The government is putting the brakes on proposals to give law enforcement agencies the power to collect electronic data in a bid to prevent terrorism.
The Communications Data Bill would allow the government to collect data on phone calls and other electronic communication. The government had originally planned to put the proposal in Parliament's upcoming legislative agenda, but opted instead to conduct a consultation next year due to concerns about intrusive monitoring of private citizens.
"It's a sensitive issue, and there needs to be a proper public debate," a Home Office spokesman said.
Home Secretary Jacqui Smith said the legislation is needed because of the difficulty in collecting evidence against terrorists.
"These are not like other criminal investigations," Smith said during a speech at the Institute for Public Policy Research. "We put a very high premium on pre-emptive intelligence because we are trying to stop a criminal act and not investigate one which has already taken place."
Critics contend that allowing the government to create a 'super database' that logs emails, phone calls and website visits raises privacy concerns as well as potential security problems over how the data would be stored.
Smith denied the government seeks a super database. "There are no plans for an enormous database which will contain the content of your emails, the texts that you send or the chats you have on the phone or online."
But collecting data such as the location and identity of someone making a phone call "is vital to fighting terrorism and combating serious crime", she said.
The government has not made a draft of the Communications Data Bill publicly available.
However, it is modeled in part on European Union Directive 2006/24/EC, which requires that communication providers retain a vast array of data including IP address, physical address and user ID used for communications such as email.
The actual content of the communication should not be retained, but data around how it was sent and when should be retained for at least six months and up to two years, the directive says.
The directive was propelled in part by the July 2005 terrorist attacks in London. EU countries were required to comply in part with the directive by September 2007, but can delay the internet access and email monitoring until March 2009.
NEXT PAGE: Doubts on the usefulness of the information collected.
The Open Rights Group, a non-government group that monitors internet-related privacy and legal issues, said it supported the government's decision for a consultation.
"Creating this database would drastically alter the relationship between the citizen and the state, handing national security and law enforcement agencies immense power to invade the private lives of ordinary people," said Becky Hogge, the group's executive director.
At least one senior Microsoft executive doubts how helpful collecting internet communications would be for law enforcement. Hackers have a variety of techniques that could undermine a user's PC and make it appear a victim is involved in a scheme when they're not.
Emails can be spoofed and computers can be infected with malicious software, said Jerry Fishenden, Microsoft's UK National Technology Officer in a blog.
For example, a web feature called 'pre-fetch' lets one website command a person's browser to pull up another website in the background, a feature that speeds browsing.
But pre-fetch works without the knowledge of a user, Fishenden wrote. A blog entry could trigger a bomb-making website to be called up in the background, which would then be logged by the ISP.
"Legitimately you would know nothing about it, but try telling that to someone knocking on your door at four o'clock in the morning waving a printout from the ISP showing you regularly frequent 'known terrorist websites'," Fishenden wrote.