government to determine. They seek to be helpful but need clarity on what is specifically required of them. In addition, any statutory framework must place an equal obligation on all CSPs, with a minimal cost to themselves. If this can be achieved, then it is hoped the Managing Directors of all CSPs could be encouraged to support the recommendations. The Federation of Communication Services (FCS) trade association has already been in correspondence with the Home Office and endorses the position taken.
1.1.3 Within the Home Office, because of the wide range of interests involved, consultation has also involved the Policing Organised Crime Unit, Intelligence and Security Liaison Unit, Encryption Co-ordination Unit and Licensing, Gambling and Data Protection.
1.1.4 Informal discussions have also taken place with the Office of the Data Protection Commissioner (DPC). Whilst they acknowledge that such communications data may be of value to the work of the Agencies and the interests of justice, they have grave reservations about longer term data retention. The DPC believe that where there is no longer a CSP business use for such data, existing legislation requires the long-term retention of communications data to be put on a clear legal footing by statute. [Recommendation 1]
1.1.5 Similar discussions have involved the Criminal Cases Review Commission (CCRC). They consider that an extended period of retention would clearly benefit many of their applicants who regularly rely on communications data to help resolve apparent miscarriages of justice. There is a very real expectation that the material will be available for many years after the event. The Commission's view is that it would be detrimental to the interests of justice to make an arbitrary short-term decision on data retention periods and they would wish to be directly involved in future talks.
1.2.1 Communications data is crucial to the business of the Agencies. It is pivotal to reactive investigations into serious crime and the development of proactive intelligence on matters effecting not only organised criminal activity but also national security. At the lower level, it provides considerable benefit to the detection of volume crime. The four principle requirements for communications data are: Primary Evidence - e.g. often the only evidence to locate the proximity of a mobile phone user to a crime scene and the sole eyewitness account in Hi-Tech crime. Corroborative Evidence - e.g. proof of association between criminal elements through telephone contact. Intelligence - e.g., identifying and tracing associates and locating places of significance. Post-trial Evidence - e.g. accuracy of digital data to support appeals against conviction and investigations into miscarriages of justice. Short term retention and then deletion of data will have a disastrous impact on the Agencies' intelligence and evidence gathering capabilities.
1.2.2 Communications data is becoming increasingly important to provide evidence to establish innocence. Premature deletion will seriously compromise the interests of justice. Communications data has a unique value to promoting a safe and free society. This provides the overriding justification for longer-term retention.
1.3.1 There is a broad range of issues affecting the retention of data. These include:
The Law Enforcement business requirement to access data for intelligence and evidence gathering purposes;The Law Enforcement justification for retention periods;
The CSP demand for clarity in law;
The ISP wish for minimal burdens;
The legal constraints of existing European law in the EU Directive[2];
Article 8, European Convention on Human Rights, "Right to respect for private and family life" and consequently the Human Rights Act 1998;
Concerns expressed by the Data Protection Commissioner that there have to be very strong reasons for retention for any period, however short, beyond the time necessary for CSP business use;
Concerns of the Criminal Cases Review Commission that the irretrievable loss of data would seriously damage their ability to investigate miscarriages of justice; and
The Cost Element - the financial burden on CSPs of storing data.
1.4.1 The purpose of this "Business Case" is to seek work by the Home Office and DTI with experts from all sides on a statutory framework for the retention of communications data. Whilst some may favour, for ease of implementation, a regulatory, co-regulatory or self-regulatory framework where everyone involved understands and delivers the objective, it is our view that the only efficient basis on which to proceed is to follow the advice of the DPC and a provide a statutory basis. Related work will already be under consideration to meet the European Commission's updated Directive on a Communications Regulatory Framework (COM(2000) 385). The aim of this Directive is to ensure that the future interests of public safety and justice are fully acknowledged and protected. However, the language in the current draft dated, 12th July 2000, is ambiguous and provides no clarity on this important subject.
1.4.2 There is widespread recognition that failure to provide an adequate legislative statutory framework will result in the early destruction of data and in consequence a serious impact on law enforcement efforts particularly in relation to organised crime. This situation will only become more complex with advances in technology and may prove to have a fatal impact upon the investigation of Hi-Tech crime.
1.5.1 A Confidential Appendix has been provided under separate cover with detailed examples from a number of the law enforcement agencies. Many have been taken from significant high profile cases where communications data has been vital. They clearly demonstrate how pivotal data is to the gathering of intelligence and the investigation of crime, not only for the purposes of prosecution but also to establish innocence.
2.1.1 There used to be only three principle types of evidence:
Personal eyewitness account to the various components of the crime;Physical evidence (including fingerprint and other forensic evidence); and
Admissions.
The digital world has altered this. We now see records of events which were formerly the domain of eyewitness account (because someone wrote the record down) in the hands of machines. Legislation has always provided for law enforcement needs in banking matters and this legislation has made the transition from the ledger to the electronic world. However, the digital record has far wider application than just banking and fraud matters, and new data exists which is the counterbalance needed by law enforcement to enable a geographically based service to cope with crimes enabled by the globalisation of business, telecommunications and the movement of peoples. This is both on a national and international basis.
2.1.2. Communications data can provide evidence of the use of a telephone or modem (fixed or mobile) to another at an exact time and with location information. Thus this can provide law enforcement with date/time/place data of crucial importance. This can be either of evidential or intelligence value.
2.1.3. With advances in digital communications technology, the only eyewitness account of crimes on the Internet is provided by communications data. There is no human involvement to witness the electronic activity, only a victim to the outcome. Similarly, there is no physical evidence to connect the criminal to the crime scene. The only ability to trace and interview the perpetrator, to gain either an admission or prove their complicity is, therefore, through access to communications data. Short-term retention followed by deletion will quickly render certain criminal elements beyond reach of the law.
2.1.4. In relation to other reactive investigations, the importance of this data is provided by the Omagh bomb incident. The only evidence currently available to link suspects is that provided by data from the use of their mobile phones. This places them within the proximity of the incident. Recent advances in location-based customer services have reached the stage where more precise data can now pinpoint the whereabouts of the user of a mobile phone at a specific time. In the absence of any other evidence (particularly from witnesses who are likely to be intimidated), communications data will be the only means of securing a prosecution. Deletion of data would seriously damage the ability of the Agencies to reactively investigate acts of terrorism.
2.1.5. A similar argument of business use is evident in relation to serious and organised crime (particularly drug and illegal immigration conspiracies), murder investigations and other serious crime. The evidential opportunity is the same as for the Omagh incident. In both the terrorist and crime examples though, it is not just the current communications data that is needed. Identification of users (particularly with anonymous pre-paid mobiles) is invariably dependent upon research through older data and analysis of links with other callers and locations. This kind of research is used so frequently that at least two major software programmes exist for the analysis of this data. All law enforcement agencies use these programmes.
2.1.6. It is difficult to overstate the value of communications data as an intelligence tool. The Intelligence Officer's toolbox of techniques comprise informants, eavesdropping, interception, observation, surveillance and analysis of latent data. Latent data is both open and closed source material which is created by our everyday human activity and can range from the Electoral Role and DVLA data to that retained in bespoke intelligence databases. Major criminal conspiracies utilise the same business techniques as legitimate business and consequently communications between criminal associates is a crucial component. Whereas the Kray brothers had to rely on a physical location to run and control their criminal structure (and for which reason they controlled a public house within their neighbourhood - safe territory in a safe environment), the more common structure of organised criminality today has far wider geography, certainly regional, frequently national and often international. The analysis of communications data using the tools already mentioned is essential to this toolbox.
2.2.1 It can be argued that the Police Service is now in its third major era in 175 years, reflecting the changes in society. It was created as a patrolling preventative force, became a patrolling and reactive investigation force and is now a directed patrolling, proactive and reactive investigation service. The Crime and Disorder Act confirms the requirement to be intelligence-led in local role and a variety of other legislation empowers, inter alia, the national law enforcement bodies in appropriate intrusive data collection in their central role. The lack of appropriate legislation on communications data retention does not sit happily with this strategic direction. Access to communications data is pivotal to the disruption and prosecution of organised crime. Legislation to support our ability to trace offenders is lagging behind that provided to prosecute offenders.
2.3.1 Criminal elements have exploited the advances in telecommunications to mask their activities; in particular organised terrorist groups, drug traffickers, migrant smugglers, paedophiles, money launderers, race hate groups and computer hackers, all of whom are major concerns to the LEAs and Government. Retention of data that provides evidence of transaction, association or conspiracy and the routing of the communication is vital.
2.3.2 Recent high profile cases have exposed the activities of paedophiles who exploit the services and features of the Internet to extend and conceal their criminal operation. Race Hate Web Sites and those that provide detailed information supporting acts of terrorism are a current major concern. Investigations to defeat the people involved rely on access to historic communications data to trace them, reactively develop intelligence and then evidence the data to prosecute. It is therefore vital that data is retained for a sufficient period to enable the LEAs to do so.
2.3.3 A feature of organised crime is to exploit opportunities that reduce the capability of law enforcement. It is already clear that some weaknesses in the 'audit trail' are known and being used. Early loss of data will provide significant further opportunities for organised criminal elements to distance themselves from law enforcement. An absence of data would mean that writers of computer viruses like "Melissa" and "I Love You" would be untraceable.
2.4.1 The work of the Criminal Cases Review Commission relies on the opportunity to analyse new information alongside relevant material from the original case. Provision is made for retention of existing material under the Criminal Procedures and Investigation Act, 1996 (CPIA), or as directed by the Crown in Scotland and thus communications data from the original proceedings will be included. However, this does not cover data, the relevance of which is unknown at the time of the original proceedings. Such data would be destroyed unless generic data retention issues are addressed now. In brief, we argue that it is necessary to have statutory provision enabling communications data to be retained. The period of retention will have to be a balance between law enforcement needs, the legislation requirements of the EU and Human Rights Act, the Data Protection Issues and what can be afforded. The point is made here that this is not just an argument about convicting guilty people but also making judgements about the level of retention which provides some assurance that the CCRC has suitable material upon which to operate. This may be for a longer period than would otherwise be argued to meet the direct needs of law enforcement agencies.
2.5.1 In those cases where police and customs have been building their case over a number of years, such as in offences of drugs importation, deletion could provide the Prosecution with an unfair advantage. If CSPs delete data within 12 months, by the time the matter is brought to a close with arrests, data that the Prosecution has not obtained but which the Defence could rely on to corroborate potential alibis will have been irretrievably lost.
2.5.2 Furthermore, the Prosecution will have the same unfair advantage over the Defence in Appeals against conviction. For example, where guilt has been proved to the satisfaction of the court at the original trial, in the event of a subsequent appeal, which relies on new data not previously thought relevant to the case, that data will already have been deleted.
2.5.3 As reliance is increasingly placed on advances in communications data in criminal proceedings, the Courts have an expectation that such material will be equally available to both Prosecution and Defence. In certain cases, therefore, the Criminal Justice System would have to accept that deletion of data would inevitably diminish its ability to establish innocence or guilt to the satisfaction of the Courts. This may have implications for Article 6 ECHR, (which will be imported into English Law by the Human Rights Act 1998) - 'Right to a fair trial'.
2.6.1 When produced in evidence, communications data is subject to the same legal tests as other material: those of integrity and continuity. Retention should, therefore, be considered in the same context as developments in forensic science. Use of DNA to identify and successfully convict the perpetrator of an outstanding unsolved murder relies on the re-evaluation and analysis of retained evidential material. The subsequent significance of much of what was kept may never have been realised at the time. The same can be said of communications data.
3.1.1 CSPs consider themselves to be good corporate citizens, well aware of the real value of their data to the Agencies. However, they have no protection in law for their current retention of data. Mindful of the requirements of the EC Telecommunications Data Protection Directive 97/66/EC (The Directive) and the UK's Telecommunications Data Protection and Privacy Regulations 1999, until recently CSPs nevertheless chose to continue with extended data retention periods beyond the recommended 12 months. This is solely for the purpose of helping Law Enforcement but argued on the basis that they need the material themselves for fraud prevention and detection purposes, and to protect the integrity of their networks. Some have voluntarily retained material for more than five years. However, draft proposals for the Regulatory Framework COM(2000) 385 EC mean that their position will no longer stand up to legal scrutiny. All accept that they rarely need to retain data for commercial reasons longer than 3 months. In general, the Directive places obligations on CSPs to destroy communications data once surplus to commercial requirements. Because of the cost and absence of a statutory provision, CSPs are deleting their data. One mobile phone operator has just announced deletion of all location data after 6 months and it is the intention of most CSPs to begin deleting all communications data after 12 months.
3.1.2 ISPs are similarly retaining data longer than required for their individual business needs on the basis of mutual obligations between companies. Consultation is already taking place both here in the UK and internationally to agree on a series of self-regulatory "guidelines" on what types of data should be kept and minimum periods for retention. The one certainty is that these would only be guidelines and not mandatory , and retention periods will be far shorter than those recommended by the Agencies. Consequently, optional self-regulation does not meet the needs of the Agencies. ISPs are sympathetic to the requirements of Law Enforcement and consider that in the interests of efficiency it would be appropriate to supply data on condition that some or all of the information may be provided on a confidential basis. Where this is the case then its usage must be managed in an appropriate manner. Industry does not feel it necessary for the delivery of this information to be enshrined in law but would propose that it be delivered under the aegis of an Industry accepted Code of Practice. Whilst this debate continues, most ISPs consider their data to be surplus to any business requirement within a matter of hours and some, therefore, have begun deleting within 24 hours.
3.1.3 Draft proposals in Article 15 of the EU Directive 'Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector' provide the UK with an important opportunity to deliver clarity in law and advance the Agencies' argument for a clear data retention policy. The current wording states:
"Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5 (Confidentiality of the Communication), Article 6 (Retention of Traffic Data), Article 8(1 ), (2), (3) and (4) (Presentation and Restriction of Calling and Connected Line Identification, and Article 9 (Location Data) when such restriction constitutes a necessary measure to safeguard national security, the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system referred to in Article 13(1) of Directive 95/46/EC."
3.1.4 Provisions within Chapter II, Part 1 of the Regulation of Investigatory Powers Act (RIPA) deal with lawful purpose for accessing communications data. However, necessary legislation to provide CSPs with the authority to retain data for those purposes has so far not been addressed and the actions already described above may therefore undermine the effectiveness of RIPA.
3.1.5 In the absence of data retention legislation, the only means by which the Agencies could lawfully attempt to require CSPs to retain data that may subsequently be relevant to an investigation is to obtain a Production Order; in effect indiscriminately to ring fence all "nonspecific data" to prevent its deletion. Orders would have to be sought on every occasion that a serious crime had been committed and served on each and every CSP. The procedure would be entirely reactive and provide no opportunity for the Agencies proactively to gather intelligence to prevent crimes in the future. This is unworkable and a greater infringement on personal privacy than the action recommended in this Business Case.
3.1.6 In discussions with the Office of the DPC, the Home Office suggested that the Telecommunications Data Protection Directive (97/66 EC) provides an exemption to "the activities of the State in the areas of criminal law". However, since CSPs are private businesses and not part of the State, the exemption cannot apply. However, Section 94(1) Telecommunications Act, 1984 does provide a Minister of State with the power to direct CSPs to carry out certain specific activities, which could include directions on data retention periods. If the argument for a statutory basis for the retention of data is accepted, a necessary interim step prior to the introduction of appropriate legislation would be consideration of the use of Section 94(1) in this way*. These matters will need to be discussed in the Government's forthcoming DTI/ DCMS review to reform UK telecommunications legislation. *[Recommendation 8]
3.2.1. We have strong partnerships with overseas colleagues and an expectation exists that the UK will take a bold and strategic position on data retention in order to continue to meet both domestic and international obligations on organised crime. Elsewhere in Europe and in the G8, countries are also concerned about the lack of clarity in law and are advancing legislation to meet the needs of their Agencies. In particular, Belgium, Italy, the Netherlands, Germany and the US have taken steps towards a statutory framework.
3.2.2. A degree of international agreement on standards is important. For example, in relation to telephone data, competition in the market has led to "least cost routing". This involves calls being sent by the cheapest route, taking advantage of reduced off-peak rates elsewhere in the world. It has even become more economical to briefly route domestic UK calls overseas. Similarly, in the case of computer viruses, these can be transmitted around the world across any number of communications networks and ISP servers. Progress towards standardisation is therefore important both for domestic and international law enforcement activity.
3.2.3 CSPs consider it is important to harmonise UK legislation with regulatory regimes elsewhere. If requirements are more onerous in the UK than in other EU Member States, then the natural reaction will be to relocate to the most favourable regime. The nascent E-Commerce knowledge industries are highly mobile and the Industry would anticipate an immediate response from UK CSPs to unfavourable conditions here. CSPs are actively consulting their international counterparts on this subject. ISPs in particular would support adopting an international legislative framework provided it was on the basis of a level playing field and would actively work on the formulation of an "Industry-wide Code of Practice" to achieve that objective.
3.3.1 It is important to include transparency in the law to ensure the public is aware of the impact of data retention on their personal privacy. In the context of Article 8, ECHR, this is essential. Retention legislation would also provide a better-defined statutory framework within which the Office of the Data Protection Commissioner (DPC) can operate, making it clearer to enforce and conduct their own investigations.
3.3.2 The CSPs consulted are demanding clarity. They want to be certain of protection under the law for the continued retention of data and access to it. This will enable the companies to know precisely what is wanted of them and how it accords with the law. Without such legal clarity, the CSPs will delete data rather than face civil litigation.
3.3.3 From a commercial perspective, the longer-established CSPs wish to ensure that an obligation to retain communications data for an appropriate period is placed equally on every CSP*. Otherwise, some of the newer companies may be tempted to delete valuable data and exploit a competitive edge through reduced overheads. Examples of this are already appearing with certain CSPs proposing to delete data after very short periods. This will rapidly undermine the voluntary agreements achieved so far which now appear to have an increasingly fragility. *[Recommendation 2]
4.1.1 The Human Rights Act 1998, Data Protection Act 1998 and RIPA already provide adequate legal safeguards to regulate law enforcement access to communications data. With appropriate statutory underpinning, extended retention periods for CSPs can be made lawful for the sole purposes of allowing subsequent access in the interests of justice or for intelligence and evidence gathering. We believe the Home Office already accepts that such activity is unquestionably lawful, necessary and proportional, as well as being vital in the interests of justice and the protection of a free society.
4.1.2 With the full support of the Public Telephone Operators (PTOs), a significant investment has been made in the past 18 months to equip and train staff within the Agencies to utilise communications data for intelligence and evidential purposes. Every Agency has now established a designated Single Point of Contact (SPOC) and each PTO has its equivalent Police Liaison Unit. It is envisaged that this practice will be applied to work with the ISPs on access to data from the Internet.
4.1.3 The ACPO Police and Telecommunications Industry Strategy Group (with representatives from the other Agencies and leading PTOs) has developed a strong strategic partnership. Last November, ACPO, ACPO(S), HM Customs and Excise and the Intelligence and Security Agencies published the "Manual of National Standards for Accessing Communications Data" together with a Code of Practice. These provide the national framework on the use of communications data for intelligence and evidence gathering purposes. It includes clear instructions on the legal procedures and safeguards by which the CSPs will release data.
4.1.4 The introduction of these national standards has led to better and more focused use of communications data. SPOCs have become the guardians and gatekeepers for their organisations ensuring access meets the strict criteria of Data Protection legislation and is ECHR compliant. The net effect of these control measures is that police and customs have reduced applications for data by 36%. This clearly demonstrates that the Agencies have already implemented positive, responsible and appropriate standards for handling intrusive communications data to meet the requirements of Article 8 ECHR.
5.1.1 We should not restrict ourselves by trying to define the type of data required for law enforcement, intelligence and criminal justice purposes. Advances in telecommunications technology, both in respect of telephone and Internet services, mean that precise language that defines data now may quickly become outdated and too narrow. The material should be defined in open terms, potentially using the same updated language as the European Directive, e.g.: Subscriber data, Calling Line Identifier (CLI), Billing data, Traffic data, and Location data, However, in relation to Internet related data, definitions in the Directive do not include such vital material as: Routing Logs; and Dynamic Internet Protocol Address Allocation, etc. Agreement will be needed to ensure that the provisions of Clause 20, Part 1, Chapter II, Regulation of Investigatory Powers Act can be interpreted as widely as possible to include all Internet related data. [Recommendation 4.1] Legislation should require every CSP to retain all communications data originating or terminating in the UK, or routed through the UK networks, including any such data that is stored offshore. [Recommendation 4.2] THE DEFINITION DOES NOT INCLUDE THE CONTENT OF THE COMMUNICATION.
5.2.1 It is important to make the point that there are two distinct categories of data at issue. SPECIFIC DATA - Data that has been specifically applied for and preserved as part of an investigation, and NON-SPECIFIC DATA - All other data that may subsequently be relevant to an investigation. This may be requested at any time during its retention by the CSP.
5.3.1 Communications Data sought as part of an investigation is retained in accordance with the Criminal Procedures and Investigation Act 1996, or as directed by the Crown in Scotland. In addition, the Criminal Appeals Act 1995 imposes a duty to provide any such data to the Criminal Cases Review Commission.
5.3.2 The CSPs would be overloaded with work if every piece of data supplied for intelligence purposes had to be certified and exhibited at the time, particularly as a number of investigations do not result in prosecution. However, 1egal difficulties have arisen where some CSPs have deleted data, previously supplied to the Agencies within the 12 month period, without keeping a copy for evidential purposes. In these cases, where the CSP has already deleted its data, police or customs now have to email the copy previously supplied as intelligence back to the company. The CSP is then expected to certify the data as accurate even though they have no way of verifying this. Advice indicates that this practice is not legally sustainable. However, there is no other way the material can be used in evidence.
5.3.3 The solution is either appropriate certification at the time or an obligation to retain the original data for a period of seven years, or for as long as the prosecuting authority directs. [Recommendation 7.2]
5.4.1 The critical value of communications data (Section 2.1) demonstrates that data is still relevant to the interests of justice, and the development of intelligence and evidence after 12 months and should be available for those purposes over a longer period. The arguments put forward in the confidential appendix make it clear that wholesale availability of data beyond 12 months is crucial. A parallel has already been drawn with advances in forensic science. Exhibits retained from previously unsolved murders are now being re-examined for DNA. Communications data has an equally valid latent value that cannot always be determined immediately. This is because the full extent of organised criminal activity may not surface for many months or even years, which means the resulting investigation and trial (or appeal) may be years after the original events. It is very important, therefore, that CSPs do not delete data until the potential period for any realistic utilisation has passed. Wholesale retention of non-specific data is a vital element to this Business Case.
6.1.1 For law enforcement purposes, including both intelligence and evidence gathering, access to communications data falls into two categories: volume crime, (which accounts for 15% of requests) and serious and organised crime (the remaining 85%). Computer crime is increasing but represents only a fraction of the data being accessed at present. The core business of law enforcement activities currently focuses on telephone data:- In relation to volume crime, 95% of requests for data are made within the first three months; the other 5% are between 6 and 12 months. (Volume crime tends to relate to routine billing and subscriber data). 85% of requests for information concerning serious and organised crime involve data between 6 and 24 months old. The other 15% represent periods longer than 24 months. (These involve a mix of routine and more specialised types of data). Included in the above 15% are some significant high profile cases, relating to murders and terrorist activities, where data has been required for the previous 5 years. The Agencies' position is, therefore, that data should be retained for FIVE YEARS.
6.1.2 The requirement for a longer-term data retention period is, therefore, an issue for the Courts and the Criminal Justice System. As outlined previously, data retention is an increasingly significant and determining factor for the Defence to corroborate alibi evidence in trials arising from long-term protracted investigations. The greatest need for extending data retention periods relates to appeals against conviction and the work of the Criminal Cases Review Commission (CCRC).
6.1.3 The Commission handles around 1,000 new cases annually and has another 1,000 older enquiries still being actioned. On average it takes 6 years from the date of occurrence for the Commission to fully investigate a case. Included in the 6 year period is an average of 33 months after conviction before a case is first brought to the attention of the Commission. It is an everyday occurrence that applicants refer the Commission to the potential use of communications data to reinforce their case that there has been a miscarriage of justice. Any deletion and irretrievable loss of data will therefore seriously damage the ability of the Commission to investigate.
6.1.4 The Commission takes the view that it is important to acknowledge the absence in UK law of a "Statute of Limitations" restricting the prosecution of criminal offences to within a certain time limit. Information, as vital as communications data, which can be relied upon to support the interests of justice should, therefore, be retained for as long as possible. The Limitation of Proceedings Act 1980 provides a seven-year limit for civil proceedings. The police, Courts, and other private and public bodies consequently store relevant information for seven years. This is a useful benchmark for a data retention period. The CCRC considers that a seven-year rule would clearly accommodate the majority of their cases. It would be very rare for them to seek material beyond seven years. The advice of the CCRC is that it would be in the public interest to retain "Non-specific" communications data for SEVEN YEARS.
6.1.5 Existing regulations do not provide for longer-term retention. For VAT purposes, CSPs are currently required to hold a summary of their business activity for seven years but there is no requirement to store customer-specific data. However, in many cases it is more convenient for the CSP to archive all information rather than reduce it into a summary. In addition, OFTEL expects CSPs to store billing data for 12 months.
6.1.6 Although a limited number of CSPs begin archiving data sooner, the majority keep the material "spinning" and available for real time access for 12 months. Ready access to data within the first 12 months is of considerable benefit to the Agencies and CSPs should be encouraged to adopt this as standard. We would recommend: Communications data generated by or routed through a CSP's network should be retained for real time access by the CSP (or contractor) for a minimum period of 12 months; [Recommendation 6.1] Once data is 12 months old, it should be archived for retention, either in-house or by a Trusted Third Party agency or contractor , and retained for a further six-year period; [Recommendation 6.2] The total retention period for non-specific data before mandatory deletion should be seven years. [Recommendation 6.3]
6.2.1 Initial responsibility must clearly fall on each and every CSP to retain its data for the first 12 months. OFTEL expects every CSP to retain billing data for a minimum of 12 months for validation. Consensus amongst CSPs is that certain data is almost immediately surplus to their needs within very short periods: sometimes after no more than 24 to 48 hours. This is particularly the case for ISPs. Data required for billing purposes and interconnection payments between networks remains useful for a range of business needs for up to three months. For fraud detection purposes, a maximum of four months is necessary.
6.2.2 The issue is then whether it should continue to be the responsibility of each CSP to retain data that has no commercial value to them. Advice from the major UK CSPs is that, in the interests of justice or law enforcement, with the right statutory framework, they may be prepared to hold data for up to 12 months; some may extend this to two years. Any longer could be a contentious issue, not least on reasons of cost.
6.2.3 Provided accuracy and forensic integrity can be verified, CSP storage arrangements are of little consequence to the Courts or Agencies. The important issues, though, for CSPs are the costs of data retrieval, subsequent time spent preparing archived data in evidential form and Court attendance. The individual investment made by many established CSPs in the development of computer systems designed to search, retrieve and format archived data solely for the benefit of the Courts and Agencies has been considerable. Collectively it runs into several million pounds. As a result, some of the newer companies would readily consider deletion rather than storage. However, existing data storage companies believe it could be considerably cheaper for one contractor or Government run agency[3] to invest in the range of archiving services for the whole Industry.
6.2.4 Use of their staff as witnesses in Court is a contentious issue for CSPs. They are regularly abstracted away from core business functions in order to evidence material about which they have very little hands-on knowledge. Evidencing data should be considered in negotiations with CSPs as it will have a direct influence over whether companies may be prepared to continue with retention. The benefits of deletion to CSPs is obvious. The legal requirements of outsourcing the evidential service will need to be considered with an option to allow CSPs to delegate responsibility fully to an outside contractor. [Recommendation 6.3]
6.2.5 The issues for consideration are whether CSPs should be required to retain data in-house, or have the option to outsource retention to a Trusted Third Party; either a Government run Data Warehouse or to a private contractor's facility. [Recommendation 7.1]
6.3.1 Views expressed by CSP representatives on the ACPO Strategy Group fall into two categories; either a national agency run data warehouse or a number of contractors providing the service. Ultimately this would be for the Government to decide based on agreements with the Industry. The Trusted Third Party would be legally responsible for:
Maintaining the individual commercial confidentialities of each CSP and confidentiality of the operational interest of the Agencies;Providing secure storage; Allowing individual data subjects access, where necessary, to their own personal data;
Full compliance with Article 8 ECHR and RIPA; Providing data in an evidential form with impartial, independent experts who can produce it at Court;
Reviewing the data to ensure that the purpose for which it is retained is still relevant; and
Destruction at the end of the retention period.
VIEW 1. - NATIONAL COMMUNICATIONS DATA WAREHOUSE
6.3.2 At the G8 Conference in Paris in May 2000, the Italian Delegation explained the "Italian Solution" for data retention. Their Government and Telecommunications Industry are proposing a national communications data warehouse to store data from CSPs. This reflects the view expressed by some UK experts who consider the only way forward is to create a Government agency run "UK National Communications Data Warehouse". They estimate that a £3 million investment would be needed. A parallel can be drawn with a similar Home Office initiative, the National DNA Database, in which the Government invested £3.4 million in start-up costs.
6.3.3 The Government has recently agreed to spend £20 million to help ISPs with their interception capability. It would appear entirely appropriate to now combine that project with additional funding for data retention*. One option is to manage this as a Private Finance Initiative. The fact that the Courts and Agencies make greater use of communications data than interception material is reasonable justification for needing funds over and above those set aside for interception. *[Recommendation 3(i)]
6.3.4 As with services provided by the Forensic Science Service, it would follow that the Agencies and Courts would be cross-charged, at a cost recovery rate, for access and retrieval. Agencies are already subject to cost recovery by the PTOs and the ISPs are likely to follow this practice.
VIEW 2. - DATA RETENTION CONTRACTORS
6.3.5 As an alternative, others suggest it may be less politically sensitive to set up data warehouses operated by CSP sub-contractors. This could avoid suggestions over the Government's collection of personal data. A number of commercial interests have already entered into discussions with CSPs to invest in such business ventures.
6.3.6 Support from CSPs will be based partly on there being a minimal cost to them. To become a viable and commercially attractive business venture the private contractor would have to charge Agencies over and above cost recovery fees for the retrieval of data. This would not be attractive to the Agencies who are already required to find these new fees within existing budgets.
6.4.1 Solicitors acting for the Defence together with the Agencies are already hiring experts from private industry, independent from the CSP, to produce data in evidence. This proposal does not break into new ground on that aspect. As with experts in other fields of forensic science, both sides are prepared to pay for contracted out services that provide expert evidence. The new approach involves deciding who should store the data. The options are the individual CSPs, a Government run agency, a CSP run agency or a series of private contractors.
6.4.2 Many CSPs are unlikely to agree to store data themselves or in some collective arrangement unless the Government paid them to provide every aspect of the service. This could involve an indefinite period of potentially uncontrolled expenditure. A Government controlled agency could therefore be economically advantageous but would bring some political sensitivities. Implementation would involve an initial capital investment, potentially offset under a Private Finance Initiative and annual costs would be recovered through charges to those who sought access to the data. Alternatively, private enterprise could provide a number of data warehouses at no cost to the Government, with the initial investment being privately funded and gradually recovered as part of the fees for accessing the stored data.
6.5.1 There will be a public sector cost involved in implementing new legislation and any arrangements that flow from it. Charges introduced by CSPs to secure information for intelligence or evidential purposes have been unprecedented in the business of law enforcement. Other organisations, such as the Banking Institutions have always provided material without charge. The issue was forced upon the Agencies by CSPs partially as a filter where material benefit was perceived to be tenuous and the absence of the data would not prejudice the investigation. The consequence of this 'fee' and the new 'SPOC' arrangements is a more intelligence-led focus and a 36% reduction in the volume of requests. Views on the propriety of such fees are mixed. Whilst all Agencies recognise the commercial sense of charging for special services, some question the moral position of companies charging for subscriber and billing data. This is comparable data with that which comes free of charge from the banking industry: indeed it can be argued that the material provided free by the finance industry during a full financial investigation has some similarities with the kind of demands placed upon CSPs for the provision of special services. At the very least, in a situation where one CSP charges law enforcement £1 for every subscriber detail[4] when the same data is available through Directory Enquiries to ordinary customers for 20 pence, some form of control is essential.
6.5.2 Nevertheless, this is an additional burden on Agency budgets and no provision has been made by the Government to meet those costs. Fees are increasing, not only for special services but also for the high volume routine applications. Agencies now require extra funds to continue utilising communications data in the development of intelligence and evidence*. It should be recognised that without cost recovery charges, CSPs will have great difficulty justifying to their shareholders continuing with any data retention where they themselves derive no commercial benefit. [Recommendation 3(ii)]
6.6.1 For the purposes of this report a study of costs was undertaken to benchmark what it now costs CSPs to make their archive data available to Agencies. Commercially confidential information was obtained from a number of major fixed-Iine and mobile telephone operators and ISPs. Some have outsourced data storage and retrieval; others still keep it in-house. Together, these represent approximately 45% of the UK telecommunications market.
6.6.2 It is important to point out that storage mediums are becoming cheaper and whilst remaining small in size, capacity is rapidly increasing.
6.6.3 Collectively these CSPs store several hundred terabytes of data annually at a total cost of £4 million in terms of storage medium and retrieval equipment time. Accommodation costs have not been provided but to store this much data requires less than 1000m2 of secure, environmentally friendly floor space. To put this into perspective, for some of the smaller PTOs, a year's data would fit into one wardrobe-sized cabinet and cost in the region of £3,000 in storage medium. Managing the storage facility costs between £20k to £25k annually. Retrieval equipment time is where the real costs lie and this is why CSPs charge Agencies. CSPs are already looking at the feasibility of electronically transferring data to forensically secure online storage facilities to simplify processes and reduce costs further.
6.6.4 If the figures are expanded to try and establish the global cost of data storage and retrieval across the UK market, it is estimated to amount to around £9 million per annum. This mirrors the annual running costs (without capital investment) for the National DNA Database. Across the UK Telecommunications Industry, CSPs and their storage contractors have collectively invested around £20 million setting up bespoke storage and retrieval systems to suit their individual needs. Based on what the largest outsourced data warehousing companies have invested in similar business ventures, the initial capital investment to design and build one purpose built unit has been estimated at £3 million. (This is again comparable to the DNA Database).
6.6.5 From an Agency business viewpoint, for ease of analysis, it would be more expedient to have just one warehouse, which could facilitate an immediate and simultaneous search across all the data generated by UK CSPs. It must be admitted though that technical solutions may be found to allow for a similar facility enabling simultaneous analysis across any number of warehouses.
6.7.1 The major operational impact on the daily CSP business is the time taken to retrieve data once it has been archived. The process incurs costs in:
Interruption of business-critical machines;Diversion of key engineering staff from vital functions;
Staff-days per month in terms of managing the process, involving engineers and senior management;
Staff-days attending Court to verify data, as well as supporting or offering advice to Agencies on the process; and,
Ongoing threat of legal costs when the Courts are not happy with the speed of delivery of data required in evidence. Some CSPs would welcome the opportunity to transfer their data to Trusted Third Parties if it avoids the abstraction of key management and engineers from the CSPs themselves.
6.7.2 It should be acknowledged that in life-critical operations such as kidnaps, in which real time and historic communications data is pivotal to identifying and locating where the hostage is being held, CSPs caught up in the investigation are under enormous pressure to deliver. Experience has taught them that it is more cost effective to have a contingency plan in place which can provide historic data almost automatically, rather than divert finite engineering staff away each time from their core business. In many cases access can be given to specific fields of data.
6.7.3 The existence of such contingency systems within CSPs is absolutely vital to the work of the Agencies. It has been the role of ACPO to support the development of such measures. The Agencies would like the Home Office to endorse these initiatives and work with ACPO to encourage ISPs to adopt similar systems.
6.8.1 The retention of communications data for evidence or intelligence purposes once obtained by police and customs is another important area, which needs to be addressed in parallel with retention by CSPs. Inter-connectivity between certain CSPs and the law enforcement agencies (LEAs) has provided direct, automated access to data. This has made good commercial sense in relation to high volume areas, such as subscriber-related and billing data. For example, over the past 12 months the Metropolitan Police Service SPOC required access to 63,590 subscriber details and 4,256 billing accounts. Consequently more CSPs are going live with these services relying on the expedience of secure electronic transfer of data to the LEAs via the Internet.
6.8.2 Most Police Forces and HM Customs and Excise retain such data obtained electronically on their own individual databases, in particular subscriber identities and itemised billing. Where such systems do not exist, such data is held by the Agencies in paper form. The data relates to specific investigations and includes information that may originally have been sought for intelligence purposes only. Most of that data will have been retained regardless of whether or not it was subsequently produced in evidence. All the data will have been lawfully obtained under the Data Protection Act exemption provisions or through the Courts by way of a Production Order. Having acquired it lawfully, there is no appropriate authority allowing further retention.
6.8.3 These databases are an invaluable tool enabling police and customs to search for association links between live and past investigations where they cut across each other. It is vitally important to identify where the same criminal elements are involved in a range of activities over many years, most notably when significant individuals, who have been dormant for some time, become active again.
6.8.4 The fact that LEAs have retained this data means it can be quickly analysed in-house with information from other sources to develop intelligence on the global scale of organised criminal groups and thereby identify the full extent of their operations and associates.
6.8.5 LEAs need the statutory authority to maintain their own communications data intelligence database. It is proposed that the agencies should be regulated in the following manner. Access is subject to the provisions of RIPA; A designated chief officer has oversight; Data less than 12 months old should be available live; and After 12 months the data can be archived and retained for a maximum of 6 years. Reviews are undertaken to ensure that the purpose for which data is retained is still relevant. After 7 years all data must be deleted. The Commissioner proposed under RIPA should be similarly able to audit applications to access the Agencies' archives. [Recommendation 7.4]
7.1.1 There is a convergence of issues. Communications data is of crucial importance to Law Enforcement, and the Intelligence and Security Agencies but our needs are in conflict with existing legislation arising from data protection provisions and ECHR. In addition, there is significant commercial pressure to delete data. There are also significant public policy issues to address. It is an area requiring prompt attention.
7.1.2 We recommend that the Home Office and DTI work with experts from the Agencies, CSPs, ISPs, the CCRC and the Office of the DPC to reach a decision quickly on "Data Retention" and develop a statutory framework for the retention of communications data. Although the law enforcement arguments for retention of data are critical, its use for a range of other purposes should not be forgotten.
7.1.3 The Government should be prepared to defend our position, accepting that once communications data has been used to satisfy the business needs of CSPs, retention is still vitally important to the Agencies and the Criminal Justice System. The very fact that on a daily basis its use contributes to saving lives and ensures the fairness of our judicial process is an overriding justification for extending retention periods.
7.1.4 A similar strategic outlook is being taken by other EU Member States who share the common view that, in the public interest, longer-term data retention is not negotiable.
7.1.5 To this end the principle points within the report need to be addressed: The type of data that should be retained; Why it should be retained; Who should retain it; For how long it should be retained; How it is to be funded; and How it may be accessed.
7.1.6 An appropriate statutory framework will provide the following strategic benefits to the UK:
Provide essential clarity in law on a complex issue;Protect the use of communications data as a tool to corroborate other evidence needed to establish proof of either innocence or guilt;
Preserve and promote the lawful activities of CSPs and the Agencies to operate within in the public's best interests;
Support the strategic partnership between CSPs and Agencies;
Provide the UK with an opportunity to lead on achieving an international standard for data retention legislation;
Reinforce the Government's tough stance on tackling serious and organised crime; and
Support the Home Office's purpose of building a safe, just and tolerant society
____________________
[1] a sub-committee of ACPO Crime Committee
[2] Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector
[3] as a trusted 'Third Party'
[4] including admittedly ex-directory information
HTML by Cryptome.