Government plans to store comms data

Proposed database could mean logs of all phone calls, emails and internet usage are centrally stored

New government proposals for a database to store details of all phone and VoIP calls, emails and internet usage by UK citizens could force firms to look at their corporate communications policies more closely, according to experts.

The proposals are part of the draft Communications Data Bill which has yet to be fully released, and would extend the current requirement for telcos and service providers to store details of phone calls and text messages for 12 months.

It's unlikely that the government will require corporates to hand over data relating to their internal communications and those sent encrypted by private channels to third parties, argued Mike Smart of security vendor, Secure Computing.

But the proposals may persuade CIOs to re-examine their controls on data in transit. For example, if users are sending out confidential data via webmail or other unregulated channels, the records may end up in the proposed government database.

"Sometimes it takes regulations to remind people to think about what they're doing, why they're doing it and what's the best practice [around sending data], " he added. "CIOs will have to decide what they consider to be important data and ask 'should I be looking to put local controls in place?'."

Others were quick to attack the government's poor track record on guarding its citizens' data.

"If the government is to avoid another high-profile data breach which could expose even more people to the risk of identity fraud, effective controls need to be put in place with immediate effect," argued Brian Spector of data protection firm Workshare.

Chris Dean, director at independent IT consultancy DMW Group, argued that the government may struggle to find a cost effective way to "manage the storage, movement, and retrieval and deletion of data".

"In summary the project will be expensive, and risk failure – as with all large projects. [It could even] threaten civil liberties," he added.

Aside from the risk of internal threats, hackers may target the data as it is transported from ISPs and telcos to the government database, according to Toby Weiss, chief executive of security firm Application Security Inc.

When Fort Knox was constructed one of the key concerns was how to move the gold into the vault, he explained. "In this case you'll have new data going in and probably coming out all the time – it's a big concern."

These concerns were echoed by the Information Commissioner's Office.

‘If the intention is to bring all mobile and internet records together under one system, this would give us serious concerns and may well be a step too far, " wrote assistant information commissioner Jonathan Bamford in a statement. "We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky; the more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen."