Image copyright Thinkstock

New security laws should force internet firms to keep users' data, former head of GCHQ Sir David Omand has said.

He said keeping web browsing data was not for spying on the public but to see "for example, whether a suspect has downloaded a terrorist manual".

The government is due to publish new laws on UK security agencies' powers to obtain information on suspects.

Meanwhile, ministers have ruled out plans to restrict or ban companies from encrypting data.

However, under the new legislation security services will retain the capacity to intercept the content of communications after obtaining a warrant.

The Investigatory Powers Bill has been dubbed by some a "snoopers' charter" and privacy campaigners have vowed to fight any attempt to force companies to keep users' data.

Unscrambling data

Sir David, who was previously director of GCHQ - Britain's communications surveillance centre - said the new legislation did not need to grant "significant new powers".

But he added: "The one area is the question of, should the internet companies be compelled to retain communications data or metadata, including the web history? I think it is necessary."

Image caption Sir David Omand was director of GCHQ from 1996 to 97

The emergence of encryption has been identified as a major headache for law enforcement bodies, with suggestions that it risks leaving them locked out of some areas of cyberspace.

There has been major growth in the use of encrypted apps which encode messages in a way that makes it harder for a third party to intercept the content.

The minister for internet safety and security, Baroness Shields, had said she recognised the "essential role" that strong encryption played in protecting people's details.

But she added the government still wanted tech companies to be able to unscramble "targeted" data and hand it over when required.

That puts the government at odds with apps such as Apple's iMessage and WhatsApp as the service providers have no way to decrypt the messages users send.

Instead, a technique called end-to-end encryption employed by the apps means that only the sender and recipient can see what was posted.