Sunday, 6 January 2013

1984 rebuffed or postponed?

Earlier this year I wrote a very critical blog on the coalition government's draft Communications Data Bill which was being scrutinised by a joint committee of the Commons and the Lords. Finally the committee's report was published in early December 2012, and it was very critical of not only the bill itself, but also of the way it was written.

Right from the beginning the report gives a hint of how importantly it took its job, and its view on the government's role in security, of balancing, 'the safety and security of its citizens,' but with a duty to respect their rights, 'without avoidable intrusions on their privacy.'

The committee then get straight into their core criticism, and it is one that demonstrates why this bill should alarm us all: 

we believe that the draft Bill pays insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data. Clause 1 would give the Secretary of State sweeping powers to issue secret notices to communications service providers (CSPs) requiring them to retain and disclose potentially limitless categories of data.

The committee is also very doubtful of the claims by the Home Secretary, Theresa May, that she would not use the powers in ways that would be considered overly intrusive and so recommends, 'that her powers should be limited to those categories of data for which a case can be made.' Indeed later on they say explicitly that current safeguards actually work better than is believed, and so prefer to see a strengthening of the roles of the Interception of Communications Commissioner and the Information Commissioner.

As I wrote in my original blog, the police and security services already have sufficient powers to investigate possible criminal and terrorist activities, and the committee is saying that is enough. Indeed they go on to say that if a case can be made for a future increase in powers then proper Parliamentary scrutiny would be required, and it should also apply if powers were to be extended beyond the many agencies, as well as the police, who already have access to the data already available.

The committee, unlike the government, seeks to enable the necessary agencies to properly investigate activities, without, 'the risk of intrusion into the privacy of the vast majority of honest citizens.'

Until 1984 who had access to communications data and what could be done with it was not protected by law, but it was in 2000 and the passing of the Regulation of Investigatory Powers Act (RIPA), that an attempt to regulate who could access what data and what they could do with it was made. But unlike the new bill it did not dictate which information should be retained, but dealt only with acquisition and disclosure. The new bill, on the other hand, expects data to be stored that is of no use to the service provider, and as I said previously, if the government don't want to access what is being said, why keep it?

I was equally critical in my previous blog of the Labour government which had a similar bill, but dropped it following protests from civil liberties groups, and the opposition in the House from all sides, including the Conservative and Liberal Democrat parties and the Information Commissioner was not convinced as he wrote, "that the case has yet to be made for the collection and processing of additional communications data for the population as a whole being relevant and not excessive." Eventually the proposals were dropped due to the amount of opposition, and the impending General Election in 2010.

When the coalition was created in May 2010, the agreement stated, 'We will end the storage of internet and email records without good reason,' but as we see it hasn't taken them long to go back on that. This is despite the Liberal democrats long, and creditable record in opposing such legislation, and the Conservatives own document published in 2009 Reversing the Rise of the Surveillance State.

The report includes a large number of examples of what it calls, 'a major encroachment into individual liberty,' which is quoted in the annual report of the Interception of Communications Commissioner. These include things like there being 1.85 million CCTV cameras in the UK (1.7 million being privately owned), the DNA Database, the ELMER database of suspicious activities, the National Pupil Database, and this is all in addition to the trail we leave in our electronic communications.

There are also examples of how communications data was used to prevent a terrorist bombing in 2002 or to catch the murderer of Jessica Chapman and Holly Wells. It has also been used in uncovering major cases of tax evasion, but as we can see, these already be done using the current legislation, so again I ask, why do they need to store more unless they intend to use it?

However, although the report cites many reasons as to how communications data is invaluable in catching perpetrators, this is to put it all in context, and is not to defend the intentions of the bill.

The committee spent a lot of time, and heard and read evidence from many sources on both sides of the argument. Much of the written and oral evidence can be found here on the committee's web page, although some of it remains secret.

Part of the government's defence is that some 25% of communications data is unavailable to investigators, and will increase with technological progress. But it is unclear where this figure comes from and the committee deems it to an 'unhelpful and potentially misleading' figure as there has not been a 25% drop in the amount of data available. Indeed they say that with in arrival of social networking since the passing of RIPA in 2000, the amount of available data has actually increased.

The service provider London Internet Exchange (LINX) wrote:

Certainly, as people make ever greater use of Internet‐based services, there is an ever greater quantity of data that either exists, or could be brought into existence by statutory requirement. However to say that this “is no longer always retained by communications providers” is highly misleading: communications providers are retaining more communications data than ever before and making it available to public authorities under existing law. The mere fact that even more data could be created, collected and made available hardly constitutes a loss.

However, the committee says that the real issue is not missing data, but 'a lack of ability on behalf of law enforcement agencies to make effective use of the data that is available.' That does not need new legislation to address this problem, but training and resources.

Although many service providers from the United Kingdom and overseas were invited to ask the Home Office questions, they were not consulted on the proposals, although the Home Office claims that they would have been aware of their thinking from the discussions had over time. But, and this is damning, the committee then more or less accuses the Home Office representative of lying and that the Home office were giving a different version to that of the CSPs and that 'On the face of it, there is an inconsistency between these two accounts.'

In the end the first view the CSPs had of the draft bill was under embargo, just a week before its publication. This is despicable behaviour by the government in my opinion, as they have sought to present Parliament and the service providers with a fait accompli and prevent proper scrutiny. 

The committee condemns the government's actions and attitude:

The evidence we received shows that United Kingdom CSPs were not given any details about the possible content of notices before the draft Bill was published, overseas CSPs were not consulted about the draft Bill at all, nor was there any further public consultation.

I think it is becoming plain that what the government is trying to do is predict what may happen in the future, and as we've seen with weather and economic forecasts over the centuries, these are notoriously inaccurate. The committee rightly comes to the conclusion that there is no good reason for granting such wide powers at this time, or that Parliament should do so on a 'precautionary principle.'

The committee, however, whilst aware of the dangers does seem a little complacent on the threat to web logs believing the safeguards in the bill as well as their recommendations would be sufficient. But they do go on to suggest that the Home Office investigate the technological, operational and financial implications of asking CSPs to only keep web logs on services that enable communications between individuals.

There are additional concerns which the report highlights, such as cases where information access has been self-authorised, which means that within the system abuse is possible. Another case was where it was used to track whether or not an applicant for a school place actually lived in the area, which is a ridiculous use of data supposed to prevent criminal activity.

These cases demonstrate just how easy it is for this information to be abused, and that if more data is stored then the opportunities for incorrect use will increase and that's without it being used for obviously criminal activity.

Then we come to the issue of which reasons data is accessible; national security, preventing crime and disorder, illegal financial activities, public safety, or to assist in identifying a deceased person. Now these by and large are areas where we might consider some limited access reasonable.

But then there are also a number of reasons for accessing data I find of great concern; 'interests of the economic well-being of the United Kingdom,' protecting public health, to assess or collect taxes and duties due. These seem to me to far beyond interest of national security, and although they might be in the public interest, that does not mean they should fall within the auspices of a bill such as this and are open to wide interpretation and would just be abused.

The bill does not come without an intense sense of irony, if unintended, there being an annex that links the bill to the European Convention on Human Rights which expressly says, 'Everyone has the right to respect for his private and family life, his home and his correspondence.' 

So once again government shows it has a different interpretation of this from the rest of us. The committee has further concerns with the reasons listed earlier and in the chapter's summary state:

We are concerned that the long list of permitted purposes for which communications data can be requested adds to public disquiet about the breadth of the Bill. While we do not make specific recommendations about how this list could be shortened, we recommend that the Government should consult on whether all the permitted purposes are really necessary.

Another issue to me is that are seven different Commissioners proposed for communications data oversight in the United Kingdom, and surely this is too many? Indeed the Information Commissioner, Christopher Graham, has said something similar, 'that there ought to be either a single privacy commissioner or a sort of primus inter pares,' and that not much thought had been given to whether these roles could be carried out by existing commissioners without creating others, and the committee supports this by calling for rationalisation of the offices.

There also appears to be a lack of thought going into how those who misuse data (see examples above) should be treated, as the committee actually feels the need to call for imprisonment as a punishment where serious cases occur. This strikes me as either incredibly complacent or evidence of sloppy drafting and the bill should be rejected on those grounds alone.

The report condemns the government even more  when it comes to costs and benefits describing them as, 'misleading and fanciful,' and a new cost benefit analysis included with a new draft bill. Wider and proper consultation should be undertaken and most importantly, the impact assessment should be more detailed and not used to basically try and delude Parliament into passing the bill.

The committee's overall conclusion is:

that there is a case for legislation which will provide the law enforcement authorities with some further access to communications data, but that the current draft Bill is too sweeping, and goes further than it need or should.

Whilst it is acknowledged that technological advances over time will change the nature of communications data, I am concerned that any bill of this nature will be the government's wedge into ever expanding intrusion, and they will be wanting to actually read our communications in the future.

The Conservative chair of the committee has said there should be a 'substantial rewriting' before the bill is presented to Parliament, and the Shadow Home Secretary Yvette Cooper has agreed with the findings of the report saying:

This detailed and thoughtful report shows the Government is making a complete mess of a very important issue...It is important that the police and security services can keep up-to-date with modern technology, but this bill is too widely drawn... and gives far too much power to the Home Secretary without proper safeguards,... provides too little protection for people’s privacy...  The Government have been slipshod with this bill from the word go...the Home Secretary needs to urgently rethink this legislation and get her approach right so that the police can do their job in fighting crime whilst the public have confidence their privacy is well protected too.

Although how this will translate when or if the bill is presented in the House I don't know. The Labour Party could either go down the road of outright opposition, (and as I've said previously I would rather be hypocritical for opposing this bill when we had something similar in mind, than for proposing it when we had been against in the past) or, and more likely I would think, proposing amendments along the lines recommended by the committee.

I am unable to find an official  government response to the report as yet, but David Cameron has said it will be rewritten, but he still insists that he is committed to giving the police and security services new powers to monitor internet activity, pointing out that the committee had said that there was a justification for doing something.

Still, it became an opportunity for Nick Clegg to show just how different the Liberal Democrats are from the Conservatives by threatening to 'block' it unless there was a 'rethink.' This in effect is a repeat of what committee member Julian Huppert said early in the committee's scrutiny, 'If, at the end of the process, the Home Office cannot come up with a bill that is acceptable to Liberal Democrats, then there will be no bill.'

That is a real danger that this bill, in whatever form it is presented to the House will become about politics rather than security or public safety and catching paedophiles and other criminals. The Conservatives want to be seen to living up to their reputation as the strong party on law and order, the Liberal Democrats as the defenders of civil liberties, and Labour as standing up for freedom but needing to be seen as strong on crime and the causes thereof.

The debates will generate a lot of heat, and will not about deciding which is the best way forward, but who can score the most points off each other.  My own preference is for there to not be a bill at all, as the principle of wanting to be able store and potentially read our communications is of itself wrongheaded.
The powers to investigate all these crimes exist now, we don't need to do anything other than clarify the definitions of what is communications data, and I'm sure there is a simple way of doing that without bringing in such a bad and over reaching bill.

The report is probably one of the most critical a Parliamentary committee has ever produced regarding a proposed piece of legislation, and the rigour with which they approached the task, shows that this is an approach that should be taken to more legislation.

The weaknesses in the draft are plain to see, and this is in addition to the basic problem of the government seeking to have our communications data stored 'just in case.' I hope that there is enough support in Parliament on all sides to vote this down when the government eventually gets round to presenting the rewritten bill, though I suspect they will await the outcome of the next General Election first.

No comments:

Post a Comment