One of the big questions concerning data retention and the hastily-passed DRIP is whether it applies to web-browsing activities. Indeed, Julian Huppert MP asked the question during that all-too-brief debate in parliament, and was assured that it did not. I was far from convinced by the answer, and remain far from convinced, particularly given the idea that this ‘update’ to powers is intended to cover activities like webmail and social networking messages. Some colleagues have been asking questions, and a reliable source within one of the US companies that operates webmail (amongst other things) told us that they don’t expect the data retention powers to apply, given that they have never done so and the government made clear that there was no change in that through DRIP. They added further that as a US company, they are in a very different situation to UK providers.
That leaves us in a very interesting situation. If you’re communicating by webmail or social networking, how can your activities be caught? I can see only two ways: directly from the webmail company, or by capturing web-browsing through the ISP. If there are other ways, I’d like to know… because in the current circumstances I can see only three options:
- That webmail and social networking will not be covered by DRIP. That’s almost inconceivable, given the intentions of DRIP and the extent to which communications of the kind that those behind DRIP want to capture take place on webmail and social networks; or
- That the non-UK webmail and social network providers have been misled, and DRIP will be used to compel them to gather and hold communications data concerning activities on their services; or
- That Julian Huppert – and parliament, and the people of the UK – has been misled, and DRIP will be used to gather web-browsing activities.
If there’s another option, I’d like to know it. It’s entirely possible, as I’ve been wrong often before, but I can’t see it immediately.
My instinct is that the third option is the most likely – and that the intent of DRIP was always to gather web-browsing activity. If we’d had proper time for scrutiny of the bill, and to get experts to ask questions in committee, we might know the answers – and make sure that appropriate balances and controls are put in place. We didn’t. I have a strong suspicion that was entirely intentional too.