ISPs warn UK snooping law will cost time and lots of money

The Investigatory Powers Bill, aka the new Snoopers' Charter, aims to clarify and extend the UK government's surveillance capabilities. Of the proposed changes to existing legislation, one of the biggest is the requirement that all British ISPs store the last 12 months of browsing data so that it may be accessible to government agencies. The draft bill still needs the approval of the House of Commons and House of Lords to become law, so the finer details aren't yet set in stone, but the UK's major internet providers are already advising it'll be a big ask. Speaking to the bill's joint committee yesterday, execs from BT, Sky and Virgin Media warned the capture and storage of Internet Connection Records (ICRs) would be both costly, and could take several years to implement.

The bill in its current form would compel providers to store information on visited domains, but not individual webpages. While the ISPs are still seeking clarity on what exactly is being asked of them, the preliminary consensus is gathering this volume of data will be no mean feat. Because there's been no historical need for monitoring traffic to this extent, the companies simply aren't equipped to do so. Virgin Media's Director of Operations Hugh Woolford told the joint committee he estimates the earliest such a system could be introduced across Virgin's network would be sometime in 2018.

The level of investment in hardware and software needed to gather, process and store this kind of traffic data has been a common concern since the draft bill was first published. The UK Home Office has budgeted £174 million to help ISPs and communications services establish their collection systems, but President of BT Security Mark Hughes said his company alone would require tens of millions of that to get the ball rolling, not to mention recurring upkeep costs. It's highly unlikely, then, that the Home Office's piggy bank would be fat enough to fund every company expected to retain ICRs, though Hughes argues the government should be expected to pay for any new systems required by the bill in their entirety.

Privacy worries aside, the ISPs generally agree adhering to the Investigatory Powers Bill will be a "huge, huge undertaking," as Woolford put it. How it'll be funded is an important point to consider at this stage, too. Should it be necessary for providers to split the bill, there are fears it could lead to less investment by the companies in their core services, or worse, the financial shortfall could trickle down to consumers in the form of higher charges.