Controversial DRIP bill set to become UK law
Controversial DRIP bill set to become UK law

The new legislation comes amidst unconfirmed reports that several media and communications companies have been under a sustained internet attack from outside the UK for several weeks.

The legislation - which has a `sunset clause' (expiry date) of the end of 2016 - currently allows CSPs (Communication Service Providers) to retain customer data for up to a year, whilst at the same time granting UK security services access to that information, including overlay metadata that includes records of all phone and IP calls, emails and social media interactions.

It will also mandate non-UK companies - such as Facebook and Google - to hold information on web activities if their users are based in the UK.

The Act - which effectively passed on the nod last week through the House of Commons - had many critics in the House of Lords this week, but peers seemed unable to stop its passage into legislation. The House of Lords' constitutional committee, for example, warned that the bill handed the Home Secretary extraordinary new powers to expand future surveillance systems without having to put it to a vote.

"One is right to be deeply suspicious of emergency legislation that appears in this way," Lord King, the former British Airways chairman, said in the debate last night, adding that "I should also say, deeply cynically, that that is even more the case when such legislation comes with all-party agreement."

"That is a time to fasten your seat belts and wonder what the background to it really is," he said.

Lord King's concerns were echoed by Lord Butler - who has served as private secretary to five Prime Ministers and has been a member of the UK's Intelligence and Security Joint Committee since 2010 - and who remarked that the issues the bill addressed had been known about by the government for several months.

"Why has parliament been given so little time to consider this bill?" he said.


Professor Peter Sommer, a digital forensics specialist, said that the DRIP Act is certainly not a long-term fix and may not even work in the short term.

"The CJEU (Court of Justice of the EU) set ten tests for a revised Data Retention Directive, few of which are met by DRIP. Instead the Home Office seems to be suggesting that UK procedure for obtaining retained data from telephone companies and Internet service providers are sufficiently tough to make the UK compliant," he said.

Sommer - a visiting professor with de-Montfort University - said the legislation is based on the notion that law enforcement agencies only get to see communications data after rigorous review within the agency by a Single Point of Contact (SPOC) and then by a senior designated officer.

But several serious commentators, he explained, have cast doubt on this premise, citing Tom Hickman and Graham Smith's comments.

"This means that, despite DRIP, either the CSPs or human rights non-governmental organisations may return to the CJEU for further rulings before the arrival of the sunset clause in December 2016," he said.

"Much depends, therefore, on the review of RIPA and related legislation by David Anderson QC. It is to be hoped he will be funded to carry out his task properly and to include advice on the relevant surveillance technologies," he added.