The UK Government has abandoned plans to compel internet service providers to carry out widescale surveillance of their customers.
When Theresa May served as Home Secretary during a period of heightened national-security concern and a spate of terror attacks, several ministers and security agencies pushed for broader collection of communications data to help prevent future incidents.
May proposed legislation known as the Draft Communications Data Bill during the 2012–13 session—often called the Snoopers’ Charter—which would have required ISPs and mobile operators to retain detailed records of users’ online activity, including social media interactions, emails, voice calls, online gaming, and mobile messaging, for a 12-month period.
The bill provoked strong resistance over its significant implications for privacy and civil liberties.
Nick Clegg, then Deputy Prime Minister, withdrew Liberal Democrat support for the proposal in April 2013, stating that a law creating a record of every website visit and online communication would not be acceptable while his party remained in government.
After the Conservatives won the 2015 election and May became Prime Minister, she reintroduced similar measures later that year in the Investigatory Powers Bill, which offered more defined powers and additional oversight compared to the earlier draft.
Efforts to expand data collection about UK internet users or to simplify access to such data have persisted intermittently since then, leading to renewed debate in recent years.
A draft of the Electronic Communications (Security Measures) Regulations 2022 again proposed logging requirements for internet users’ activity. ISPs resisted the more intrusive elements during a public consultation, prompting revisions to the proposals.
The most recent version of the regulation retains a 13-month logging obligation but narrows its scope to “security critical functions” within telecommunications and ISP networks—data intended to support post-incident analysis and related security activities rather than broad population-wide surveillance.
Under the proposed timetable, major ISPs would be required to implement the new logging measures by 2025, while smaller telcos would have up to five years to comply.
“There is still uncertainty about what the final measures will be, and there is likely to be pushback from telcos on the most challenging or costly aspects of implementation,” said Warren O’Driscoll, Head of Security Consulting at NTT DATA UK.
“Whatever the final outcome, the legislation will require a significant culture and maturity change across the industry,” he added.
(Photo by Chris Yang on Unsplash)
Interested in learning about 5G and the opportunities it offers from industry leaders? Attend 5G Expo events. Upcoming shows in the series include Santa Clara on 11–12 May 2022, Amsterdam on 20–21 September 2022, and London on 1–2 December 2022.
Find other upcoming enterprise technology events and webinars powered by TechForge in their events listing.