Earlier this year I wrote a very critical blog on the
coalition government's draft Communications Data Bill which was being
scrutinised by a joint committee of the Commons and the Lords. Finally the
committee's report was published in early December 2012, and it was very
critical of not only the bill itself, but also of the way it was written.
Right from the beginning the report gives a hint of how
importantly it took its job, and its view on the government's role in security,
of balancing, 'the safety and security of its citizens,' but with a duty to
respect their rights, 'without avoidable intrusions on their privacy.'
The committee then get straight into their core criticism,
and it is one that demonstrates why this bill should alarm us all:
we believe that the draft Bill pays insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data. Clause 1 would give the Secretary of State sweeping powers to issue secret notices to communications service providers (CSPs) requiring them to retain and disclose potentially limitless categories of data.
The committee is also very doubtful of the claims by the
Home Secretary, Theresa May, that she would not use the powers in ways that
would be considered overly intrusive and so recommends, 'that her powers should
be limited to those categories of data for which a case can be made.' Indeed
later on they say explicitly that current safeguards actually work better than
is believed, and so prefer to see a strengthening of the roles of the
Interception of Communications Commissioner and the Information Commissioner.
As I wrote in my original blog, the police and security
services already have sufficient powers to investigate possible criminal and
terrorist activities, and the committee is saying that is enough. Indeed they
go on to say that if a case can be made for a future increase in powers then
proper Parliamentary scrutiny would be required, and it should also apply if
powers were to be extended beyond the many agencies, as well as the police, who
already have access to the data already available.
The committee, unlike the government, seeks to enable the
necessary agencies to properly investigate activities, without, 'the risk of
intrusion into the privacy of the vast majority of honest citizens.'
Until 1984 who had access to communications data and what
could be done with it was not protected by law, but it was in 2000 and the
passing of the Regulation of Investigatory Powers Act (RIPA), that an attempt
to regulate who could access what data and what they could do with it was made.
But unlike the new bill it did not dictate which information should be
retained, but dealt only with acquisition and disclosure. The new bill, on the
other hand, expects data to be stored that is of no use to the service
provider, and as I said previously, if the government don't want to access what
is being said, why keep it?
I was equally critical in my previous blog of the Labour
government which had a similar bill, but dropped it following protests from
civil liberties groups, and the opposition in the House from all sides, including
the Conservative and Liberal Democrat parties and the Information Commissioner
was not convinced as he wrote, "that the case has yet to be made for the
collection and processing of additional communications data for the population
as a whole being relevant and not excessive." Eventually the proposals
were dropped due to the amount of opposition, and the impending General
Election in 2010.
When the coalition was created in May 2010, the agreement
stated, 'We will end the storage of internet and email records without good
reason,' but as we see it hasn't taken them long to go back on that. This is
despite the Liberal democrats long, and creditable record in opposing such
legislation, and the Conservatives own document published in 2009 Reversing the
Rise of the Surveillance State.
The report includes a large number of examples of what it
calls, 'a major encroachment into individual liberty,' which is quoted in the
annual report of the Interception of Communications Commissioner. These include
things like there being 1.85 million CCTV cameras in the UK (1.7 million being
privately owned), the DNA Database, the ELMER database of suspicious
activities, the National Pupil Database, and this is all in addition to the
trail we leave in our electronic communications.
There are also examples of how communications data was used
to prevent a terrorist bombing in 2002 or to catch the murderer of Jessica
Chapman and Holly Wells. It has also been used in uncovering major cases of tax
evasion, but as we can see, these already be done using the current
legislation, so again I ask, why do they need to store more unless they intend
to use it?
However, although the report cites many reasons as to how
communications data is invaluable in catching perpetrators, this is to put it
all in context, and is not to defend the intentions of the bill.
The committee spent a lot of time, and heard and read
evidence from many sources on both sides of the argument. Much of the written
and oral evidence can be found here on the committee's web page, although some
of it remains secret.
Part of the government's defence is that some 25% of
communications data is unavailable to investigators, and will increase with
technological progress. But it is unclear where this figure comes from and the
committee deems it to an 'unhelpful and potentially misleading' figure as there
has not been a 25% drop in the amount of data available. Indeed they say that
with in arrival of social networking since the passing of RIPA in 2000, the
amount of available data has actually increased.
The service provider London Internet Exchange (LINX) wrote:
Certainly, as people make ever greater use of Internet‐based services, there is an ever greater quantity of data that either exists, or could be brought into existence by statutory requirement. However to say that this “is no longer always retained by communications providers” is highly misleading: communications providers are retaining more communications data than ever before and making it available to public authorities under existing law. The mere fact that even more data could be created, collected and made available hardly constitutes a loss.
However, the committee says that the real issue is not
missing data, but 'a lack of ability on behalf of law enforcement agencies to
make effective use of the data that is available.' That does not need new
legislation to address this problem, but training and resources.
Although many service providers from the United Kingdom and
overseas were invited to ask the Home Office questions, they were not consulted
on the proposals, although the Home Office claims that they would have been
aware of their thinking from the discussions had over time. But, and this is
damning, the committee then more or less accuses the Home Office representative
of lying and that the Home office were giving a different version to that of
the CSPs and that 'On the face of it, there is an inconsistency between these
two accounts.'
In the end the first view the CSPs had of the draft bill was
under embargo, just a week before its publication. This is despicable behaviour
by the government in my opinion, as they have sought to present Parliament and
the service providers with a fait accompli and prevent proper scrutiny.
The
committee condemns the government's actions and attitude:
The evidence we received shows that United Kingdom CSPs were not given any details about the possible content of notices before the draft Bill was published, overseas CSPs were not consulted about the draft Bill at all, nor was there any further public consultation.
I think it is becoming plain that what the government is
trying to do is predict what may happen in the future, and as we've seen with
weather and economic forecasts over the centuries, these are notoriously
inaccurate. The committee rightly comes to the conclusion that there is no good
reason for granting such wide powers at this time, or that Parliament should do
so on a 'precautionary principle.'
The committee, however, whilst aware of the dangers does
seem a little complacent on the threat to web logs believing the safeguards in
the bill as well as their recommendations would be sufficient. But they do go
on to suggest that the Home Office investigate the technological, operational
and financial implications of asking CSPs to only keep web logs on services
that enable communications between individuals.
There are additional concerns which the report highlights,
such as cases where information access has been self-authorised, which means
that within the system abuse is possible. Another case was where it was used to
track whether or not an applicant for a school place actually lived in the area,
which is a ridiculous use of data supposed to prevent criminal activity.
These cases demonstrate just how easy it is for this
information to be abused, and that if more data is stored then the
opportunities for incorrect use will increase and that's without it being used
for obviously criminal activity.
Then we come to the issue of which reasons data is
accessible; national security, preventing crime and disorder, illegal financial
activities, public safety, or to assist in identifying a deceased person. Now
these by and large are areas where we might consider some limited access
reasonable.
But then there are also a number of reasons for accessing
data I find of great concern; 'interests of the economic well-being of the
United Kingdom,' protecting public health, to assess or collect taxes and
duties due. These seem to me to far beyond interest of national security, and
although they might be in the public interest, that does not mean they should
fall within the auspices of a bill such as this and are open to wide
interpretation and would just be abused.
The bill does not come without an intense sense of irony, if
unintended, there being an annex that links the bill to the European Convention
on Human Rights which expressly says, 'Everyone has the right to respect for
his private and family life, his home and his correspondence.'
So once again government shows it has a different
interpretation of this from the rest of us. The committee has further concerns
with the reasons listed earlier and in the chapter's summary state:
We are concerned that the long list of permitted purposes for which communications data can be requested adds to public disquiet about the breadth of the Bill. While we do not make specific recommendations about how this list could be shortened, we recommend that the Government should consult on whether all the permitted purposes are really necessary.
Another issue to me is that are seven different
Commissioners proposed for communications data oversight in the United Kingdom,
and surely this is too many? Indeed the Information Commissioner, Christopher
Graham, has said something similar, 'that there ought to be either a single
privacy commissioner or a sort of primus inter pares,' and that not much
thought had been given to whether these roles could be carried out by existing
commissioners without creating others, and the committee supports this by
calling for rationalisation of the offices.
There also appears to be a lack of thought going into how
those who misuse data (see examples above) should be treated, as the committee
actually feels the need to call for imprisonment as a punishment where serious
cases occur. This strikes me as either incredibly complacent or evidence of
sloppy drafting and the bill should be rejected on those grounds alone.
The report condemns the government even more when it comes to costs and benefits
describing them as, 'misleading and fanciful,' and a new cost benefit analysis
included with a new draft bill. Wider and proper consultation should be
undertaken and most importantly, the impact assessment should be more detailed
and not used to basically try and delude Parliament into passing the bill.
The committee's overall conclusion is:
that there is a case for legislation which will provide the law enforcement authorities with some further access to communications data, but that the current draft Bill is too sweeping, and goes further than it need or should.
Whilst it is acknowledged that technological advances over
time will change the nature of communications data, I am concerned that any
bill of this nature will be the government's wedge into ever expanding
intrusion, and they will be wanting to actually read our communications in the
future.
The Conservative chair of the committee has said there
should be a 'substantial rewriting' before the bill is presented to Parliament,
and the Shadow Home Secretary Yvette Cooper has agreed with the findings of the
report saying:
This detailed and thoughtful report shows the Government is making a complete mess of a very important issue...It is important that the police and security services can keep up-to-date with modern technology, but this bill is too widely drawn... and gives far too much power to the Home Secretary without proper safeguards,... provides too little protection for people’s privacy... The Government have been slipshod with this bill from the word go...the Home Secretary needs to urgently rethink this legislation and get her approach right so that the police can do their job in fighting crime whilst the public have confidence their privacy is well protected too.
Although how this will translate when or if the bill is
presented in the House I don't know. The Labour Party could either go down the
road of outright opposition, (and as I've said previously I would rather be
hypocritical for opposing this bill when we had something similar in mind, than
for proposing it when we had been against in the past) or, and more likely I
would think, proposing amendments along the lines recommended by the committee.
I am unable to find an official government response to the report as yet, but
David Cameron has said it will be rewritten, but he still insists that he is
committed to giving the police and security services new powers to monitor
internet activity, pointing out that the committee had said that there was a
justification for doing something.
Still, it became an opportunity for Nick Clegg to show just
how different the Liberal Democrats are from the Conservatives by threatening
to 'block' it unless there was a 'rethink.' This in effect is a repeat of what
committee member Julian Huppert said early in the committee's scrutiny, 'If, at the end of the process, the Home Office cannot come up with a bill that is acceptable to Liberal Democrats, then there will be no bill.'
That is a real danger that this bill, in whatever form it is
presented to the House will become about politics rather than security or
public safety and catching paedophiles and other criminals. The Conservatives
want to be seen to living up to their reputation as the strong party on law and
order, the Liberal Democrats as the defenders of civil liberties, and Labour as
standing up for freedom but needing to be seen as strong on crime and the
causes thereof.
The debates will generate a lot of heat, and will not about
deciding which is the best way forward, but who can score the most points off
each other. My own preference is for
there to not be a bill at all, as the principle of wanting to be able store and
potentially read our communications is of itself wrongheaded.
The powers to investigate all these crimes exist now, we
don't need to do anything other than clarify the definitions of what is
communications data, and I'm sure there is a simple way of doing that without
bringing in such a bad and over reaching bill.
The report is probably one of the most critical a
Parliamentary committee has ever produced regarding a proposed piece of
legislation, and the rigour with which they approached the task, shows that
this is an approach that should be taken to more legislation.
The weaknesses in the draft are plain to see, and this is in
addition to the basic problem of the government seeking to have our
communications data stored 'just in case.' I hope that there is enough support
in Parliament on all sides to vote this down when the government eventually
gets round to presenting the rewritten bill, though I suspect they will await
the outcome of the next General Election first.
No comments:
Post a Comment