Features

net.wars: How to stop worrying and love data retention

The police insist it's essential: every Internet provider must keep every item of data that crosses their wires. The ISPs say it'll break the bank. Wendy Grossman has A Modest Proposal which could help ...

On Wednesday, the All-Party Internet Group released its report into data retention. The basic conclusion: the government should dump its plans for data retention under the Anti-Terrorism, Crime, and Security Act (ATCS), and instead adopt a policy of data preservation. Data preservation (which is current US policy according to an FBI staffer at the launch) merely requires an ISP to keep data on its servers when specifically requested to do so. Data retention, on the other hand, requires ISPs to keep everything just in case it may later be needed someday.

Bob Ainsworth, Minister of State for the Home Office, who spoke at the launch, and John Gamble, chair of the data communications strategy group for the Association of Chief Police Officers, both insisted, however, that data retention is a key necessity in the fight against terrorism and organised crime. In fact, he said pretty plainly (at least, I think it was plainly – I have a lot of trouble parsing English social coding to tell whether something is plain, blunt, or imaginary) that the government is still inclined to bring in a mandatory scheme if the voluntary scheme in ATCS doesn't work.

But the government has already shifted its position a little bit. They're beginning to admit, for example, that not asking people what they thought was a pretty duff idea. And that the opposition is more than just the same bunch of tired liberal cranks.

Plus, they kind of have a deadline. The data retention rules are currently a year late - the code of practice was supposed to be released in time for three months of debate in the last Parliamentary session. ATCS includes sunset provisions which kill it off at the end of 2003 unless Parliament votes to extend it. It will be interesting to hear how the data retention rules are working to prevent terrorism if they still haven't been agreed yet.

You have to think the government must have some idea that if they really want to sell the product they're going to have to approach it differently. I have a modest plan here that involves some government investment, some cooperation from Microsoft, Apple, and all those guys who sweat over Linux, and a slight change of rhetoric.

It's all very simple. Bill it as a national backup system. There's so little that's really good in the way of off-site backup systems that are readily available to the non-computerate user that it ought to be an easy sell. We will, the government can say, store your data, make it easy for you to retrieve any data from day you want, we can even clean it for you so you don't have to worry that your computer is harboring viruses or illegal material (such as child pornography or copyright violations), and we will keep storing it for you.

They can even make extending the term an extra selling point. Something along the lines of, "We will guarantee your backups in the first instance for three years. But as the price of disk storage continues to drop we expect to be able to extend this. Eventually, we hope to be able to offer permanent storage of all data. We aim to offer a lifetime service, so that today's children will never have to lose a single school composition or letter from grandma."

If storage space does become a problem – that's backups for 60 million people, after all – well, by then doubtless we'll have better compression techniques. Plus, if they get really clever, they could use pattern-matching to identify files that are stored on many users' machines and move those to a central server leaving only a pointer behind in the user's account.

There now, doesn't that sound good? I'm thinking the client software users will be given should have three modes for retrieving stored data: Restore (restores the data from a particular date onto the owner's hard drive), Retrieve (gets a specified chunk of data according to a user-defined set of parameters), and Whomp (gets everything they have in your account – and you'd better have the storage media ready). I'm thinking the whole mess could be with the usual series of questions plus, perhaps an encryption doohickey you could plug into a port on any computer to authenticate yourself. The software needs only one backup mode – everything – because of course the government aims to offer a complete service, and how can they guarantee you'll never miss a byte if they don't slurp the lot?

In fact, this system seems to me at once so good for the nation's computer users and for the government's desire to retain data retention that I'm amazed they're not planning to propose it. Or are they? Someone's just leaked me a draft describing the "BackUK project" that he apparently found in a locked filing cabinet in a disused lavatory (in an unlit basement with no stairs) with a sign on it saying, "Beware of the leopard". It's signed by some Welsh civil servant named H. ap Pleby.

Apparently the system's already live. You can get the software easily enough - just mention that you'd like a copy during any phone conversation and they'll send it out to you.