I think that there is perhaps some slight misunderstanding here, and worth clearing up.
The bill has several parts - one part covers bulk intercept of communications and is basically the spying done by the likes of GCHQ. They allegedly have taps on to transatlantic cables and loads of computing power to allow them to look for threats and chase leads and to address "National Security" issues. They already do this (allegedly) and the bill is primarily to put what they do on a more clear legal footing.
I have not really said a lot about that - partly because, like everyone else, I do not know a lot about what they actually do, and partly because the technical issues are sort of their problem. There are, of course, privacy issues, and I have concerns over what they do - but there are bodies like Privacy International and Open Rights Group working on these (and I am helping with that where I can).
The main issues I have been raising are not over the bulk intercept but over data retention. This is where ISPs keep data for up to 12 months to help the authorities. This is almost always normal requests from police forces investigating some normal crimes. Apparently, as I understand it, RIPA requests relating to national security are really rare compared to more normal crimes (which is not a huge surprise).
We have seen how the police handle such requests first hand, both as an ISP and as a victim of a crime, and we have seen how badly they handle the requests and the data.
The snooping that the government want ISPs to do, as opposed to GCHQ doing, is for these types of requests - so that normal police enquiries can get details. This is also the area where knowing every web site you have visited is likely to be very unhelpful (as seen in Denmark).
So accusing my comments as trying to hamper "National Security" is somewhat misguided.
Of course, as I have pointed out many times, the threat from terrorists is absolutely tiny compared to so many other threats and disproportionately treated in legislation like this.
- Security technology is changing, largely to tackle the very real threats of so called "cyber attacks", and this will render both bulk intercept and data retention more and more useless over time.
- Terrorists and criminals are already able to evade both bulk intercept and data retention anyway.
- ISP data retention is not generally related to terrorist investigations and national security anyway - that is more related to GCHQ and bulk intercepts.
- Having ISPs collect and retain this data has cost, privacy, and risks of data being disclosed or misused which far outweigh any benefits.
In my opinion we should scrap forcing ISPs to retain data at all - ISPs will have some data anyway for operational reasons, and once the police understand this technology better they will be better able to use RIPA requests to access the data that is available now. Forcing retention for a long time, and forcing logging and retaining more data is not a good idea.