Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

This is how the police want your internet connection records to look

Scott Carey | June 27, 2016
It looks a lot like an itemised phone bill to us

The National Crime Agency gave a briefing to press yesterday about how it believed investigatory powers are necessary for the organisation to perform its role, and how it would like internet communication information to be displayed.

Speaking to the press at a briefing yesterday, the same day the controversial Investigatory Powers Bill - or Snooper's Charter - continued its journey into UK law, the National Crime Agency (NCA) laid out how it wants the internet connection records (ICR) of suspects it's investigating to look, should the bill pass.

Slide reproduced courtesy of the NCA

The NCA is responsible for investigating organised crime like human, weapon and drug trafficking; cyber crime; economic crime and plays an increasingly important role in investigating terrorism.


The above graphic shows how the NCA would like the internet connection records to look, namely: date, time, mobile number, source IP, source port, destination IP, destination port, postcode, and service/domain.

What this means, they claim, is that the NCA can see the context of a suspected criminal's internet activity, rather than the content. When the Investigatory Powers Bill was first proposed this was likened to an "itemised phone bill", a definition shadow home secretary Andy Burnham described as unhelpful.

Jonathan Richards, legal director at the NCA, insisted that the organisation doesn't want anyone's full web browsing history.

"It doesn't identify the bank account number they used, the flights they booked, who they communicated with on WhatsApp," Richards said. "We would have to go through a separate legal process to get that information. This would just allow us to follow the lead through."

Mark Winsloe from the NCA explained to Computerworld UK that if police want the content of a communication they would have to use the law for intercepting a communication, which comes with a higher threshold for serious crime only. This requires necessity and proportionality considerations that are made by applying for a warrant with the Secretary of State.

Figures from the Home Office, as published by The Guardian, show there were 2,765 interception warrants authorised by ministers in 2014.

Following digital leads

Richards said that the agency needs to know the who, where, when, how and why of criminal communications.

Linking an individual to an account or an action through IP resolution, tracking suspects through cell sites and GPRS data and seeing which services or sites criminals are using are all key to how the NCA investigates serious crimes. "Comms data was used in 95 percent of criminal cases prosecuted on behalf of the NCA," Richards added.

Mark Stewart, who is working on internet connection records for the NCA, said the agency is speaking to the communications data providers (CSPs) to "find out how their networks are structured and what the solutions may look like." Stewart said that 90 percent of communications data is irrelevant to the investigations, so the filtering of these bulk data sets is important to the NCA.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.