Memorandum submitted by the Internet Services
Providers' Association (ISPA)
Introduction to ISPA
The Internet Services Providers' Association
(ISPA) was established in 1995 as a trade association to represent
Internet Services Providers (ISPs) in the UK. ISPA promotes competition,
self-regulation and the successful development of the UK Internet
ISPA was instrumental in the establishment of
the Internet Crime Forum, which engenders co-operation between
the ISP Industry and UK Law Enforcement. ISPA also supports the
work of the Internet Watch Foundation (IWF) to combat child pornography
on the Internet. In addition ISPA members have been contributing
to the work of the Government's Task Force for the Protection
of Children on the Internet.
For a list of members or other information about
ISPA, please consult the website: http://www.ispa.org.uk
What is an ISP?
An Internet Service Provider (ISP) provides
Internet users with a physical connection to the Internet, allowing
them to exchange information with millions of other individuals
across the globe. Well known ISPs include BT Internet, AOL and
Freeserve. The term Communication Service Provider (CSP) is used
to explain companies who offer telephone or Internet communication
How the Bill will affect UK ISPs
Under current data protection legislation, ISPs,
like all other businesses operating in the UK, are not permitted
to retain personal information about their customers for any longer
than is necessary for their own business purposes. While this
includes billing, it might also include marketing, anti-fraud
efforts, and network security.
ISPA believes that the Anti-Terrorism Bill will
contain the following provisions:
(1) Will "allow" CSPs to retain
data for law enforcement purposes.
(2) Will provide statutory backing for the
establishment of a "Code of Practice" for CSPs to establish
a system of voluntary data retention.
(3) A reserve power to go back to Parliament
to review the situation "if the code is not operating effectively".
ISPA UK lends its unequivocal support for the
fight against crime and terrorism.
ISPA members have considerable experience of
assisting law enforcement through the provision of relevant and
useful information for the fight against crime. The UK is currently
held up as a model for successful co-operation between the ISP
Industry and Law Enforcement, and ISPA is committed to continuing
However, ISPA is concerned that Parliament must
take care to ensure that any plans to legislate for the retention
of data by CSPs to assist law enforcement must be effective and
In particular, there are two key factors that
must be addressed:
The powers accorded to Law Enforcement
must allow them to obtain information which is relevant to assisting
their investigation, and to do so as quickly as possible;
The ISP Industry shares the Government's
commitment to fighting crime and terrorism, and we must also share
in the consideration of a realistic, reasonable and proportionate
frame of the costs involved in using communications data to assist
Need for further debate on value of extended traffic
ISPA calls on the Government to reaffirm their
commitment to holding an open, balanced and informed debate on
the development of the voluntary code to address the retention
of data by CSPs.
The Internet Industry currently provides Law
Enforcement agencies with a range of useful services in order
to ensure maximum effectiveness in the fight against crime. Subscriber
information and contact details, access to traffic data stored,
and interception access are all currently available and regulated
under the RIP Act.
However there has been little to no public debate
about the benefits of increased data retention which the Government
is proposing. ISPA has no knowledge of any extensive report or
evidence to illustrate the shortcomings of the current legal and
operational situation for Law Enforcement access to CSP traffic
data. Therefore the Industry calls for more research into what
kinds of information would lead to substantial improvements in
Law Enforcement investigation results.
ISPA is committed to ensuring that the voluntary
code of practice for CSPs is successful in meeting the reasonable
and proportionate requirements of Law Enforcement, and therefore
does not believe that implementation of the reserve powers will
The Industry has consistently shown its commitment
to responsible and constructive co-operation with Law Enforcement.
ISPA seeks assurances from the Government that the method by which
the success of the Code will be judged to have failed or succeeded
will be agreed through wider consultation, including representatives
with a good technical knowledge and commercial understanding of
Information must be recent to be useful to Law
All investigation services will testify that
the most useful information is that which is up to date. In particular
it is widely accepted that interceptions of communications are
the most useful tool.
An extension of current data retention practices
would not lead to a significant improvement in the effectiveness
of investigations. It is clear that an increase in the volume
of information CSPs need to store and retrieve would lead to a
longer delay in response time to requests.
The retention, storage and retrieval of data comes
at a cost
The extended storage of communications data
would carry a huge cost. The Government must be open and honest
about how any extended data retention would be funded.
Any budgets allocated must be considered rationally
and with maximum effectiveness in mind. ISPA does not believe
that the spending of huge sums on this area, by any parties, would
lead to more effective investigations.
Data Protection concerns
The involvement of the UK's Information Commissioner
is crucial to assure a balance between the interests of public
security and liberty.
The European Commission has set out that "any
legislative measure at national level that may provided for the
retention of traffic data for law enforcement purposes would need
to fulfil certain conditions: the proposed measures need to be
appropriate, necessary and proportionate, as required by Community
law and international law, including Directive 97/66/EC and 95/46/EC,
the European Convention for the Protection of Human Rights of
4 November 1950 and the Council of Europe Convention for the Protection
of Individuals with Regard to Automatic Processing of Personal
Data of 28 January 1981."
If you require any more information, please
do not hesitate to contact Michelle Dow at ISPA Secretariat.