Clause 17 — Retention of relevant internet data

Part of Internet Communications (Regulation) – in the House of Commons at 5:00 pm on 6 January 2015.

Alert me about debates like this

Photo of James Brokenshire James Brokenshire Minister of State (Home Office) (Security and Immigration) 5:00, 6 January 2015

I am grateful to Diana Johnson for raising these important issues. This is a complex and technical area, and I am grateful for the opportunity to return to some of the points that we discussed in Committee. Communications data—the who, where, when and how of a communication but not its content—are a vital tool in the investigation of serious crime, including terrorism, and in safeguarding the public.

The hon. Lady explained that her amendment seeks to limit the scope of the provision to the retention of data that are necessary to allow the identification of a user from a public internet protocol address. She is trying to restrict the provision and to gain clarity, and as I explained in Committee, I do not think there is any difference between us on the principle. It is important that the provision goes only so far as is necessary to ensure that communications service providers can be required to retain the data necessary to link the unique attributes of an internet connection to the person or device using it at any given time—in other words, to link person A to person B. At the moment, internet service providers might not be required to retain that level of information. That was the Government’s clear intention when drafting the clause, so the provision is already limited in a way that I believe reflects what the hon. Lady intends.

Subsection (3) restricts the data to be retained to data that might be used to identify or assist in identifying the internet protocol address or other identifier that belongs to the sender or recipient of a communication. Any data that cannot be used to identify or assist in identifying the user of an IP address is already outside the scope of the provision, which deals with a number of the specific points about communications platforms that the hon. Lady highlighted.

I appreciate that the wording in the clause is quite technical, but I want to assure the House that great care has been taken to ensure that the Bill is tightly drafted. In particular, clause 17(3)(c) excludes so-called weblogs, a record of internet communications services or websites a user has accessed. The Bill provides for the retention of data relating to IP resolution and only such data. Anything else is already beyond the scope of what clause 17 permits. It is also important for the House to note that any requirement for communications service providers to retain data under the Data Retention and Investigatory Powers Act 2014, which the clause amends, may be imposed only where it is necessary and proportionate. Access to that communications data is then subject to robust safeguards, and the UK already has one of the most rigorous systems in the world for safeguarding the acquisition of comms data.

Before such data can be acquired, an application must be made that clearly demonstrates that the request is both necessary and proportionate to the objective of a specific investigation for one of the statutory purposes in the Regulation of Investigatory Powers Act 2000. The process is clear and accountable and includes a strong and rigorous system of oversight, which includes the interception of communications commissioner, who must have held high judicial office. Following DRIPA, he will report every six months on the interception of communications data, and of course he regularly inspects all relevant public authorities.

The hon. Lady asked whether we intend to issue new retention notices. The Government will issue new data retention notices to affected communications services providers following the enactment of the legislation. We will also enable law enforcement agencies to resolve a communication to an individual or device, not to ascertain which services or websites an individual has accessed. The data would be considered to be weblog data, as I have said, which is already excluded from the Bill.

A communication can include any message sent over the internet. The legislation relates not to the retention of what the message contained, but purely to the fact that a message was sent, which is the key distinction between comms data and what might be regarded as the interception of a communication. The provision amends the definition contained in DRIPA, not the meaning of the regulations. The definitions in the Act are used in the regulations, so there is no requirement to amend the regulations. Accordingly, I agree with the sentiment behind the amendment. If I have any reflections on the detail of the further points that the hon. Lady has highlighted, perhaps I can write to her further. However, with these assurances, I hope that she will withdraw the amendment.