In UK, Investigatory Powers Act forces collection of “internet connection records” which allows government to see one year of your internet history

Posted on Nov 17, 2016 by Caleb Chen

The Investigatory Powers Act replaces existing law under the Telecommunications Act and brings government mass surveillance into the Internet age with a bang. The IP Act made it through both Houses, without adding any of the privacy constraining amendments suggested by the House of Lords Intelligence and Security Committee, and will become law within weeks.

Under the new law, the UK government can access 12 months of your Internet history at the drop of a hat. Additionally, they now have the power to infiltrate and infect your computer in the course of an investigation with only the say-so of the Home Secretary. Jenny Jones, a House of Lords member representing the Green Party, tweeted a lament as the bill passed its final hurdle to becoming a bonafide law.

Under Investigatory Powers Act, the UK government will have access to a year’s worth of your phone call and internet history

what-internet-connection-records-might-look-like-nca
NCA: What might Internet Connection Records look like

UK based privacy rights organization Privacy International emphasized that a person’s internet history is the mecca of private information:

“They are comparable to a compilation of call records, postal records, library records, study and research records, social and leisure activity records and location records, and will additionally capture concerns about health, sexual and family issues…. The agencies would be able to acquire this intrusive, population-level data in bulk under bulk acquisition powers.”
What’s interesting is that the new act actually calls for “internet connection records” not from Internet service providers (ISPs), but rather from Connection service providers (CSPs). Observers have noted that it is possible and even likely that the Investigatory Powers Act will be used to coerce UK-based VPN companies to start logging Internet connection records. Unless you use proper protection when you are using the internet from the UK, your internet browsing activity and phone call history will be logged and presented to the government.

Comments are closed.

9 Comments

  1. Mark Stevens

    So does this mean that PIA might have to start recording user data in the UK? PIA is a UK based company, is it not?

    7 years ago
    1. Caleb Chen

      PIA is not a UK based company. PIA is based in the United States where there are no mandatory data retention laws.

      7 years ago
    2. Caleb Chen

      PIA will never start recording user data. PIA is not a UK based company. PIA is based in the USA where there are not mandatory data retention logs. Hope this answers your questions, Mark!

      7 years ago
      1. Phil Bickley

        If you connect to a uk server would that have to be logged now? ie The Main London Server as it is based in the UK ?

        7 years ago
        1. James Bedwell

          That’s my question too. I hope this doesn’t have any implications on UK based VPN servers, even if the company that owns them is an overseas company.

          7 years ago
        2. Caleb Chen

          The recently passed U.K. IP law does not take effect until the beginning of next year. Moreover, it applies specifically to U.K. companies.

          7 years ago
        3. janeklb

          Going to connect to France or Norway until this is confirmed or denied..

          7 years ago
          1. Ian

            I doubt it would not be possible for PIA to confirm or deny any logging. The Investigatory Powers Act prevents the recipient (PIA or other ISP) from disclosing whether they have been requested to remove encryption or retain related data. The intention is to create an environment where the public do not know which ISPs are retaining records to prevent them for changing to another ISP which has not yet been requested to do so by the state.

            7 years ago
          2. Ian

            *correction: ‘ doubt it would be possible for PIA to confirm or deny any logging’

            7 years ago