[Nottingham] RIPA amendments (data retention) passed
graeme at graemef.net
Fri Nov 14 17:23:39 GMT 2003
The "snooper's charter" has been passed, following some last-minute
shenanigans in the Lords. This has implications for all of those on these
lists who offer any form of electronic communication system (telephony, web,
email) in any commercial form - and all those in education doing the same.
Brace yourselves for working out just how much additional storage you will
require to retain said data; whether you're responsible for it; what the
implications are if you don't, and how much it's going to cost you.
It's not going to be nice, at any rate.
For the record I met up with the Regulations Officer from LINX (Malcolm Hutty)
last Friday, and discussed the implications at some length.
Just looking at email and web records, the obligations will be:
1. Email logs: date, from, to - six additional months on what you currently
"retain". In most cases with default log settings you're looking at between
six months and a week, and eight months.
2. Web logs: date, calling IP, virtual host  - four additional days on what
you currently retain. For most people this sounds trivial, but see note.
 This means that it will actually become illegal to retain *additional*
information such as URI, referer, CGI or script parameters. Which, in turn,
means yet another system has to be put in place to process the logs before
they're placed in "cold storage". The same could be said for mail, since many
mail systems log more than the requirement.
I'm sure these points will be clarified in time, but that's the current
reading of it.
More information about the Nottingham