IP bill may not be enforced on small ISPs

The home office has said that it “probably won’t” force internet service providers (ISPs) with no history of working with the intelligence services into retaining user internet records. 

The controversial Investigatory Powers Bill was recently passed and has been widely criticised by the likes of Apple and Google for infringing on the personal data protection rights of citizens.

Chris Mills, a former IP Bill manager for the Home Office, reassured the technology sector the bill was purely for regulatory purposes, and told attendees at the Internet Service Providers Association conference: “The important thing is if we are not already talking to you about internet connection records, we probably won’t be.

“The one new one power of the bill requires the retention of internet records, but that is about filling a capability gap law enforces have identified. It will not affect every ISP, far from it.”

Mills concluded the Government would pay the for the cost of data recovery on behalf of internet providers, and said it was not in the Government’s best interest to ask ISPs to “ask you to do unreasonable things as we will have to pay for them,” adding that the process would have to be signed off by a judge.

Not everyone is convinced of this. Delivering his own counter argument, Chris Beeson, another employee at the Home Office who compiled the bill, admitted that ISPs not already working with the government shouldn’t rule out being approached in the future: “If we are not in conversation with you already, it is possible law enforcement will put a case forward. That does not mean someone will turn up on your doorstep with a retention notice.” 

What is perhaps the most concerning aspect to the whole ordeal is that, when asked about what protocol the bill would dictate in regards to informing customers about their data retention, Mills added: “There is no obligation to inform customers, in fact it would be unlawful to do so.”

Check Also

Why strong passwords aren’t enough to stop identity-based attacks

David Higgins, Senior Director at CyberArk’s Field Technology Office explains why strong passwords aren’t enough …