I am grateful for the chance to clarify my position. That is my position: we disagree with the conclusions of the Joint Committee. We believe, on balance, that the retention of internet connection records is disproportionate and unnecessary.
Technology experts recommend that companies should plan on the basis of their security measures having been breached, not just plan for the security of their databases. This makes highly intrusive personal data potentially available to criminals and hostile foreign powers. If a criminal establishes that a married man is accessing gay websites, or a hostile foreign Government establish that an intelligence officer is accessing lonely hearts websites, that could increase the risk of blackmail or entrapment. Knowing from ICRs when someone is not at home can increase the risk of burglary.
Internet connection records are hugely expensive to analyse and store. Based on estimates from Denmark, where the storage of internet connection records has already been explored extensively, the set-up costs alone in the UK could be around £1 billion. As in the UK, the cost estimates provided by the Government and telecommunications providers in Denmark varied widely. The Government therefore asked independent management consultants to establish the true cost, which confirmed that the telecommunications service providers’ estimates were the correct ones. Extrapolating from the independently verified Danish costs using the relative populations of both countries would take the set-up costs alone for internet connection records in the UK to more than £1 billion.
For those who think that this cannot be right, I should say that 80% of all the data ever created since the beginning of time has been created in the last two years. That is the rate of increase, and, with more and more devices being connected to the internet, such as those controlling our central heating, and with even refrigerators and ovens being connected to the so-called internet of things, the number of internet connection records is set to increase exponentially. Apart from not being able to see communications in among all these other internet connections, the storage costs alone will be enormous.
Taking all these arguments together, the storage of the internet connection records of everyone in the UK for 12 months, whether they are suspected of wrongdoing or not, fails the proportionality test. I quote the RUSI report again, this time on proportionality. It states:
“Intrusion must be judged as proportionate to the advantages gained, not just in cost or resource terms but also through a judgement that the degree of intrusion is matched by the seriousness of the harm to be prevented”.
The advantages gained through the storage of internet connection records are limited, the costs are prohibitive, the degree of intrusion is huge and serious harm can be prevented through other means.