The UK Government is trialling a national database to allow public sector bodies to access the internet connection records of British citizens.
Despite no official confirmation from government officials, reports did emerge last year of a trial programme which included two, as yet unnamed, UK-based internet service providers (ISPs).
The controversial new programme comes as a result of the equally controversial Investigatory Powers Act, a piece of legislation passed by the Government back in 2016 and frequently referred to as the Snoopers Charter, which required all ISPs to keep a log of the internet traffic of all of their users for a period of at last twelve months.
At the time, we were told that this information would be stored securely, and the data would only be accessed by relevant agencies going through all the relevant safeguards.
Privacy campaigners warned at the time that this data was likely to end up being used more broadly, and this national internet data service appears to confirm their worst suspicions.
How the new programme came to light
There has been no formal announcement yet that this new programme is being planned, but it has come to light as a result of some good, old-fashioned investigative journalism.
The hat-tip here has to go to PublicTechnology, which first broke the story.
Their reporters spotted a new online procurement notice, which was inviting bids from tech firms to provide support services for the migration of IT systems and the development of a tool which would allow authorities to search for information and filter results.
Off the back of the trials last year, Public Technology reached out to the Home Office, the National Crime Agency, and the Information Commissioners Office. All refused to answer any of their questions.
They also contacted the UK's sixteen biggest ISPs as well as their trade association to put similar questions to them. Again, no response at all was received.
However, despite this wall of silence, it is possible to glean quite a bit of information from the procurement document Public Technology has unearthed.
It explicitly notes how the Investigatory Powers Act has made it “possible for the law-enforcement agency community to lawfully obtain internet connection records in support of their investigations.”
Currently, this only happens as and when necessary, but the new national service that is being proposed will enable law enforcement to access data from a broad range of ISPs through a service that is overseen by the National Communications Data Service, a shadowy unit with the Home Office Counter Terrorism department.
The remit of this unit, as stated in another procurement document, is “providing the nominated representatives of law enforcement agencies and wider public authorities with access to retained communications data in accordance with legislation.”
If that isn't sinister enough for you already, the document also reveals that they are planning to include filtering tools and a results platform to allow law enforcement bodies to search and filter large quantities of public communications data.
What is the ultimate purpose of the database?
This might sound like a tricky question to answer, but again, the procurement documents are not shy about the somewhat Orwellian objectives behind this project.
It states that the aim of the NCDS is to provide law-enforcement agencies with a digital platform that gives them the “ability to request ICR data… [and] access to ICR data, [for us to] support criminal investigations and identify… requests for other data on other systems.”
It goes further in explaining what the data may be used for which includes “to assist in identifying who has sent a known communication online”, “to establish what services a known suspect or victim has used to communicate online”, “to establish whether a known suspect has been involved in online criminality,” and “to identify services a suspect has accessed which could help in an investigation.”
These are all broad remits and clearly suggest that this new database service will result in a fundamental shift in how law enforcement agencies can use people's internet data.
Rather than being able to access only under very specific circumstances and with oversight approval, they will now effectively be able to trawl through this data at their leisure when investigating just about any type of crime.
It is exactly what privacy campaigners feared would happen when Parliament passed the Investigatory Powers Act back in 2016.
How to protect your online privacy
All ISPs and mobile phone providers are required by law to harvest their user data and retain it for twelve months. So, no matter how you get online in the UK, your internet data will end up on this database one way or the other.
The best way to stop your ISP from seeing and logging what you are doing online is to use a VPN.
When you are connected to a VPN service like ExpressVPN, everything you do is passed down an encrypted tunnel and through a VPN server. This hides your data and prevents your ISP from seeing either the contents of your internet traffic or where it is heading.
When you are connected to a VPN, all your ISP can log is the fact that you are online, the amount of data you are using, and the VPN server you connect to. It cannot see anything else, and that data alone gives little away to the Government snoops.
We have been strongly advising all readers to use a VPN since back in 2016, when the Investigatory Powers Act first came online. When this new database comes online, it will be doubly important.
The UK now has one of the most intrusive Internet surveillance systems in the free world. The good news is that you can take the first steps to maintain your online privacy simply by using a VPN.