Web surveillance - who’s got your data?

Hands on laptop keyboard

The government's plans to extend surveillance of our communications to cover email, the web and social networking have provoked quite a storm, with MPs from across the political spectrum joining with privacy campaigners to express concern.

I'll leave coverage of that to my political colleagues - but let's turn to the practicalities, and how this surveillance might affect you and me. Or, to be selfish, me.

From what we know of the plan, it involves asking Internet Service Providers and mobile phone companies to store records of users' email and web traffic - not the content, but the destination. So the companies could be asked to hand over details of who you emailed and when, not what you were talking about.

So how much of that data do they store already? I approached Virgin Media, my current Internet Service Provider, O2, a mobile phone network I use, and Google, which provides my personal email, to ask them for details of what they knew about me - and how much effort it would be to collect more data. Here's what I found:

Virgin Media

My ISP Virgin Media says it doesn't store any data on my personal web or email use, though it does collect data at a network level to understand the overall patterns of traffic.

If it is served a warrant, though, it can allow the authorities to access data about an individual customer's web and email use. As far as I understand it that could include web-based email services like Hotmail and Gmail. The company was keen to stress that there are very strict limits on how many such warrants can be issued, under the Regulation of Investigatory Powers Act, and Virgin itself doesn't get to see or keep that data involved.

So what happens if the government does want to go further? The company was reluctant to go into any detail, but I get the impression that starting to collect data on my web and email use on a routine basis would be a complicated operation, but by no means impossible.

Now I was left a little confused here because my understanding was that secure web-based email such as Gmail, where HTTPS pops up in your browser, could not be accessed by your ISP. So I then turned to Google.


As a user of various Google services, from search to Gmail, I know that the company does have plenty of data on me. For example, it obviously knows who I've emailed and when - the sort of information that the government may want to see in the future.

Google pointed me towards its transparency report which details requests for user data from the UK authorities. Between January and June last year, it received 1,279 such requests, and complied with 63% of them.

But what about that secure web email question? Here, Google had a different story from Virgin Media. The search firm insists that when I send an email from my Gmail account on my home broadband connection using SSL - the secure system - Virgin can't see who I'm emailing.

In other words, the security services may be more interested in targeting the likes of Google than your ISP if they want to know who you're talking to.


My mobile phone network, O2 pointed me towards their privacy policy which details what kind of information they collect. It's quite a list:

"Phone numbers and/or email addresses of calls, texts, MMS, emails and other communications made and received by you and the date, duration, time and cost of such communications, your searching, browsing history (including web sites you visit) and location data, internet PC location for broadband, address location for billing, delivery, installation or as provided by individual, phone location."

The policy says it can be disclosed to third parties "where required by law, regulation or legal proceedings", under the same rules which Virgin mentioned. The data is retained "for not less than six months and not more than two years".

What seems clear from this is that both Google and the mobile networks already collect plenty of data which might be of interest to the police and intelligence services - and which they can already access, subject to quite strict controls. A move to make it easier for the authorities to access that data might not impose much of an extra burden on them.

For ISPs like Virgin Media, however, it seems to be a different story. They will have concerns about the cost of collecting this information and the impact on their relations with their customers. And, given how disgruntled ISPs are already over plans to force them to police copyright abuse on their networks, prepare for a battle over what they will see as a new burden.

Rory Cellan-Jones Article written by Rory Cellan-Jones Rory Cellan-Jones Technology correspondent

Zuckerberg - the unasked questions

Mark Zuckerberg's appearance at the Mobile World Congress was a missed opportunity.

Read full article

More on This Story

More from Rory


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 36.

    Hi to the good honest and upright citizens of this great land of ours. just for starters I will be visiting my local dgrcawcxhn for zmdn ad soge I will be there for some time dhr skeb s lidd to smok
    5th letter of 11th book vcxxiyfjjfgg[tydhsllnnerstter meet snkd yes snkd. If the governmenty want to treat us all as subversive then we need to ensure we get them out at election time.

  • rate this

    Comment number 35.

    Hi if we are going to be watched all the time then can I suggest that you send e-mails with total random letters and numbers on this will give the snoopers something to wade through and if we all did it on 30th of this month it would tie the snoopers up for years e.g. 4th letter of the tenth book.....shfrywirudfodfzxvsdhfjgfmvffmkdfdcnfckjoffkjoffvkno;fpo[typ0dskjfredfgjjhtfgheytndlsstfffrffffddd

  • rate this

    Comment number 34.

    Rory, if it was possible to record the address of every web page ever seen by everyone, it assumes servers never change their content? The BBC site like most sites, is an active server site; the output changes. All an active bad guy server need do is send snoops to kittens. You could tell where I had been, but not was I was doing there. Is this another public sector IT project in the making?

  • rate this

    Comment number 33.

    Rory, if our civil servants want to create their own data-hauding version of the former GDR, why not emigrate to that large communist nation where every thought is policed? Sadly our paranoid and technologically illiterate political class treats the freedom of the Social Network as 'neo-terrorism'. I doubt the guys at MI5 and GCHQ signed up to spy on their own innocent families and friends?

  • rate this

    Comment number 32.

    In 2001 there was a European Union report on the existence of a global system for the interception of private and commercial
    communications (ECHELON interception system) (2001/2098(INI)).

    GCHQ and RAF Menwith Hill in Yorkshire already monitor a multitude of communications and have been doing so for years, This is nothing new.


Comments 5 of 36



  • Elderly manSuicide decline

    The number of old people killing themselves has fallen. Why?

  • Petrol pumpPumping up

    Why are petrol prices rising again?

  • Image of George from Tube CrushTube crush

    How London's male commuters set Chinese hearts racing

  • TricycleTreasure trove

    The lost property shop stuffed with diamonds, bikes... and a leg

  • Boris Nemtsov'I loved Nemtsov'

    A murder in an atmosphere of hatred and intolerance

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.