Up until this morning I'd suspected that nothing was being done - I'd send an email from an account I use tracking systems with, get a response back within a few hours telling me that email address wasn't authorised for the support ticket, then I'd send a reply from the original email address authorising the second email address with the ISP... and then getting nothing in reply.
Twice.
I know the emails were opened in India and read twice each time within a few hours of sending. All other responses or communications were simply being swallowed up into a black hole.
This morning I tried using the live chat on the ISPs website and got a far better response (even if it wasn't what I wanted to hear).
Despite repeated requests to get status or answer any outstanding queries I've had nothing. The live chat support person, Linda, was able to tell me that the original recipient of the request fobbed me off onto the wrong department then closed the support ticket. And it's been that way ever since the 19th of January.
Not really surprised but I pushed Linda to forward the request onto either their legal or compliance team. A bit of confusion - it sounds like their usual section 7 requests are for case notes, not ICR data - easily clarified. Now although Linda refused to re-open the support ticket she did promise to forward the request onto legal after I explained that the ISPs legal team would have had to review & sign-off the Snoopers Charter implications. This would involve them understanding the request and its terms.
However we're now over the 40 day limit for a SAR and there is no response other than acknowledgements that the ISP have received the request - it's going to be interesting to see how they respond from this point. Recent legal updates have included a major setback to the Investigatory Powers Act at ECJ level and some inevitable challenges to it's implementation; especially relating to the requirement to implement 'back doors' in all CSP platforms. Note emphasis there on CSP platforms, not anti-virus software or encryption software.
Whether or not this will really affect peoples daily lives or not is another matter, but I'd be concerned that local councils, HMRC, the Dept. for Education and other similar level government departments will inevitably use this type of information for purposes other than 'detection of a crime'.
'Detection' will easily slip into 'Prevention', and then we're in the tin-foil hat territory akin to Minority Report. I don't have government-level actors trying to hack my devices but if there is a method of access available, criminals will find it - and that's enough of a cause for concern for me. Just a quick glance at how busy ICO are with government departments and you begin to understand the scale of the data-protection problem: Here's a list of decision notices - when this article went live they were all councils on the receiving end of complaints.
 |
| Click to see larger image |
