Analysis: Is snooping on Facebook a step too far?

IT PRO originally reported on the possibility of social networks like Facebook retaining user data last week, and the national newspapers have followed suit.

But why has this issue caused such a fuss and what are the events that have led to this stage?

At the heart of the matter is the government's aim to fight crime and terrorism in Britain. Communication providers have for some years retained comms data on a voluntary basis under part 11 of the Crime and Security Act 2001.

The Minister for Security, Counter-Terrorism, Crime and Policing Vernon Coaker acknowledged this at a House of Commons Committee meeting recently, and was thankful to the government's partners in industry for their support.

However, two weeks ago the situation quietly changed. IT PRO was again there to report on the implementation of the EU Data Retention Directive, where ISPs will be forced to store customer data rather than on a voluntarily basis.

The fact that this passed so quietly was surprising, but understandable. Industry and the public were generally accepting of the fact that ISPs (Internet Service Providers) would keep communication records just as long as they didn't look at the content.

In fact, even high profile pro-privacy organisations such as Liberty recognise that ISPs will keep data to use for law enforcement purposes. Its main concern is not the fact that they have the data, but rather the possibility that the government could use it for a massive centralised database.

"This data can be quite useful for police enforcement and has been something they've been using for many years," said Anita Coles, Liberty's policy officer.

"What they're saying is that they could use it for one big government owned database, meaning it is much easier for the police or local council to access it at will without any checks."

At the same commitee meeting, Coaker then revealed that the ISP data might not be enough, and that the government was thinking of making social networks keep user data for later use.

In a sense then, social networks aren't a big step change from the tracking of ISP communications. It's already been said that content wouldn't be kept, but rather data on who people corresponded with.

The problem is that nobody is quite sure about how these new regulations will fit in with the plan to potentially create the new big brother' database, which has already seen an extraordinary amount of opposition.

Last October, the Home Secretary pulled the big brother' communications data bill from the Queen's Speech, saying that there would be a consultation and debate on the issue. Something we still await.

"Before proceeding to legislation, I am clear that we need to consult widely with the public and all interested parties to set out the emerging problem, the important capability gaps that we need to address and look at the possible solutions," he said during a speech last year at the Institute for Public Policy Research.

"We also need to agree what safeguards will be needed, in addition to the many we have in place already, to provide a solid legal framework that protects civil liberties."

So the whole big brother database issue still isn't clear. However experts have asked the question: Even if it was OK to track social network data, what would be the point?

Rik Ferguson, security expert for Trend Micro, said that the government needed to think more rationally about how they were going to track user communications.

"The people who that the [big brother database] legislation is aimed at are the ones that are most talented at hiding their traces," he said. "They are going to make sure that their traffic doesn't travel unencrypted over UK networks."