Police have demanded the power to view the internet browsing history of everyone in Britain in advance of a major surveillance bill being published next week.
Senior officers have lobbied the government to force telecommunications companies to retain for 12 months data that would disclose specific web addresses visited by customers.
The move would enable police to seize details of the websites and internet applications used by anyone they wanted to investigate, from suspects to missing persons. They believe the enhanced power to be essential even for standard investigations given the scale of activity now carried out online.
Police maintain that being able to log visits to child abuse sites and gain details of social media pages visited by missing persons is key to their role in protecting the public. One senior officer said that it was “about everyday investigation rather than surveillance”.
The idea that technology companies would have to store the browsing history of tens of millions of internet users will alarm privacy campaigners. The hacking of the TalkTalk database has heightened concerns that stored details could be broken into by cybercriminals.
The disclosure comes as The Times concludes a three-day series for which it was allowed unprecedented access to the security services before publication of the draft Investigatory Powers Bill.
A final decision on whether the retention of internet connection records (ICRs) will be included in the bill is not expected until just before publication. The police would not have access to the content of internet searches and social media messaging without judicial approval. While they want visits to homepages to be logged, they would not be able to see the extent of browsing and content accessed within a particular website.
Although officers have argued for the power, there is nervousness that including it could mean the legislation falls foul of European court rulings on data retention and undermine the entire bill. Civil liberty campaigners have warned of the sheer cost of retaining so much data, above and beyond privacy implications.
The Conservative MP David Davis, a fierce critic of the abuse of surveillance powers, said that the police were trying to revive a power that parliament had already rejected.
“It’s extraordinary they’re asking for this again, they are overreaching and there is no proven need to retain such data for a year,” he said, adding that they needed to “prove their case — not just assert that they need it”.
The ICR proposal was originally suggested in the Communications Data Bill — the so-called snooper’s charter — in 2012 but was abandoned primarily because Liberal Democrat ministers in the coalition felt that it was too great an invasion into privacy. Senior officers insist that without such access they would be “flying blind” in everyday investigations. Telecommunications companies provide data on an ad hoc basis but they are not required to by law, and police say that the information is not stored for long enough.
Richard Berry, the National Police Chiefs’ Council spokesman for data communications, refused to comment on any specifics of the bill but said that police were not looking for anything beyond what they were traditionally able to access via telephone records.
Mr Berry, an assistant chief constable at Gloucestershire constabulary, said: “We want to police by consent, and we want to ensure that privacy safeguards are in place. But we need to balance this with the needs of the vulnerable and the victims.”
He acknowledged that it would be “far too intrusive” for police to be able to access content of internet searches and social media messaging without further safeguards such as a judicial warrant.
“We essentially need the ‘who, where, when and what’ of any communication — who initiated it, where were they and when did it happen. And a little bit of the ‘what’, were they on Facebook, or a banking site, or an illegal child abuse image-sharing website?”
“Five years ago, [a suspect] could have physically walked into a bank and carried out a transaction. We could have put a surveillance team on that but now, most of it is done online. We just want to know about the visit.”
In his report on surveillance powers, David Anderson, QC, the reviewer of anti-terrorism legislation, said that law enforcement agencies were aware of the privacy risks but felt that the power would be useful in determining whether suspects visited websites “suggestive or corroborative of criminality, eg sites associated with terrorism, paedophilia or the sale of counterfeit goods”.
Mr Anderson said that he was sympathetic to the police’s argument but felt that a “strong operational case” had to be presented before the extra obligation was placed on CSPs (communication services providers).
He wrote: “It is clear to me that a good deal more preparatory work needs to be done. Before any detailed proposal is made, it will need to be carefully thought through and road-tested with law enforcement, legal advisers and CSPs.”