[tehmaco]

There doesn't seem to be a technical definition of an 'Internet Connection Record', but from the factsheet[1], they:

"are records of the internet services that have been accessed by a device. They would include, for example, a record of the fact that a smartphone had accessed a particular social media website at a particular time."

and:

"ICRs do not provide a full internet browsing history. The ICRs do not reveal every web page that a person visited or any action carried out on that web page."

How this will work in practice is anyones guess at the moment - every time I think of something short of logging every packet header sent/received in the UK (which leads to a staggering amount of data needing to be logged), I think of things that would slip though (and therefore wouldn't fulfil the first statement)...

[1] https://www.gov.uk/government/uploads/system/uploads/attachm...

[zigzigzag]

HTTP Host headers, IP addresses and HTTPS hostname negotiation headers are sufficient to meet that requirement without a doubt.

[tehmaco]

That'd work fine for HTTP(S) data, I suspect the data capture would have to be done at the IP level by default, with per-protocol filters on top to capture additional data. Which is going to add complexity to the data capture equipment, plus an ongoing maintenance cost to keep on top of new/updated protocols.

I can't see the current government accepting the possibility that the Internet Bad Guys(tm) could just use a different protocol and avoid all logging.