The Draft IP bill 77(2) states that a telecommunications operator must not disclose the existence or content of a "retention notice". A "retention notice" is the notice requiring that communications data be retained for up to 12 months and is not related to specific targeted surveillance. They are the "mass surveillance by ISPs" part of the bill.
Why not disclose the existence?
Maybe they don't want people to know which ISPs have had retention notices? But surely everyone will know the big players are going to be subject to one, such as BT, Virgin, Talk Talk, etc, so why would that be a secret?
Maybe they think people will choose an ISP that is not subject to a notice. But that makes no sense. For a start, anyone involved in any serious crime would assume they are monitored and use the simple step of Tor or VPN to bypass any such monitoring anyway. Also, whilst those served a notice cannot say anything, those not served can state they have not been served (as A&A do) so the public can still choose an ISP not served with such a notice.
Why not disclose the content?
Again this is odd - the notice will require retention of communications data, and the government have already said what the worst case scenario of that is - the names of every web site you visit. So why hide what the notice says?
Maybe they want to collect even more data than we thought - but in that case the notice should be public as the public have a right to know what is going on. This should not be a law saying you can collect almost anything you want, and then secret notices detailing how far they have actually gone with that. We need transparency.
Remember, this is not targeted surveillance - it would not be tipping off a suspect if a retention notice is served on an ISP. And indeed, many ISPs would not want to say if they have been served a notice or not in public anyway.
Why there should not be any gagging order, i.e. scrap clause 77(2)
Assuming this awful bill comes to law and ISPs are expected to somehow magically collect web addresses people visit and carry out this mass surveillance on the innocent citizens of the UK, this is a huge technical and operational headache for ISPs. If the notices are secret then each ISP is on their own to solve that problem. If the notices are not secret then ISPs can present details of their solutions in the various industry forums like ISPA and UKNOF. Indeed, knowing the details of notices, third party solutions suppliers can produce equipment to meet the requirements of notices.
There is also the matter of whether the police and authorities that may want to get at the data somehow have to know which ISPs have been served notices and what data they retain.
One wonders if a (R)IPA request from the police could be replied with "Sorry, I cannot provide any data relating to your request as to do so could reveal if we have been served with a retention notice which would be in breach of 77(2) of the IPA if we have, and if we have not, then we have no data to provide anyway".
So ultimately the secrecy will create worse solutions, slower, and at much higher cost. Is that really the best way to spend public money?