Anti-terror laws raise net privacy fears

Powers to stop terrorists could be abused by Police warn experts

Powers to scrutinise records of online activities granted to UK law enforcement agencies to tackle terrorism in the wake of September's attacks could undermine online privacy, warn net experts.

They fear that the mass of data about the online lives of Britain's net users could be trawled by police forces investigating any crime.

Existing legislation makes it easy for police to get permission to search through the comprehensive logs of online activity once it has been collected.

The government is due to publish information about just how much data net providers are expected to store in the next couple of weeks.

National security

On 15 October, Home Secretary David Blunkett announced an emergency raft of measures intended to help the fight against terrorism.

One measure in particular has some net experts worried.

The legislation is expected to "enable" net service providers to keep records of what their customers are doing online for longer than they do now.

Currently data protection laws mean net companies have to destroy logs of the e-mails people have sent and where they go on the net after a few months.

Ostensibly, the Home Office wants this data kept to aid future investigations into terrorist activity.

Electronic life

However, Caspar Bowden, director of net think tank the Foundation for Information Policy Research, said he feared that the permissions granted in the controversial Regulation of Investigatory Powers (RIP) Act, would mean this database was searched when the police investigated any crime.

Emergency anti-terrorism laws have been drafted by the Home Office

The RIP Act lets records be kept to aid the investigation of minor crimes as well as tax, health and safety, and public order offences.

He said the communications data collected in these logs would provide a "complete map" of someone's online life.

Police might routinely use the records of who e-mails whom to map out networks of online acquaintances.

"We also have concerns that any measures taken in this area should be well thought out and proportionate," said assistant Information Commissioner Phil Jones, "especially if there's going to be some legal requirement that goes beyond the normal rule."

Cost counting

The UK's Internet Service Providers Association (ISPA) has also expressed misgivings about the data retention proposals.

A statement by the organisation said it wanted clear guidance on what data the Home Office wanted retained, how long it was to be kept for and how it was to be stored.

Roland Perry, head of policy for the London Internet Exchange, said it was hard to speculate about the impact on the industry until the Home Office made public its desires.

He said net service providers currently kept data for very different periods of time.

"Every ISP has come to its own conclusion as to whether they want to log this information at all, and whether they want to keep it for 48 hours or a year," he said.

Proposals to keep extensive records of webpages and net sites visited could prove expensive for the large net service companies.

A tentative figure of £20m has been put on the proposals by ISPA.

The Home Office has said it will detail its data retention requirements in a code of practice that will be published soon after the legislation is aired.