As I member of the Open Rights Group, I’m looking to support it in its focus on developing proportionate, cost-effective and coherent digital rights for everyone. Tomorrow, I’ll be meeting my local MP at his surgery with the objective of getting a better understanding of his position on the recent Joint Committee report on the draft Communications Data bill.
If you’re interested in finding out more background information to this bill and its process, you might want to read ORG’s summary of how the Home Office has failed to provide its minister with the support it could have done had process been otherwise. Meanwhile, on ORG’s always useful wiki, we can find recommendations of the Joint Committee. They seem, in general, to make sensible, useful and measured reading:
A motion in the Lords was agreed that a Draft Communications Data Bill Joint Select Committee should consider and report on any draft Communications Data Bill and report on any draft Bill by 30 November 2012. The 12 member committee was chaired by Lord Blencathra.
Commons MPs sitting on the committee were Julian Huppert MP, Nicholas Brown MP, Michael Ellis MP, Stephen Mosley MP, Craig Whittaker MP, David Wright MP. Lords were Lord Blencathra (chair), Lord Strasburger, Lord Armstrong of Ilminster, Baroness Cohen of Pimlico, Lord Faulks, Lord Jones (See committee website.)
Summary of recommendations
- It is the duty of government—any government—to maintain the safety and security
- For this the law enforcement authorities should be given the tools they need.
- Reasonable access to some communications data is undoubtedly one of those tools.
- Government also has a duty to respect the right of law-abiding citizens to privacy
- These duties have the potential to conflict.
- Where and how the balance should be struck between these conflicting duties in a mature Parliamentary democracy Parliament has to decide; indeed perhaps only Parliament can in the end decide.
- Our overall conclusion is that there is a case for legislation which will provide the law enforcement authorities with some further access to communications data, but that the current draft Bill is too sweeping, and goes further than it need or should.
- We believe that, with the benefit of fuller consultation with CSPs than has so far taken place, the Government will be able to devise a more proportionate measure than the present draft Bill, which would achieve most of what they really need, would encroach less upon privacy, would be more acceptable to the CSPs, and would cost the taxpayer less.
- Part of the data gap is down to a lack of ability on behalf of law enforcement agencies to make effective use of the data that is available. Addressing this should be a priority.
- Before re-drafted legislation is introduced there should be a new round of consultation with technical experts, industry, law enforcement bodies, public authorities and civil liberties groups.
- on the basis of the narrower, more clearly defined set of proposals on definitions, narrower clause 1 powers and stronger safeguards which are recommended in this report.
- CSPs should be given a clear understanding of the exact nature of the gap which the draft Bill aims to address so that those companies can be clear about why the legislation is necessary.
- [CPSs should] be told what obligations might be imposed on them
- Meaningful consultation can take place only once there is clarity as to the real aims of the Home Office, and clarity as to the expected use of the powers under the Bill.
- The Home Office has however made clear that it does not currently need the power under this legislation to require other types of data be retained, and does not for the present intend to issue notices going more widely (except to CSPs which are not covered by the EU Data Retention Directive, which might be asked under this legislation to retain for 12 months data which they already create for business purposes). Clause 1 therefore should be re-drafted with a much narrower scope,
- We do not think that Parliament should grant powers that are required only on the precautionary principle. There should be a current and pressing need for them.
- Parliament and government both need to accept that legislation that covers the internet and other modern technologies may need revisiting and updating regularly.
- Whether clause 1 should allow notices that require CSPs to retain web logs up to the first “/” is a key issue. The Bill should be so drafted as to enable Parliament to address and determine this fundamental question which is at the heart of this legislation.
- We acknowledge that storing web log data, however securely, carries the possible risk that it may be hacked into or may fall accidentally into the wrong hands, and that, if this were to happen, potentially damaging inferences about people’s interests or activities could be drawn.
- Parliament will have to decide where the balance between these opposing considerations should be struck.
- The Home Office has also given a commitment that no CSP will be asked to store or decrypt encrypted third party data. These commitments should be given statutory force.
- The Request Filter will speed up complex inquiries and will minimise collateral intrusion. These are important benefits. On the other hand the Request Filter introduces new risks, most obviously the temptation to go on “fishing expeditions”. New safeguards should be introduced to minimise these risks.
- Any public authorities which make a convincing business case for having access to communications data should, like the six we have specified in paragraph 25, be listed on the face of the Bill.
- The House of Lords Delegated Powers and Regulatory Reform Committee recommended that any additions to this list should require primary legislation. We agree. Clause 9(7), which allows the Secretary of State to add further permitted purposes by order, should be deleted.
- we recommend that the Government should consult on whether all the permitted purposes are really necessary.
- The language of RIPA is out of date and should not be used as the basis of new legislation. The Bill should be re-drafted with new definitions of communications data.
- The challenge will lie in creating definitions that will stand the test of time.
- There should be an urgent consultation with industry on changing the definitions and making them relevant to the year 2012.
- A new definition of subscriber data is needed that simply covers the basic subscriber checks that are the most commonly used.
- How to define subscriber data should be a key element of the consultation,
- A new hierarchy of data types needs to be developed. Data should be divided into categories that reflect how intrusive each type of data is.
- It is imperative that everything is done to make clear that content cannot be requested under the provisions of this legislation. Content is not defined in the draft Bill.
- it is nevertheless important that the content should be expressly excluded from all categories of communications data.
- The SPoC process should be enshrined in primary legislation. A specialist centralised SPoC service should be established modelled on the National Anti-Fraud Network service which currently offers SPoC expertise to local authorities.
- This new service should be established by statute, and all local authorities and other infrequent users of communications data should be required to obtain advice from this service.
- The IoCC should carry out a full review of each of the large users of communications data every year.
- For this the IoCC will need substantial additional resources, both as to numbers and as to technical expertise. There should be full consultation with him on this. His role should be given more publicity.
- The IoCC’s brief should explicitly cover the need to provide advice and guidance on proportionality and necessity, and there should be rigorous testing of, and reporting on, the proportionality and necessity of requests made.
- The IoCC will need the necessary expertise properly to examine the operation of the Request Filter.
- He will have to report on the scale of searches via the Request Filter and rigorously test the necessity and proportionality of requests put to the Filter.
- Work should be done to rationalise the number of commissioners with responsibility for different areas of surveillance.
- The Bill should provide for wilful or reckless misuse of communications data to be a specific offence punishable in appropriate cases by imprisonment.
- We are concerned that the Home Office’s cost estimates are not robust. They were prepared without consultation with the telecommunications industry on which they largely depend, and they project forward 10 years to a time where the communications landscape may be very different.
It looks, to my very unpractised eye, that the Home Office civil servants have not been up to the task that was assigned them. Perhaps this is because of the timeframe or resources that were imposed; perhaps because, simply, in a matter as complex as digital rights, communications and data, to forge ahead with ideas but without properly consulting the industry in question is bound to lead similarly unpractised eyes to inadequate conclusions.
My only motive for meeting with my MP tomorrow is to gauge the potential for cross-party cooperation – and not just political cross-party cooperation but in relation to all interest groups – in an issue as important as the above clearly is for the future of both our shared economy and our democratic state. And that the Joint Committee has criticised so unreservedly a key plank of proposed government legislation is a question which should worry us all.
Especially those of us who understand that the job of democracy is to treat its citizens with interest, support, care and consideration – and not with the instant, permanent and overarching suspicion this draft bill, if implemented as is, would almost certainly lead it unhappily to manifesting.