Web surveillance - who’s got your data?

Hands on laptop keyboard

The government's plans to extend surveillance of our communications to cover email, the web and social networking have provoked quite a storm, with MPs from across the political spectrum joining with privacy campaigners to express concern.

I'll leave coverage of that to my political colleagues - but let's turn to the practicalities, and how this surveillance might affect you and me. Or, to be selfish, me.

From what we know of the plan, it involves asking Internet Service Providers and mobile phone companies to store records of users' email and web traffic - not the content, but the destination. So the companies could be asked to hand over details of who you emailed and when, not what you were talking about.

So how much of that data do they store already? I approached Virgin Media, my current Internet Service Provider, O2, a mobile phone network I use, and Google, which provides my personal email, to ask them for details of what they knew about me - and how much effort it would be to collect more data. Here's what I found:

Virgin Media

My ISP Virgin Media says it doesn't store any data on my personal web or email use, though it does collect data at a network level to understand the overall patterns of traffic.

If it is served a warrant, though, it can allow the authorities to access data about an individual customer's web and email use. As far as I understand it that could include web-based email services like Hotmail and Gmail. The company was keen to stress that there are very strict limits on how many such warrants can be issued, under the Regulation of Investigatory Powers Act, and Virgin itself doesn't get to see or keep that data involved.

So what happens if the government does want to go further? The company was reluctant to go into any detail, but I get the impression that starting to collect data on my web and email use on a routine basis would be a complicated operation, but by no means impossible.

Now I was left a little confused here because my understanding was that secure web-based email such as Gmail, where HTTPS pops up in your browser, could not be accessed by your ISP. So I then turned to Google.


As a user of various Google services, from search to Gmail, I know that the company does have plenty of data on me. For example, it obviously knows who I've emailed and when - the sort of information that the government may want to see in the future.

Google pointed me towards its transparency report which details requests for user data from the UK authorities. Between January and June last year, it received 1,279 such requests, and complied with 63% of them.

But what about that secure web email question? Here, Google had a different story from Virgin Media. The search firm insists that when I send an email from my Gmail account on my home broadband connection using SSL - the secure system - Virgin can't see who I'm emailing.

In other words, the security services may be more interested in targeting the likes of Google than your ISP if they want to know who you're talking to.


My mobile phone network, O2 pointed me towards their privacy policy which details what kind of information they collect. It's quite a list:

"Phone numbers and/or email addresses of calls, texts, MMS, emails and other communications made and received by you and the date, duration, time and cost of such communications, your searching, browsing history (including web sites you visit) and location data, internet PC location for broadband, address location for billing, delivery, installation or as provided by individual, phone location."

The policy says it can be disclosed to third parties "where required by law, regulation or legal proceedings", under the same rules which Virgin mentioned. The data is retained "for not less than six months and not more than two years".

What seems clear from this is that both Google and the mobile networks already collect plenty of data which might be of interest to the police and intelligence services - and which they can already access, subject to quite strict controls. A move to make it easier for the authorities to access that data might not impose much of an extra burden on them.

For ISPs like Virgin Media, however, it seems to be a different story. They will have concerns about the cost of collecting this information and the impact on their relations with their customers. And, given how disgruntled ISPs are already over plans to force them to police copyright abuse on their networks, prepare for a battle over what they will see as a new burden.

Rory Cellan-Jones Article written by Rory Cellan-Jones Rory Cellan-Jones Technology correspondent

Office puts chips under staff's skin

Rory Cellan-Jones visits a building where microchipped workers gain entry and use photocopiers by holding up their hands - and trials the tech himself.

Read full article

More on This Story

More from Rory


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 16.

    If the government does go ahead with this what will say they will keep the information secure?

    The problem is the UK government has the most amount of data which goes missing, so is really gathering more information which can get lost a good idea?
    I know I wouldn't trust the UK government with anymore information about me stored by the government.

  • rate this

    Comment number 15.

    it doesn't matter what the govt. do to monitor our communications. There are so many ways to pass messages without direct contact that they could be looking straight at it and not see it. This is just another landgrab by the powers that be. The internet used to be a wonderful place with friendly communications between like-minded and intelligent people. It has been turned into a glorified tv.

  • rate this

    Comment number 14.

    "You could make a far bigger impact on high tech crime simply by preventing people from buying PAYG phones anonymously."

    So you want to prevent one major abuse of freedom by imposing another.. !!!! impressive!

  • rate this

    Comment number 13.

    Having been involved in the design and implementation of large database systems, I don't see the technical hurdles as particularly challenging. I am concerned, however, that that it will be very tempting to use currently available data analysis tools to look for the evidence to justify monitoring not just individuals and small groups, but large communities.

  • rate this

    Comment number 12.

    No, let's NOT worry about how it might affect you or me. Let's concentrate on making sure it DOESN'T HAPPEN.

  • rate this

    Comment number 11.

    Being honest- I would not be surprised if all my data goes through GCHQ anyway, and they have a nation states worth of resources to go through it as well.
    Presumably they just want ISP's, mobile carriers etc to pay for the collection and storage of the data...

  • rate this

    Comment number 10.

    I read Cory Doctorow's Little Brother recently. It might be billed as an older children's/young adult's book but it's a great read and quite relevant to this scenario.

  • rate this

    Comment number 9.

    The ONLY way ANY tracking or data accesses SHOULD happen is on the authorisation of a High Court Judge and then only for a specific, justified reason and for a short term. All snooping should be published after it is finished with a note as to its success.

    Fishing trips MUST never be allowed.

    Or on the other hand we could just swamp our security services and police with data!

  • rate this

    Comment number 8.

    Another step towards being controlled 24/7. People in government are their because they crave power. First monitoring then censoring, then control - help us all.

    Sign the e-petition asap.

  • rate this

    Comment number 7.

    It will go through if we like it or not.
    As we are still in the EU not by choice, and we don't allow this bill UK's refusal to comply will mean the country would be sued by the European Union.
    So how about getting out of the EU NOW Dave or is it too late hmmm

  • rate this

    Comment number 6.

    I wonder have the major media moguls that have brought about ACTA etc... had dinner with Dave and cronies. With real time access to what people are looking at, movies being streamed could possibly be identified, the ISP could shut the user down, and the letter from the lawyer all be sent automatically. Good to see important issues are being sorted out with the tax payers money/liberties/freedoms

  • rate this

    Comment number 5.

    Whatever their stated purpose this cannot be about counter-terrorism. As Dozy points out any form of VPN or 'onion' routing will easily defeat this as a measure, a fact that any competent terrorist already knows. A more likely explanation is that it quietly sets up the infrastructure to limit free speech and independent views with little cost to the government.

  • rate this

    Comment number 4.

    You could make a far bigger impact on high tech crime simply by preventing people from buying PAYG phones anonymously.

  • rate this

    Comment number 3.

    Right, that's it! I'm using Tor for *all* surfing from now on.......

  • rate this

    Comment number 2.

    You know, combine the EU's ACTA, with the new English bill being considered, and our government pretty much has totalitarian control of this countries civil internet usage. Of course, all those being used as reasons to bring these arcadian laws in, will easily work around it. Only losers and victims are us 'plebians.'

  • rate this

    Comment number 1.



Page 2 of 2



Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.