Civil liberties campaigners have described the controversial proposals by the British government included in the Communications Data Bill as the Snooper’s Charter, because they believe the draft bill is a significant threat to people’s privacy.
The measures mark a serious increase in the powers the UK government has to order any communications provider to collect, store and provide access to information about emails, online conversations and texts.
The draft Bill contains three parts. The first section creates a new power to order companies to collect specific datasets and deploying any technical or policy changes needed to do so. Moreover, it requires the information to be retained in a confidential manner for one year and destroyed after this period passes. This kind of power can be used by any principal secretary of state, but in practice would be the Home Secretary.
The second part of the bill devises a system for assorted public bodies to get access to the data, including filtering arrangements.
The third section changes the Regulation of Investigatory Powers Act (RIPA), repeals all other existing powers that involve retaining and disclosing communications data, and gives the Information Commissioner, the Interception of Communications Commissioner, and the Investigatory Powers Tribunal the responsibility for scrutinizing the implementation of these powers.
However, the bill gives the UK government broad powers to order any communications provider to collect and disclose communications data by any means. It is also most likely to involve black boxes being installed on ISPs networks, which will enable relevant government bodies to have access to communications data. That represents a fundamental shift to general mass surveillance of the population outsourced to the private sector. In fact, the proposals will lead to the creation of a database of a wide range of information about people’s communications.
The bill is not an update of existing powers, as the data generated through the use of services like Facebook, Google and Twitter reveals far more about people than their phone records.
In addition, it will be too easy to access the data, as it simply requires designated senior officers at those bodies to believe that it’s “necessary to obtain the data” and that it is “proportionate to what is sought to be achieved”. It means that there will be no external and direct oversight of access requests, increasing the risk to be ripe for abuse and exploitation. The phone hacking scandal shows that the ability to access personal information will be exploited for a variety of reasons.
The bill’s clauses on “filtering” appear to be applied to identifying data related to an individual from a query across datasets or databases. However, the technical ability to search and identify people will go further. For example, the data could identify a protester who posts to a radical politics site, his location at any given time and his favored contacts. The data could in effect be used to monitor political activity to a finely grained level.
There may be some possible sources for a leak of confidential data in the public interest. Comparing the individuals that might leak data with the journalist publishing the story’s contact details would reveal the likely leaker. But in the draft bill, there are no means to restrict such queries and requests. Such judgments would be made only by the police.
The British government needs to explain who it is that does not currently have access to what information, and explain who need these new powers and why. It is not enough to simply say that the police need this information to solve serious crimes. Furthermore, while the government estimates that the scheme will cost £1.8bn, there is little to substantiate the figure.
The question is what happens when a business or email system encrypts data in transit. Home Office officials claim that they will be able to break encryption, but this seems unlikely. If true, it would threaten the security of the Internet economy. If they are wrong, and their systems will not break encryption, then the system will lose value as more and more data is encrypted for people’s safety and security.
Related Link: “Black Boxes” to Monitor All Internet & Phone Data in UK