[Nottingham] RIPA amendments (data retention) passed

[Graeme Fowler]

All

The "snooper's charter" has been passed, following some last-minute 
shenanigans in the Lords. This has implications for all of those on these 
lists who offer any form of electronic communication system (telephony, web, 
email) in any commercial form - and all those in education doing the same.

Brace yourselves for working out just how much additional storage you will 
require to retain said data; whether you're responsible for it; what the 
implications are if you don't, and how much it's going to cost you.

It's not going to be nice, at any rate.

For the record I met up with the Regulations Officer from LINX (Malcolm Hutty) 
last Friday, and discussed the implications at some length.

Just looking at email and web records, the obligations will be:

1. Email logs: date, from, to - six additional months on what you currently 
"retain". In most cases with default log settings you're looking at between 
six months and a week, and eight months.

2. Web logs: date, calling IP, virtual host [0] - four additional days on what 
you currently retain. For most people this sounds trivial, but see note.

[0] This means that it will actually become illegal to retain *additional* 
information such as URI, referer, CGI or script parameters. Which, in turn, 
means yet another system has to be put in place to process the logs before 
they're placed in "cold storage". The same could be said for mail, since many 
mail systems log more than the requirement.

I'm sure these points will be clarified in time, but that's the current 
reading of it.

Graeme