September 08, 2005 | Suw Charman Anderson

Clarke fails to understand his own data retention proposal

Charles Clarke manages to misunderstand his own EU data retention proposal and thinks we have too many rights anyway.

From Sky News:

[Charles Clarke] told Euro MPs at the parliament in Strasbourg: "Of course criminals and terrorists use modern technology - the internet and mobile communications - to plan and carry out their activities.

"We can only effectively contest them if we know what they are communicating. Without that knowledge we are fighting them with both hands tied behind our backs."

The data retention draft framework would require telecos and ISPs to retain traffic data - traffic about where you were when you made a call, and who you called, for example - not the actual phone call itself. Even if this legislation makes it on to the EU books, Clarke still won't be able to listen to your mobile phone conversations, although I suspect he'd really like to.

As for human rights, well, Clarke seems to think we don't really need them:

He stressed that a rethink of the [European] Convention [on Human Rights] - which prevents terror suspects being deported to countries where they may face persecution - will be central to the EU's response to the bombings.

He also made a dig at the reluctance of Euro MPs to agree access to information technology used by terrorists because of fears of breaching human rights.

He warned: "This European Parliament, as well as national parliaments, needs to face up to the fact that the legal framework within which we currently operate makes the collection and use of this intelligence very difficult, and in some cases impossible."

The legal framework which protects citizens from undue harassment, invasion of privacy and loss off free speech? That framework? I rather liked it, myself.

The BBC, meanwhile, tells us that according to the Home Office, data retention won't really cost all that much, honest guv:

A Home Office dossier published on Wednesday - entitled Liberty and Security: Striking the Right Balance - hits back at industry fears the cost of retention would be excessive.

It says that a government-funded project by a mobile phone company to keep data for 12 months had cost £875,999 (1,291m euros).

I'd like to see independent and comprehensive studies completed for a number of telecos and ISPs before I believed that this isn't going to put smaller ISPs out of business and increase our phone bills.

Comments (12)

  1. Sue Welsh:
    Sep 09, 2005 at 12:30 PM

    He also appears to misunderstand the nature of the European Convention on Human Rights, which was not created by the EU, and therefore it's difficult to conceive how it could be altered by any of the EU's bodies, whether European Parliament, Commission or Council.

  2. john:
    Sep 09, 2005 at 12:51 PM

    ben - the UK presidency wants to exclude smaller/irrelevant service providers from the proposal to stop things like your example taking place. the legislative process on this proposal has already been extremely drawn out and will continue to be so.

    part of the reason why reimbursement is such an issue is because of the legal basis of the council's proposal - due to it being a pillar 3 (ie intergovernmental / JHA) agreement it is legally awkward (read impossible) for them to mandate reimbursement by govts because this puts it into the area of pillar 1, i.e. the Commission's prerogative which would mean the bill would have to go thru the EP where it is likely to be voted down.
    all extremely complicated :)

  3. Danny O'Brien:
    Sep 10, 2005 at 05:56 AM

    John -

    The impression I'm getting from folk closer to the current EU process is that the Pillar 3 folk are going to "defer" to the Pillar 1 process, and allow for the first step to go through the Commission and EP. (EDRI has both the Commission and Council proposals on their site)

    This is an intriguing strategy - an attempt to allay the MEP's irritation that they are being bypassed. That said, I hope that that is not *all* the MEPs are angry about: that their reticence to accept data retention is also due to their worries about the serious civil liberties implications.

  4. Simon Gibbs:
    Sep 10, 2005 at 10:07 PM

    You say that keeping traffic data for 12 months is unwanted and costly. I agree, but it is a matter of public record (that is on various versions of my CV) that as a contractor I was involved in the production of an interim solution to do *just that* using spare SAN storage capacity at the headquarters of a mobile telecoms company. This was described to me by my customers as a legally mandated task in 2003.

  5. Benjamin Cohen:
    Sep 09, 2005 at 12:10 PM

    You might find this article I wrote for the Times interesting:-
    Terror law change could cost small firms
    The Government's plans to make all internet service providers record the details of every e-mail sent and received will add to the cost of maintaining a website, writes Benjamin Cohen

    In the wake of the terror attacks on London, the Government has received renewed support in Brussels for regulations allowing the retention of e-mails and mobile telephone records.

    Under the proposals, mobile operators and owners of e-mail servers will have to store the sender and receiver

  6. Open Rights Group Newsblog : Blog Archive » UK e-mail logging law ‘attack on rights’:
    Jan 09, 2009 at 11:56 AM

    [...] BBC ORG was lobbying against the data retention directive back in 2005 when it was going through [...]

  7. Suw:
    Sep 13, 2005 at 11:42 PM

    One of the points I'd like to research on the mobile phone data side is how much data is currently being kept, for how long, and for what use. I think we need to take this as an opportunity to find out what's happening to our data. I've heard anecdotally that BT keeps data for 6 years, and I'd like to know on what basis they feel it necessary to keep data that long.

    I think this is a good chance to ask some very awkward questions!

  8. john:
    Sep 14, 2005 at 05:02 PM

    suw seems to have some good analysis

    commission proposal coming 21 september

  9. Simon Gibbs:
    Sep 17, 2005 at 12:02 AM


    Since you expressed an interest in the technical side, I thought I'd try and dig up some further information. In particular, I thought I'd try and find data format specifications so that we can see the plethora of facts stored on a per call basis.

    Now, I know that T-Mobile marks its format specs "Confidential" (since I've used them) and expect other operators do the same, but Cisco and GSM World are publishing documents regarding there products and areas of interest.

    TAP Specs:

    TAP is a feed put together by an industry group that works a bit like a clearing house forwarding call data around between operators all over the world. They publish some documents behind a lengthy licence which I haven't read or agreed to so I don't know what kind of documents are pulished at the link above.

    This is usually post-pay data (or mixed post/pre pay) and there is a separate protocol for pre-pay where the fee for the call has to be authorised across borders in realtime. These two protocols are of obvious relevence to the European context. Both of the these, but especially TAP, could provide a central collection point for greedy GCHQ analysts and probably already serve that function (I'm speculating).

    IP Telephony

    Cisco have published some field definitions for the data produced by their equipment here:

    I imagine their equipment will be subject to the proposed regulations in some contexts and deserve some attention but the GSM stuff is the really interesting bit.

    Above all, I'd be most interested in getting hold of IP CDR format information captured for 3G and GPRS services. I seem to recall that this was to include IP address and Port numbers for all IP traffic, transport protocol flags (UDP, TCP etc) and URL information for Http traffic. If I'm recalling that correctly then this is in the data produced for billing and it would be well within the scope of some of the rhetoric, though there are exceptions later in the proposal.

    Perhaps Suw can exert some charm with the fraud and revenue assurance people at the the major operators? Don't forget the virtual operators too.

    Sorry, I know very little about the PSTN system or BT. I certainly didn't know they kept data for 6 years!

  10. Simon Gibbs:
    Sep 11, 2005 at 04:36 PM

    Just to add that the information observed being collected in 2003 excluded geographic data below the country and network level.

  11. john:
    Sep 13, 2005 at 11:26 AM

    danny - i guess you mean co-decision? the only problem with that is that it will take ~2yrs for it to pass thru the legislative process and the council does not want to have to wait that long. however, if they proceed with their own framework decision they are more than likely to get taken to the ECJ which is also likely to take 18months-2yrs so it is fairly likely they will have to go thru codecision. the only worry there again (for the JHA types) is that it might either get shot down in parliament or they are going to end up with a REACH-esque scenario with 800 amendments to seperate bits of the proposal and they lose a lot of control!
    personally, i think most of the MEPs are engaged with this as more of a power play between institutions than any concern for our civil liberties :)

  12. will:
    Sep 08, 2005 at 02:17 PM

    you can find the UK Presidency paper at