Formatted Written Evidence

House of Lords House of Commons Joint Committee on Draft Communications Data Bill
Draft Communications Data Bill

Session 201213 Written Evidence
The Joint Committee on the Draft Communications Data Bill

The Joint Committee on the Draft Communications Data Bill was appointed by the House of Commons on 21 June 2012 and by the House of Lords on 28 June 2012 to examine the Draft Communications Data Bill and report to both Houses by 30 November 2012. Membership HOUSE OF LORDS Lord Armstrong of Ilminster GCB CVO (Crossbench) Rt Hon Lord Blencathra (Chair) (Conservative) Baroness Cohen of Pimlico (Labour) Lord Faulks (Conservative) Rt Hon Lord Jones (Labour) Lord Strasburger (Liberal Democrat) HOUSE OF COMMONS Mr Nicholas Brown MP (Labour, Newcastle upon Tyne East) Michael Ellis MP (Conservative, Northampton North) Dr Julian Huppert MP (Liberal Democrat, Cambridge) Stephen Mosley MP (Conservative, City of Chester) Craig Whittaker MP (Conservative, Calder Valley) David Wright MP (Labour, Telford)
Contents
Written evidence
ADM Shine Technologies Nathan Allonby AVAAZ Steve Ball The Bar Council of England and Wales BCS, The Chartered Institute for IT Mark Benson Dr Paul Bernal Big Brother Watch Caspar Bowden Greg Callus Graeme Carter Sean Cheshire The Coalition for a Digital Economy Wendy Cockcroft Paul Connolly Joe Corrall Simon Cramp Patrick Cunningham Chris Davey The Direct Marketing Association Mark Drury Keith Edkins Bruce Elliot Equality & Human Rights Commission The foundation for Information Policy Research The Financial Services Authority Mike Gerbrais The Global Network Initiative William Heath HMRC ISPA Dr Dominic Jackson Andrew James JANET Peter John Just West Yorkshire JUSTICE Sir Paul Kennedy Mr J R S Kistruck The Law Society George Lawrence
4
4 8 21 22 28 34 41 45 52 59 79 83 84 86 89 94 96 99 100 102 103 104 105 111 112 119 124 128 133 150 152 156 163 166 170 174 181 183 206 212 213 217
218 221 225 247 269 270 274 277 279 282 286 291 297 298 305 310 324 327 332 338 346 347 352 353 357 358 361 365 367 371 378 379 395 400 402 406 407 410 415 418 423 425 428 436 437 440
Stacey Leigh Ross LGA Liberty LINX Alastair Macmillan Professor Robin Mansell Lorna Mitchell Glynn Moody Barbara Moore Alec Muffett Giles Murchiston NAFN the Newspaper Society No2ID Zoe OConnell Open Rights Group Anne Palmer Public Concern at Work Privacy International Supplementary Privacy International Brian Rae Marisha Ray J Richardson Duncan Roy Dr Peter Saul Dr Ashley Savage Robbie Simpson Richard Smith Robert Smith SOCA Society of Editors Professor Peter Sommer Dr Eric Stoddart Steven Taylor Telefnica UK Ltd Ernest F. Thornton Timico Ltd The Tor Project Twitter Inc UK Border Agency Virgin Media Vodafone David Walker Andrew Watson Dr John Welford Wikimedia UK
Nic Wisttreich Ben Woodling Andy Wrigley
443 444 446
Written evidence
ADM Shine Technologies
ThesearethecollegiatecommentsfromallatADMShineTechnologiesLtd.Aggregatedandmoderated by Andrew DawsonMaddocks Managing Director and Chief Technical Officer and Barbara Breeze CommercialandFinanceDirector . ADMShineTechnologiesLtdisanSME in theMidlands andis hometoSpecialist DefenceResearchin Electronic Warfare EW Electronic Surveillance Measures and Electronic Counter Measures in the tacticalmarket andCounterTerrorist CIEDandrelatedCyber,advancedroboticsandspecialprojects primarilyfortheneedsoftheUK. Andrewhasextensivedefenceexperienceandthatofnationalsecurityspanningseveraldecades. OpeningOverallComment:TheCommunicationsDataBilliswellwrittenandexploresthecomplexand contentiousissueswell.Whilstwehavelegalexperienceandqualificationsinhouse,wehavelimitedall ofouranswerstoourexpertiseareaandbackgroundknowledgeintothehighlysensitiveareasofSpecial Surveillance, Electronic Surveillance, Lawful Interception telephone both fixed and mobile , data networks inclusiveofTheInternet,andofSatellite Services includingtelephone .Thesecomments willbemadeatalevelthatdoesnotwarrantgovernmentprivacymarkingsandhencemaybeincludedif appropriatetotheoverallenquiryonthesaidbill. We made a number of key comments on the consultancy for the Justice and Security Bill Green Paper CM8194:ISBN9780101819428 ,whichwewillreferenceandrelatetoinourresponseassomeofthe samepointsapply. We recognise and have the detailed expertise in telecommunications to say that the communications environment bothtechnicallyandcommercially isnowvastlyadvancedfromtheearlystepstakenby the Home Office and ACPO late 1990s for the underpinning relationships for the implementation of RIPA2000andliaisonsupportunits.Thesocialbehavioursanduseofthesecommunicationsmediums has advanced not just with the natural advancement of technology but in use and the types of communicationandintheterminalequipmentusedtoaccesssuch e.g.socialmedia . Itisnotedthatourlawenforcementandintelligenceagenciesareadmiredbyoverseaslawenforcement agenciesastheinvestigativecapabilitiesofGreatBritainarebothgoodandstringentlycontrolled.That said some politically odd usage of RIPA has occurred, especially local council usage which has the potentialtoconsiderablyunderminepublicconfidenceirrespectiveofstrictoversightandcontrol. Wecontinuetomaintaintheviewandagreewiththecurrentapproachthatsuchreleaseoftheabove materialandtechniquesinUKorothercourts,notonlycouldleadtodamagetonationalsecurity,butalso damage to investigative methods and the risks of the full gamut of human life through to technical techniques damage. Control, basis of authorisation, whom authorises, use and oversight are the key issues The voluntary code of practice on Retention of Communications Data Order 2003 SI 2003 No 3175 recommendstooperatorstokeepsubscriberandtelephonyrecordsforayear,whilstSMS,emailand dataaccountingrecordsofISPsfor6monthsandthedetailofbrowsingforlessthanaweek 4days . ThevolumeofdataacrossadayfortheUKisconsiderableevenintodaysadvancedcomputingabilities. ThenowcompulsoryrulesarethatfromDataRetention ECDirective Regulations2009,SI2009No859 whichstipulatestheTelephony,Internet,emailandsubscriberrecordsmustberetainedforaminimum ofayear.Complicationsarisefromnonresidentoperators. Overall the Bill provides for the advancement socially and technically for the prevention of crime and terrorism.ItalsoalignstotheSecurityandJusticeBilltoimplementeffectiveoversightandcontrol.Ifthe UKistocontinuetobeeffectiveatlawandorderandkeepthesecurityofcountry,alliesandvisitors,then itistechnologicallyaprudentwayforward,legallywiseandsolongasusageofsuchdataisrestricted onceauthorisedtoonlythelawenforcementgovernmentdepartmentsthenoversightshallbeeffective andstrong.
Our nomenclature is to abbreviate Answer to A. then we quote the question number from the parliamentaryquestionontheHaveyoursayonthedraftCommunicationsDataBillwebpagethatit relates to. If more than one question is posed for a given section then in parenthesise will be roman numeralstodepicttheorderofthequestiontheanswerrelatesto.
OurAnswers: GENERALQUESTIONS: A.1Yes.ThetechnologyandsocialuseofsuchishighlydynamicandwhenRIPAwasposedbothwere farlesscomplexthantoday.4G,internodalandintermodalcommunicationsaregoingtocomplicatethis further. A.2Yes. A.3Theyshouldnt,howeverweareconcernedfortheUseofsuchintrusionbyteamsandareasacross governmentnottightlyalignedtotherigoursandcontrolasthejudiciaryforexample.LocalGovernment forexample tobesotrainedandauthorisedasaSinglePointofContact SPoC touseofthisBilland RIPA will only further exacerbate public disquiet. These extraneous SPoCs should be transferred and amalgamatedwiththerelevantlawenforcementunitssuchastherelevantConstabulariesEconomic CrimeUnitforsayDWPsSPoCs.PerhapssuchextraneousSPoCsshouldhavetoseekauthorityforuse from either local law enforcement bodies or centrally administered with revisions of procedures and oversightandnecessaryshiftinbudgetsandresources.Whilstonthefringeandminorityperhaps,the public do not respond well to media claims of RIPA being used by local government for minor issues withinalocalcouncilscatchmentareawithissuessuchasminorplacementproblemsi.e.anoccupants rubbishbin. A.4Dontspreaditwidelyincourt,treatassensitivedata/evidenceotherwiseyouriskdamagingthe effectivenessandabilityforitsuse.Orworsestillthelegalparadoxofcausingcrimethroughitsrelease.It is crucial that very strict access to this data is undertaken to prevent corrupt sale or use of this by criminalelements. A.5Nocomment. A.6 i Thetwoworkwellasouranswertoquestion1postulatesitiswisetokeepthesetwoseparate as the Data Retention Regulations may well need to be refined and differing data types specifically regulatedwithoutneedtochangetheoverarchinglegislationofthisBill. A.6 ii NoastechnologicalisrapidlyevolvingtheneedforrevisionstotheBillwouldatleastevery government term in office 5 years ! Therefore it would be unwise to have it as an overarching combinedpieceoflegislation. A.7Nocomment. A.8 i Technologically they shouldnt as much of the data the Bill relates to the approved operator needstoconductandcontroltheirbusinesssaveforsomeelementsofdataThereforeNo. A.8 ii Commerciallysomeofthedatavolumesespeciallyontheinternetsidearesignificant.Ifthese becameburdensomethenthegovernmentcouldelecttohavethecostofstowageandretentionthen the operator will have limited cost of implementation. This is a mute argument as globally most jurisdictionsrequireIOCA/RIPAcapabilitiesandthisBillisbringingthoseneedstothe21stcentury. COSTS: A.9Nocomment. A.10Nocomment. SCOPE: A.11 i and ii Yes
A.12 i Law Enforcement and Intelligence Agencies only would be our strong view. All the other governmentdepartmentsshouldseekassistanceandraisethenecessarycases whichtheusetowhich thebillisthenput couldbehighlyscrutinizedandkeptsafetothewiderpublicprivacy. A.12 ii YesbutthatordermustbeagreedtobytheICCandthattheyaresoobligedtogivethedraft order a fair hearing by the Investigatory Powers Tribunal IPT as expanded by the proposal for parliamentaryoversightofthesepowerfultoolsintheJusticeandSecurityBill.TheIPThasakeyremit andlegalframeworktoensureECHRissuesofensuringtheprinciplesoffairnessofourjusticesystem alongwiththeimplicationsofrightfuluseofsuchtools. A.13 i and ii No comment save for the roaming agreements should obligate third party and overseasoperatorstobelegallyconformantwithRIPAandthisBill,otherwisesuchtelecommunication services orlicenses ,shouldbewithheld. USEOFCOMMUNICATIONDATA: A.14 i and ii seeouranswertoquestion3and12.Wemakenofurthercomment. A.15Yesalthoughiftherequirementwaspursuedtoitslimitofalsorequiringmoreandmorecontent datathenthechallengeandcommercialcostsforserviceproviderswouldbecomeveryprohibitiveand ouranswertoquestion8 ii isreferredto. SAFEGUARDS: A.16CurrentsafeguardsinRIPAandthoseauthorisationprocesseswillbeenhancedbythisBilland definitionsalreadyexistinthissystemwhichonthewholehasprovedtohavebeencontrolledwell,with tightstrictcontrolsonaccessanduse saveforouropinionsmentionedabove .Wedonotbelievewithin thescopeofourunderstandingoftheprocedures,controlsandECHR,alongwithHRA,thatECHRArticle 8wouldraisecompliancyissues/concerns? A.17 i Whilst on face value a warrant based system has considerable merits its current use for contentisastronginstrumentthatshouldremainsoexpandedtoincludecontentinthedataworld e.g.theactualSMStextorURLssovisited A.17 ii NowefavourtheexitingsystemasdefinedbyIOCA,refinedbyRIPAandsoimplemented.This system procedurally should recognise the elements of the Digital Age and the Social Trends of Telecommunicationswarrantforcontentwouldbeawisedoctrinetokeep.RecordData asoutlined withinthisBill ,shallrequireanauthorisationfromanauthorisedandapprovedpointofcontactandwe recommend if that sits outside of the traditional law enforcement and intelligent agencies then that requestsorequiresauthorisationfromsuch. A.17 iii Yesasdefinedabove. A.17 iv minimalifthe629SPoCsweretoberefinedasoutlinedhere. A.18ICCroleisYes savethatgreatcarethatisneededtokeeppaceofnotjustthetechnologybutthe terminalequipmentandsocialusage ,andtheICroleperhapsneedsgreaterauthoritytoactformisuse andbreachesoftheDPAandrelatedacts. PARLIAMENTARYOVERSIGHT: A.19YeswhencombinedwiththoseconsultedonfortheSecurityandJusticeBill. ENFORCEMENT: A.20Nocomment. A.21 i and ii Nocomment. TECHNICAL:
A.22Yes.Verysafely.Itcanbeencipheredinawaythatisevidentiallysoundtoaverystronglevelof protectiontooascananyelectronicfeedsofsuchdata. A.24Yes,Yesandtechnicallyfeasible. A.25Ifimplementedeffectivelyandbyusingstrongdataandnetworkprotectionstandards,thiswillbe extremelydifficult. A.26iftheenciphermentofthedataandenciphermentoftheaccesstosuchdataisdoneinawaythatis evidentiallysoundandhighlyprotectedthenNo. August2012
Nathan Allonby
Thissubmissionmainlyrelatestotheprovisionsforretentionofdataforpostalcommunications. Clause25oftheBillhasprovisionsapplyrequirementsfordataretentiontopublicpostaloperatorsand publicpostalservicesasitappliestotelecommunicationsoperatorsandtelecommunicationsservices, i.e.tocreateasystemforloggingallmailinadatabase,similartothatrecordedfortelecommunications, e.g. details such as addressee, sender's address, date, and any other visible information on the cover. Clause 26 would allow postal operators to recover the cost of this from government. It appears this informationwouldbeheldinadatabaseandretrievedatthepointanindividualbecomesasuspectinan inquiry. TheDraftCommunicationsDataBillcontainsapproximately94sentencesreferringtodataretentionfor postalservices.ProvisionsrelatingtopostalservicesarethusaveryimportantfeatureofthisBill. Itisbelievedthatthismaybeanewandunprecedentedformofsurveillance:nostatehaseverlogged allpost,eveninthosenationswheretherewascomprehensivecensorshipofthepost. Crimeandthethreat Nowherehasthegovernmentmadeanycaseforretentionofpostaldatathereappearstobenotasingle wordrelatingtoacaseforpostaldataretentioninanyofthegovernmentsupportingdocuments,i.e.: DraftCommunicationsDataBillimpactassessment 1 DraftCommunicationsDataBillprivacyimpactassessment 2 CommunicationsDataBillkeybackgroundinformation 3 StrategicDefenceandSecurityReview 2010 4 On this basis, the government has presented no case whatsoever for what may be an unprecedented surveillancemeasure. For telecommunications and the internet, the government arguments for increased data retention powerspivotaroundanewmediumofcommunicationcreatingnewtypesofcrimeandnewmodesof criminality.Forterrorismalso,thegovernmentargumentsarebasedaroundnewpatternsofcriminality arising from new forms of communication. The government case for increased data retention is not merelybaseduponhighlevelsofterroristthreat,butuponathreatmovingtotakeadvantageofanew medium. Pleasenote:thegovernmentargumentsfortelecomsdataretentionare notaccepted bythe writer . Noneofthegovernmentargumentsappearrelevanttopostalcommunicationsdataretention. A Freedom of Information request was also made to the Home Office about cost, feasibility and the threatstowhichtheBillwasresponding 5.Iwoulddrawyourattentiontothefollowingsectionoftheir reply. http://www.whatdotheyknow.com/request/119629/response/297764/attach/html/3/attachment.pdf. html
1DraftCommunicationsDataBillimpactassessment
PDF
2DraftCommunicationsDataBillprivacyimpactassessment PDF 3CommunicationsDataBillkeybackgroundinformation PDF 4StrategicDefenceandSecurityReview
2010
5FreedomofInformationrequesttotheHomeOfficeabouttheCommunicationsDataBill.
http://www.whatdotheyknow.com/request/119629/response/297764/attach/html/3/attachment. pdf.html
"ThedraftBillalsocontainsapowerfortheSecretaryofStatetoplaceobligationsonserviceprovidersto retain,collect,generateorprocesscommunicationsdatawhenappropriate.Beforeimposingobligations theSecretaryofStatemustconsultOFCOMandtheprovidersonwhichtheobligationswouldbeplaced. However,therearecurrentlynorequirementsforRoyalMailtoretainpostaldataandtherearenoplans forthattochange. "Inanswertoyourspecificquestions,wehavenotconsultedRoyalMailaswedonotcurrentlyenvisage obligationsbeingplacedonthem.Forthatreasonwedonotexpectanycoststobeincurred.Youwillbe awarethatthedraftBillisundergoingprelegislativescrutinybyaJointCommitteeofParliament,andis alsothesubjectofaseparateinquirybytheIntelligenceandSecurityCommittee.Asyoumaybeaware, thecurrentthreatfrominternationalterrorismisjudgedtobesubstantialinotherwordsaterrorist attackisastrongpossibility." TheFoIresponsefromtheHomeOffice above appearstocontainthefollowingadmissions: Thegovernmenthasnoplanstointroducedataretentionforpostalservicesatthistime.Theabsenceof plansappearstoimplythatthereisnoneedforthepostaldataretentionprovisionswithinthisBill,at thistimeorforeseeably. Thereisnospecificproblematpresentwithcriminalityrelatingtopostalserviceswhichwouldrequire dataretention. Thereisnospecificproblemwithregardtoterrorismrelatingtopostalservices,otherthanthegeneral terroristthreat. The government has made no consultations about requiring postal operators to gather and retain communicationsdataandmayhavenoinformationabouttheimplicationsofthis. Insummary,thereisnoevidenceofneedandnojustificationforthepostaldataretentionprovisionsin theBill. A Freedom of Information request to Royal Mail Group 6 also confirmed that the government has not contactedordiscussedcostorfeasibilitywithRoyalMail,theUK'slargestpostaloperator. http://www.whatdotheyknow.com/request/119538/response/295611/attach/html/3/Allonby%2012 0712.pdf.html That the proposals for postal dataretention have not been subject to costing and enquiries to postal operator is significant because this suggests that the proposals have not been subject to the normal processesofformalreviewandjustification.Theissueisnotcostorfeasibilitybutrathertheabsenceof normalchallengeandcriticalevaluation. Having"noplans"toimplementthepostaldataretentionprovisionsoftheBillmaynotbethesameas having no intention to implement them. It would be interesting to be able to explore the difference betweenhaving"noplans"andhaving"nointention",inrelationtothegovernment'sreplies. Legislation is never introduced lightly. With 94 references to postal services, the Bill appears to be carefully crafted for an intended purpose. The government appears to be thinking fairly deeply about retaining postal data, and about the detailed implementation of this. Couldanintentionbetransformedrapidlyinto"plans",merelybeannouncingabudgetandadefinitive dateforintroduction? If the current Bill is been passed, when government decides it is time to introduce dataretention for postalservices,therewillbenorequirementtoconsultMPs,onlytoconsultOfcom.ConsultingOfcomis notthesameasseekingapprovalfromOfcom.Ofcommaynotsubjectgovernmentproposalstothesame
6FreedomofInformationrequesttoRoyalMailabouttheCommunicationsDataBill. http://www.whatdotheyknow.com/request/119538/response/295611/attach/html/3/Allonby%20 120712.pdf.html
10
level of scrutiny as MPs Ofcom has narrowly defined terms of reference; Ofcom may not be able to challengegovernmentonthesecuritycaseormanyotherimportantissues. TechnologicalFeasibility Theproposalsforpostaldataretentionareprobablyquitefeasible. Royal Mail has been aiming towards total mechanisation. Machinesorting and machinereading of addresses makes it potentially possible for sorting machines to log mail items to a database. Sorting machineshavetoreadtheaddressesonmailitemsdataretentionmerelyrequiresoutputtingthisdata from sorting machines to storage. A situation where all mail is machinereadable and machinesorted wouldmakeitpossibletologallmail. ItneedstobeclarifiedhowcloseRoyalMailaretoachievingtotalmechanisation,butitisbelievedtobe closeto100%. Whereaddressesonmailitemsarenotdirectlyreadablebysortingmachines,themailitemsaremarked withmachinereadablebarcodescontainingtheaddressinformation. TheUSPostalServicehasalreadycreatedadatabaseofFirstClassMail,verymuchalongtheselines,with similar technology. This was created to provide a tracking service for business mail customers, to confirmdeliveryofitemsandreliabilityofdelivery.Inrelationtodataretention,thiscreatesadatabase ofallbusinessmail 7. SincetheUSPSandRoyalMailappeartousesimilartechnology,abriefdescriptionmaybeappropriate. USPS requires discount bulk mail customers to mark their mail with a bar code which contains the addressandzipcodeandthesender'sdetails inmachinereadableformat . Thebarcodeinformationisreadatsortingmachinesandstoredinadatabase,accessibletocustomers,so they may confirm the progress and delivery of individual mailitems. InBritain,similaraddressbarcodesareusedbyRoyalMail.Bulkmailcustomersmarkmailitemswith addressbarcodes,formachinereading,inadditiontothenormalscriptaddress.Sortingmachinescan alsoreadsomescripttypefaces,byOpticalCharacterRecognition. Royal Mail has aimed to reduce the number of items that require marking, and to maximise the proportionof itemsthataredirectlymachinereadable. Royal Mailcustomeragreementsfor bulkmail servicesrequirebothaddressandsender'sdetailstobeenteredinmachinereadableformat.RoyalMail usesasystemofCustomerBarCodes CBC,recentlyrenamedsimply"Barcodes" ,similartoUSpostal service, for bulk mail customers, as part of Royal Mail services named Mailsort and Walksort. These barcodescontaindetailsofbothaddresseeandsender,inmachinereadableformat,whicharereadby sortingmachines.Forotherreducedratemailservices,whichdonotrequirecustomerstouseaddress barcodes,RoyalMailcustomeragreementsspecifypreferredmachinereadabletypefaceswhichhaveto beused. Ashasbeenmentionedabove,forotheritems,whereaddressesarenotmachinereadable e.g.private post , a barcode is marked on the item. It is understood that machinereading has been adapted to recognisethemajorityofhandwrittenscript,andthisisusedatthestageofapplyingbarcodestoitems onreception. Inrelationtodataretention,itisnotknownwhetherRoyalMailsortingmachinescurrentlyrecordthe informationtheyreadfromthesebarcodes,orwhethertheyarecapableofdoingso.Itisnotclearwhat dataiscurrentlyrecordedandwhetherthereisanymaildatabasecomparabletothatinUSA.Itwouldbe extremely helpful, in relation to postal datacollection, if your Committee could clarify the current situationintheUK. Europe
7StephenBarrPostalServiceSeesSimplicityin31Digits
WashingtonPost,17Feb2008
11
TheEuropeanCommissionhasdiscussedproposalsforaddinguniqueelectronicidentificationtoallmail items,usingRFIDchips 89. The stated motive behind this proposal is in relation to the liberalisation and privatisation of postal services,Europewide:inasituationofmultiplenewmailoperators,toavoidafragmentedservice,the Commission wished to pursue a unified mailtracking system. It is believed that this is a longterm project and at this stage Royal Mail does not appear to have been approached in regard to implementationhowever,thisdoesnotmeanthatthiscanbeignored. TheimplicationsofthisproposalarethatitwouldcreateaEuropewidedatabaseofallmail,thatwould interoperable, accessible by multiple different operators in different companies, different nations, and potentiallybypoliceandsecurityservicesindifferentnationsalso. In terms of privacy, it would be very difficult to ensure any meaningful level of privacy under this arrangement. The RFID system would also be able to gather very much more information, which would make the systemmuchmoreintrusiveanddamaging,intermsofimpactonprivacy. TheEUisverycommittedtothepromotionofRFIDtechnology. AttractionsofRFID,comparedwithvisualbarcodes,includethefollowing: greateraccuracy,withfewerreadingerrors theRFIDchipcancontainmoreinformation,andcanbewrittenwithextrainformation it would be possible to identify all the items within a bag, without having to view each item visually
RFID is closely linked to an internet technology called the "Internet of Things" that facilitates open communication of information, globally, across different enterprises. RFID is already is use by many supermarket and clothing chains, and is used to manage complex international manufacturing supply chains. RFIDwouldmakeitpossibletocollectmuchmoreinformation,moreeasily,makingmailtrackingfaster, simpleranduniversal.Itwouldbepossibletotracknotmerelymailsentbybusinesses,butalsototrack allmailfromeachpostbox,andtotrackeachstampsold.Theprivacyimplicationswillbemuchgreater as each mail item will carry a greater amount of data, and will be able to be tracked in much greater detail. It would be possible to track every Valentine card and loveletter and every plain brown envelopepostedtoanMP.Thiswouldleavenosuchthingasprivatemail. This makes it more important that the current Bill does not leave the door open to uncontrolled and unlimitedexpansionofdatacollection. Atpresent,nonationyethasfirmplansfortheintroductionofRFIDtothegeneralpost.Giventhelevelof supportfromtheEUandmajornations,andgiventhefallingcostofRFIDchips,itisreasonabletoexpect thatRFIDidentificationofpostmaybecomeuniversalwithinadecade.Somenations,suchasChina,are already applying RFID to a limited range of services, such as express items. Many postal services use RFIDtotrackmailbagsandpallets.TheinternationalUniversalPostalUnionandRoyalMailuseaformof RFIDtotestdeliverytimes,onspecialsampleitemsofpost. TheEuropeanproposalswillbeanimportantcontextforanyUKmeasuresforretentionofpostaldata. It would be useful to know how Britain sees its proposals for postal dataretention in relation to EuropeanproposalswhetherornotBritain'sschemeisseenasapilotforEurope.
8NomissingmailwithRFIDtags,saysCommission|EurActiv.com 9EUwantsRFIDchipsforitspostalservicesTheInquirer
12
PostalDataRetentionandHumanRights NecessityorAvailability? Ifthislegislationforpostaldataretentionisnotbeingintroducedinresponsetocombatanewtypeof crime,isitinsteadbeingintroducedduetotechnologicalfeasibility,i.e.,isthisbeingintroducedbecause ithasbecomepossibleandeasytoimplementratherthanbecauseitisnecessarytofightcrime? The government appears to propose that the test of necessity should only be applied when accessing data,onacasebycase orpersonbyperson basis,ratherthanasatestofwhetherwholecategoriesof data should be collected at all, hence that the government should not need to justify the necessity of introducinganewclassofretaineddata. If this became the basis on which new privacyeroding measures were introduced, this would be a dangerous slipperyslope. Given that technological capability is constantly growing, this would lead to continual expansion of government access to personal data and corresponding erosion of privacy and civilliberties. Retaineddatamightinitiallybeappliedtofightingseriouscrime,buttherapidincreaseinthecapability andreachofcomputersystemsovertimewouldenableanexpansioninitsuse,leadingtowardstheuse ofretaineddataintheenforcementofminorregulations. Dataretention has itself been made possible by the extremely rapid increase in available computer power,andtherapidlyfallingcostofstoringdataareportbytheBrookingsInstitutehasdescribedthis asapotentialthreattocivilliberties 10anditisonlyreasonablethattheuseofretaineddatashouldalso beconsideredinthiscontext. Functioncreephasbeenaconstantinthegrowthofthedatabasestate. Proportionality? Howwouldthedatabeused? Having"noplans"toretainpostaldatameansthat perhapsconveniently thegovernmentdoesnothave todiscussintendedusesforthatdata. It is quite likely that, rather being used for a small number of relatively serious offences, such as terrorismrelatedoffences,postaldatacouldbeusedwidely,onalargescale,forminormatters.Thisis likelybecausepostalmailcoverdatamaynotbeconsidered"privateinformation",hencewouldlargely escaperestrictionsonproportionalityofuse discussedinmoredetailbelow . Useofthisdataforminormatterswouldhaveapervasiveimpactonsociety. Itappearsthattheproposalsaredrivenbytechnologicalfeasibilityratherthantheneedtocombatanew typeofcrimei.e.thisisbeingintroducedbecausethisispossibleratherthannecessary. Onthisbasis,itappearsthatthisfailsthetestofnecessity. Giventhattechnologicalcapabilityisconstantlygrowing,thiswouldleadtocontinualerosionofprivacy andconstantexpansionofgovernmentaccesstopersonaldata. This Bill is Human Rights legislation, regulating the use of surveillance. As Justice points out, in their reportFreedomfromSuspicion 11
10 Recording Everything: Digital Storage as an Enabler of Authoritarian Governments, John Villasenor,BrookingsInstitute,December14,2011 http://www.brookings.edu/~/media/Files/rc/papers/2011/1214_digital_storage_villasenor/ 1214_digital_storage_villasenor.pdf 11FreedomfromSuspicion:SurveillanceReformforaDigitalAge,JusticeReport,October2011 http://www.justice.org.uk/data/files/resources/305/JUSTICEFreedomfromSuspicion
13
the general provisions of Article 8 ECHR were never intended to be a substitute for proper regulationoftheuseofsurveillance In effect, Article 8 required the introduction of further legislation to control surveillance. RIPA was introduced in response to this, and the current Bill replaces provisions in RIPA. The current Bill introducesnewsurveillancepowers,butalsointroducescorrespondingnewregulationofsurveillance. ThisBillisthushumanrightslegislation. The Bill also contains provisions to for the government to revise and increase the scope of permitted surveillancepowers,inClause9 7 7 TheSecretaryofStatemaybyorderamendsubsection 6 soastoaddtoor restrictthepermittedpurposes. GiventhatthisisHumanRightslegislation,intendedtodefinelimitsongovernmentsurveillancepowers, it seems strange that the government should be given the right to change and amend the limits of its powers,byorder,withoutaskingParliament.Thisdoesnotsoundlikearegimeintendedtoguarantee fundamentalrights.Thewholepointabouthumanrightsisthatitshouldnotbeeasyforgovernmentsto changeorrewritehumanrights. Many of the rights of access to retained data are very broadly written, with no apparent minimum thresholdtoensureproportionality,forexample,in9 6 6 Forthepurposesofthissectionitisnecessarytoobtaincommunicationsdata forapermittedpurposeifitisnecessarytodoso ... d intheinterestsoftheeconomicwellbeingoftheUnitedKingdom, e intheinterestsofpublicsafety, f forthepurposeofprotectingpublichealth, g forthepurposeofassessingorcollectinganytax,duty,levyorother imposition,contributionorchargepayabletoagovernmentdepartment, Publicsafety,publichealthandtheeconomicwellbeingoftheUnitedKingdomarevaguecatchall termswithnoindicationofproportionateuse; g byreferringtoanytax,dutyorcharge,indicatesno minimumlimitandnoproportionality. Thegovernmenthassuggesteditneedsthesepowersinrelationtoseriouscrimes.Ifthisistheintention, thensurelythisshouldbewrittenintothelaw.Asasuggestedexample,9 6b whichcurrentlyreads b for the purpose of preventing or detecting crime or of preventing disorder could be changed to preventing or detecting serious crimes and could be further enhanced by specifying expected to be punishablebyimprisonmentofoneyearormore. Theconceptofproportionalityhasitselfbeencriticisedforbeingashiftingsandleavesnoclearlydefined limits and creates impossible grey areas. The concept of proportionality is based on a principle of utilitarianism,inwhichallrightsareelasticandnegotiable.Afiercedebatehasragedforover200years, sincetheearliestdaysoftheUSSupremeCourt,overthisprincipleandwhetheritissuitabletodefine fundamentalrights 12.
SurveillanceReformforaDigitalAge.pdf

12 Stavros Tsakyrakis, Proportionality: An Assault on Human Rights?, Jean Monnet Working
14
Inregardtotheconceptofproportionality,ProfessorStavrosTsakyrakisoftheUniversityofAthenshas argued that , "The European Court of Human Rights is routinely balancing human rights against each other and against conflicting public interests and has elevated proportionality to the status of a basic principleofinterpretationoftheEuropeanConventiononHumanRights....proportionalityconstitutesa misguided quest for precision and objectivity in the resolution of human rights disputes and ... courts shouldinsteadfocusontherealmoralissuesunderlyingsuchdisputes."Inrelationtosimilarattemptsto balancerightsinUSlaw,SupremeCourtJusticeScaliamadethepointthatonecannotcomparethelength ofalinewiththeheavinessofarock. The approach of proportionality adopted in the ECHR and HRA seems to be a poor way to define fundamentalrights,thatwillleaverightsuncertainandvulnerabletoerosionovertime. This leads back to the need for Parliament to include clear definitions within the Bill of the limits to lawfuluseofretaineddata. Under the concept of proportionality, what limits would be placed on access to retained postal data? Whatwouldbeconsideredtobeaproportionateusewoulddependuponwhetherretainedpostaldata wasconsideredtobeprivatedata. IntheUS,postal"mailcover"informationisnotconsideredtobecoveredbyareasonableexpectationof privacy, thus does not receive constitutional protection. The same applies to any data shared with a thirdparty,suchastelephonenumbersdialledandevenbankaccountinformation 13. ThisisobviouslysignificantlydifferenttolawinBritainandEurope,butitdoesillustratethepotential problemsdefiningproportionalityinrelationtoretaineddata. Inthisregard,however,itappearsthatUSlawhasfailedtorecognisethequalitativeimpactwhendatais collectedsystematicallyandplacedinasearchablecomputerdatabase. How far would a British government be prepared to go in relation to accessing thirdparty data and applyingittogeneralgovernmentpurposes? TheBritishgovernmenthasrecentlydiscussedaccessingthirdpartydatafromsupermarketstorecards, to advise customers to change their eating habits, as part of a public health programme, within the Nudge programme of behaviour modification 1415. This is a substantial movement in relation to previousattitudestowardsaccesstopersonaldata.Storecarddataisextremelypowerful,revealingand potentiallysensitive 16. This example is potentially of interest in exploring the potential use of private data for purposes of publichealth,e.g.inrelationtoproportionalityandtheuseofClause9 6f oftheCommunicationsData Bill. Thisindicatesthepotentialdangersinrelationtoconceptssuchasproportionalityandstretchingtheuse ofdatatominormatters.

Paper09/08 http://centers.law.nyu.edu/jeanmonnet/papers/08/080901.pdf
13ReasonableExpectationofPrivacy,ElectronicFrontierFoundation,https://ssd.eff.org/your
computer/govt/privacy 14Chocolateagain?LoyaltycardscouldbeusedtotailorhealthadviceTelegraph 15 Supermarket spies: How the Government plans to use loyalty card data to snoop on the eatinghabitsof25millionshoppersDailyMail 16BigBrotherknowsallaboutmybunionopandthefishpieIateafterit:Howonewoman foundoutabouttheintimateinformationheldabouther,ByClaudiaJoseph,DailyMail14th August2011
15
Iscollectingmoredatathebestsolution? Exploringalternativeparadigmsincrimepreventionandpolicing Will collecting more personal data really help prevent and reduce crime in our society? Is crime detection, policing and punishment the best way to make a safer, more lawabiding society? Do other nations approach these issues more successfully by alternative paradigms? Can we discuss data retentionwithoutconsideringalternativeapproaches,whichcouldbemoresuccessfulwithoutrequiring furtherencroachmentonprivacyandcivilliberties? Consider one of the serious crime problems mentioned by the government in the case for this Bill: drugs. DrugsareamajorissueincrimeinBritain.Althoughonlyabout10%ofBritain'sprisonpopulationhave beensentenceddirectlyfordrugsoffences,ithasbeenestimatedthatdrugsarethemotivebehindthe majorityofacquisitivecrimeinBritain.TheNEWADAMresearch,the 2003 reportfromtheNumber 10StrategyUnitclaimedthatoverhalfofallpropertycrimesweredrugmotivated: Heroinand/orcrackuserscauseharmtothehealthandsocialfunctioningofusersandsocietyas awhole,butusersalsocommitsubstantialamountsofcrimetofundtheirdruguse costing16bn ayear . p.2 Drug use is responsible for the great majority of some types of crime, such as shoplifting and burglary inc85%ofshoplifting,7080%ofburglaries,54%ofrobberies 17 Surveyhasfoundthat60%ofcriminalsareusersofharddrugs 18 19. AlthoughthereisnoquestionthatBritainisrequired,forexamplebyinternationaltreaty,tomakeevery possible effort to stop the trade in drugs, the nations that have had the greatest success in reducing narcoticsusehavedonesobyprogrammesofharmreductionratherthandirectpolicing.Forexample, cannabisuseintheNetherlands,whichhasadoptedsociallycontrolledharmreduction,issubstantially lower than in neighbouring countries, which have adopted more traditional approaches of criminalisationanddirectpolicing 20. Directpolicinghasdismallyfailedtostopthenarcoticstrade.Thereisnosignthatnewpolicingmeasures willbeanymoresuccessfulatstoppingthedrugstrade.HarddrugsevenpenetrateBritain'sprisons,with widespread availability and prisoners complaining about leaving prison with more serious drug problemsthanwhentheyentered 212223. Isitreallyjustifiedtointroducemeasuressuchascommunicationsdataretention,withaseriousadverse impactoncivilliberties,inyetanother likelyfutile attempttostopnarcoticsbydirectpolicing? Britain imprisons a higher proportion of its population than most European nations only Spain is higher 24.
17StrategyUnitDrugsReportPhaseI,PrimeMinister'sStrategyUnit
2003 p.25
18 Trends in drug use and offending: the results of the NEWADAM Programme 19992002, 1960%ofcriminalstakeharddrugs,NickPatonWalshandJasonBurke,Guardian,Sunday20
HomeOfficeRDS
May2001 20DutchdrugpolicyinaEuropeancontexthttp://www.cedrouva.org/lib/boekhout.dutch.html 21Drugabuserisinginovercrowdedprisons,studyfindsGuardian,Friday13August2004 22 One In Eight Prisoners 'Develop Drug Problem In Jail' PA/The Huffington Post UK | 17/04/2012 23ExconsspeakoutoverdrugabuseinHMPGloucesterThisisGloucester|Friday,August03, 2012 24Prisonpopulationstatistics,HouseofCommonsLibrary,SN/SG/433424May2012
16
This is reflects attitudes to civil liberties in different nations how readily respective governments removethelibertyofcitizensbyimprisoningthem. TheBritishgovernmentusesimprisonmentinpreferencetomoreeffectiveharmreductionandcrime reductionstrategies. Let us consider an example of how postal data might be used in practice: to investigate suspected benefitfraud.Asatypicalillustration,considerthecaseofawomanwhomightbeclaimingbenefitsasa personlivingalone,havingrecentlyseparatedfromherhusband,butissuspectedtobecohabiting.An investigation based on retained postal data might reveal that she might still be receiving post for an estrangedhusband,thuswouldappeartobecohabiting.Thiswomanmighthaverevertedtohermaiden nameafterseparation,yetmightbereceivingpostfortwodifferentnames:hermaidennameandher marriedname. Insituationssuchasthis,wouldaccesstopostaldataanswerthequestionsormerelyraisemoredoubts? Isitlikelythatpostaldatawouldmerelyprovideajustificationtoinvestigatewithother,moreintrusive formsofsurveillance,suchasdirectedsurveillance? This situation illustrates the complexities of real life. Real lives are often not simple and clearcut. Relationshipsoftendonotstartorfinishneatly.Divorcelawrecognisesthatseparationcanbeanonoff business,withmanyattemptsatreconciliation.Amarriedcouplemaybelegallyseparated,yetstillliving togetherinthesamehome. Ratherthangatheringmorepersonaldata,inanattempttodeterminepersonalcircumstances,wouldit besimplerandbettertoredesignsystemssothatwenolongerrequiretoinvestigatesuchsituations? Ratherthangatheringmoreintrusivepersonalinformation,whynotdesignasimplerbenefitssystem? Gatheringmoredataaboutsuchpeopleandcircumstanceswouldnotexplainorclarifytheirsituation.It isundignifiedtoforcepeopletoexplainthesesituations,andoftenanyexplanationmaybeinconclusive oropentodoubt. ItisinterestingtomakecomparisonsbetweencommunicationsdataretentionandtheANPR Automatic NumberPlateRecognition networkonBritain'sroads. TheanalogybetweencommunicationdataretentionandtheANPRnetworkappliesbecausetheANPR systemwaslargelycreatedbyretainingprivatelygenerateddata,makingthisavailabletothepolice.The introductionoftheANPRsystemwaswidelyregardedasamajordevelopmentinmasssurveillance,yet itwasnevervotedonordebatedinParliament.Apparently,thiswasnotregardedasaHumanRights issue,presumablybecausethemovementofvehiclesonroadsispubliclyvisibletoanyone,ratherthan beingprivate,inmuchthesamewayasmailcoverinformationispubliclyvisibleandnotregardedas privateinformationunderUScaselaw. ThepoliceandHomeOfficeclaimtheANPRsystemhashadamajorimpactintermsofarrestsanduseby police,butitisinterestingtoseeifthishasreallybeeneffectiveinreducingcrimeandharmonroads,and whetheralternativemeasureswouldhavebeenmoreeffectivewithlessimpactonprivacy. TheANPRnetworkintroducedin2005aspartofProjectLaserwasbaseduponretainingdatagenerated within privatelyownedsystems.Themajorityofcamerasinthe ANPRnetworkwereprivatelyowned andhadbeencreatedforprivatepurposes,notasanationalpolicesurveillancenetworkonlyaminority ofthecameraswerepolicecameras,installedtofillgapsinthenetwork.Theprivatelyownedcameras were in systems such as at petrolstation forecourts used to prevent motorists driving off without paying and the TrafficMaster information system which was used ANPR to obtain live information about traffic speeds on trunk roads . TrafficMaster used ANPR to identify vehicles at different points alongaroad,andbytimingthemfrompointtopoint,determinedaveragetrafficspeeds.Havingtimed the vehicles, TrafficMaster then "forgot" the individual numbers, because it was not intended as a surveillance system. However, the police ACPO then stepped in and asked TrafficMaster to provide themwiththenumberplatedatafromtheircameras,whichthepoliceretained. For the ANPR network, the police have cited large numbers of arrests, stolen vehicles recovered, uninsuredstoppedorseized.However,therealmeasureofsuccessshouldbewhethertheANPRhasled toreducedratesofcrime,uninsuredvehiclesandaccidents.
17
However,despitetheuseoftheANPRnetworktodetectuntaxedanduninsuredvehiclesontheroads, BritainstillhasthehighestproportionofuninsuredvehiclesonitsroadsinWesternEurope 25. BritainwasthefirstnationtodeployANPRandcomprehensiverecordingofvehiclesonroads;Britain continuestohavethegreatestcommitmenttothisapproachinEurope.IfANPRwasthemosteffective means of tackling the problem of uninsured vehicles, Britain should now have the lowest level of uninsured vehicles. However, Britain has a higher level of uninsured vehicles than most European nations. From this, it appears that the alternative approaches to controlling vehicle safety and vehicle crime adopted by other European nations may have been more effective than policing by ANPR and universalsurveillance. The Home Office believes the answer is to expand the system yet further, by linking fuel sales to the ANPRnetwork,makingitimpossibletobuyfuelwithoutaninsuredvehicle 26.Itseemsthatthesystem willcontinuetogrow,addfunctions,andbecomemoreintrusive. ItisalsoworthnotingthattheUKANPRsystemalsohadaEuropeandimension.TheANPRsystemwas intendedaspartofalargerplan,whichincludedaccesstocar,driverandinsurancedetails.Ataboutthe sametimetheANPRsystemwasintroduced,in2005,BritainsignedthePrumConvention whichhad been in negotiation and planning for some time which created a Europewide exchange of vehicle informationandvehicleinsurancedetails,andrequiredinsurerstoprovideliveelectronicinformation aboutvehicleinsurance.TheUK'sANPRsystemwasverymuchinterlockedwithEurope'splanfordata systems. In relation to communications data retention, and postal data retention, this illustrates how cruciallyimportantitistoconsiderEUplansandthelargerEUcontext. IthasbeenarguedthattheANPRsystemisactuallymoreusefultopoliceintermsofcrimeintelligence. However,inrelationtocrime,ithasbeenarguedthattheANPRsystemgeneratestoomanyleads,and hasdistractedpolicetimefromtargetedpolicingpriorities.Thedifficultyinprioritisingahugenumberof ANPRleadswasarguedtohavebeenakeyfactortothetragiccaseoftheFacebookKillerinDarlington, whereaknownsexoffenderwithlivearrestwarrantswasleftfreetokillateenagegirl,despitebeing flaggedrepeatedlyontheANPRsystem 27 28.CouldthepoliceresourcesabsorbedbyANPRhavebeen deployedmoreeffectively,ifappliedtoanalternativeapproachorcrimecontrol? Despitethelevelofarrestsgenerated,thelessonfromANPRisthatmasssurveillanceandmoredatais nottheroutetoasafersociety.TheANPRsystemremainscontroversial:couldwehavedonemoreto improvepublicsafetywithouttakingthismajorsteptowardsasurveillancestate? Theroleofretaineddatainpoliceworkislikelytoexpandinproportiontotherangeofdataavailable. However,aswehaveseenwithvehicledatafromtheANPRsystem,ahighlevelofuseofsuchdata,ora highrateofarrestsbasedonthatdata,doesnotindicatethatpolicinghasbeenmademoreeffectivethan ifthedatawasnotavailableandpolicehadtorelyuponalternativemethods. Unfortunately,onceamajorinvestmenthasbeenmadeinamasssurveillancesystem,suchasANPRor communications dataretention, there is institutional momentum to continue further in the same direction the greater the public commitment, the more difficult it becomes to consider alternative
25UKstillhasmostuninsureddriversinWesternEuropeLouiseMeesonInsuranceAge|29Jul
2010
Streetofficialshopethehitechsystemwillcrackdownonthe1.4millionmotoristswhodrive withoutinsurance ByMartinFricker,DailyMail12Mar2012
26CCTVatpetrolstationswillautomaticallystopuninsuredcarsbeingfilledwithfuel,Downing
27IPCCchief:ANPRis'avictimofitsownsuccess'ThecommissioneroftheIndependentPolice Complaints Commission IPCC has said there are severe difficulties in running automatic number plate recognition systems, Guardian Government Computing, Monday 14 February 2011 28IPCCpublishesfindingsfrominvestigationintopoliceresponsetoANPRintelligenceonPeter Chapman 11February2011,http://www.ipcc.gov.uk/news/Pages/pr_110211_clevelandchapman.aspx
18
approaches.Themorecontroversialandunpopularadecision,thegreatertheimportanceofjustifyingit, andthemoredifficultitbecomestoretreat. Itmaybedesirabletoconsiderotherteststhannecessityandproportionalityinrelationtoproposalsto collect more personal data. Necessity and proportionality are the tests regarding compliance with the European Convention on Human Rights and the HRA. Necessity and proportionality would be the relevanttestsiftheintentionwastoallowaccesstothemaximumamountofdatapermittedbytheECHR andtheHRA.Isthistheintention,orwoulditbedesirabletomakeaccesstodatamorerestricted? Ratherthanmerelyaskaboutnecessityandproportionality,woulditbebetteralsotoaskquestionssuch as: How would this data by used by public bodies? How would this affect methods of working and relationships between the public and institutions? Will this lead to a situation where ordinary people havetorememberandjustifytheirlivesinimpossibledetail?Howwillthisaffectoursociety?Whatprice are we prepared to pay for privacy, which is an essential part of personal freedom? Are there better alternativestoretainingpersonaldata? Despitethepotentialthreatofterrorism,Britainisprobablymoresecuretodaythanatanytimeinthe last 400 years. Recently, the Royal Navy sent all of its warships abroad, and did not require to keep a singleshipindomesticwaters 29. DuringtheOlympics,securityservicesconsideredthattherewasneveranythreatfrommajorterrorist organisation 30 30 . Thesearenotthetimesinwhichnewsecuritymeasuresareneeded. It is understandable that the Home Office and the police should come to be concerned with potential threatsofcrimeandterrorismandregardtheseasrequiringnewpolicingmeasuresandnewpowers. The question is whether these concerns are justified, and outweigh the needs for privacy and constitutionalprotectionofliberty. Atpresent,itappearsthatmorepolicingmaynotbethemostappropriatesolutiontothemostsignificant crimeproblems in our society, and that nonpolice measures, based on harmreduction and social inclusion,havethepotentialtoreducecrimeandincreasepublicsafetyfarmorethanincreasedpolicing. SummaryOutstandingQuestions Ideally,thesummaryshouldbeasetoffirmconclusionsorrecommendations,howeverinthiscasethe summaryappearstobeasetofimportantquestionswhichthegovernmenthasfailedtoanswer. TheprovisionsforpostaldataretentionareprofoundandfarreachingIhopeyouwillnotapprovethis legislationunlesssatisfactoryanswersareprovidedtothefollowingquestions. i WhyhasthegovernmentincludedprovisionsforpostaldataretentionintheBillifithasnoplansto implementthem? ii What does the government mean when stating it has no plans to require dataretention by Royal Mailandotherpostaloperators? iii Whatspecificproblemsinrelationtocrimeandcriminalitywouldrequiretheintroductionofpostal dataretention?Isthereanynewformofcrime? iv Whatisthegovernmentcaseforpostaldataretention?Whyispostaldataretentionnecessary in termsoftheHRA ? v Why did the government make no mention of the case for postal dataretention in any of its publicationsabouttheBill?
29UKwatersleftunprotectedbyNavywarshipsinOctoberBBCNews1Nov2011 30UnpredictablelonewolvesposebiggestOlympicsecuritythreatGuardian9March2012
19
vi Istheintroductionofpostaldataretentionbeingdrivennotbycrimebutinsteadbypotentialeaseof implementation?Isthisbeingdrivenbytechnologicalcapabilityratherthanbycrime? vii What next? Where will it end? If government is allowed to encroach on privacy simply because technology has made it possible, given the onward march of technology, can we expect successive incursionstofollow,untilthereisverylittlepersonalprivacyleft? viii Howisitenvisagedthatretainedpostaldatawouldbeused?Whatpurposesisitrequiredfor? ix How much cost and effort would be required for Royal Mail to output address data from sorting machines,tocreateadatabaseofallmailitems?Arethesortingmachinesalreadycapableofproviding thisoutput,orwouldtheyrequireconversionorreplacement? x HasRoyalMailalreadycreatedadatabaseofmailitems,fortrackingpurposes,similartothatcreated bytheUSPostalService? xi WhatEUproposalsaretherethatmayberelevanttopostaldataretention? xii In relation to proportionality, what would be the appropriate minimum threshold for access to retaineddata?Shouldthisbereservedonlyforseriousoffences,orshouldthedatabeallowedtobeused for minor matters? Is there a reasonable expectation of privacy in regard to retained postal data, or shoulditberegardedaspubliclyvisibleinformation? xiii DotheprovisionsinSection9 6 haveanappropriateminimumthreshold,toensurethattheyare onlyusedproportionally? 6 Forthepurposesofthissectionitisnecessarytoobtaincommunicationsdata forapermittedpurposeifitisnecessarytodoso a intheinterestsofnationalsecurity, b forthepurposeofpreventingordetectingcrimeorofpreventingdisorder, c forthepurposeofpreventingordetectinganyconductinrespectof whichapenaltymaybeimposedundersection123or129ofthe FinancialServicesandMarketsAct2000 civilpenaltiesformarketabuse , d intheinterestsoftheeconomicwellbeingoftheUnitedKingdom, e intheinterestsofpublicsafety, f forthepurposeofprotectingpublichealth, g for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or chargepayabletoagovernmentdepartment, Whatwordingwouldlimitaccesstoproportionateuse,incasesofappropriateseriousness? xiv Ifretainedpostaldatabecomesavailableforuseinminormatters,whateffectwouldthishaveon policeandotherservices? xv InapieceofHumanRightslegislation,whichisrequiredbytheECHR,andisintendedtodefinethe limits of government power, to protect personal rights and privacy, is it appropriate to have the provision,inSection9 7 ,forgovernmenttoexpanditspowersbyorder? 7 TheSecretaryofStatemaybyorderamendsubsection 6 soastoaddtoorrestrictthepermitted purposes. Isitappropriatetomakeiteasyforgovernmenttochangelegislationrelatingtohumanrights?
20
xvi How do the postal data retention measures in the Bill relate to the European Union? Does the Commission or do other EU nations have an interest in adopting postal data retention? Could the retentionofpostaldatainBritainbecome,ineffect,apilotforpostaldataretentionthroughoutEurope? xvii What other nations have introduced similar measures for comprehensive postal dataretention? WhydoesBritainneedthisifothernationsdonot? xviii HaveothernationstackledtheircrimeproblemsmoreeffectivelythanBritain,byothermethods, withoutresortingtodataretentionanddatasurveillance? xix Aretherealternativeparadigmsforcrimereductionotherthanincreasedpolicingandeverfurther encroachmentsuponcivilliberties? August2012
21
AVAAZ
Please accept this letter as a formal submission to the Joint Committee regarding the Draft Communications Data Bill. The submission is a petition, coordinated by the global campaigning group Avaaz.orgamongstitsUKbasedconstituents. In the last five months, 93,434 people have signed the petition opposing the current draft of the CommunicationsDataBill.Thetextofthepetitionreads: ToDavidCameron,NickCleggandTheresaMay: AsconcernedcitizensweurgeyoutoimmediatelydropplansforanInternetbigbrotherbill Thedraft Communications Data Bill . Our democracy and civil liberties are under threat from the excessive and unnecessaryinternetsurveillanceprovisionswithoutanyjudicialoversightinthisbill.Wehopeyouwill protectourprivacyandkeepyourelectionpromiseto'reversetheriseofthesurveillancestate'. Iveattachedcopiesofthesignersintextformatwiththisletter.Avaazsonlinemobilisationeffortispart ofabroadercivilsocietymovementtospeakoutagainstthebill,includingeffortsby38Degreesandthe OpenRightsGroup.Webelievethismovementdemonstratesthebroadpublicoppositiontothebill,and formerpolicechiefSirChrisFoxhasspokenoutagainstthelaw31. Ifthisbillweretobecomelaw,itwouldmakeaccessiblealistofallourcommunications,includingemail addresses and phone numbers of friends, family and others we connect with and the time, length and locationofthose interactions. Althoughthecontentofcommunicationswouldonly bevisibletopolice withawarrant,themajorityoftheBritishpublicfindthislawdangerousbecauseitexposesatreasure troveofinformationaboutustothegovernmentbutcontainsalmostnosafeguards,leavingitwideopen toabuse. Thatiswhy were submittingthispetitiontotheJointCommittee, inthe hopestheywillsee senseandrecommendthebillproceednofurther. Thankyouforyourattentiontothismatter,ifyouhaveanyquestionsorconcernsIwouldbemorethan happytoanswerthem.Welookforwardtohearingtheresultsofthispublicconsultation. August2012
31SirChrisFox,theformerpresidentoftheAssociationofChiefPoliceOfficers
Acpo ,saidthe proposalswerenotappropriateinafreecountry. http://www.telegraph.co.uk/news/uknews/lawandorder/9183641/Newsnoopingpowers couldbeillegalhumanrightswatchdogwarns.html
22
Steve Ball
IhavebeenauseroftheInternetsincethelate80'sandhavebeenprovidingInternetconnectivityfor customerssince1996.Ihavedevelopedcommunicationsequipment,whichhasbeenusedin businesseslargeandsmall,includingfinancial,industrial,educational,andgovernment.Ihave providedCommunicationsDataforcustomerdisciplinaryactionandPoliceaction. IamveryawareofhowmuchpersonalinformationcanbedeterminedpurelyfromCommunications Data.WithvastdatabasesoftheCommunicationsDataoftheentirepopulationofBritainitwillbe verytemptingtouseDataMiningandPredictiveAnalyticsinakindofMinorityReportprecrime detectionsystemwhichwilllikelythrowupnumerousfalsepositivesanddistractlawenforcement fromimportantgoalsliketacklinggangs,gunandknifecrime,drugsrelatedtheftandviolencewhich isveryunlikelytobesolvedbyofficerssearchingpeoplesprivatecommunicationsdata.Ascriminals becomeawarethattheirmobilephonestrackthem,andthatthePoliceareroutinelyreadingtheir privatecommunicationsdata,theywillsimplymovetheircrimeofflineandeitheruseuntraceable mobiles,ornotusemobilesatall.CriminalsmayalsouseCommunicationsDatatoprovide themselveswithfalsealibiswhilecommittingcrime. ManypeoplewilldroptheirFacebook,Google,Twittersocialmediaaccountsiftheybelievetheir privatedataisbeingroutinelyscraped,stored,collatedandfiltered,andmaybeopentohundredsof thousandsofgovernmentemployeestobrowsewithnothingmorethanasignatureofadesignated person. BoththeConservativesandLiberalswentintothelastelectionpromisingto"Reversethesurveillance state"createdunderLabour,butclearlyhadnointentionofdoingso;Labour'sIMPwassimply renamedCCDPwhenthenewgovernmentwaselected.Sincetheelectionnotonlyhasthisproposal forStatemonitoringofallcommunicationsbeenputforward,buttherearealsoplansfordefaulton censorshipofInternetwebsites ClairePerry'santiporncampaign ,andtomakethejobcomplete, theLevesonEnquiryislikelytorecommendrestrictionsoninvestigativereportingbythepress,in thelightofthephonehackingscandal. IfindthismovetoamoreauthoritariansocietyunderaConservativegovernmentextremely worrying,especiallysincethereseemstobesignificantcrosspartysupport. TheBilldoesnotmentionwhowillbeexempt,orhavespecialrestrictionsonaccesstotheir communicationsdata.IsuspectthatGovernmentministers,MoD,SIS,ForeignOffice,Treasury,thebig Banks,andlargecorporateswilldemandexemptionsfromthisbilltoprotecttheprivacyandsecurity oftheirbusinesstransactions. TheBilldramaticallyextendsthecapabilitiesenabledunderRIPA,andbroadensdefinitionsofa telecommunicationsserviceandatelecommunicationsdevicesuchthattheSecretaryofStatecan demandthatanyelectromagneticorelectricaldevicethatcommunicatescanbeforcedtohave monitoringbuiltintoit,forexampleallofthe'Smart'TVswithbuiltinmicrophones,cameras,and facerecognitionsoftwarecouldbeforcedtologcommunicationsdataforpeopleintheirownhomes, verylikethedevicesinOrwell's1984.Ofcourseourgovernmentwouldnotwanttodothis,butonce thislegislationisonthestatutebooks,itisthereforanyfuturegovernmenttoextendasitwantsBy Order. GENERAL: 1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? TheHomeOfficeisvagueaboutexactlywhatithopestoachieve,andespeciallyvagueabouthowit hopestoachieveit.TheobjectivesboildowntomakingiteasierforPolicetoobtaincommunications datathattheyarecurrentlyunabletoobtain,butthegovernmentisvagueaboutwhat communicationsdataitisunabletoobtain,andaboutexactlyhowitwillfilltheseallegedgapsin capabilities.Thebillseemstobeanenablingact,allowingtheSecretaryofStateto"ByOrder" demandCSPsinstallspecifiedequipment,andcanalso"ByOrder"changewhohasaccesstothedata collected,effectivelyrewritingthedefinitionofcommunicationsdataatanytime.
23
2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? Therehavebeenanumberofclaimssuchasstoppingpaedophiles,terrorists,andevenmurderersby theuseofthesepowersalthoughIamnotconvincedthatthepowersthatappeartobeenabledbythe billwillpreventcrimesalthoughtheymaybeuseful,inbuildingacaseafterarrests.TheBillcouldbe veryusefulindisruptingprotests,andreducingtheimpactofindustrialaction,investigative journalists,andintrackingdownwhistleblowers. 3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? ThisBillappearstogivethePoliceandnumerousgovernmentdepartmentsaccesstolargeamounts ofnotclearlydefineddatawithnothingmorethanthesignatureofa'designatedperson'.Therehave beennumerouscasesofroguePoliceofficersaccessingPNCandRIPAdataforexample'pinging' mobilephonesofcelebritiesfortabloid.ThereisareadymarketforsurveillancedataasOperation Weeting/Elvedenfound,althoughtheirfocusseemstobepurelyonNewsInternationalratherthan othertabloidsorPolicecorruption. 4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionofcommunications data? OthercountriesthathaveintroducedDeepPacketInspectionbasedmasssurveillanceofthetype suggestedintheBillincludeChina,IranandKazakhstan.Myunderstandingisthatthesecountries havefoundDPIbasedsurveillanceeffectiveindetectingandcrushingprotestagainstthegovernment. TheArabspringtookmanydictatorsbysurprise,butincountrieswherethegovernmentscensor, controlandmonitortheInternettheyhavebeenabletoavoidorcrushuprisingsbeforetheyhave beenabletoattaincriticalmass.IhavenotbeenabletofindinstancesofgovernmentsusingDPIfor crimefighting,althoughthegovernmentsusingittooppressprotestmaydefinetheiruseasfighting terrorism,orpreventingcrimeanddisorder.Itismyconcernthatourgovernmentwillusethese draconianmonitoringpowerstospyonpeacefulantiwaroranticapitalismandotherprotestersin caseprotestsleadstodisorder,orcoulddamagetheeconomicwellbeingofthecountry.Isuspect thatinvestigativejournalistswillfinditveryhardtoprotecttheirsourcesanditislikelythatthiswill causeasignificantreductioninwhistleblowerbasedinvestigativejournalism,whichwillmake governmenteasier,andmuchlesstransparent. 5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? Fromthemanyvaguereportsofthegoalofthislegislation,thegovernmenthassaidthatitisunable toobtaincommunicationsdatafromforeignproviderssuchasFacebook,Twitter,Google,Skype Microsoft ,howeverallofthoseprovidersregularlyprovidethePolicewithcommunicationsdata andmorewhenaskedforit,althoughtheymayrequireacourtorder,iftheydonotbelieveitisfor detectingorinvestigatingseriouscrimesorterrorism,e.g.communicationsdataforprotestgroups.I believethatthedangersofhackingcommunicationstoscrapethecommunicationsdatafromthemis greaterthantheusefulnessofdoingso.Thesocialnetworkproviderswillprovidehelpinfighting seriouscrimesatalowcostwhereasIexpectthisBill'sproposalwillcostdramaticallymorethanthe estimated1.8Boncetheusualgovernmentprovidersstartridingthegravytrain. 6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? IftheremustbemoreintrusionintotheprivatelivesofinnocentBritishcitizensthenthegovernment mustbecompletelytransparentaboutexactlywhatwillbemonitoredandwhyitisnecessaryrather thanusingglibtermssuchasItsonlythewhowhatwhenandwhere,notthecontents.This definitionmaybeapplicabletopostalmailortelephonecalls,butwhenappliedtocomplexInternet communicationsitistotallyunclearwhatwillbemonitoredandlogged.ForexampleifIsearch Googleforsnooperscharterthewebrequestwouldbe http://google.co.uk/search?q snoopers%20charter.Wouldthedatabaserecordgoogle.co.ukor thefullgooglerequestwhichincludesthegooglesearchIhaverequested?Datathatpeopleenteron FacebookisevenmorerevealingthanGooglesearches,andwhencombinedwithphonecalls,texts
24
andlocationdata,givesadetailedprofileofmillionsofpeoplecompletewithtaggedmugshotsanda completetimeline.WhatspecificallywillbescrapedfromFacebook,Twitter,Skypeetc? ThedefinitionofCommunicationsDatadoesnottouchthesevitalquestions.Ifthedetailsofevery searchrequestareloggedthenthismakesthedatabaseincrediblyintrusive.FrompeoplesGoogle searches,Facebookpostsandprofiles,Twitterfeeds,textsandmobilephonelocationdata,itis possibletotrackeveryonemoreeffectivelythantheStasievercould. 7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties? ThisBillasIunderstandit,isamassiveattackoncivilliberties,anddwarfstheimpactofother legislation.Thegovernmentclearlywantsthislegislation considersitessential orIMPwouldhave beendroppedaspromised,ratherthansimplyrenamedCCDP.IsuspectmostMPshavenoideahow Orwellianthesemeasurespotentiallyarewithmostpeoplenowlivingtheirlivesonline. 8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKasa lessattractivebase.Whatmightbetheeffectonbusiness? TheuseofDPItohacksecurecommunicationse.g.withbanksandothersecurewebsiteswillputthe usersofsuchwebsitesatriskfromroguePoliceofficersandothergovernmentorCSPemployeeswho willhaveaccesstothedatabases.ItisnotatallclearexactlywhatwillbestoredforSSL communications see6above .BankingwebsitesrelyontheSSLencryptiontokeeptransactions safe,sohackingtheSSLencryptionwithDPIwillexposepersonalfinancialinformation,thatcouldbe usedbycriminalsforfraud.IfcommunicationsserviceprovidersarerequiredbyUKlawtoopenallof theircustomerscommunicationsdatatogovernmentsurveillancewithnoprecisedefinitionsofwhat willberecorded,thenmanywillchoseafreerlocationfortheirservicestoprotecttheircustomers,or perhapsrestrictwhatUKcustomerscandoonline.ServicessuchasPaypalwilllikelybeunsafeifSSL CommunicationsDataisloggedandopentohundredsofthousandsofGovernmentemployees,with justasignature.LargecorporatesandBanksareunlikelytoacceptsurveillanceoftheirtransactions, andwilldemandthattheyareexemptorprotectedfromthislegislation. COSTS: 9.Istheestimatedcostof1.8bnover10yearsrealistic? Thegovernmenthasbeendeliberatelyvagueaboutexactlywhatwillbemonitoredandexactlywhat equipmentwillbeusedtoperformthismonitoringsoitisverydifficulttojudgeexactlywhatthecost willbe,butwecanlookatthehistoryofbiggovernmentITprojectsandwecanseethattheinitial lowend estimateforthecostofthe"EntitlementCard"projectwasalso1.8B,andthatprojecttoo hadavaguedefinitionofhowitsgoalswouldbeachieved.AstheIDCardprojectevolvedthescaleof theprojectreduced,scrappingmostofthebiometrics,andsimplifyingitsimplementation,yetthe estimatedcostskeptrising.Itwaseventuallyscrappedafterwastingundisclosedsumsoftaxpayers' moneyandachievingnothingofanysignificantvalue.ThisisaDefence/Policingprojectsobidders willberestrictedtotheusualcompanieswhoregularlyfleecethetaxpayerwithoverpricedpoorly specifiedprojectsthatdramaticallyincreaseincostastheprojectsgoalschopandchangeduringthe implementation AircraftCarriers? . Atatimewhenevenbasicservicesarebeingcuttotheboneitismadnesstowastewhatwilllikelybe manybillionsofpoundsonaninvasionofprivacythatisveryunlikelytopreventmuchcrime.The moneywouldbebetterspentonconventionalpolicing,andcrimepreventionsuchastacklingthe problemofdrugs,guns,knives,andgangs.Forhigherlevelcrimeweneedlooknofurtherthanthe Banks moneylaunderingforduggangsandterrorists,manipulatinginterestratesforpersonalgain, taxevasion,financialfraud .Byactuallyprosecutingbankingcriminalityratherthansimplyfocusing oncrimecommittedbythepoorpeople,trustingovernmentandtheruleoflawmightbeenhanced.I suspecttheBankswilldemandtobeexcludedfromthislegislationtoprotecttheirbusiness transactions. 10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? Thisfigurehasbeensuggestedbuttherehasbeennobreakdownofexactlywherethesebenefits wouldcomefrom.Ifthegovernmentisreallyseriousaboutthisbillbeingamoneyspinnerthenit
25
shouldproduceadetailedbreakdownofexactlywherethismoneycouldcomefromandprovide relevantcurrentfiguressothatifthisprojectisimplementedthentheactualfigurescanbemeasured byeveryonetoseeexactlywhatthefinancialimpactis.Isuspectthatthesefiguresdonotincludethe costtothecountryofcommunicationsdatabeingusedbycriminalstocommitfraudulentfinancial transactions,ortoextortmoney. SCOPE: 11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill? TheBillhasasimilardefinitiontoRIPAandtheDataRetentionRegulations,butIcanfindnomention anywhereofFacebook,Google,Skypeandotherproviderswhichareallegedtocauseproblems.This deliberatelyvaguedefinitionandtheabilityoftheSecretaryofStatetoredefinewhatequipment mustbeinstalledbyCSP"ByOrder"effectivelyallowsthegovernmenttomonitorwhatitlikes.When IhaveaskedspecificquestionsaboutwhatwillbemonitoredIhavebeentoldthatthisisnot disclosed.Wemustsimplytrustthisandeveryfuturegovernmentnottoabusetheseundisclosed powers.ThedefinitionofaCSPisverybroadandcouldincludeanyonewhooperatesorhascontrol overanycommunicationsdevice,whichcouldbeeverythingformTVstoADSLrouterstoPCs,and Tabletcomputers,somanufacturersofconsumerelectronicscouldbeforcedtoinstallsurveillance softwareondevicesinourhomes. 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Should itbepossiblefortheSecretaryofStatetovarythislistbyOrder? Thereisavastlistofgovernmentdepartmentsthatcanaccesscommunicationsdata,andIam concernedthataccesstopersonalcommunicationsdatawillbecomeroutineamongmany governmentdepartmentsasfishingtripstoseeifthereisanythingofinterest.Asthenumbersof requestsincreases,theoversightforeachrequestwillreduce.Thechancesofstaff,criminals, tabloids,andprivateinvestigatorsgettingillegalaccesstoprivatepersonalcommunicationsdatais great.Shouldsomanygovernmentagenciesbeinvestigating"seriouscrimeandterrorism"whichis thestatedreasonfortheinvasionofprivacy?Surelyifthereiscriminalitythenthepoliceshould investigateandthereshouldbenoproblemingettingjudicialauthorityforaccesstocommunications data. 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? Google,Facebook,Twitter,Microsoft Skype alreadyprovidecommunicationsdataforUKPoliceand onlyrefusedataiftheyarenotconvincedthatthedataislegitimatelyrequired,butwillcomplywith courtorders.Thegovernmentwouldnotbelikelytopersuadetheseproviderstoallowdirectreal timeaccesstotheirdatabases,andwouldbeunlikelytobeabletoforcethemtocomplywithrequests theyfeelareunjustified.HoweverusingDPItoscrapedataoutofFacebook,Twitter,Googleand hundredsofwebmailprovidersisprobablyunrealisticduetothefrequentchangesandtheeffortto keepchangingfilters. USEOFCOMMUNICATIONSDATA: 14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? TheBillappearstogivealmostunrestrictedaccesstocommunicationsdatawhichIbelieveisopento abuse,e.g.Policesimplyneedstobeconsideringinvestigationacrimeorpossibledisorder.All requestedforcommunicationsdatashouldrequirejudicialauthorisation. 15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? SAFEGUARDS: 16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould designatedseniorofficerbedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? TheBillputsnolimitonthenumberdesignatedseniorofficersandallowsthemtodelegateauthority tootherstaff.BusyPoliceofficersarelikelytocreatemanydesignatedofficersasthenumberof
26
requestsfordataincreases.Policewilllikelyusethissurveillancedatabaseastheirfirstcallinany investigation,andcriminalsmaymanipulateittoprovidefalsealibis.Thereshouldbearequirement torequestallcommunicationsdatathroughajudicialauthority,andtheremustbeagoodreasonto intrudeontheprivatelifeofindividuals.WithoutjudicialoversightIdon'tthinkthislegislationcan properlycomplywithArticle8,butIamnotalawyer. 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplyto allpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? See16above.PerhapsPolicemightgetoutonthestreetsmoreanddostandardconventionalpolicing ratherthansittingintheirofficesearchingthroughpeoplesprivatecommunicationsdata.Theremust bejudicialoversightofallrequestsforpersonaldata,ifitseasyitwillberoutine,ifitsroutine,itwill beabused,officerscanmakegoodmoneysellingaccesstomobilephonelocations. Ifthegovernmentwantssafeguardsagainstabuseofsurveillancethenitshouldbemandatoryforthe victimofsurveillancetobeinformedofthesurveillanceandthereasononeveryoccasionwhenlegal actionisnottakenwithin12monthsofthesurveillance.Thiswillclearlyhighlightanyunjustifieduse ofsurveillancealthoughIdoubtverymuchthatthegovernmentwouldwanttoalertinnocentpeople toabusesofthesepowersinthisway. ENFORCEMENT: 21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthedraft Billamounttoanoffence? ThereisastrongtendencyamongthePolicetocloseranksandprotectthereown,andtherewillbea reluctanceingovernmenttohaveanyabuseofthesepowersreportedinthepresssoIsuspectthat mostabuseofthesepowerswillbedealtwithbylighttouchinternaldisciplinarymeasures.There shouldbemandatoryjailtimeforabusesbythoseapplyingforsurveillancethatisnotjustified,and minimumfinesforeverydesignatedpersonthatauthorisedtherequests.Thiswouldmakepeople morecareful,andwouldreducefishingtrips. TECHNICAL: 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? UsingDeepPacketInspectionthecontentsofdatacommunicationscanbeexaminedtotakethe communicationsdataelementfromthestream.InordertoexamineSSLbasedcommunications https asusedinbankingGmailandmanyotheronlinesitesitisnecessarytoemployamaninthe middleattackandhaveaccesstotheprovidersprivatekeys,oruseafakeSSLcertificatetokeepthe browserhappyandallowtheequipmenttoaccessthecommunicationswiththesecurityremoved. BritishcompaniessuchasGammaInternationalhavebeensupplyingDPIbasedsurveillance equipmenttorepressiveregimestoallowthemtomonitorsecurecommunicationsusedby oppositiongroupsanddissidents,sothatoppositioncanbecrushed,beforeitcanbuildmomentum. Itwouldbenecessarytomaintainverylargenumbersoffilterstoextractcommunicationsdatafrom thedatastreamsofdifferentsitesandthetaskofmaintainingthesefiltersaswebsitesareupdated, couldbecomeverydemanding.AlthoughIthinkthisispossibleifnotaverypracticalwaytogetand storecommunicationsdata,Isuspectthatitwouldresultinmorethanbasiccommunicationsdata beingcaptured,tobesureofgettingitall.Thestoragerequirementsarelikelytobeenormous,andif vastnumbersofgovernmentstaffneed'nearrealtime'accesstothedatathenitislikelytobevery difficulttobothkeepitsecureandprovidethedatanearrealtime,soIsuspectthatsecuritywill suffer. 23.Howsafelycancommunicationsdatabestored? Data*can*alwaysbesecurelystored,butthecostofsecurityisintheeaseandspeedofaccess,so therewillalwaysbeatradeoffbetweeneaseofaccessandsecurity.Withtheverylargenumbersof requestsfordataIsuspectthatsecuritywillsufferanddatawillfallintothewronghands.The governmenthasbeenveryunwillingtodisclosetechnicaldetailsofthisprojectastheywerewiththe IDCardsproject,andIsuspectitwillbeanexpensivefailureasIDCardswere,orworseaninsecure
27
Orwellianmonitoringsystemwhichisroutinelyillegallyaccessed. 24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? TheproposalsforfilteringdonotmentionDeepPacketInspection,thehackingofSSLwithmanin themiddleattacksorDataMiningbecausethiswouldalertthemediatothedangersofthisproposal. Iamconfidentthatthesehighlyintrusivetoolswillbeused,butIamnotconfidentthatthatthegoals ofmaintainingaccesstocommunicationsdatafromsocialmediaandwebmailsystemfromallofthe thousandsofprovidersontheInternetisatallfeasible.Itwouldprobablyberelativelysimpleto extractdatafromtwitter,becauseofitsrelativelysimpleformat,butthetaskofmaintainingfiltersfor allofthedifferentsocialmediaandemailsitesontheInternetwouldbeanenormoustask,andis thereforenottechnicallyfeasible.IftheintentionissimplytomonitorpeoplesTwitter,Gmail, Hotmail,Google andFacebookpoststhenitwouldbefeasible. 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Therearealreadymeasuresthatwouldcircumventthemeasuresinthedraftbill,forexampleaVPN productthatIwroteandmyemployersellstocustomersthatprovidesanencryptedVPNwiththe trafficsplitacrossmultipleADSLlinesfrommultipleADSLproviders thisisforresilienceagainstline andproviderfailures .Theproposedsurveillancewouldhaveadistributeddatabaseacrossthose ISPsbutitwouldnotbepracticaltolinktheDPItodecryptthepackets,andthedataoneachprovider wouldonlybeafractionofthedatastream.Astheseproposalsgetclosertoimplementation ifthey evergetthatfar thendevelopersofOpenSourcesoftwarewhovaluetheirprivacywilldeveloptools thathaveahigherlevelofsecuritysothattheyarenotpracticalorareimpossibletobreak.Criminals paedophilesandanyonewhovaluestheirprivacywillusetoolsthatenablethemtomaintaintheir currentlevelsofprivacy,soallthatwillbemonitoredarethestupidandtheinnocent. Usinghighgradeencryptiontoforeignserverswouldallowthosewhodonotwishtobemonitoredto passalloftheirInternettrafficthroughacountrythatdoesnotmonitoritspeoplesInternettrafficor doesnotsharesurveillancewiththeUK.Theharderthestateattemptstocontrolandmonitorthe peoplethehardermanypeoplewilltrytomaintaintheirfreedomandprivacy. 26.Arethereconcernsabouttheconsequencesofdecryption? MyunderstandingofthecurrentstateoftheartformassstatedecryptionofSSLencryptedtraffic,is touseamaninthemiddleattackandafakeorRIPArequestedSSLcertificates.Thebrowseraccepts theSSLcertificateandmakesasecureconnectiontothegovernmentblackboxwhichthenmakesa connectiontothetargetsite,andreencryptsthetraffic.Thisallowstheblackboxtohaveacleartext viewofthedataasitpassesthrough.Theproblemhereisthatsomeimplementationsofthishacking techniquearesaferthanothers,forexampletheDPIboxbyCyberoamusedthesamefakecertificate foreveryboxsotheywereallowinganyonewithanotherCyberoamboxoraccesstotheshared certificatetoaccessthedatae.g.viaawirelesslink.Thereisadangerthattheseproposalswillexpose thedecrypteddatatocriminalssothattheycancommitbankfraud,simplybypayingorcoercinga governmentorCSPemployeetopassonpersonalcommunicationsdata.Therehavebeenmanyleaks ofdatathathavebeenusedbyprivateinvestigatorstoprovidedatatoclientse.g.NewsoftheWorld journalists,thiswillsimplybeanothersource. Thereareplentyofencryptiontechniquesthatwillnotbepossibletodecryptonamasssurveillance basis,andcriminalsandpeoplewhovaluetheirprivacywillusethese,thiswillprobablyresultin innocentpeoplewhosimplywanttousetheInternetwithoutstatesurveillancebeingcriminalised. August2012
28
The Bar Council of England and Wales

Introduction TheBarCouncilrepresentsand,throughtheindependentBarStandardsBoard,regulatesover15,000 barristersinEnglandandWales.Barristersareindependent,specialistadvocateswhoprovideavital, frontlinepublicserviceandapoolofexpertisefromwhichthemajorityofthejudiciaryisdrawn,on whoseindependencetheRuleofLawandourdemocraticwayoflifedepend.TheBarCouncils membersincludebarristerswhoregularlyadviseandappearincourtproceedingsonbehalfofpublic bodies,includingGovernmentdepartmentsandinvestigatoryandprosecutingauthorities. ItistheviewoftheBarCouncilthatthecurrentregimeforobtaininginformationaboutindividuals privatecommunicationsandactivitiesisnotfitforpurpose,anddoesnotprovidetheprotections whichwewouldexpectofanyliberaldemocracy.Thelawsgeneraloverreachingoftheproper protectionofprivacyisexacerbatedbythefailureoftheRegulationofInvestigatoryPowersAct2000 RIPA properlytoprotectlegalprofessionalprivilege;afailurewhichiscarriedoverintothedraft Bill.ThiswrittenevidencelaysouttheBarCouncilsconcernsand,inparticular,makes recommendationsfortheprotectionoflegalprofessionalprivilege. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? TheBarCouncilhasseriousconcernsaboutprovisionscontainedwithintheDraftCommunications DataBilltoextendtheRIPAregimetoincludeinternetandmobilephonebasedcommunications data.Thesefailtostrikeanappropriatebalancebetweencitizensprivacyandthepublicinterestina societygovernedbytheRuleofLaw. AccordingtoJUSTICE,sinceRIPAcameintoforcetherehavebeenatleast2.7mrequestsfor communicationsdataandover4,000authorisationsfordirectedsurveillance e.g.watchingan individualshome .Thisexcludeswarrantsandauthorisationsonbehalfofthesecurityservices.32 Initsexcellentreport,FreedomfromSuspicion:SurveillanceReformforaDigitalAge,JUSTICE states: RIPAhasnotonlyfailedtocheckagreatdealofplainlyexcessivesurveillancebypublicbodiesover thelastdecadebut,inmanycases,inadvertentlyencouragedit.Itspoordraftinghasallowedcouncils tosnoop,phonehackingtoflourish,privilegedconversationstobeillegallyrecorded,andCCTVto spread. Nodoubtpublicofficialsincludingthepoliceandsecurityservicesfinditoperationallyconvenient tobeabletoobtainasmuchinformationaspossibleaboutcitizensprivatecommunications,andto dosocovertly,i.e.withouttheknowledgeofthedatasubjects.Butconvenienceisnotthetest:the criticalquestionforcompliancewithArticle8oftheEuropeanConventiononHumanRightsis whetherthegathering,retention,orsubsequentuseofinformationisnecessaryinademocratic societyinpursuanceofadefinedlegitimateaim. Giventheevidencethatthecurrentregime whichwassupposedtobringdomesticlawintolinewith theUKsECHRobligations hasfailedtoprotectindividualsfromexcessiveintrusionintotheprivacy oftheircommunicationsandotheractivity,anyrebalancingofthesystemshouldbeinthedirection offurtherrestrainingthepowersofpublicbodiessothattheyaretargetedatthosegenuinelyunder suspicionofseriouswrongdoing.TheProtectionofFreedomsActwasawelcome,iflimited,stepin thatdirection.ItisdeeplyworryingthattheGovernmentnowproposestoreversethemodest
32http://www.justice.org.uk/data/files/resources/305/JUSTICEFreedomfromSuspicion
SurveillanceReformforaDigitalAge.pdf
29
progressmadeinthelastsessionofParliamentbyproposingawholesaleextensionofofficialaccess tocommunicationsinformation. WewouldaddthatitisfarfromclearthattheproposalsinthedraftBillarecompatiblewithEUlaw. ThepowersofMemberStatestorequirecommunicationsandinternetserviceprovidersroutinelyto retainuserdatawereharmonisedbytheDataRetentionDirective06/24/EClargelyatthe insistenceoftheUK,whichheldtheCouncilPresidencyattherelevanttime.Itishardtoseehowthe UKcanunilaterallyimposearequirementoncommunicationsandinternetcompaniestoretain,and permitofficialaccessto,widecategoriesofdatabeyondthosedefinedintheDirective.Indeed,the compatibilityoftheexistingDirectivewithprivacyrightsiscurrentlyawaitingconsiderationbythe CourtofJusticeoftheEuropeanUniononareferencefromtheIrishHighCourt.Thatfollowsaseries ofdecisionsofvariousMemberStatecourts includingtheGermanConstitutionalCourt striking downdomesticlegislationtransposingthecurrentDirectiveongroundsrelatingtoinfringementof privacy.GiventhatthemainpolicydriverbehindtheBillistheperceivedexternalthreattonational security,itmakessensefromapoliticalaswellasalegalstandpointformeasuresofthiskindto proceedonthebasisofEuropeanconsensus. LegalProfessionalPrivilege OneissueofparticularconcerntotheBarCouncil,givenourcloseinterestinissuesrelatingto administrationofjustice,islegalprofessionalprivilege LPP therighttoprivatecommunication betweenalawyerandtheirclients.RIPAmakesnomentionofLPP,andconsequentlytherelationship betweenLPPandtheauthoritiespowerstoobtainprivateinformationwasneverdebatedwhenthe RegulationofInvestigatoryPowersBillwasbeforeParliament.ThepowertooverrideLPPonlycame tolightwitha2009judicialdecisionoftheHouseofLords,InReMcE.33Thepresentstateofaffairsis highlyunsatisfactory.WerespectfullyinvitetheCommitteetourgetheGovernmentto a takethe opportunityoftheproposedlegislationtorestoretheprotectionofLPPinrelationtoexistingRIPA powers,and b ensurethatanynewpowerssimilarlyrespectLPP. Background:RIPAandLPP Therightofapersonincustodytoprivateconsultationwithalawyerisexpresslyprotectedin statute.Section58 1 ofthePoliceandCriminalEvidenceAct1984 PACE declares:Aperson arrestedandheldincustodyinapolicestationorotherpremisesshallbeentitled,ifhesorequests, toconsultasolicitorprivatelyatanytime. Theimportanceofanaccusedbeingabletoconferwiththeirlawyerinprivatehasalsobeen emphasisedinnumerouscasesontheECHR,decidedintheUKandinStrasbourg.FormerLordChief JusticeLordTaylorsummeduptheimportanceofLPPwhenheobservedthat: ...amanmustbeabletoconsulthislawyerinconfidence,sinceotherwisehemightholdbackhalfthe truth.Theclientmustbesurethatwhathetellshislawyerinconfidencewillneverberevealed withouthisconsent.Legalprofessionalprivilegeisthusmuchmorethananordinaryruleofevidence, limitedinitsapplicationtothefactsofaparticularcase.Itisafundamentalconditiononwhichthe administrationofjusticeasawholerests. LPPissubjecttothesensiblelimitationthatitdoesnotprotectcommunicationsmadeinfurtherance ofacriminalpurpose.Thisissometimesknownastheiniquityexception.Itexiststopreventabuse ofthelawyerclientrelationship. TheneedforreformofRIPAbecameapparentin2009,whentheHouseofLordsdecidedInReMcE,a NorthernIrelandappeal.TheHouseheldthatPart2ofRIPApermitsthecovertsurveillanceof meetingsbetweendefendantsandtheirlawyers,eventhoughnoexpressprovisionoftheAct authorisesitanddespitethecarefulprotectionofLPPbyPACE.
33
2009 1AC908 http://www.publications.parliament.uk/pa/ld200809/ldjudgmt/jd090311/mce1.htm
30
Part2ofRIPAdealswithcovertsurveillanceanduseofcoverthumanintelligencesources CHIS . Section27ofRIPAprovidesthat ConducttowhichthisPartappliesshallbelawfulforallpurposesif a anauthorisationunderthis Partconfersandentitlementtoengageinthatconductonthepersonwhoseconductitis;and b his conductisinaccordancewiththatauthorisation. Significantly,andasasignofthelackofclarityinherentinthecurrentregime,thejudgeswerenotof theunanimousviewthatsection27ofRIPAtrumpssection58ofPACE.LordPhillipsofWorth Matraversdissented,observing atparagraph41 : WhileRIPAenablesauthorisationofsurveillanceofcommunicationstowhichLPPattachesat commonlawitdoesnot,inmyview,enableauthorisationofinvasionbycovertsurveillanceofthe expressrightsgivenbystatutetoadetaineetoconsultalawyerprivately.Itwouldnotbe incompatiblewiththeConventionforpowertobegrantedinexceptionalcircumstancestocarryout suchsurveillance,butIconsiderthatthepowershouldbegrantedbyastatutethatadequately definedthosecircumstancesandprescribedwhowastoascertainthattheyexisted. LordPhillipssummarisedtheimportanceofLPPatparagraph45whenhesaidthatTherationalefor LPPisthatitisnecessaryifclientsarenottobeinhibitedfrombeingfrankwiththeirlawyers.His Lordshipstatedthattheconcernoftheclientinthesecircumstancesisthatthecommunicationmay bedisclosedandthenusedtotheirdetriment. Ifthestateisabletoeavesdroponlegitimatelyprivilegedcommunicationsforthesakeofgathering intelligence,therewillbeaninevitablechillingeffectuponclients,whowillfeelunabletospeak openlywiththeirlawyers.Thiswouldseriouslyunderminethefundamentalhumanrightaffordedby LPP.Itcreatesagraveriskofmiscarriagesofjustice,ariskwhichhasunfortunatelymaterialisedin recenthighprofilecasesinvolvinguseofCHISandwhichemphasisetheneedforLPPtobeexplicitly protectedbylegislation. UndercoverpoliceofficersPCMarkKennedyandDCJimBoyling,infiltratingprotestgroupspursuant toRIPAauthorisations,maintainedtheircoverwhilefellowprotesterswereprosecutedandtriedfor offences.InKennedyscase RvBarkshire&Others ,significantnondisclosure astheCourtof Appealfound ofhisroleledto20overturnedconvictionsandcasesdroppedagainstsixother campaigners. ThepresentLordChiefJustice,LordJudge,expresseddisquietthatanundercoverpoliceofficermay havebeenpartytolegallyprivilegedcommunicationsbetweenthedefendantsandtheirlawyers.The concernsoftheLordChiefJusticewereconfirmedinthecaseofDCBoyling RvJordan ,whenit emergedthatDCBoylinghadindeedattendedmeetingswiththedefendantandhissolicitor. TheBarkshireandJordancasesdemonstratetheseriousproblemslikelytoarisewhenpersonsacting underRIPAauthorisationsobtainaccesstoprivilegedinformation.Thisisnotsimplyaprivacyor confidentialityissue:therearewiderconcernsaboutfairtrialwhenservingpoliceofficerscovertly accessprivilegedinformationandareinapositiontopassitontotheCrown. TheBarCouncilsconcernsextendbeyondthecriminallaw.Anindividualwhoisbringingacivil actionagainstthestatecouldatthesametimebesubjecttosurveillancebythestate.Thiscouldbein circumstanceswherethereisnobasisforsupposingthattheindividualispursuingsomecriminal purposeratherthangenuinelyseekingadviceonhiscivilclaim.Thatprospect,inthelightofthe rationaleforLPParticulatedbyLordPhillips,isadisturbingone.Itisalsoironic,giventhatRIPAwas promptedinthefirstplacebythejudgmentoftheEuropeanCourtofHumanRightsinHalfordv.UK, acaserelatingpreciselytoapublicauthorityaccessinglegallyprivilegedcommunications. ThefactsofMcErelatedtosurveillance.Butthereasoninginthecaseappliesequallytotheother covertinvestigationtechniquesgovernedbyRIPA:interceptionofcommunications,acquisitionof
31
communicationsdataanduseofCHIS.Wesaymorebelowaboutthespecificareaofcommunications datainthecontextofthecurrentdraftBill. TheBarCouncilisnottheonlybodytohaveconcernsaboutLPPinthiscontext.Thiswashighlighted byNickPickles,DirectorofBigBrotherWatch,whenhegaveevidencetotheCommitteeonTuesday 17July: RIPAexplicitlyfailstorecogniseprivilegedcommunications.TheBarCouncilandtheLawSociety havebothbeenveryclearthatthereisnorecognitionforprivilegedcommunicationsatallinthe existingregime.34 TheGovernmentspositiontodate ThepreviousGovernmentgaveapartialresponsetoInreMcEbymakingtwoordersunderpowers containedinRIPA.Oneorderconcerneddirectedsurveillance,35theotherCHIS.36Theordersalter theauthorisationprocedureswheretheauthoritiesseektotargetlegallyprivilegedcommunications. TherewerealsorevisionstotheCodesofPractice.37 Thesafeguardssupposedlyprovidedbytheseinstrumentsareinsufficient.Wheresurveillanceis intendedtoacquireprivilegedinformation,theCodeofPracticeprovidesthatitshouldbe undertakenonlyinexceptionalandcompellingcircumstances.However,therangeofcasesinwhich thisexceptionalcourseshouldbetakenisextremelyilldefined.Thecodereferstothreatsto nationalsecurityortolifeorlimb.Inourview,thephrasethreattolifeorlimblacksclarityand, whileitmaycatch aswasnodoubtintended seriousintentionaloffencesofpersonalviolence,it couldextendtomoreminoroffenceswherephysicalinjuryresultsfromlackofreasonablecareor frombreachofadutythatgivesrisetostrictliability.Meanwhile,thetestsetoutintheCodeforthe authorisationofsurveillancethatislikelybutnotintendedtoacquireprivilegedinformationis identicaltothestatutorytestforanyauthorisationforintrusivesurveillanceunderRIPA;itcontains nospecialprotectionforprivilegedmaterial. Theoverarchingdifficulty,however,isthatthesechangesdonotaddressthefundamentalpointthat covertinvestigatorypowersshouldnotbeusedtotargetprivilegedcommunications.Thestatusquo should,inourview,betheprotectionofLPPinallbutthosecircumstancesinwhichlegalprivilegeis beingabusedforcriminalpurposes.Inanyevent,theordersdonotapplytointerceptionof communicationsandacquisitionofcommunicationsdata. Assuch,itwillnotbesufficientsimplytotweaktheseexistingcodesofconduct,allofwhichoperate ontheassumptionthatRIPAallowsLPPtobeviolatedforinvestigatorypurposes. ItisregrettablethatthepresentGovernmenthassofarcontinuedtodefendthecurrentRIPAregime inrelationtoLPP.DuringthescrutinyoftheProtectionofFreedomsBillintheLords,Baroness HamweetabledaNewClause,draftedbytheBarCouncil,toremedytheposition pleasesee Appendix .InGrandCommitteeforthatBill,theMinisterpointedoutthatthatnoonecanregard themselvesasbeyondthelaworimmunefrominvestigationorprosecution.38TheBarCouncil respectfullyagrees.Ourproposalwouldnothaveplacedanyonebeyondthelaw.TheNewClause wouldhavepreservedtheiniquityexception:privilegedoesnotattachtoinformationheld,or communicationsmade,infurtheranceofacriminalpurpose.Moreimportantly,theNewClause simplywouldhavebroughtRIPAintolinewithotherlegislation:seebelow.
34http://www.parliament.uk/documents/jointcommittees/communications
data/uc170712ev4HC479iv.pdf
35http://www.legislation.gov.uk/uksi/2010/461/introduction/made 36http://www.legislation.gov.uk/uksi/2010/123/introduction/made 37http://www.legislation.gov.uk/uksi/2010/462/introduction/made
http://www.legislation.gov.uk/uksi/2010/463/introduction/made 38http://www.publications.parliament.uk/pa/ld201011/ldhansrd/text/111215 gc0001.htm#11121597000383
32
TheMinisteralsoreferredinGrandCommitteetothe2010decisionoftheNorthernIrelandHigh Court,RAsapplicationforjudicialreview,39arguingthatthecourthadbeensatisfiedwiththe safeguardsaffordedbytherevisedSurveillanceCodeofPractice.Butinthatcasethecourtonlydealt withtheissueofsafeguardsinrelationtothesubsidiaryquestionofhowmaterialcollectedfrom surveillanceshouldberetainedandeventuallydestroyed.Onthecentralissueofwhetherthepolice couldproperlyconductsurveillanceduringmeetingsbetweentheapplicantandhissolicitor,theHigh CourtrulednotsurprisinglythatitwasboundtofollowInreMcE.Ifanything,thiscase emphasisestheimportanceofParliamentaddressingthequestionofLPP. ItissignificantthatRIPAcontainsnoexpressprovisionaboutprivilege,sotheissuewasnotdebated whenthelegislationwasconsideredinParliament.Instead,asignificantdeparturefromexistinglaw cameaboutnotthroughopendebateandvotesbybothHouses,butbytheretrospectiveapplication ofrulesofstatutoryconstruction. WheneverParliamenthashadanopportunitytoconsiderLPPasin1984whenPACEwasunder consideration,andagainin1997beforeenactingthePoliceActithasconsistentlyvotedtoprotect it,subjecttoprovisionswhichpreventtheabuseofprivilegeforacriminalpurpose.Anyextension beyondthesepowersneedstobeopenlydebatedinParliamentandinpublic. ThedraftBill Forallthosereasons,theBillasintroducedshouldcontainprovisionsamendingRIPAtorestorethe protectionofLPP. IfanyofthenewpowersproposedbythedraftBillareeventuallyapprovedbyParliament,thesetoo shouldbeenactedintermsthatprovideexpresslyfortheprotectionofLPP.Itisimportantto appreciatethataccesstocommunicationsdataraisesconfidentialityissueseverybitasimportantas moreobviouslyinvasivepowerssuchasinterceptionofcontent,thecarryingoutofsurveillanceor theuseofCHIS.InaseriesofjudgmentsbeginningwithMalonev.UK 1984 Ser.ANo.82,the EuropeanCourthasbeenatpainstopointoutthatinformationaboutwhocalledwhom,when,for howlong,etc.,raisesprivacyissuesinprincipleeverybitassignificantasinterceptionofcontent.The distinctionbetweencontentanddatahasbeenfurtherblurredbytechnologicaldevelopmentssuchas searchengines,cloudcomputingandvoiceoverinternetcommunications.InthecontextofLPP, informationaboutwhoconsultedwhichlawyersisitselfhighlysensitiveand,inconjunctionwith otherinformationavailabletotheauthorities,isliabletoenablethenatureandcontentofprivileged communicationstobeguessedatwithahighdegreeofaccuracy. IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties? TheBarCouncilsharestheconcernsvoicedbyJUSTICE,BigBrotherWatch,Libertyandothers regardingthenecessityofextendingtheinterceptionregimetoinformationwhich,despitebeing labelledmeredata,canbeextremelyrevealing. Nevertheless,weappreciatetheneedfortheauthoritiestoutilisecarefullytargetedinterceptionand surveillancetoolsintheinterestsofcrimefightingandnationalsecurity.Ourprimaryconcernisthat theregimeonwhichthesenewpowerswillbepinnedisnotfitforpurposeandalreadyoverbroadin itsreachandeffect. ShouldtheGovernmentchoosetopursuetheplanslaidoutwithinthedraftBill,weurgeittoadd provisionstoamendRIPAinordertoprotectproperlylegallyprivilegedcommunications.Wehope thattheCommitteewillappreciatetheimportanceofsuchsafeguards,andweencourageitto considerthisissuewhenmakingitsrecommendationstotheGovernment.
39http://www.bailii.org/nie/cases/NIHC/QB/2010/99.html
33
August2012
34
BCS, The Chartered Institute for IT

BCSisgovernedbyaRoyalCharterwhichdefinesourpurpose:topromotethestudyandpractice ofComputingandtoadvanceknowledgeandeducationforthebenefitofthepublic.Webring togetherindustry,academics,practitionersandgovernmenttoshareknowledge,promotenew thinking,informthedesignofnewcurricula,shapepublicpolicyandinformthepublic. TheRoyalCharterenablestheInstitutetoadmitqualifiedmembers;withoutour70,000members wewouldbeunabletoundertakemanyofourcharitableactivitiestopromoteITatalllevels. UndertheCharter,BCSisrequiredtoestablishandmaintainstandardsofprofessional competence,conductandethicalpracticeforinformationsystemspractitioners. As a professional body, BCS represents its members and the IT Profession as a whole on issues of importance, and liaises with other professional bodies, the government, industry and academics to initiateandinformdebateonITstrategicissues.Wealsodeliverarangeofprofessionaldevelopment tools for practitioners and employees and as a leading IT qualification body; we offer a range of widelyrecognisedprofessionalandenduserqualifications. ConsultationQuestions: General: 1. HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill?
Notethelistoflegitimatepurposes wheretherighttononinterferenceisnotobligatory ,onpage 100ofthedraftBillandcopiedhereonpage7,underheadingSafeguards.Thelistisextensiveand appearstobewiderinscopethanthepurposestatedbyTheresaMayquotedabove.

2.
ThepurposestatedbyTheresaMayis:toprotectpublic;bringoffenderstojusticebyensuringthat communicationsdataisavailabletothepolice/security/intelligenceagencies.However,shealso notesthatpolice,theSeriousandOrganisedCrimeAgency SOCA andHerMajestysRevenueand Customsalreadyhaveaccesstothefullrangeofcommunicationsdata.Alltheseagenciesarethe onesstatedbyher above .So,iftheyalreadyhaveaccesstothefullrangeitisnotclearwhyfurther powersareneeded.Lateron andinconsistentwiththepreviousstatement itissaidthat communicationsdataregardingemailandinternetislessavailableandhardertoaccess. Itisnotedthatotherauthoritieshaveaccesstocommunicationsdata,butdonothaveaccessto,for example,thelocationofamobilephone.Itappearsthenthatthelocationofamobilephoneforother authoritiespresentsaproblem.Thedefinitionofotherauthoritieshowever,listssome organisationsoutsideofthescopeoftheBillasstatedinitspurpose above .Theotherauthorities thatareincludedintheabovepurposei.e.apoliceforce,SOCA,intelligenceservicesappeartoalready becateredfor.AdditionalotherauthoritiesaretheScottishCrimeandDrugEnforcementAgency, HerMajesty'sRevenueandCustomsandanysuchpublicauthoritynotfallingwithinparagraphs a to f asmaybespecifiedforthepurposesofthissubsectionbyanordermadebytheSecretaryof State.BCSconsidersthistobeambiguousandofconcern.
BCS,TheCharteredInstituteforITbelievesthatthereareinconsistenciesbetweenpurposeand proposal.
HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? TheInstitutedoesnotbelievethatthecaseisentirelyconvincing.Weareoftheopinionthatthereare inconsistenciesbetweenthestatedpurposeandproposal.
35
Ontheonehand,theGovernmentsaysitalreadyhasaccess,butontheotherthat,emailandinternet poseproblems.Anotherproblem,accordingtoTheresaMaysstatement,isthatcurrentlyaccessto communicationsdataisretrospectiveandinsomecasesthepoliceneedtoaccessdatainnearreal time,notablywherelivesmaybeatrisk e.g.duringakidnap . ItisnotclearhowtheproposedBilladdressesthisnearrealtimeissueascurrently,thepolice andsomeotherpublicauthoritiescanaccessspecifiedcommunicationsdata,afterdemonstratingit isnecessarytoinvestigationandproportionatetoaimandobjective.Asfaraswecanseeinthe proposedBill,suchdemonstrationofnecessity andgettingauthorisationtoaccessdata remainsa requirement.TheInstitutepresumesthatthespecifiedcommunicationsdatamentionedaboveis onlydatathatprovidersalreadyholdandthatthenewaspectoftheBillistorequireInternetService Providers ISP tocollectandstorecommunicationsdata forminimumof12months .Thiswould goalongwaytoaddresstheproblemofemailandinternetcommunicationsdata. Again,theproblemofnearrealtimeaccessmaybehelpedbyISPscollectingcommunicationsdata, buta12monthstorageperiod oranyperiodlongerthan,say,14days isirrelevanttothisproblem. 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? Byvirtueofthefactthatinformationcollectedshowingapersonslocation e.g.themobilephone issuementionedabove isofparticularinteresttorelevantpublicauthorities,addedtothatisan interestinwhoiscommunicatingwithwho,forhowlong,andhowoften.Thisinformationcouldbe ofinteresttootherswhohavenotbeenauthorisedtoaccessit.Despitetheextensiverequirementsof security,integrity,codesofconductetc.itisverylikely,basedonevidencefromdatabreachesinthe lastyearthatinterestedpartieswillgainaccess. Thecollectionofdataaboutindividualsusingdigitalservicesisalreadyagrowingconcern,suchas thewebbrowsingtracking,collectingsocialnetworkingdataandprofilebuilding.Itcouldbeargued thatgovernmenttracking/profilingintheinterestsofthesecurityofcitizensmightbejustified.The bigdifferencebetweencommercialinterestandthestateinterestistheimpactonandconsequences tothatindividualasaresultofstatescrutiny.Beingasuspecthasconsequences sometimeslife changingandtraumatic ,butasuspectisnotacriminaluntilevidenceandacourtsaysso. 4. Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? TheInstituteisinterestedtoknowtowhatextentthemeasuresundertakeninothercountries e.g. China,Russia comparetowhatisbeingproposedhere.Argumentsoftenputforwardconcernthe protectionofnationalsecurityandcitizensrequiringintelligence.TheUKGovernmentisnotonly requiredtoprotectthenation,butalsotoactintheintereststoensurepublicwelfare.These argumentscouldbeequallymadeinothercountries. 5. Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? TheInstituteisnotawareofanyalternativeproposalsthattheGovernmentcouldconsider. 6. ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? TheInstitutehasnoviewontheoptionsbeyondthosealreadyexpressedintheresponsetoprevious questions.
36
7.
IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasures thatcouldbescrappedasaquidproquotorebalancecivilliberties? TheInstituterecognisesthedifficultiesofreconcilingtheprotectionofthepublicwhilemaintaining individualcivillibertiesinafreesociety.Amoreindepthassessmentoftheproposedprovisionsof theBillandtheirdirectimpactonindividualcivillibertieswouldincreaseawarenessandenablea moreconstructivedebateonthemeritsof,andthenecessityfornewprovisions. 8. WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKas alessattractivebase?Whatmightbetheeffectonbusiness? TheInstituteconsidersthistobefeasible.Itwouldcertainlybeinterestingtoseewhetheran argumentbasedonlossofbusinesswouldinfluenceagovernmentthatisapparentlyrespondingto theneedtoprotectpublic,bringoffenderstojusticebyensuringthatcommunicationsdatais availabletothepolice/security/intelligenceagenciestotheextentthatcivillibertiesandpublictrust inpublicauthoritiescouldbeatstake.Forinstance,isbusinessinterestahigherprioritythan protectingthepublicandnationalsecurity? Costs: 9. Istheestimatedcostof1.8bnover10yearsrealistic? Itisdifficulttodeterminewhetherthisisrealisticasthedetailislacking.Governmentcost predictionsonprojectsarehowevernotoriouslysubstantiallyunderbudgetandoftennotfeasible technically.
Note:onbothpoints 9 and 10 theargumentmadein 8 aboveapplieseithertheproposals madeinthedraftBillarevital topublicandnationalsecurity ortheyarenot.Iftheyarenot,the Governmentshouldnotbepursuingthislineitisdangerous tothepublic ,controversial withdue cause ,challengingtoimplement operationalcomplexities,technicalchallenges,jurisdiction challenges andmostlikelycanbebypassedbytheverypeoplelawenforcementagenciesare interestedin.
Scope: 11. Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill? TheInstitutehasnoviewontheoptionsbeyondthosealreadyexpressedintheresponsetoprevious questions.
TheInstitutebelievesthatthecostofcomplyingwithrequestsfromsubscribersforpersonaldatavia theDataProtectionAct1998wouldincreasebutareunclearifoperatorsorgovernment thus FreedomofInformationAct couldbeconsideredasdatacontrollersforthisadditionalinformation. Thecostofstoringthisinformationcanvarygreatlybetweenoperatorsdependentoncontractual agreementswiththeirsuppliersi.e.iftheyarepayasyouuseratherthanoneoffpaymentsfor equipment. 10. TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? TheInstituteconsidersitdifficulttomakeajudgementwithoutknowingwhatthefigureisbasedon.
37
12. WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Should itbepossiblefortheSecretaryofStatetovarythislistbyOrder? a Police/security/intelligenceagenciesasspecifiedintheopeningsectionoftheBill,asnoted in 1 above. b No,notwithoutsomestringentprotectionsforthepublic,anddemocracy,inplace.
13. Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? Itisdifficulttoseehowcommunicationsserviceprovidersbasedoverseascouldbepersuadedto participateinsuchascheme.Thereforeconsiderationshouldbegiventowhattypeofinformation securitymeasuresbasedonlegallybindingcommercialarrangementscouldbeputinplacethat wouldmeetUKrequirements. Itislikelyothergovernmentsmaybeinterestedinthedatacollected.TheInstitutewouldlike clarificationonwhetherserviceprovidersoperatingundersuchgovernmentswouldbeabletolegally resistanyinformationrequests. UseofCommunicationsData: 14. Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? TheInstituteconsidersitimportanttousethecommunicationdatatodetectcrimeswheremanylives couldbeatstake. 15. Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? Itisdifficulttosay,asthereason i.e.purposeoftheBill forkeepingdataisnotclearlystated. Asnotedabove,inthecaseofanabductionandrisktolife12monthsisnotrelevant,probablyalso notrelevanttoplottingaterroristactivityorstreetriots.12monthscouldhoweverberelevanttoa moneylaunderinginvestigation,ororganisedcrimeinvestigations. ThereseemstobeaconflictbetweenClause4Subsection 1a whichimpliesuseofarolling12 monthperiodforeachcommunicationdataitemstored andClause6Subsection 3 whichimplies thateachoperatorcanchoosetodeletedataitemsatregularintervalsoflessthanorequaltoone monththusadataitemmaybedestroyedatthe12monthanniversarybutatthenextprescheduled interval,variabledependentonoperator,post12monthanniversary . Safeguards: 16. Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR?
i Itisimportanttonotethatanysystem,evenwithchecksandbalances,isopentoabuse. ii Page99ofthedraftBillstates:Thepermittedpurposespursuethelegitimateaimssetoutin clause9 6 ,namely: a intheinterestsofnationalsecurity, b forthepurposeofpreventingordetectingcrimeorofpreventingdisorder,
38
d e f g h
i j
17. Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplyto allpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? TheInstitutebelievesawarrantsystemwouldbemoreappropriate.Thiswouldberesourceheavy. 18. IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? Itislikelythatalloftherolesmentionedwillinpracticeinvolveotherpersonsidentifiedtodealwith theseissuesthescaleofwhatisproposedislikelytoexceedtheamountoftimeneededto undertakethisveryseriouswork,i.e.ongoingscrutinyandmanagement. ParliamentaryOversight: 19. ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory?
forthepurposeofpreventingordetectinganyconductinrespectofwhichapenalty maybeimposedundersection123or129oftheFinancialServicesandMarketsAct 2000 civilpenaltiesformarketabuse , intheinterestsoftheeconomicwellbeingoftheUnitedKingdom, intheinterestsofpublicsafety, forthepurposeofprotectingpublichealth, forthepurposeofassessingorcollectinganytax,duty,levyorotherimposition, contributionorchargepayabletoagovernmentdepartment, forthepurpose,inanemergency,ofpreventingdeathorinjuryoranydamagetoa personsphysicalormentalhealth,orofmitigatinganyinjuryordamagetoapersons physicalormentalhealth, toassistinvestigationsintoallegedmiscarriagesofjustice,or whereaperson P hasdiedorisunabletoidentifythemselvesbecauseofaphysical ormentalcondition i toassistinidentifyingP,or ii toobtaininformationaboutPsnextofkinorotherpersonsconnectedwithPor aboutthereasonforPsdeathorcondition.
TheInstituteholdsnoparticularlyviewaboutwhetherthearrangementsforparliamentaryoversight ofthepowerswithinthedraftBillaresatisfactory. Enforcement: 20. Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywith therequirementsofthedraftBill? TheInstitutehasnoviewontheoptionsbeyondthosealreadyexpressedintheresponsetoprevious questions. 21. Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthe draftBillamounttoanoffence?
39
Notethatunder3.Datasecurityandintegrity AtelecommunicationsoperatorwhoholdscommunicationsdatabyvirtueofthisPartmust a securethatthedataisofthesamequalityandsubjecttothesamesecurityandprotectionasthe dataonanysystemfromwhichitisderived,and b protectthedataagainstaccidentalorunlawfuldestruction,accidentallossoralteration,or unauthorisedorunlawfulretention,processing,accessordisclosure." In a above,thesecurityofdataonanysystemfromwhichitisderivedmaynotbeveryrobustand in b thisappliestoanydataheldaccordingtotheDataProtectionActandtherearemany instancesofdataloss,breach,unauthorisedaccess,etc.
GiventhelevelofassurancesandframeworkindicatedinthedraftBilltosafeguardtheprocessof access,whichemphasisetheseriousnessofwhatisbeingaccessed,itwouldseemreasonabletoapply asimilarlystrongpenaltyforthosewhodonottaketheirresponsibilitiesseriously. Technical: 22. Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapturecommunications datareliably,storeitsafelyandseparateitfromcommunicationscontent? Thereisnocurrenttechnologyavailabletocapture/interceptallcommunicationdataexchange betweenNearFieldCommunicationenabledsmartphoneswhichareincloseproximity. 23. Howsafelycancommunicationsdatabestored? Webelievethatnoguaranteeofsafetycouldeverbegiven.
24. Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? TheInstitutebelievesthattheyarenotatallclear.Itisdifficulttounderstandwhattheproposalsare. 113page48states"Inpractice,theSecretaryofStateordesignatedpublicauthoritymaycontract withanapprovedbodytoundertakethedaytodayoperationofthefilteringarrangements. However,legalresponsibilityforensuringtheeffectiveandlawfuloperationofthefiltering arrangements,andcomplyingwiththedutiesimposedbyclauses14to16,willremainwiththe SecretaryofStateorotherdesignatedpublicauthority." TheInstitutewouldwelcomeexplanationaboutwhatthecontractwithanapprovedbodymeans. Wewouldliketoknowwhoisinvolvedintheapprovalprocessandwhetherthismightbe outsourcedtoaprivatecompany. Furthermore,anydelegationofoperationalauthorityfromtheSecretaryofStatetoapublicauthority doesnotremoveultimateresponsibilityfromtheSecretaryofStatebutwhatisthepractical relevanceofthatresponsibility?WhatconsequenceswouldtherebetotheSecretaryofStateincases ofmisuseorerror leadingtobreachesofinformation ?Pastexperiencehasshownthatthemosta citizencouldexpectistheresignationoftheSecretaryofState.Withoutproportionateconsequences theemphasisontheSecretaryofStateasprotectorofacodeofconduct'thatprovidesassuranceto thecitizenandgeneralpublic,isarguablyrathermeaningless. 25. HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Therearevarioustechnicalmeansavailabletothosewhowishtocircumventthesemeasures. IndividualsusingNearFieldCommunicationenabledsmartphonesincloseproximitymaybeableto circumventattemptstocapturecommunicationdata. 26. Arethereconcernsabouttheconsequencesofdecryption?
40
TheInstitutehasnoviewontheoptionsbeyondthosealreadyexpressedintheresponsetoprevious questions. August2012
41
Mark Benson
General: 1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? Yes.TheHomeOfficehasclearlylaidoutthatitwantsarecordofwhateveryoneintheUKdoeson theInternet,regardlessofsuspicionofguilt. Runningcontentfiltersforsmallandmediumbusinesseswhichcapturesomecommunicationsdata itisincredibletoseewhatinformationcanbegleanedevenifyoudonthavethecontentofthe communication,particularlywherewebsiteaddressesareconcerned.Theprospectofanyone organisationhaveaccesstothatmuchsensitivedata whetherstoredinonedatabaseormany is frightening. 2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? No.Whiletherewillalwaysbesituationswherehavingmoreinformationwouldproveuseful,there canbenojustificationinademocracyforsuchintrusionintopersonalprivacy,regardlessofwhatever safeguardsareclaimedtoprotectthedataandrestrictaccess. 3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? Theproposalsdonothingtoassuagethepotentialformisuse.Ifitcanbemisuseditwillbe,aswe haveseentimeandtimeagain. Again,noamountofjustificationshouldallowblanketmonitoringinademocracy. 4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionofcommunications data? ThemodelsforthistypeandscaleofmonitoringwouldbeChinaorIran.Thesearenotmodelswe shouldbeaspiringto.CourtsinGermany,RomaniaandtheCzechRepublichavefoundsimilar arrangementsintheirrespectivecountriestobeunconstitutional. 5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? 6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? 7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties? 8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKasa lessattractivebase.Whatmightbetheeffectonbusiness? ThereisariskthattheUKwillbeviewedwiththesamecautionandconsideration,thatthosefor whomprivacyisaconsideration,applytoplaceswithlegislationlikethePatriotAct.Imyselfavoid runningserversincertaincountriesduetotheirinternetpoliciesandconcernforthesecurityofthe data. Costs: 9.Istheestimatedcostof1.8bnover10yearsrealistic? 10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween5 6bn.Isthisfigurerealistic? Scope: 11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill?
42
FromtheperspectiveofanITprofessionalthedefinitionofcommunicationsserviceprovideris worryinglyvague.Asanindividualwhorunshisownemailserverandseveralserversforsmalland mediumenterprises,thewordingofthedraftbillThetermtelecommunicationsoperatorisdefined inclause28asapersonwhocontrolsorprovidesatelecommunicationsystem,orprovidesa telecommunicationsservice.wouldappeartoconsidermeaTelecommunicationsProvider.While thereareprovisionsinthebilltopotentiallyoffsetthefinancialimpact,thetaskwouldbebeyondthe scopeoftheservicesIcanprovide. 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Should itbepossiblefortheSecretaryofStatetovarythislistbyOrder? Iwouldrathernoorganisationhaveaccesstoblanketcommunicationsdata.Itdoesnotmatterifthis dataisinoneormanydatabases,thescopeofthemonitoringandpotentialfordataminingis frightening.Ifthiscomestopass,accessshouldbelimitedtoPoliceandtheSecurityServicesonly, withjudicialoversight.Atnopointshouldthelistofthosewithaccess,changewithoutpublicdebate. 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? Whileitmaybepossibletoseekandobtainthecooperationofthelargerplayers e.gGoogle, Facebooketc ,thechoiceandpopularityofservicesontheinternetisinaconstantstateofflux. Pursingthemtoprovideinformationonuksubscribersthatitmaynotevenbeawareithas,wouldbe likeherdingcats. UseofCommunicationsData: 14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? 15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? Typically,duetostorageconstraints,serversstorelogsforafewweeks,witharchivingthatmaybeas longas3months.Serversorapplianceswithhighthroughputmayonlystorelogsforamatterofdays ornotatall.Thisisusuallyadesigndecisionandisdonetoaidmaintainability,functionalityand usability.ThecostofstoringthedatawouldlikelybedisproportionatelyhighforSMEs,letalonethe questionofhowtoactuallydoitinthefirstplace. Safeguards: 16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? WithrespecttoArticle8ECHR,theuseofcommunicationsdata asmentionedinsection8ofDRAFT COMMUNICATIONSDATABILL,EUROPEANCONVENTIONONHUMANRIGHTSMEMORANDUMBY THEHOMEOFFICE tocomparethedatacollectedforatelephoneservicewiththatforemailorweb browsingismisleadingasinternetdataisnotchargedpercall.ISPsdonotrequirethisinformation i.e.individualemailorwebsessions tobilltheircustomers. ThememorandumitselfstatesByitsverynature,meteringisthereforetobedistinguishedfrom
interceptionofcommunications,whichisundesirableandillegitimateinademocraticsocietyunless justified..
Thejustificationbeingseriouscrimesandideally,onlymonitoringofdatawithawarrant,fromthat pointintimeforward.Toexpect12monthsofdatatobeonhandforeverybodyisfundamentally wrong. 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplyto allpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe?
43
Awarrantysystemshouldbethedefaultcase.Onlylawenforcementagenciesshouldhaveaccessvia awarrantsystem.Ifotherpublicauthoritieshaveacasetopursuethentheyshouldpursueitthought theappropriatelawenforcementagencies.Thelikelyimpactwouldbetodeterflippantuseofthe system.Ifsuchasystemiseverputinplace,thebarrierstoentrymustbesohighastomakeevery useofthesystemasoneroustothoseseekingdataastheburdentoprivacyistotheindividuals monitored. 18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformationCommissioner sensible? ParliamentaryOversight: 19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? Enforcement: 20.Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywith therequirementsofthedraftBill? 21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthedraft Billamounttoanoffence? Technical: 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapturecommunications datareliably,storeitsafelyandseparateitfromcommunicationscontent? Itispossibletocapturedatafromcommonports i.e.emailonport25,webtrafficonport80 , identifythatprotocolandstripoutthecommunicationsdata.Howeverifencryptedand/or obfuscateditmaynotbepossibletoextractanymeaningfuldata. Capturingdataforallportsandprotocolsmayprovedifficult.Doingsoforalltrafficthatpasses throughalargeISPmaynotbepracticalduetotheamountofprocessingandstoragerequirements. Howeverduetothelayerednatureofthemanyandvariedprotocolsthatenablecommunicationson theinternet,onelayerscommunicationsdataislikelyembeddedinanotherlayerspayload or communicationscontent .SotostatethatNothingintheseproposalswillauthorisethe interceptionofthecontentofacommunication.isdisingenuousbecauseatsomepointitwillbe necessarytointercept,storeandreconstitutethecommunicationscontent howeverbriefly ofone protocoltoenabletheextractionofcommunicationsdataofanotherprotocolcontainedwithin. 23.Howsafelycancommunicationsdatabestored? Thatdependsontherisksyouwanttomitigateagainstandhowmuchmoneyyouwanttothrowat theproblem.Youneedtoconsiderphysicalsecurity,shouldthesystemsbephysicallyisolatedand canallISPsaccommodatetherequirement,isolatedfromthenetwork,securefromphysicalintrusion, safefromadverseconditions floods,fire,socialunrest,theftetc andusersecurity.Oneormore peoplewillhavetosetupandadministerthesystems.Aretheyconsideredfittohaveaccesstothat system?WhatsafeguardsandpenaltiesarethereforstaffatanISPcollectingthatdata? 24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? Theproposalsarevaguewhentakeninthecontextoffilteringlargeamountsofdatawhichwould requireveryspecificparametersandthelikelyresultswouldonlybeapparentafterfilteringthedata. Alsodeterminingtheprecisionoftheresultswouldrequireveryspecificgoalsthatmaynotbe apparenttowhoeverisdoingtheactualfiltering.Thetechnicalfeasibilitydependsonthesystems thatstorethedata,howitisstored,thesystemusedtomanipulateandfilterthedataandtheskillof thepersoncreatingthedatafilter. 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Therearemyriadwaystocircumventthemeasuresinthedraftbill.Forexample,itsaseasyas runningaVirtualPrivateNetwork VPN ,TORconnectionorconnectingtoaDarknet. IttakesminutestosetupaVPN.VPNsarecommonlyusedbybusinessuserstosecurelyaccesstheir companynetworkfromapublicnetwork.
44
TORobfuscatesusertrafficallowingthetraffictoberoutedtorandomTORexitpointsaroundthe world.TORhasbeeninstrumentalinopposingrepressiveregimesaroundtheworld. Darknetsareessentiallydecentralisedprivatenetworksthatanyonecanjoin.Theyimplementtheir ownrulesi.e.anonymityandnologgingofconnectioninformation. Itisalsopossibletouseproxiestoanonymizeyourconnection.Withanonymousemailservicesthat donotrequireanysubscriberinformation,anonymousremailersandafewoftheaboveitiseasyto circumventthemeasuresinthedraftbill. ItisalsoeasytoconnecttoTORoraDarknetoveraVPNand/oroneormoreproxies. 26.Arethereconcernsabouttheconsequencesofdecryption? Whileitmaybetechnicallypossible,thetimeandeffortrequiredwouldlikelybehighunlessother meansareavailablei.e.knownweaknessesintheencryption,decryptingtrafficwithtrusted certificatesoramaninthemiddleattackormandatedbackdoors.Asthesewouldlikelybeexploited bycriminalsandboredteenagers,orquicklydetectedbysecurityresearchersorlegitimateusers,it wouldntbelongbeforeanyuseableexploitsbecamepublicandwerefixedoralternativesappeared. Moreover,decryptingencrypteddatatogetatcommunicationsdatawouldunderminepointtopoint securityandrenderthingslikeinternetbanking,ecommerceandVPNsuntrustworthy. August2012
45
Dr Paul Bernal
ThedraftCommunicationsDataBillraisessignificantissuesissuesconnectedwithhumanrights, withprivacy,withsecurityandwiththenatureofthesocietyinwhichwewishtolive.Theseissues areraisednotbythedetailofthebillbutbyitsfundamentalapproach.Addressingthemwould,inmy opinion,requiresuchasignificantredraftingofthebillthatthebetterapproachwouldbeto withdrawthebillinitsentiretyandrethinkthewaythatsecurityandsurveillanceontheInternetis addressed. Asnoted,therearemanyissuesbroughtupbythedraftbill:thissubmissiondoesnotintendtodeal withallofthem.Itfocusesprimarilyonthreekeyissues: 1 Thenatureofinternetsurveillance.Inparticular,thatinternetsurveillancemeansmuch morethancommunications,partlybecauseofthenatureofthetechnologyinvolvedand partlybecauseofthemanydifferentwaysinwhichtheinternetisused.Internetsurveillance meansmonitoringnotjustcorrespondencebutsociallife,personallife,finances,healthand muchmore.Gatheringbasicdatacanmakethemostintimate,personalandprivate informationavailableandvulnerable. 2 Thevulnerabilityofbothdataandsystems.Itisafallacytoassumethatdataorsystemscan everbemadetrulysecure.Theevidenceofthepastfewyearssuggestspreciselythe opposite:thosewhoshouldbemostableandtrustedwiththesecurityofdatahaveproved vulnerable.TheapproachofthedraftCommunicationsDataBillessentiallyagatherall thenlooklaterapproachisonethatnotonlyfailstotakeproperaccountofthat vulnerability,butactuallysetsupnewandmoresignificantvulnerabilities,effectively creatingtargetsforhackersandotherswhomightwishtotakeadvantageoformisusedata. 3 Therisksoffunctioncreep.ThekindofsystemsandapproachenvisagedbythedraftBill makesfunctioncreeparealandsignificantrisk.Data,oncegathered,isaresourcethatis almostinevitablytemptingtouseforpurposesotherthanthoseforwhichitsgatheringwas envisaged.Theserisksseemtobeinsufficientlyconsideredbothintheoverallconception andinthedetailoftheBill. Afterlookingattheseissuesfromanoverallperspective,thissubmissionwilladdresssomeofthe questionsspecificallyaskedbytheCommittee. IammakingthissubmissioninmycapacityasLecturerinInformationTechnology,Intellectual PropertyandMediaLawattheUEALawSchool.Iresearchininternetlawandspecialiseininternet privacyfrombothatheoreticalandapracticalperspective.MyPhDthesis,completedattheLSE, lookedintotheimpactthatdeficienciesindataprivacycanhaveonourindividualautonomy,andset outapossiblerightsbasedapproachtointernetprivacy.ThedraftCommunicationsDataBill thereforeliespreciselywithinmyacademicfield.Iwouldbehappytoprovidemoredetailed evidence,eitherwrittenororal,ifthatwouldbeofassistancetothecommittee. 1 TheNatureofinternetSurveillance 1.1 AssetoutinPart1ofthedraftbill,theapproachadoptedisthatallcommunicationsdata shouldbecapturedandmadeavailabletothepoliceandotherrelevantpublicauthorities.The regulatoryregimesetoutinPart2concernsaccessingthedata,notgatheringit:gatheringisintended tobeautomaticanduniversal.CommunicationsdataisdefinedinPart3Clause28verybroadly,via thecategoriesoftrafficdata,usedataandsubscriberdata,eachofwhichisdefinedinsuchaway astoattempttoensurethatallinternetandothercommunicationsactivityiscovered,withthesole exceptionofthecontentofacommunication. 1.2 Theallencompassingnatureofthesedefinitionsisnecessaryifthebroadaimsofthebillare tobesupported:ifthedefinitionsdonotcoveranyparticularformofinternetactivity whether existentorunderdevelopment ,thentheassumptionwouldbethatthosewhothebillwouldintend tocatchwouldusethatform.Thatthecontentofcommunicationsisnotcaptured thoughitis importantinrelationtomoreconventionalformsofcommunicationsuchastelephonecalls,letters andevenemails isoffarlesssignificanceinrelationtointernetactivity,asshallbesetoutbelow.
46
2 CommunicationsDataandtheseparationofcontent 2.1 Asnotedabove,thedefinitionofcommunicationsdataisdeliberatelybroadinthebill.On thesurface,itmightappearthatcommunicationsdatarelatesprimarilytocorrespondence bringingintheECHRArticle8righttorespectforprivacyofcorrespondenceandindeed communicationsliketelephonecalls,emails,textmessages,tweetsandsoforthdofitintothis categorybutinternetbrowsingdatahasamuchbroaderimpact.Apersonsbrowsingcanrevealfar moreintimate,importantandpersonalinformationaboutthemthanmightbeimmediatelyobvious. Itwouldtellwhichwebsitesarevisited,whichlinksarefollowed,whichfilesaredownloadedand alsowhen,andhowlongsitesareperusedandsoforth.Thiskindofdatacanrevealhabits, preferencesandtastesandcanuncover,toareasonableprobabilityreligiouspersuasion,sexual preferences,politicalleaningsetc,evenwithoutwhatmightreasonablybecalledthecontentofany communicationsbeingexaminedthoughwhatconstitutescontentiscontentious. 2.2 ConsideringaGooglesearch,forexample,ifRIPAsrequirementsaretobefollowed,the searchtermwouldbeconsideredcontentbutwouldlinksfollowedasaresultofasearchcountas contentorcommunicationsdata?Whoistherecipientofaclickedlink?Ifthedataistobeofanyuse, itwouldneedtorevealsomethingofthenatureofthesitevisitedandthatwouldmakeitpossibleto reverseengineerbacktosomethingcloseenoughtothesearchtermusedtobeabletogetbackto thecontent.Thecontentofavisitedsitemaybedeterminedjustbyfollowingalinkwithoutany furtherinvasionofprivacy.Whenslightlymorecomplexformsofcommunicationontheinternetare considerede.g.messagingorchattingonsocialnetworkingsitestheseparationbetweencontent andcommunicationsdatabecomesevenlessclear.Inpractice,assystemshavedeveloped,the separationisformanyintentsandpurposesafalseone. 40Theissueofwhetherornotcontentdatais gatheredisoffarlesssignificance:focussingonitisanoldfashionedargument,basedonaworldof penandpaperthatistoagreatextentoneofthepast. 2.3 Whatismore,analyticalmethodsthroughwhichmorepersonalandprivatedatacanbe derivedfrombrowsinghabitshavealreadybeendeveloped,andarecontinuingtoberefinedand extended,mostdirectlybythoseinvolvedinthebehaviouraladvertisingindustry.Significant amountsofmoneyandeffortarebeingspentinthisdirectionbythoseintheinternetindustry:itisa keypartofthebusinessmodelsofGoogle,Facebookandothers.Itisalreadyadvancedbutwecan expecttheprofilingandpredictivecapabilitiestodevelopfurther. 2.4 Whatthismeansisthatbygathering,automaticallyandforallpeople,communicationsdata, wewouldbegatheringthemostpersonalandintimateinformationabouteveryone.When consideringthisBill,thatmustbeclearlyunderstood.Thisisnotaboutgatheringasmallamountof technicaldatathatmighthelpincombatingterrorismorothercrimeitisaboutuniversal surveillanceandprofiling. 3 Thebroadimpactofinternetsurveillance 3.1 Thekindofprofilingdiscussedabovehasaverybroadeffect,onewithahugeimpacton muchmorethanjustanindividualscorrespondence.Itispossibletodetermine toareasonable probability individualsreligionsandphilosophies,theirlanguagesusedandeventheirethnic origins,andthenusethatinformationtomonitorthembothonlineandoffline.When communications andinparticulartheinternet areusedtoorganisemeetings,tocommunicateas groups,toassemblebothofflineandonline,thiscanbecomesignificant.Meetingscanbemonitored orevenpreventedfromoccurring,groupscanbetargetedandsoforth.Oppressiveregimes throughouttheworldhaverecognisedandindeedusedthisabilityrecently,forexample,theformer
40SeeforexampletheworkofDanielSolove,e.g.
Wash.L.Review,vol72,20032004,
ReconstructingElectronicSurveillanceLaw,Geo.
47
regimeinTunisiahackedintobothFacebookandTwittertoattempttomonitortheactivitiesof potentialrebels. 3.2 Itisofcoursethiskindofprofilingthatcanmakeinternetmonitoringpotentiallyusefulin counterterrorismbutmakingituniversalratherthantargetedwillimpactdirectlyontherightsof theinnocent,rightsthat,accordingtotheprinciplesofhumanrights,deserveprotection.Intheterms setoutintheEuropeanConventiononHumanRights,thereisapotentialimpactonArticle8 rightto privateandfamilylife,homeandcorrespondence ,Article9 Freedomofthought,conscienceand religion ,Article10 Freedomofexpression andArticle11 Freedomofassemblyandassociation . 41 Internetsurveillancecanenablediscrimination contrarytoECHRArticle14 prohibitionof discrimination andevenpotentiallyautomateitawebsitecouldautomaticallyrejectvisitors whoseprofiledoesntmatchkeyfactors,orchangeservicesavailableorpricesbasedonthose profiles. 4 Thevulnerabilityofdata 4.1 Theessentialapproachtakenbythebillistogatheralldata,thentoputcontrolsoveraccess tothatdata.Thatapproachisfundamentallyflawedandappearstobebaseduponfalse assumptions.Mostimportantly,itisafallacytoassumethatdatacaneverbetrulysecurelyheld. Therearemanywaysinwhichdatacanbevulnerable,bothfromatheoreticalperspectiveandin practice.Technologicalweaknessesvulnerabilitytohackersetcmaybethemostnewsworthyin atimewhenhackergroupslikeanonymoushavebeengatheringpublicity,buttheyarefarfromthe mostsignificant.Humanerror,humanmalice,collusionandcorruption,andcommercialpressures bothtoreducecostsandtomonetisedata maybemoresignificantandthewaysthatallthese vulnerabilitiescancombinemakestheriskevenmoresignificant. 4.2 Inpractice,thosegroups,companiesandindividualsthatmightbemostexpectedtobeable tolookafterpersonaldatahavebeensubjecttosignificantdatalosses.TheHMRClossofchildbenefit datadiscs,theMODlossesofarmedforcespersonnelandpensiondataandthenumerousand seeminglyregulardatalossesintheNHShighlightproblemswithinthosepartsofthepublicsector whichholdthemostsensitivepersonaldata.Swissbankslossesofaccountdatatohacksanddata theftdemonstratethateventhosewiththehighestreputationandneedforsecrecyaswellasthe greatestfinancialresourcesarevulnerabletohumanintervention.ThehighprofilehacksofSonys onlinegamingsystemsshowthateventhosethathaveaccesstothehighestleveloftechnological expertisecanhavetheirsecuritybreached.Thesearejustafewexamples,andwhilstineachcase differentissueslaybehindthebreachtheunderlyingissueisthesame:wheredataexists,itis vulnerable. 42 4.3 DesigningandbuildingsystemstoimplementlegislationliketheBillexacerbatesthe problem.Thebillisnotprescriptiveastothemethodsthatwouldbeusedtogatherandstorethe data,butwhatevermethodisusedwouldpresentatargetforpotentialhackersandothers:where therearedatastores,theycanbehacked,wherethereareblackboxestofeedrealtimedatatothe authorities,thoseblackboxescanbecompromisedandthefeedsintercepted.Concentratingdatain thiswayincreasesvulnerabilityandcreatingwhatarecolloquiallyknownasbackdoorsfor trustedpublicauthoritiestousecanalsoallowthosewhoarenottrustedofwhateverkindtofind arouteofaccess. 4.4 Onceothershaveaccesstodataortodatamonitoringtherightsofthosebeingmonitored areevenfurthercompromised,particularlygiventhenatureoftheinternet.Information,once released,cananddoesspreadwithoutcontrol.
41ForamoredetailedanalysisofthehumanrightsimpactoftheBill,seemycontributiontothe
UK ConstitutionalLawGroupBlog,athttp://ukconstitutionallaw.org/2012/07/11/paulbernalthe
draftcommunicationsbillandtheechr/
42Fordetailsoftheindividualdatalossesdiscussedhere,seeChapter5,Section2,of
Dodeficiencies indataprivacythreatenourautonomyandifso,caninformationalprivacyrightsmeetthis threat,availableonlineathttp://etheses.lse.ac.uk/321/
48
5 FunctionCreep 5.1 Perhapsevenmoreimportantthanthevulnerabilitiesdiscussedaboveistheriskoffunction creepthatwhenasystemisbuiltforonepurpose,thatpurposewillshiftandgrow,beyondthe originalintentionofthedesignersandcommissionersofthesystem.Itisafamiliarpattern, particularlyinrelationtolegislationandtechnologyintendedtodealwithseriouscrime,terrorism andsoforth.CCTVcamerasthatarebuilttopreventcrimearethenusedtodealwithdogfoulingorto checkwhetherchildrenliveinthecatchmentareaforaparticularschool.Legislationdesignedto counterterrorismhasbeenusedtodealwithpeoplesuchasantiarmstradeprotestorsandevento stoptrainspottersphotographingtrains. 5.2 InrelationtotheCommunicationsDataBillthisisaverysignificantriskifauniversal surveillanceinfrastructureisputintoplace,thewaysthatitcouldbeinappropriatelyusedarevast andmultifaceted.Whatisbuilttodealwithterrorism,childpornographyandorganisedcrimemight creeptowardslessseriouscrimes,thenantisocialbehaviour,thentheorganisationofprotestsand soforth.Furthertothat,therearemanycommerciallobbiesthatmightpushforaccesstothis surveillancedatathoseattemptingtocombatbreachesofcopyright,forexample,wouldliketo monitorforsuspectedexamplesofpiracy.Ineachindividualcase,theusemightseemreasonable butthefunctionoftheoriginalsurveillance,thejustificationforitsinitialimposition,andthebalance betweenbenefitsandrisks,canbelost.Aninvasionofprivacydeemedproportionateforthe preventionofterrorismmightwellbewhollydisproportionateforthepreventionofcopyright infringement,forexample. 5.3 Therisksassociatedwithfunctioncreepinrelationtothesurveillancesystemsenvisagedin theBillhaveanumberofdifferentdimensions.Therecanbecreepintermsofthetypesofdata gathered:asnotedabove,thesplitbetweencommunicationsdataandcontentisalreadyonethatis contentious,andastimeandusagedevelopsislikelytobecomemoreso,makingtherestrictionsasto whatiscontentlikelytoshrink.Therecanbecreepintermsoftheusestowhichthedatacanbeput: fromthepreventionofterrorismdownwards.Therecanbecreepintermsoftheauthoritiesableto accessandusethedata:fromthoseengagedinthepreventionofthemostseriouscrimetolocal authoritiesandothers.Allthesedifferentdimensionsrepresentimportantrisks:allhavehappenedin therecentpasttolegislation e.g.RIPA andsystems e.g.theLondonCongestionchargeCCTV system . 5.4 Preventionoffunctioncreepthroughlegislationisinherentlydifficult.Thoughitisimportant tobeappropriatelyprescriptiveanddefinitiveintermsofthefunctionsofthelegislation andany systemsputinplacetobringthelegislationintoaction ,functioncreepcananddoesoccurthrough thedevelopmentofdifferentinterpretationsoflegislation,amendmentstolegislationandsoforth. Theonlyrealwaytoguardagainstfunctioncreepisnottobuildthesystemsinthefirstplace:akey reasontorejectthisproposedlegislationinitsentiretyratherthantolookforwaystorefineor restrictit. ResponsestospecificquestionsraisedbytheCommittee 6 1 TheHomeOfficehasmadeitreasonablyclearwhatithopestoachievethroughthedraftBill, butasnotedabovetheeffectoftheBillcouldbeverydifferentfromtheaims.Thenatureof internetsurveillancemeansthatratherthanbeinganupdatingormodernisationofexisting lawregardingtheinterceptionofcommunications,thisissomethingonawhollydifferent scale:aformoftotalsurveillance,impactinguponvastlymoreaspectsofpeopleslivesthan justtheircommunications. 2 TheGovernmenthasnotmadeaconvincingcasefortheneedforthenewpowers:tojustify thevastlyhigherlevelofsurveillance,compellingevidenceneedstobepresentedthatnot onlyisthethreatlevelhighenoughbutthepowerseffectiveenoughtomakethecase. Neitherpointseemstohavebeensatisfied. 3 Asdiscussedinsections13above,theproposalsinthedraftBillrepresentahugeintrusion intoindividualsprivacy:oneaboveandbeyondanythinginthecurrentlandscape.
49
4 5
6 7 8 9 10
11
12
13
14
15 16
17 18 19
ThepowersenvisagedintheBillwouldputtheUKamongstthemostprivacyintrusiveinthe world.Ingeneral,onlypolicestatesandotherdespoticregimeshavesimilarpowers. Thefirstandmostobviousalternativeissimplynottobringinthislegislation.Ifanything, theUKshouldbelookingtoreducethelevelofprivacyintrusionontheinternet:tightening therestrictionsinRIPAandlookingtowardsarepealoftheDataRetentionDirective andthe correspondingUKlaw .PeterHustinx,theEuropeanDataProtectionSupervisor,calledthe DataRetentionDirectivethemostprivacyinvasiveinstrumenteveradoptedbytheEUin termsofscaleandthenumberofpeopleitaffectsthatcriticismshouldbetakenmuchmore seriously,andtheUKcouldplayakeyroleinthisregard.Weshouldbeleadingtheworldin respectforhumanrights:notinourlevelofprivacyintrusionandsurveillance. See5above.Oneoverarchingpieceoflegislationwouldbepreferable,butitshouldbeone basedonrespectforhumanrightsratherthanonuniversalsurveillance. Thiskindoflegislationshouldnotbesubjecttoanykindofquidproquo.Thereisnothingin thefieldthatcomparestointernetsurveillance. Nocomment. See10below Thisfigure,andthefigureinquestion9aboveishighlyspeculativetheassumptionsmade andtheirreliabilityshouldbetreatedwithagreatdealofscepticism.Iwouldreferthe committeetotheanalysisbyProfessorPeterSommerinhissubmissiontothecommittee:I fullyendorseProfessorSommersanalysis. Asnotedinsection2above,thewholeideathatcommunicationsdataandcontentcanbe effectivelyseparatediseffectivelyfallacious,anditishardtoseehowthedefinitionof communicationdatacanbemeaningfulinthefuture,astechnologiesandtheirusesdevelop. Inpractice,thescopeofsystemscreatedtoeffectthislegislationislikelytoencompass almostalldatausednotonlyincommunicationsbutintheuseoftheinternet. Thosepublicauthoritiesabletoaccesscommunicationsdatashouldberestrictedtoan absoluteminimum,anditshouldnotbepossiblefortheSecretaryofStatetovarythislistby order.GrantingsuchapowertotheSecretaryofStatewouldbetantamounttobuilding functioncreepintothelegislation seesection5above :extensionstopowersshouldrequire Parliamentaryscrutiny. Fromapracticalperspective,theseplansarelikelytobesupremelyineffective,andtheresult islikelytobemorepressureonUKISPstoprovidemoredata:ifGoogle forexample arent likelytocomplywithregulations,theISPsthroughwhichpeopleintheUKaccessGoogle wouldbeexpectedtointerceptandgatheralltraffictoGooglesites,extendingthedefinition ofcommunicationsdataappropriately.Again,thisbringsinaformoffunctioncreep. ThedefinitionsinClause9 6 arecurrentlysobroadthatitcouldbepossibletofitalmost anyactivitywithinthescopeoftheact.Forexample,theclausesuggests 9 6 c detecting crimeorpreventingdisorder,withoutanyclarificationastotheseriousnessofthecrimeor disorderthatwouldallowaccesstobegranted.Othertermsareevenmorecontentious: Clause9 6 d couldbeusedtojustifyaccesstoinvestigatecopyrightinfringement,for example.Thoughtheseare,asnotedintheexplanatorynotestothebill,thesametermsas usedinsection22 2 ofRIPA,thatshouldnotbeusedasareasontoaccepttheterms:rather, asarealisationthatsection22 2 ofRIPAistoobroadlycouched.Itisimportantto understandtheimpactofthebreadthofthesetermsincombinationwiththeuniversalityof surveillanceasdiscussedinsections13ofthissubmission.Effectively,whatisbeingput forwardbythisbillisuniversalinternetsurveillanceforalmostanypurposethatthe authoritiesrequire. Nocomment. Thissystemseemsunsatisfactory.Theideaofwarrantlessaccessisinitselfhighly questionableandopentoabuse,butifitmustbeintroducedthereshouldbeprecise definitionsthelevelofseniorityshouldbesetextremelyhighandtheprocessesusedmust betransparent,recorded,andfullyaccountable. Awarrantsystemwouldbemuchmoreappropriatebut,asnotedthroughoutthis submission,thesafeguards,andinparticularanywarrants,shouldberequiredtogatherthe data,nottoaccessthedatathathasalreadybeengathered. Nocomment. Arrangementsforparliamentaryoversightarenotsatisfactory.Asnotedinresponsetoq12 above,theSecretaryofStateshouldnothavethepowertovarythelistofauthoritieswithout
50
20 21 22 23 24
25
26 7 Conclusions 7.1 ThepremiseoftheCommunicationsDataBillisfundamentallyflawed.Byitsverydesign, innocentpeoplesdatawillbegathered andhencebecomevulnerable andtheiractivitieswillbe monitored.Universaldatagatheringormonitoringisalmostcertaintobedisproportionateatbest, highlycounterproductiveatworst. 7.2 ThisBillisnotjustamodernisationofexistingpowers,norawayforthepolicetocatchup. Itissomethingonawhollydifferentscale.Weascitizensarebeingaskedtoputahugetrustinthe authoritiesnottomisusethekindofpowersmadepossiblebythisBill.Trustisofcourseimportant butwhatcharacterisesaliberaldemocracyisnottrustofauthoritiesbuttheiraccountability,the existenceofchecksandbalances,andthelimitationoftheirpowerstointerferewithindividuals lives.Thisbill,ascurrentlyenvisaged,doesnotprovidethataccountabilityanddoesnotsufficiently limitthosepowers:preciselythereverse. 7.3 Evenwithoutconsideringtheissuesdiscussedabove,thereisapotentiallyevenbiggerflaw withthebill:itappearsveryunlikelytobeeffective.Thepeoplethatitmightwishtocatcharethe leastlikelytobecaughtthoseexpertwiththetechnologywillbeabletofindwaysaroundthe surveillance,orwaystopiggybackonotherpeoplesconnectionsanddrawmoreinnocentpeople intothenet.AsDavidDavisMPputit,onlytheincompetentandtheinnocentwillgetcaught. 7.4 Theentireprojectneedsathoroughrethink.Warrants orsimilarprocesses shouldbeput inplacebeforethegatheringofthedataorthemonitoringoftheactivity,notbeforetheaccessingof datathathasalreadybeengathered,ortheviewingofafeedthatisalreadyinplace.Amore intelligent,targetedratherthanuniversalapproachshouldbedeveloped.Noevidencehasbeenmade publictosupportthesuggestionthatauniversalapproachlikethiswouldbeeffectiveitshouldnot besufficienttojustsuggestthatitisneededwithoutthatevidence,nortoprovideprivateevidence thatcannotatleastqualitativelyberevealedtothepublic. 7.5 Thatbringsabiggerquestionintothespotlight,onethattheCommitteemightthinkisthe mostimportantofall:whatkindofasocietydowewanttobuildonewhereeveryonesmost intimateactivitiesaremonitoredatalltimesjustincasetheymightbedoingsomethingwrong?That, ultimately,iswhatthedraftCommunicationsDataBillwouldbuild.Theproposalsruncounterto someofthebasicprinciplesofaliberal,democraticsocietyasocietywherethereshouldbea presumptionofinnocenceratherthanofsuspicion,andwhereprivacyisthenormratherthanthe exception.IsthatwhattheCommitteewouldreallyliketosupport?
Parliamentaryoversight.Moreover,billslikethese,envisagingcompromisesinindividuals privacyandhumanrights,wouldbebetterwithsunsetclausesrequiringfullparliamentary scrutinyatregularintervalsandvotesinordertorenewthepowers. Nocomment. Penaltiesshouldbehigher,andfailuretoadheretotheCodeofPracticeshouldamounttoan offence.However,thekeypointshouldbethatfewerpublicauthoritiesshouldhaveaccessto thedata,sothatoffencesofthiskindshouldbelesslikelytooccur. Quitesimplyno!Seesection2ofthissubmission. Thefailuretounderstandthefundamentalvulnerabilityofdataandsystemsisoneofthe biggestproblemswiththeconceptofthisBill.Data,howeveritisstored,isvulnerable.See section4ofthissubmission Thefilteringarrangementsarereasonablyclear,probablytechnicallyfeasible,butlikelytobe inappropriateanddisproportionate.Theyamounttothecreationofasearchengineofthe entiredatabaseandasnotedabove,thatdatabaseeffectivelycoverstheentiretyofpeoples internetactivity.ThisisthecruxoftheBill. AsDavidDavisMPnoted,onlytheincompetentandtheinnocentwillgetcaughtbythisbill. Therealvillainswillbeabletofindwaystocircumventthiskindofdatagathering.See Conclusionsbelow. Nocomment.
51
August2012
52
Big Brother Watch

General: Firstly,wewouldbeginbyreaffirmingourviewthattheoperationandoversightoftheRegulationof InvestigatoryPowersActisdeeplyflawed,andtoaddfurtherlegislationthatisbaseduponthisAct withoutfirstundertakingacomprehensivereviewofRIPAisnegligenttothepointofrecklessness. TheBillissobroadlydrafteditischallengingtodeduceexactlywhattheHomeOfficeisproposingor howitwillwork.Part1andthenumerousdelegatedpowersmakedetailedscrutinyextremely challenging. ThisBillendsthepresumptionofinnocenceasweknowit.Itrepresentsashiftoftargeted surveillanceofthoseundersuspicionofeitherhavingcommittedorintheprocessofcommittingan offencetosurveillanceoftheentirepopulousjustincasesomeofthemeventuallycommitcrimes. TheremarksoftheMetropolitanPoliceCommissionerBernardHoganHowe,thatthesepowersare toenablethepolicetoeliminatetheinnocent,summatesneatlythecriticalreversalofreasonable suspicionnolongerbeingrequiredtomonitorsomeonescommunications. TheHomeOfficehasfailedtomakeanycaseaboutwhyBritainshouldbethefirstdemocraticstateto implementthiskindofpolicy.NorhastheHomeOfficerespondedtothelegitimateconcernthatthis policyaddslegitimacyofthesurveillancepursuedinChinaorIran,whichBritishforeignpolicyhas soughttopreventinothercountries. IwouldalsodrawthecommitteesattentiontoacounterterrorismwhistleblowerwhotoldtheIrish PostthatthethreatofanIrishdissidentattackontheLondonOlympicswasdeliberatelyoverstated bytheGovernmentandsecurityservices.Hetoldthenewspaper Thereisnobasiswhatsoevertosupportthattheory.Itappearstobeapropagandaexercisebythe securityservices. Inacivilsocietythischangeisafundamentalonethatcannotbeunderstated.Indeed,itis questionablewhetherasocietythatintroducedsuchindiscriminateandwidespreadmonitoring couldbedescribedascivil.TheBillmakessurveillancethenormandindividualprivacytheexception. Withrespecttothewiderlandscapeonintrusionofprivacywewouldsubmitthatthisisonapar withnootherexistingpieceoflegislation,indeeditrunscontrarytomuchoftheconsumerprotection onprivacythatBigBrotherWatchhascampaignedforandsupported.Forexample,wehave campaignedforawiderdefinitionofpersonalinformationtoensurethatnonpersonalidentifiers areincludedandthereforerequireconsenttobesoughtbeforedatalikeIPaddressescanberecorded andprocessed. TheHomeOfficehasalsofailedtoofferanyrealevidenceofhowthecurrentpowersarelacking.For example,theGermanFederalCriminalPoliceOfficementions381criminalcasesinwhichlaw enforcementagencieswerehamperedbyalackoftelecommunicationsconnectiondatacompared tothemorethan6millioncriminaloffencescommittedeveryyearinGermanythisrepresentsa marginalshareof0.01percent.Furthermore,onlytwoofthese381caseshadalinktoterrorism, despiterepeatedclaimsthatterrorismisonereasonforretainingtelecommunicationsdata.The HomeOfficehasnotbeenabletoofferanysubstantialstatisticalorcomprehensiveassessmentofthe currentregime. ItalsomarksanequallysignificantchangeofaskingCSPstomonitoruseofthirdpartysystems.How thiswillworkinlightofmodernencryptionhasnotbeenaddressedinanysubstantiveway,norhas thewiderquestionofCSPsessentiallybecomingprivatesurveillanceoperations.Themarket responsewillbefordeliberatelyprivatebydesignCSPstoemerge,ormeansofcommunicatingthat defeattheCSPmonitoringarrangements. Thesetechnologiesarealreadybeinglaunchedanddevelopedtoaddresslegitimatesecurityand privacyrisks,andtheHomeOfficehaswhollyfailedtodealwiththisissue.Forexample,various browsersarenowdesignedtoaltertheusertocompromisedCertificatingAuthoritiesandhave recentlystartedalertinguserswhoaretargetsofstatesurveillanceviamaninthemiddleattacks.
53
Thereisaclearriskthatthethirdpartyservicesusedwillincorporatesomeofthesetechnologies, andatthesametimedriveconsumerstoalternativeCSPs.Astechnologyimproves,theriskisthatthe Billleadstoanevengreaterdiminishmentofcapabilitybyexacerbatingcurrentlyweakdemandfor theseservices. Particularlyforsensitiveandhighvaluebusinesses,theymaywellmakecorporatedecisionsto relocatetoterritoriesthataremovingtoenhanceprivacyprotection,forexampleGermany. SomeaspectsoftheHomeOfficespresentationoftheBillhavebeenmisleadingatbest.Theshiftto mobile,webbasedcommunicationisrevolutionarytransitionfromfixedcommunications.To describetheproposalsintheDraftCommunicationsDataBillasmaintaininganexistingcapabilityis whollydisingenuous.Monitoringtheuseofmobilecommunications inparticularlocationdata and theuseofemailandwebbrowsersisnotmaintaininganexistingcapabilitybutdevelopingawholly newone. Thispointisparticularlyrelevanttopostalservices,whichcancertainlynotbedescribedaseither newortechnologyrelated,butareincludedinthescopeoftheBill. Fromcommunicationsdataitispossibletodeduceasignificantdegreeofsomeonespersonality, habitsandconditionwhethervisitingaplaceofworship locationdataeverySundayat10am,for example oraccessinglegaladvice divorcelawfirm orsupport SamaritansviaemailorAlcoholics anonymouswebsite .Noneofthisispossibleundertheexistingcapability. TheHomeOfficehasalsosoughttojustifythelegislationasbeingatooltofightpaedophilesand terrorists.YettheimpactassessmentfortheBillrecognisesHMRCarethemainfinancialbeneficiary, whileaconsultationonwhichpublicauthoritiesshouldbegivenaccessbeyondthoseorganisations namedintheBillisalreadyunderway. ThisechoestheearlystagesoftheRegulationofInvestigatoryPowersAct,whichwassimilarly proposedforonlyafewagenciesandforseriouscrimesbuthassincebeenextendedtocover hundredsofpublicauthoritiesandusedfortrivialmatters,insomecasesforbehaviourthatisnot criminal. TheHomeOfficehasalsosoughttopaintadistinctionbetweenLaboursplansunderIntercept ModernisationandtheCommunicationsDataBillbaseduponthepremisethattheBilldoesnotcreate asingledatabase.Thisiswrongfactuallyandtechnically.ThenHomeSecretaryJacquiSmithwrote inthe2009consultationforeword:thisconsultationexplicitlyrulesouttheoptionofsettingupa singlestoreofinformationforuseinrelationtocommunicationsdata. Itisalsounclearhowthefilteringarrangementswillworkwithoutsomeelementofdata centralisation. Thebroaderpointisthatthedifferencebetweenasingledatabaseandseveralseparatebut connecteddatabasesislargelysemantic. AstheinformationCommissionersresponsetothe2009HomeOfficeconsultationstated,this fundamentallychangestherelationshipbetweentheindividualandthestate Surveillanceinandofitselfdoesaffectbehaviour.AsTheGermanFederalConstitutionalCourt warned:Fearofsurveillanceandthedangerthatwhatonesaysorwritesisbeingrecordedandlater combedthroughbeforebeingtransferredtobefurtherexploitedbyotherauthoritiescaninitself leadtoselfcensorshipandotherformsofreticencetocommunicatewithothersandtothe emergenceofmoreconformistmodesofbehaviour. Withrespecttoothercountries,thecentrallessonistocollectlessdata. InsteadofdivertingasignificantamountofresourcetoaspeculativeITproject,theHomeOffice shouldbeinvestinginbetterforensicscapabilityinpoliceforcestodealwiththedatatheyalready collectfromsuspectsandinthecourseofinvestigations.
54
TheHomeOfficehasrecognisedevenifthisprojectis100%successful,itwillstillleaveacapability gapof15%.Thisiswheretherealthreatliesandthenatureofcommunicationsevolutionmeansthat thisfigurewillcontinuetogrowrapidly,evenwiththisprogramme. Indeed,theHomeOfficehasapproachedtheissuefromthemindsetofsomeonewhobelievesthat theonlythingthatneedstoberesolvedbeforeonecouldboiltheoceanisforalargeenoughpanto bedesigned.Itmissesthewiderandmorefundamentalpointaboutthelimitsofwhatisbeing considered.Thesituationrequiresaseriousrethinkingofsurveillancepowers,investigatory techniquesandnotalazypolicyresponsethathasbeenontheshelfintheHomeOfficeforadecade. The90daydetentionwithoutchargepolicywhenfirstproposedwasorchestratedandsupportedby manyofthesameorganisationsandindividualsthatarenowcallingforthislegislation.The Committeewillrecallthedirewarningsofwhatwouldhappenifthepowerswerenotgranted,and notetheirsimilaritywithmanyoftheargumentsnowbeingdeployed. Indeed,asthe7/7Inquestrecognised,itwasnotalackofinformationthathamperedthat investigationbutfailurestoprocessandactuponexistinginformation. Thiswashighlightedinthe7/7Inquestreport,whichstated:Post7/7enquiriesrevealedthat between22ndFebruaryand15thJune2005therewerefortyonetelephonecontactsbetweenmobile phonesattributedtoTanweer,Khan,andLindsayandhydroponicsoutlets.Itisunlikelythesecould havebeendetectedbysurveillancegiventhelargenumberofuntraceableoperationalphonesused bythebombersandonlyattributedtothemoncetheiridentitiesanddetailswereknown. TheICOsSurveillanceSocietyReport 2006 makesthispointclearly.ItstatesItisfarfromclear thatevennationalsecuritywillbeenhancedthroughthistechnology,andthatitwouldperhapsbe betterservedbyimprovingbordersecurityandconventionalintelligencegathering,underscoredby theAugust2006allegedAtlanticflightterroristplotinvolvingmorethan20Britons.AlthoughtheUS Administrationclaimedthattheoperationshowedtheneedformoreadvancedpassengerdata,the allegedplotwasfoiledbytheuseofinformers,undercoveragentsandtipoffs,anditishardtosee howadvancedIDsystemswouldhaveprovidedanythingmoreeffective. TheDataRetentionRegulationsarecurrentlysubjecttolegalchallengeandwewouldsupportthe argumentthattheexistingregulationsaredisproportionatelyintrusiveandshouldbereviewed. EvidencefromGermanyquestionsthebenefitoncriminalinvestigations.In2008dataretentioncame intoforce,yettheclearancerateforInternetcrimeinGermanydidnotchangesignificantly 2007: 82,9%,2008:79,8% ,norontheaverageclearancerateforallcrime 2007:55,0%,2008:54,8% . ThisBillwouldfundamentallyreversethepremisethatonlythosereasonablysuspectedofcrimes canbeputundersurveillance.Tosuggestthereisalegislativebalancetothistorebalancecivil libertiesunderstatesthegravityofthischange. TherisktobusinessgoesbeyondtheeffectonCSPsasrecognisedbytheVicePresidentofthe UnitedStatesattheUKscybersecurityconferencewhenhesaid:Whenbusinessesconsider investinginacountrywithapoorrecordonInternetfreedom,andtheyknowthattheirwebsite couldbeshutdownsuddenly,theirtransactionsmonitoredtheylllookforopportunities elsewhere. ThereisalsoaclearriskthatthesystemwillhamperinnovationbyCSPs.TheBillmakesprovisionfor theHomeSecretarytospecifyequipmentorsystemstobeused.Thiswillbecomearequirementof operationintheUK,sothefuturearchitectureofCSPswillbedesignedaroundintegrationand operationwiththerequiredequipment.Accordingly,theHomeSecretarysspecifiedequipmentwill becomeaconstraintontheCSPandnetworks,hamperinginnovationandputtingtheUKatan economicdisadvantage. Thisisparticularlycriticalatatimewhen4Gmobilenetworksandfibreopticbroadbandarebeing explored,bothhugelyimportanttoeconomicgrowth.However,thewiderissueisthatunforeseen technologymaybesimplyincompatiblewiththeUKsinfrastructureasaresultoftheHomeOffices
55
requirements.GiventhehistoryofGovernmentITprojectsitisnotcredibletothinkthattheHome Officewillbeabletokeeppacewithtechnologybyfrequentlyupdatingitsspecifiedequipmentand systems,andthismayalsoincursignificantcosts. Thereisalsoaquestionofwhetherthiscreatescompetitionissuesbetweenthoseproviderscovered byanOrderandthosenot.Equallytheabilityoforganisationstoproperlysecurethedatacollected willdependontheirabilitytoinvestinsecurityprovisions,anissuenotexploredintheBillsimpact assessmenteitherintermsofthecosttosuppliersortheimpactondifferentsizeproviders. Costs InlightofthefactthattheHomeOfficehasrefusedtopublishabreakdownofhowthe1.8bnfigure iscalculated,itisfairtosaythatthisprojectbearsallthehallmarksofpreviouslycatastrophic GovernmentITprojectsandthattheestimatedcostisnotrealistic. Indeed,whenaskedaboutthelikelyescalationofcostsinparliament,theMinisterhimselfcouldnot bringhimselftosaythathehadconfidenceinthecostestimates. 9July2012:Column16 Particularlygiventhenatureofthisproject,thereisaclearquestionaboutwhetherthefiltering provisionsarebaseduponclaimsfromsuppliersaboutproductsthatcoulddeliverthisfunctionality. AsthePublicAdministrationCommitteerecognised,Governmentisnotaninformedbuyerof technologyproductsandisheavilybeholdentosuppliersforexpertise.Sadlythisrelationshiphas beenfrequentlyabusedbysuppliers,ofteninnearmonopolisticorcartellikefashion, Theprojectgoesagainstseveraltenetsofprocurementbestpractice,includingtheCabinetOffices ownbenchmarkthatprojectsworthover100mshouldnotproceed.IftheHomeOfficesopennessin thelegislativeprocessisanyindicator,thelikelihoodisthatthiswillproduceaproprietarysolution thatwillnotbeanofftheshelfproduct,requiringongoingmaintenancethatcannotbesourcedfrom anotherprovider.Thislockinisamajordrivingfactorincostescalationinfutureyears. ItisalsoworthnotingthatoneofthecriticalfailuresintheITprocurementlandscapeistheinability ofthepublicsectortoaccuratelydetailthespecificationsoftherequiredsystem.Giventhatthe servicesinvolvedwillbytheirnaturehavetochangeregularly,thischallengeisevenmore pronouncedinthiscaseandthereforethemagnitudeforunforeseenchangerequestcostsmuch greater. ItshouldalsobenotedthattheseproblemsarenotlegacyissuesareportpublishedinJuly2012by theNationalAuditOffice NAO foundthatthedeliveryofa385millionImmigrationCaseWork ICW ITsystemfortheUKBorderAgencyisayearbehindscheduleandexceededitsoriginal2011 12budgetby28million.ThereportwentontosayWefound theITproject hadsufferedfroma lossoffocus,poorgovernancestructuresandoptimismbiasinplanningandreporting. TheHomeOfficehasalsorefusedtopublishabreakdownofthebenefitshavebeencalculated,further suggestingtheywillnotstanduptoscrutiny.Indeed,thehistoryofcriminalassetrecoveryis characterisedbyhugelyoverambitiousestimatesofthefinancialamountsinvolved.TheCommittee willrecalltheAssetRecoveryAgencystrackrecordofnotevenrecoveringenoughtocoveritsown costs. Scope Thedefinitionofcommunicationsserviceproviderissobroadastobealmostmeaningless.AsPaul BernalattheUniversityofEastAnglialawschoolsays,thedraftBillissobroadlywrittenitcould evenbeusedtomonitorcarrierpigeons. Indefiningcommunicationssystems,thephrasesignalsservingfortheactuationorcontrolofany apparatus s28 1 a ii issobroaditcouldincludeatelevisionremotecontrol,awireless thermostatordoorentrysystems. Theinclusionofthedetailsoftheusemadebyanypersonofapostalserviceisextremelybroadand equallyunprecedented.
56
Whichpublicauthoritiesshouldbeabletoaccessthedataisintrinsicallylinkedtothepurposesfor whichdatacanbeaccessed.IfthesupposedgaptheHomeOfficehasreferredtoisathreatto nationalsecurityandpublicsafety,itispuzzlingwhyHMRCarealsoabletoaccesscommunications data. Insofarasexistingcommunicationsdataisheld,itshouldbeforjudicialoversighttojustifyany requestforcommunicationsdataisacceptable.Thissafeguardwouldbefarmoreeffectivethanthe crudestepoftryingtoproducealistoftheorganisationscan/cannotaccessdata. Tobefullyeffectivethiswouldbebaseduponanarrowlydrawnlistofpurposeforwhichdatacould beaccessed. Itshouldabsolutelynotbepermissibleforthelistofeitherpurposesorpublicauthoritiestobe extendedwithoutfullParliamentarydebateandapproval,eitherthroughdelegatedlegislationorby Order. Itisdifficulttoforeseehowoverseasproviderscouldbecompelledtocomply,particularlywhere situationsarisewheretherequirementsoftheBillarecontrarytodomesticlaw,forexampledonot trackstyleprivacyregulation. Equally,whereserviceprovidershaveinternationaloperations,itisnotguaranteedthattheyare awarewhereaserviceuserisoriginatingfrom,thereforedecidingwhethertheyshouldbeloggedor not. UseofCommunicationsData: Thelistofpurposesforwhichcommunicationsdatacouldbeaccessedissobroaditisdifficultto envisageacriminaloffence orindeedacivilone whichwouldnotbecoveredbythescope.From unpaidparkingticketstodogfoulingandroadtrafficoffences,becausethelisthasbeenduplicated fromtheRegulationofInvestigatoryPowersActthesamewelldocumentedissueswithRIPAremain. OurownresearchundertheFreedomofInformationActhasconfirmedthatHumbersidePolice currentlyusecommunicationsdataforcategoriesincludingothernoncrimeandroadtraffic offences. SuppliedinAppendixA TheHomeOfficehasofferednodataontheneedfora12monthretentionperiod,andwhilewe wouldnotacceptthepremisethatdatashouldberetainedtheperiodof12monthsappearstohave littlebasisininvestigatoryneed. Ourownresearchhasfoundthatunderexistingarrangementstherearehugevariationsintheway CommunicationsDataisaccessedbypoliceforces.Forexample,KentPoliceofficersintwoyears made7664requestsfordata,with3237ofthoserejectedinternally.InthesameperiodMerseyside madeapproximately30,000requestswith500rejectedinternally. Safeguards Themainsafeguardinanylegalsystemisthatthepersonwrongedhastheabilitytoseekredress. UnderRIPAandasremainsthecaseunderthisBill,aninnocentpersonwhohadtheir communicationsdatawronglyaccessedwouldnotbeabletoseekredressastheywouldmostlikely neverknowwhathadtakenplace.Withjust10peoplefoundtohavebeenwrongfullysurveyedfrom morethanthreemillionRIPAauthorisations andfiveofthose10themembersofonefamily itis impossibletosaywithanyconfidencethattheCommissioner/Tribunalmodelofoversightisworking orindeedfitforpurpose. Wesupporttheviewthatlawenforcementagenciesshould,likepublicauthorities,requireawarrant toaccesscommunicationsdata.Thecurrentinvestigationsintothescaleofdatabeingpassedfrom lawenforcementagenciestothemediaandotherorganisationsmostnotablytheconstruction industryblacklisthighlightjusthowfarfromrobusttheexistingauthorisationschemeis. Thewiderriskisthatthedatawouldbestolenorsold.Thetypeofdatabeingcollectedwillclearlybe ofcommercialvalue,eitherfrompersonalgainorindustrialespionage.Thecurrentlegalpositionof
57
theGovernmentisthatithasnotenactedthecustodialprovisionforbreachesofSection55ofthe DataProtectionAct.Assuch,thedeterrentfordeliberatelyabusingdatacollectedisextremelyweak. Furthermore,thereisadangerthedatacollectedwouldbemonitoredwithouttheknowledgeofthe CSP.Inthecaseofforeignpowersorindustrialespionage,thiscouldhaveaseriouslydetrimental impactontheUKsnationalinterest. Wewouldquestionwhetherthepowersofthecommissionerswouldallowthem,forexample,to orderatechnicalauditofanyhardwareinstalled,ortoseetheaccesslogsofanysystemtheychoose toinspect.CurrentlytheInformationCommissionerreliesonnegotiatedpermissionwithrespectto privatecompanies,somethingthathasproventobeaserioushindranceintheGoogleStreetView investigation,forexample. ParliamentaryOversight TheseriesofpowersconferredontheHomeSecretarytomakeordersthatwoulddramaticallyalter thescopeoftheBillisadirectcircumventionofParliamentaryoversight. ThefactthattheJointCommitteehasnotyetseenadraftOrder,andthattheMinisterwasunableto saywhenquestionedthatitwouldseesuchadraftorder,highlightshowassurancesofParliamentary oversightarenotreassuring. Enforcement: Aspreviouslyhighlighted,thefactthatthereisnotacustodialpunishmentavailabletothecourtsin theeventofsomeonedeliberatelyaccessingdatatheyarenotentitledtoaccessisacriticalfailingin theenforcementprocess. ItshouldabsolutelybeanoffencetofailtocomplywiththeCodeofPractice. Enforcementshouldnotonlypursuethepublicauthorityresponsible,butalsotheSeniorAuthorised Officerresponsiblefortherequest. ThequestionofwhetherCSPscouldbeprosecutedorchallengedforcomplyingwiththeBillinother jurisdictionshasnotbeenaddressed. Technical Thetechnologyexistswherecommunicationstakeplaceentirelyintheopen,howeveritisfarfrom clearifthereisasuitablytechnologicalsolutionwherepartsorallofthecommunicationare encrypted,reroutedordeliberatelydisguisedinotherways.Theneedtoinspectthecontentof communicationstoassessthiswouldappeartobeprohibitedbytheBill,soevenifsuitable technologydidexistitisunclearifitsusewouldbelegal. Itisalegitimateconcernthatthetechnologyitselfwouldbeatargetforeitherattackorsurveillance, inparticulartoorganisedcrimeorforeignpowers.TheGreekVodafoneepisodecallsintoquestion howcapableCSPsareofsecuringlawenforcementaccessmechanismsagainstadeliberateand sophisticatedattack. Measurescanbetakentomitigatetheriskofloss,abuseorwrongfuldisclosurebutitisimpossibleto saywithoutqualificationthatthedatacanbestoredsecurely.Theonlyabsoluteprotectionisforthe datatonotbecollectedinthefirstplace. Itisimportanttonotethatthenormalcommercialincentivestomaintaindatasecuritydonotapply todatawheretheCSPdoesnotwanttostorethedata.Indeed,itmaybeaperverseincentiveto weakenprotectionoratleastfailtoputinplaceadequateprotectiontosupporttheargumentthat theCSPdoesnotwishtoberesponsibleforthiskindofsurveillance. Theproposalsforthefilteringagreementsaresoopaqueitisalmostimpossibletocritiquethem.The detailofthefilteringisentirelyabsentfromtheBill,andassurancesofprivacyprotectionseemto deliberatelyignorethewiderprocessingundertakenbythefilters. TheBilldoesnotexplicitlyforbidorrequirethatitistechnicallyimpossibletoundertakesearches basedonaparticularprofile,orthatonlyoneitemofmetadatacanbeadded.Forexample,detailing alltheidentitiesofmobilephonesinaparticulargeographicalareaatacertaintime,ortheidentityof
58
everypersonwhohasvisitedaspecificwebsite.Thisfishingtripstylepolicingistheveryhallmark oftheBillandatotalreversalofproveninvestigativemethods. GiventheHomeOfficeacceptstheBillwillstillleaveacapabilitygapof15% andthatisassumingthe Billis100%successful,atallordergiventhehistoryofGovernmentITprojects itisclearthat individualsandorganisationswillbeabletocircumventtheBill. Thefactthattechnologiescurrentlyinusetoprotectintellectualproperty,corporateinterests,enable secureremoteworkingandsupportsecureconsumertransactionswillinvariouswayscircumvent theprovisionsofthisBillillustratesthemagnitudeofthetechnicalchallenge. TheBillisinevitablybasedontodayslandscape,atatimewhenthedirectionoftravelforconsumers andorganisationsismovingtowardsmoresecurity,moreencryptionandmoreprivacy. Itisalsounclearhowtheproposalswillenabletheidentificationofcommunicationsofpeopleinthe sameopenonlinespaceforexampleacomputergamewithanonlineplayfunctionwhere hundredsofpeoplemaybeinvolvedinthesamegameasthereisnodirectpersontoperson communication. ThereareofcourselesstechnicalmeansofcircumventingtheBill,frommeetinginpersontothekind ofcheap,disposableSIMcardsacknowledgedinthe7/7inquest. Encryptionisthebasisofinternetsecurity.Anysuccessindecryptionifpossiblewithoutacomplicit thirdparty forexampleacertificatingauthority willleadtogreatereffortstoencryptcontentand moreadvancedformsofencryption.Itwillalsoundermineconsumerprotectionwhenusingonline servicesandmakeBritishbusinessesandcriticalnationalinfrastructurevulnerabletomalicious intent.Thisisawhollycounterproductiveoutcomewhichhighlightstheabsurdityofthislegislation. August2012
59
Caspar Bowden
CasparBowdenisanindependentadvocateforinformationprivacyrights.Hewasanexpertadviser toOppositionpartiesintheHouseofLordsforfivebills 43,andauthorofthefirstpaperon communicationsdataretention 44andthemostcomprehensiveonlineresourceonRIPA 45.From 20022011hewasChiefPrivacyAdvisertoMicrosoftin40countries,andfrom19982002was DirectoroftheFoundationforInformationPolicyResearch www.fipr.org .HeisaspecialistinData Protectionpolicy,EUandUSsurveillancelaw,privacyresearchincomputerscience,andafellowof theBritishComputerSociety.Headvisesseveralcivilsocietyassociations,andsitsasanindependent expertontheEUCommitteeforimplementingtheDataRetentionDirective 46.Theopinionsinthis submissionaretheauthor'sownanddonotrepresentanyorganization. SummaryandRecommendations
TheDataRetentionDirectiveiswithoutdoubtthemostprivacyinvasiveinstrumenteveradopted bytheEUintermsofscaleandthenumberofpeopleitaffects"PeterHustinx 47,EuropeanData

ProtectionSupervisor TheCommunicationsDataBill 48isthemostdangerouslongtermthreattoafreesocietyever proposedbyademocraticgovernment,andshouldberejectedinitsentirety.Thisresponseislengthy toprovidehistoricalandpolicycontexttotheJointCommittee 49integratingknowledgefromseveral disciplines. OvertwodecadestheUKhasbeeninthevanguard 50ofacoregroupoffiveEuropeancountries 51 seekingsystematicInternetsurveillance.Ablanketretentionregimegiveslawenforcementan InternetTardistogobackintimeandfindoutretrospectivelywhatanyonewasthinkingabout, whotheyweretalkingto,andwheretheywere.Apreservationregimeisopposedbysecurity bureaucraciesbecausetheywouldbeobligedtoseekauthorizationcasebycase andtheymightbe heldtoaccountforthosedecisionsretrospectively . Noofficialschemeforpreservationhaseverbeenpublished.Theauthorhasconsistentlyadvocated fordatapreservationastheonlyviablealternativepolicytoretention,andthefollowingsummary proposalsdevelopapositionfirstoutlinedelevenyearsago,whichrespectshumanrights,with proportionateandeffectivemeansforlawenforcement: Quickresponsepreservationonpersonswhohavebeenidentifiedasfacingarealand immediateseriousthreat,anddesignatedvulnerablegroups. Convictsofspecifiedcrimesreleasedonlicensemustregistertheirmeansofelectronic communicationfordatapreservationduringaprescribedperiod.
43 RIPA2000,H&SCA2001,ATCSA2001,IDCardsActs2005/6 44 CCTVforInsideYourHead:BlanketTrafficDataRetentionandtheEmergencyAntiTerrorism Legislation,CasparBowden,ComputerandTelecommunicationsLawReview2002 http://scholarship.law.duke.edu/dltr/vol1/iss1/47/ 45 InformationCentrefortheRegulationofInvestigatoryPowersAct www.fipr.org/rip/ 46 PlatformforElectronicDataRetentionfortheInvestigation,DetectionandProsecutionofSerious Crime http://ec.europa.eu/transparency/regexpert/detailGroup.cfm?groupID 2230 47 http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Pu blications/Speeches/2010/101203_Data_retention_speech_PH_EN.pdf 48 DraftCommunicationsDataBill14thJune2012http://www.official documents.gov.uk/document/cm83/8359/8359.pdf 49 http://www.parliament.uk/business/committees/committeesaz/jointselect/draft communicationsbill/ 50 DuncanCampbell28.06.1999,BritainSneaks"Enfopol"PlanIntoAction, http://www.heise.de/tp/artikel/2/2989/1.htmlalso http://www.heise.de/tp/artikel/6/6398/1.html 51 UK,Germany,France,theNetherlands,Sweden
60
Casebycasejudicialauthorizationforpreservation,targetedatthosereasonablybelievedto beengagedincriminalactivities withemergencyprocedures .Similarreformsshouldbe madeforpriorjudicialapprovalofinterceptionwarrants.Targetsshouldbenotified afterwardsofpreservationand/orinterceptionwheresuspicionsproveunfounded unless therearecompellingreasonsnottodoso . Acentreforanalysisofpreserveddata,intendedtoinvestigatelinksbetweencriminal groups,andgeneratenewtargetsforpreservation subjecttojudicialauthorization ReplacethecurrentthreeCommissionerswithaunifiedSurveillanceCommission,reporting toParliament,withmultiskilledinvestigatorsincludinghumanrightsandcomputerexperts, crediblyabletodetectanddeterabuse,corruption,andinsiderattacks. Afixedceilingonthenumberofinterceptionwarrants,andalargerceilingfortargetsof communicationsdatapreservation,whichcouldonlybealteredbyParliament.
Thedichotomyofdataretentionversusdatapreservation
BraveNewWorld1932,AldousHuxley andbiographerofPreJoseph,Richelieu'seminencegris
Therewassomethingcalledliberalism.Parliament,ifyouknowwhatthatwas,passedalawagainst it.Therecordssurvive.Speechesaboutlibertyofthesubject.
Thepolicychoicebetweendataretentionandpreservationisasharpdichotomy.Eitherdataexistsor itdoesn't.Themainobjectionsofprincipletomandatorysystematicretentionofcommunications dataare: atimemachinetoscrutinizeeveryone'spastbehaviourwithoutpriorreasonistyrannical Internetandmobileusagepatternsrevealsensitivedataaboute.g.politicsandintimatelife masssurveillanceofeveryonlinesocialrelationshipisincompatiblewithafreesociety locationdatahasspecialprivacyrisksbecauseitcaneasilybecorrelatedwithotherdata claimsthatitisnecessaryjusttomaintainpolicecapabilitiesdon'tstanduptoscrutiny communicationsdatamaybeequally ormore intrusivethaninterceptionofcontent mostcriminalscouldbecaughtbytargeteddatapreservationratherthanblanketretention dataretentionhasonlyhappenedthroughrushedlegislationinresponsetoshockingevents ifretentionofcommunicationsdataisjustifiable,whynoteveryotherkindofdataalso? Proponentsofdataretentionoftensaytheycannotunderstandthereasonsofobjectors.Theysaythat thedatawillonlybeaccessedwithproperauthoritywhenjustifiable;obviouslycircumstancesexist inwhichnoamountofforesightcanguaranteethatusefuldatawillhavebeenpreserved.UKpublic opinionhasneverregisteredstrongobjections unlikee.g.Germanywhichhasseenprotestsin40 cities 52 ,andthepoliceinsistthedataisvital.Sowhyobject? Theessentialreasonisthatalthoughpublicopiniondoesnotseemtodayanymoreconcernedabout theintensificationofsurveillancecapabilitiesusingtrafficanalysis,datamining,socialnetwork analysis,thatisaveryshorttermview.Ubiquitouspersonalcommunicationtechnologiesarehereto stay,andbecauseofexponentiallyfallingdatastoragecosts,inthelongruntwocontrastingstatesof societycanbeenvisaged.Subjecttoexceptions,thedefaultmustbeeitherthatindividualsdetermine whetherandwhentheirhistoryisrecorded,ordatawillexistabouteveryoneallthetime.Atsome pointinthefuture,mostpeoplewillunderstandtherealityofdataveillance 53andthelossof associatedfreedoms.UKpolicyisbasedontheideathatsolongasthisdoesn'thappenthereisno chillingeffect,noproblemfordemocracy. AnotherargumentoftenheardfromgovernmentisGoogle/Tescoenvywhataboutthemountains ofdata moreorless lawfullyaccumulatedintheprivatesector?Whyshouldthestatenotalso collectBigDataanduseforsociallybeneficialpurposes?Theweightofdisinterestedopinion amongstinformationprivacyandsecurityexpertsisclear.Indiscriminateaccumulationofpersonal
52 http://www.vorratsdatenspeicherung.de/content/view/161/79/lang,en/ 53 http://www.rogerclarke.com/DV/
61
dataisstoringuptroubleandthevauntedbenefitsofBigDataoftenamounttoexploitationwithout compensation,whichwilllikelyhavesociallyregressive 54outcomes.Intensecommerciallobbyingis alreadyunderwaytodeflectanddiluteregulationwhichcouldpreventtheseharms. Newcomputerscienceresearchshowshowprivacyengineering 55canmaintaintheautonomyand discretionwedependontoexplorenewsocialandpersonalexperiences,seekmedicaltreatmentand spiritualadvice,andenablejournaliststoresearchconfidentiallywhatitwouldbeimpolitictoreport withattribution.Howeverdataretentionandtheslowpaceoflegalreformisrapidlydemolishing mosttraditionalpossibilitiesforsuchprivilegedprofessionalandpoliticalprivacy.EvenintheUS, withtheConstitutionalprimacygiventofreedomofexpressionandindemnitiestothepress 56
ReportersCommitteeforFreedomofthePress,anadvocacygroup,saidtheeffectofthe currentinvestigationcomesontopofagrowingawarenessbyjournalistsinthelasttwo yearsthatthegovernmentoftentracksemployeesemailandtelephonecontacts.Reporters arebeginningtoresorttotheoldpracticeofmeetingonaparkbenchtoavoidleavingan electronictrail
FromDataRetentiontodatamining
ThebiggestproblemisthatMemberStatesuseretentiontodaynotonlytocombatterrorismand seriouscrime.AfterthesocalledePrivacyDirective,suchdatamaybeusedforotherpurposes,such ascrimepreventionortheprotectionofpublicorder,whichisaveryvagueterm...Theapplication mustbestrictlylimitedtoterrorismandseriouscrime.EUCommissionerCeliaMalmstrm 577th

July2012 CommunicationsdataretentionisapolicymadeinBritain.
Thelineageoftrafficanalysis analysisofpatternsofcommunicationsaboutwhoistalkingto whom asanintelligencetechniquecanbetracedbacktoWW2andevenWW1. 58 In1991anITVdocumentaryonelectronicsurveillanceincludedaninterviewwithaformerJoint IntelligenceCommitteeofficial 59,whodisclosedtheexistenceofamemorandumfromSirPeter Marychurch DirectorofGCHQ whichseemstohavesuggestedthedataminingofdomestic communicationsdataforsecuritypurposes. Police,securityandintelligenceorganizationshavebeenseekingtoestablishmandatorysystematic dataretentionsinceatleast2000.Anunpublishedpaper 60fromthemajorUKAgenciescollectively lobbyingtheHomeOfficetointroduceaNationalDataWarehousewaspostedontheInternetandis worthrereadingforitsprecociousambition.
54 e.g.behaviouraladvertisingwilldiscriminateagainsttheleastaffluent,leastabletoparticipatein commerciallife 55 DigitalPrivacy:Theory,TechnologiesandPractices.AlessandroAcquisti,SabrinaDeCapitanidi Vimercati,StefanosGritzalis,CostasLambrinoudakis eds .AuerbachPublications Taylorand FrancisGroup ,2007 56 NewYorkTimes1stAugust2012InquiryIntoU.S.LeaksIsCastingChillOverCoverage http://www.nytimes.com/2012/08/02/us/nationalsecurityleaksleadtofbihuntandnews chill.html?_r 2&pagewanted all&pagewanted print 57 http://www.faz.net/aktuell/politik/europaeischeunion/euinnenkommissarincecilia malmstroemwirwarensehrgeduldigmitdeutschland11808962.html 58 GeorgeDanezis,RichardClayton,IntroducingTrafficAnalysis 2007 http://research.microsoft.com/enus/um/people/gdane/papers/TAIntrobook.pdf 59 ITVWorldinAction1991,DefendingtheRealm,NickDaviesinterviewingRobinRobison formerJICofficial 60 LookingToTheFuturesubmissiontotheHomeOfficeforlegislationondataretentionfrom ACPO,ACPO S ,HMC&E,SS,SIS,GCHQ 21stAugust2000 http://cryptome.org/ncis carnivore.htm
62
4.WHATTYPEOFDATASHOULDBERETAINED?..Allcommunicationsdatageneratedinthe courseofaCSP'sbusinessorroutedthroughtheirnetworkorservers,involvingbothInternet andtelephoneservices,withinawidelyinterpreteddefinitionof"communicationsdata" ...TheAgencies'positionis,therefore,thatdatashouldberetainedforFIVEYEARS. 6.6.4Ifthefiguresareexpandedtotryandestablishtheglobalcostofdatastorageand retrievalacrosstheUKmarket,itisestimatedtoamounttoaround9millionperannum ThekerneloftheCDBwasalreadyfullyformedin2000,beforetheOlympics,nationalscalerioting, 7/7,Iraq,Afghanistan,and9/11.Thereisthedifferenceofastillstaggeringdemandforalonger retentionperiodthanhaseverbeencontemplatedinanycountry 61,theestimatedcostsarenow twentytimeshigher 62 1.8bnover10years ,andtheagendaofgeneralizeddataminingisnow moreorless outintheopen,albeiteuphemisticallydubbedFiltering ofhumongousamountsof datawhichoughtnottobecreatedforretentioninthefirstplaceexceptinsomerickety60'sTV dystopia . Bowden's2002paperondataretentionwenttopressbeforeACTSA2001passed,butstated Automatedtrawlingoftrafficdatabasesisapowerfulformofmasssurveillanceoverthe associationsandrelationshipsthatconstituteprivatelife.Italsorevealsthesequenceand patternofthoughtofindividualsusingtheInternetitcouldbedescribedasclosedcircuit televisionfortheinsideofyourhead ...Atthesametime NCIS werelobbyinginsecrettowarehousetheentirepopulations trafficdata,theDirectorofNCISwrotethat"conspiracytheoristsmustnotbeallowedtoget awaywiththeridiculousnotionthatlawenforcementwouldorevencouldmonitorall emails." 63 Oneofthemajorpurposesoftrafficanalysisofcommunicationsdataistoidentifytargetsthrough patternanalysis.TheDGforcounterterrorismattheHomeOfficeassertedinevidencetotheDraft CDBCommitteethat CharlesFarr 64 Q28 :Ifyouhavethedataprovidedforinthislegislation,thenyoucan resolveincreasinglyanonymouscommunications,whichareafeatureofthecommunications environmentinwhichwelive.Toputitanotherway,ifyouhavetherightkindofdata,issues ofanonymisationceasetobeasignificantproblem. 9/11andWarrantlessWiretappingintheUS Inadifferentforum,threedayslater,aseniortechnicalexpertwhodesignedverylargescaletraffic analysissystemsfortheNationalSecurityAgency theUScounterparttoGCHQ explainedhow,on thecontrary,mobiletelephoneanonymitycouldalwaysbemaintainedwithelementarytradecraft WilliamBinney 65:buythrowawayphonesandkeepbuyingthem...themostsecurewayisfor youtobuytwophones,giveonetoyourfriendandyoutakeone,itwillshowupinthegraph asalink,anisolatedlink,butyou'llnotbeconnectedanywhere
61 exceptforPoland,whichlegislated8yearsbrieflybyaccidentinthemid00's,andthenswiftly repealed 62 http://www.computerworlduk.com/news/itbusiness/3364147/governmentsdatasnooping billwillcost18bn/ 63 http://www.guardian.co.uk/technology/2000/jun/15/security.internet 64 UncorrectedOralEvidenceTakenBeforeTheJointCommitteeOnTheDraftCommunications DataBill 10thJuly2012 http://www.parliament.uk/documents/joint committees/communicationsdata/ucJCDCD100712Ev1.pdf 65 KeynoteatHOPE9conf NewYorkCity,13thJuly2012, http://www.youtube.lu/watch?v hqN59beaFMI1hr12m .
63
Itseemsunlikelythatsuchasimplecountermeasurewouldnotbewellunderstoodbyterrorists, eveniftrafficanalysiswouldbeeffectiveagainstopportunisticperpetratorsoflessseriouscrimes. Mr.BinneybecameawhistleblowerbecausehewasconcernedthattheNSAwasspyingonAmericans illegallyusingtrafficanalysisofcommunicationsdata,verymuchasisbeingproposedinthe RequestFilteringClause14oftheUKdraftCDBbill.Inhisremarkablespeech,worthwatchinginits entirety,hedescribeshowtheNSAhadalreadysoughtsuchdataillegallyinFebruary2001 66 i.e. before9/11andthepassageofthenotoriousPatriotAct .After9/11,theNSAinitiatedseveral furthercommunicationsmasssurveillanceactivitieswhichbecameknowncollectivelyas warrantlesswiretappingincludingonecodenamedStellarWind.Theseprogramsonlycametolight asaresultofdiligentinvestigativereportingusinginformationprovidedbyNSA andFBI whistleblowersconcernedaboutviolationsoftheUSConstitutionandstatutelaw.Forseveralyears, thesewhistleblowers andjournalistsandeditors havebeenthreatenedwithprosecutionon speciouscharges.Althoughstillnotwidelyreported,aconsistentpatterntohaveemergedisthat officialchannelsforescalation,investigationandCongressionalscrutinywerethwartedwiththe complicityofsomeofthemostseniorlegislativeandjudicialauthorities.Onlyaftertherevelationsof NewYorkTimesjournalistsJamesRisenandErichLichtblauwerepublishedin2005 aftertheir newspapercensoreditselfforayearuntilafterthe2004election didacomplaisantCongressmake whathadbeenillegal,legal inthewordsofanotherNSAwhistleblowerThomasDrake 67 through passingtheProtectAmericaAct2007andtheFISAAmendmentAct2008. RIPAs.16 3 effectively WarrantlessWiretappinginsidetheUK? TherelevanceofalltheabovetotheUKisthatinanalmostunnoticedsectionofRIPA2000,thesame issuehadbeenanticipatedandlegalizedpreemptively.Therewassubstantialdebateonthispointin theHouseofLordsasaresultofamendmentsandbriefing 68fromtheFoundationforInformation PolicyResearch.LordBassamrespondedtopointsindebateinaletter 69toLordPhillipsofSudbury LordBassam:....insomecasesselection oftrafficformasssurveillance willunavoidablybe appliedtoallinterceptedcommunications.Thisselectionisinpracticedesignedtocollect externalcommunicationsthatfitthedescriptionsinthecertificate.Itisthereforenotlikelyto catchmanyinternalcommunications.Itwouldofcoursebeunlawfultoseektocatchinternal communicationsintheabsenceofanoverlappingwarrantoracertificatecomplyingwith Section16 3 Althoughthefrontbenchesthenplayeddowntheissue asaresultofbriefingfromGCHQ ,some backbenchersremaineddissatisfiedatReport 70stage LordLucas:Both frontbench nobleLordsseemedtobestrivingextremelyhardtogivethe Governmentthebenefitofthedoubtandtofindsomewayinwhichwhatiswrittenplainly andclearlyintheBillshouldnotbetrue.ItisabsolutelyobviouswhatisintheBillatleastit istomeandthatis,yes,trawlingbecomeslegal.TheHomeSecretaryhastorenewthe warranteverythreemonths,buthecantrawlongroundsofeconomicwellbeingandserious crime,aswellasterrorism,toanyextentthathewishes. Byanalogy,twoUSsenators 71haverecentlyblockedrenewalofthecorresponding2008lawbecause
66 ibid32m 67 DemocracyNowinterviewwithThomasDrake26thMarch2012 http://www.democracynow.org/2012/3/26/part_2_former_nsa_employee_thomas49m 68 http://www.fipr.org/rip/#Overlapping 69 http://www.fipr.org/rip/Bassam%20reply%20to%20Phillips%20on%20S.15.3.htm 70 LordsHansard12thJuly2000 http://hansard.millbanksystems.com/lords/2000/jul/12/regulationofinvestigatorypowers bull#S5LV0615P0_20000712_HOL_383 71 http://www.wyden.senate.gov/news/pressreleases/wydenplacesholdonfisaamendments actextension
64
theyaskedfor anestimateofthenumberofpeoplelocatedintheUnitedStateswhose communicationswerereviewedbythegovernmentpursuanttotheFISAAmendmentsAct. TheOfficeoftheDirectorofNationalIntelligencerespondedthatitwasnotreasonably possibletoidentifythenumberofpeoplelocatedintheUnitedStateswhosecommunications mayhavebeenreviewedundertheauthorityoftheFAA. HowevertheanalogybetweenthecontroversyoverRIPA2000s.16 3 andtheFISAAmendmentAct 2008s.1881adoesnotholdinfourimportantsenses.Firstly,thecontroversyintheUShasbeen documentedinbooks 72,magazines 73 74,newspapers 75,currentaffairstelevisionprograms 76and websites 77 althoughitremainslittleunderstoodinthelegislature asaresultofinsider whistleblowersconcernedthatthecategoricalprotectionspromisedtoUScitizensbystatutesand theConstitutionwerebeingillegallysubverted. IncontrastintheUK,theissuesarisingfromRIPA16 3 haveonlybeenconsidered outsideof government byafewmembersoftheHouseofLordsandahandfulofsurveillancepolicyanalysts andneverbyaParliamentarySelectCommittee,ortheIntelligenceandSecurityCommittee,POST, ortheInvestigatoryPowersTribunalunlessperhapsinsecret .Therehasbeenexactlyonepress article 78,andnobooksortelevisiondiscussionwhatsoever. AseconddifferencefromtheUSsituationisthattheUKstatutesdonotpromiseanyanalogous categoricallysuperiorprotectionstoUKcitizens,indeedtheycannotdosobecausediscriminatingby nationalityinthiswaywouldbeincompatiblewiththeHumanRightsAct 79.InsteadRIPAdefines externalcommunicationsasthosewhichbeginorendoutsidetheUK,andcertificatedwarrantsfor trawlingthroughtheseusingsupercomputerstosearchforabstractfactors 80.TheBassamletter revealsthegovernmentin2000wellunderstoodthattheexternalconceptwasincoherentfordigital communicationsusingmultilayeredprotocols,splitintodatagrams,andautonomouslyrouted throughpacketswitchednetworks.HoweverthisissuewasfaraheadofwhatParliamentcouldthen assimilate,sotherewasnoproperdeliberationoftheconsequencesforprivacyandfreedom,inthe waythatisnowhappeningtosomeextentintheUS.ThecomparisonbetweentheUKandtheUS isespeciallyrelevantbecauseofthelongstandingintelligencetiesbetweenNSAandGCHQ,andtheir Internetsurveillancecapabilitiesaremuchlargerthanallotherdemocraticcountries. Thirdly,whilsttheintentionalwarrantlessmasssurveillancedocumentedintheUShasbeenwidely criticizedasillegal,wedonotknowifanyanalogousdomesticmasssurveillancehasbeenauthorized underRIPAS.16 3 certificatedwarrants.TheInterceptionCommissionerhasneverreferredtothat sectioninhispublishedannualreports,orindeedmadeanyreferencetocertificated trawling warrants 81.Interpretationofthe16 3 clauserequiresunravelingnestedandinterlockingclauses, 72 ErichLichtblauBush'sLaw:TheRemakingofAmericanJustice,2008,Pantheon 73 JaneMayer,TheNewYorkerTheSecretSharer http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?currentPage all 23rdMay2011 74 JamesBamford,WiredTheNSAIsBuildingtheCountrysBiggestSpyCenter15thMarch2012 http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/ 75 SiobbhanGorman,WallStreetJournalNSA'sDomesticSpyingGrowsAsAgencySweepsUpData http://online.wsj.com/article/SB120511973377523845.html 10thMarch2008 76 PBSTheSpyFactory3rdFebruary2009 http://www.pbs.org/wgbh/nova/military/spy factory.htm 77 http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy 78 Theauthorattemptedtobriefnewspaperandbroadcastcurrentaffairseditorswithoutany apparentinterest,resultinginonlyin http://www.guardian.co.uk/technology/2000/aug/10/news.onlinesupplement 79 Av.SecretaryStateHomeDepartment 2004 UKHL56, 2005 2AC68 80 Factorsmayselectaccordingtotrafficpatterns whoistalkingtowhom ,keywords,voiceprints, andalgorithmsalsoexistforsearchingtextsforparaphrasedmeaning latentsemantic indexing . 81 Exceptinthefirstreportwhichdubiouslyinventedoverlappingwarrants http://www.fipr.org/rip/#Overlapping
65
phrasedintriplenegativesusingpseudotechnicaljargon.Noopenjurisprudenceorscholarshipcan developbecauseofthesecrecyprovisionsofRIPA.TheUKlostarelevantcaseattheECtHRin Strasbourgin2008 82butthatconcernedthepreviousIOCA1985law.TheBassamletterisallthatis known,butwedonotevenknowiftheIoCCisawareofthatletter,agreeswithorenforcesits prohibitions,orunderstandsitstechnicalities. Fourthly,therearesomeindications 83 84 85thattheStellarWindprogramintheUSmainlyorwholly concerneddatamininganalysisofnoncontentmetadata suchascommunicationsdatabut perhapsotherkindsoftransactionalrecordsalso ,notmassinterceptionofthecontentsof communications.Thedistinctionishabituallymuddledin everycountry's presscoverageand legislativedebate,buttrafficanalysisistheprimarytechniqueforselectingwhatcontentgets interceptedinbothtargetedandmasssurveillanceofcommunications.Itmightexplaintheblas confidenceofUSadministrationofficialsthatthistypeofdataminingdidnotbreaktheFISAlawat leastnotinthewaymostcriticsalleged. HowevertheprivacyinvasiverealityoftrafficanalysisinbulkisnotadequatelyrecognizedinUSor UKlaw.Thepost9/11surveillanceindustrialcomplexisfoundedontheshibboleththatwhilst contentdeservestheprotectionofawarrant,merecommunicationsdataengagesprivacyrights toavastlylesserextent,anditsacquisitionmaybeselfauthorizedbylawenforcementagencies.This legalfictionisprecariouslysustainedbylawenforcementagenciescarefullyavoidingtestcaseswhich mightupdatebindingprecedentsdatingfromtheeraofmechanicaltelephoneexchanges 86. TheAntiTerrorismCrimeandSecurityAct2001Ch.11introducedapowertocompelblanket retentionofcommunicationsdata,ifserviceprovidersdeclinedtodosovoluntarily.TheLiberal Democratsintroducedanamendmentwhichsoughtinsteadonlytopermitpreservationofdata directlyorindirectlyrelatedtonationalsecurity 87. LordPhillipsofSudbury:...whatevertheMinisterthinksaboutmasstrawlingandmass surveillance,theHomeOfficeknowsthatthatispreciselywhattheseclausesrelateto.Itis theirability,viatheSecretaryofState'sdirection,torequiretheentireindustrytoretainits entirestockoftrafficdataforanunlimitedperiod.Itisthatpowerthatenablesthesecurity industrytohaveaccess,viatheRegulationofInvestigatoryPowersActandtheData ProtectionAct,tothishugewarehouseofinformation.WeonthissideoftheHousehave repeatedlysaidthatwearenotcontentwiththebalanceasstruck.Thatiswhywewantthe amendmenttoremain. ...NCISisbuildingandhasmadeitquiteclearthatitwantstogoonbuildinganational trafficdatawarehouse.Thatisitsaim.Indeed,aseniormemberofthatbodysaidrecently, Wewanttohavealltheinformationwecanlayhandson.It'suptoyoufellowstostopus". InanexhaustingdebatebetweenbothHouses,inwhichfewparliamentariansgraspedtheconceptual differencebetweenretainingdataontheentirepopulationversusthesmallfractionaboutwhom priorsuspicionsmightexist,theamendmentwasonlyacceptedbythegovernmentinafogof confusionwithaseeminglyincoherentrationale 88.AQC'sOpinion 89laterobtainedbytheInformation 82 LibertyandothersvUKno.58243/00 2008 ECHR 83 http://en.wikipedia.org/wiki/NSA_call_database 84 USwiretaplawauthorityOrinKerron15thDecember2008 http://www.volokh.com/posts/1229325134.shtml 85 Newsweek12thDec2008 http://www.thedailybeast.com/newsweek/2008/12/13/nowwe knowwhatthebattlewasabout.html 86 ToksonM,AutomationandtheFourthAmendment,IowaLawReview,2011 http://128.255.56.99/~ilr/issues/ILR_962_Tokson.pdf 87 LordsHansard13thDec2001 http://www.publications.parliament.uk/pa/ld200102/ldhansrd/vo011213/text/11213 17.htm 88 CommonsHansard13thDec2001,DavidBlunkett HomeSecretary :Theamendment,in relationtopart11thereforesuggeststhatweshouldtrytoseparateoutthosepartsofdata.AsI triedtoexplainonanumberofoccasions,includinglastnight,itisnotpossibletodothat,but paradoxically,becauseitisnotpossibletodoit,itisnotreasonabletosuggestthatweshouldnot
66
Commissionerfoundthatblanketretentionwasabreachoftherighttoprivacy,anticipating subsequentargumentsovertheEUDataRetentionDirective 90,buttheICOchosetoacquiescetothe HomeOfficeandofferednofurtherresistance. WaitingforStrasbourg orLuxembourg ? SeveralConstitutionalCourtsaroundEuropehaveruledthatblanketdataretentionisunlawful 91.A caseinitiatedbyDigitalRightsIrelandwhichwilltestthehumanrightscompatibilityoftheDR DirectiveisnowinprogressattheECJ 92.TheECtHRhasrecognizedinunambiguousjudgments 93that therighttoprivatelifeunderArticle8isengagedby a processingcommunicationsdataperse,or b themerecollectionofdataaboutindividuals irrespectiveofwhetheritisexamined ,or c the indiscriminateaccumulationofdataaboutentirepopulations.Puttinga/b/ctogether,logicallythe Courtoughttofind whenasuitablecasearrives thattheprincipleofblanketretentionof communicationsdataforthepurposesoftrafficanalysisthroughdataminingisatleasta disproportionateviolationofArt.8,andperhapsalsothatnotonlyisthisunnecessaryinademocratic society,itisincompatiblewithdemocracy.ThisconclusioncanalsobededucedfromtheGeneral CommentontherighttoprivacyinInternationalCovenantofCivilandPoliticalRights 94. EvenwithregardtointerferencesthatconformtotheCovenant,relevantlegislationmust specifyindetailtheprecisecircumstancesinwhichsuchinterferencesmaybepermitted.A decisiontomakeuseofsuchauthorizedinterferencemustbemadeonlybytheauthority designatedunderthelaw,andonacasebycasebasis. HoweverUSandECHRjurisprudencedivergefundamentallyovertheprivacysensitivityof communicationsdata.UScourtshaveheldsofarthatindividualshavenoexpectationofprivacyin trafficandlocationdatabecausetheyarenecessarilydivulgedtothirdparty 95serviceoperators. TheUKtriedoutasimilarargumentatStrasbourginCoplandvUK 962007

doit.Iamthereforepreparedtoaccepttheamendmentsthathavebeentabled.Inordertobeable toimplementwhattheywant,wewillhavetoretainthedata,sothatitcanbeaccessedtotestout whethertheintelligenceservicesarerightinbelievingthatitisrelevantintacklingterrorists. ThatishowstupidtheLiberalDemocratsare. !? http://www.publications.parliament.uk/pa/cm200102/cmhansrd/vo011213/debtext/11213 36.htm BenEmmersonQC 31stJuly2002 http://www.guardian.co.uk/technology/2002/jul/31/internet.politics KostaEleni,ValckePeggy 2006 "Retainingthedataretentiondirective",CompLaw&Sec Report,Vol22,Issue5,p.370380 http://www.law.kuleuven.be/icri/publications/824a2_Kosta,Valcke_2006_CLS_DataRetentionDir ective.pdf e.g.Romaniawhichfoundthatapositiveobligationthatforeseesthecontinuouslimitationofthe privacyrightandthesecrecyofcorrespondencemakestheessenceoftherightdisappear http://www.legiinternet.ro/english/jurisprudentaitromania/deciziiit/romanian constitutionalcourtdecisionregardingdataretention.html CaseC293/12http://curia.europa.eu/juris/fiche.jsf?id C;293;12;RP;1;P;1;C2012/0293/P ECHR a Malonev.UK 1984 andCoplandv.UK 2007 , b Amannv.Switzerland 2000 and Rotaruv.Romania 2000 , c SandMarperv.UK 2008 CCRPGeneralCommentNo.16:Therighttorespectofprivacy,family,homeandcorrespondence, andprotectionofhonourandreputation Art.17 :.04/08/1998 http://www.unhchr.ch/tbs/doc.nsf/%28Symbol%29/23378a8724595410c12563ed004aeecd? Opendocument AmericanBarAssociationJournalTheDataQuestion:ShouldtheThirdPartyRecordsDoctrine BeRevisited? http://www.abajournal.com/magazine/article/the_data_question_should_the_third party_records_doctrine_be_revisited/ 1stAugust2012 http://www.bailii.org/eu/cases/ECHR/2007/253.html
89 90
91
92 93 94
95
96
67
UK:Althoughtherehadbeensomemonitoringoftheapplicantstelephonecalls,emailsand Internetusagethisdidnotextendtotheinterceptionoftelephonecallsortheanalysisof thecontentofwebsitesvisitedbyher.Themonitoringthusamountedtonothingmorethan theanalysisofautomaticallygeneratedinformationwhich,ofitself,didnotconstitutea failuretorespectprivatelifeorcorrespondence TheECtHRcompletelyrejectedthisviewintheirjudgment 43.TheCourtrecallsthattheuseofinformationrelatingtothedateandlengthoftelephone conversationsandinparticularthenumbersdialledcangiverisetoanissueunderArticle8 assuchinformationconstitutesanintegralelementofthecommunicationsmadeby telephone seeMalonev.theUnitedKingdom,judgmentof2August1984,SeriesAno.82, 84 .ThemerefactthatthesedatamayhavebeenlegitimatelyobtainedbytheCollege,inthe formoftelephonebills,isnobartofindinganinterferencewithrightsguaranteedunder Article8 ibid .Moreover,storingofpersonaldatarelatingtotheprivatelifeofanindividual alsofallswithintheapplicationofArticle81 seeAmann,citedabove,65 .Thus,itis irrelevantthatthedataheldbythecollegewerenotdisclosedorusedagainsttheapplicantin disciplinaryorotherproceedings. 44.Accordingly,theCourtconsidersthatthecollectionandstorageofpersonalinformation relatingtotheapplicantstelephone,aswellastoheremailandINTERNETusage,withouther knowledge,amountedtoaninterferencewithherrighttorespectforherprivatelifeand correspondencewithinthemeaningofArticle8. emphasisadded OneofthemostthoroughrecentexaminationsofthelegalityoftheEURetentionDirective emphasizedthatinanydeterminationofthecompatibilityoftheprincipleofretention 97thefact thattrafficanalysisanddataminingcanberealisticallyperformedusingtheretainedtrafficand locationdataisanaggravatingfactortobeconsidered. AFinnishRedHerring TheExplanatoryNotesofthedraftCDBfloatsaspeciouscomplianceargumentatfootnote 2 Seee.g.,K.U.vFinland 2008 ECHR2872/02,atpara.49 ....Althoughfreedomofexpression and confidentialityofcommunicationsareprimaryconsiderationsandusersof telecommunicationsand Internetservicesmusthaveaguaranteethattheirownprivacyandfreedomofexpression willbe respected,suchguaranteecannotbeabsoluteandmustyieldonoccasiontootherlegitimate imperatives,suchasthepreventionofdisorderorcrimeortheprotectionoftherightsand freedomsof others....Itisnonethelessthetaskofthelegislatortoprovidetheframeworkforreconciling thevarious claimswhichcompeteforprotectioninthiscontext. K.U.vFinlandappearedaroundthetimeofMarper,butattractedlittlecommentoranalysisatthe timeincomparison,andtheprominencegiventoitbytheHomeOfficeshowstheythinkitistheir bestripostetoECtHR'sdeprecationofindiscriminatecollection. Butdespitethe uncharacteristic rhetoricalsideswipesatInternetanonymity,itismuchweaker thanitseemsbecausetheseremarkswereindicta.Itisnotentirelyclearwhethertheauthorofthe judgmentunderstoodthepoint,butitwasnotnecessaryinthiscasetoconsiderthejustifiabilityof blanketandindiscriminateretentionofdatawhichwouldnototherwiseexist.Thedataatissueinthe K.U.casedidexist,butFinnishlawwasdefectiveinnotallowingitsusetoinvestigatethecrime.Itis
97 Feiler,L.,"TheLegalityoftheDataRetentionDirectiveinLightoftheFundamentalRightsto PrivacyandDataProtection",EuropeanJournalofLawandTechnology,Vol.1,Issue3,2010. http://ejlt.org//article/view/29/75
68
notreasonabletoassumethattheECtHRwouldwishtofinessesuchamassivelyimportantquestion, sothecasecannotbearthethesignificancetheHomeOfficeimplies. InteractionswithDataProtectionlaw
WeshouldselectanypersonfromtheinhabitantsoftheEarth...usingnomorethanfive individuals...hecouldcontacttheselectedindividualusingnothingexceptthenetworkofpersonal acquaintancesFrigyesKarinthy 981929

Communicationsdata,evenwithoutanyinformationaboutthecontentofcommunication,canreveal highlysensitiveinformationinsurprisingways.Muchinformationisrevealedthroughthesocial graphofrelationshipsbetweenindividuals,particularlyifeachconnectionisannotatedwithstrength information,suchashowoftentwoindividualscommunicate. Inferringsensitivedatafromthesocialgraph 99. Forexample,introvertsmightcommunicatemoreoftenwithasmallercircleofcontactswhoareall related,whileextrovertsmighttendtocommunicatelessoftenbutwithalargercircleofcontacts fromdifferentsocialspheres,revealingabasicprofileofpersonality.Suchinformationcanbe revealedsimplythroughpatternsofcommunication,whichsociologistshavestudiedfordecades priortotheadventofwidespreadInternetcommunication 100. Muchmorepowerfulinferencescanbedrawnusingtheprincipleofhomophilymostpeopleare muchmorelikelytocommunicatefrequentlywithindividualswhoarelikethem.Itisarobust phenomenonandhasbeenobservedacrossculturesandalargenumberofpersonaltraits,including age,occupation,socialclass,religion,politicalaffiliation,genderandsexualorientation,andalso includingimplicittraitslikeintelligence,attitudes,values,andaspirations 101. Intheseways,socialnetworkanalysisofcommunicationsdatacangeneratesensitive akaspecial category personaldata,withoutanyknowledgeofthecontentofcommunications.DataProtection Authoritieshaveremainedsilentaboutthisproblem ithasscarcelybeenaddressedinanyArt.29 Opinion 102 ,perhapsbecauseitseemstoocorrosivetoadefinableconceptofsensitivepersonaldata. Withtheadventofonlinesocialnetworks,researchershaverecentlybeenabletoacquiresufficiently largedatasetstodemonstratethepoweroflargescaleinferenceusinghomophily.Giveninformation aboutprivatetraitsofsomeindividuals,suchassexualorientationorreligion,itispossibleaccurately topredictthistraitformanyotherindividualsusingthesocialgraph. 103Verysimilarexperiments havesuccessfullydemonstratedpredictionofusers'politicalaffiliation 104 105 106,gender 107 108,and
98 originatorofthepostulateofsixdegreesofseparation 99 IamgratefultoJosephBonneauforhelpwiththispassage 100Wasserman,S.&Faust,K.,SocialNetworkAnalysis,CambridgeUniversityPress,1994 101McPherson,M.,SmithLovin,L.&Cook,J.,Birdsofafeather:Homophilyinsocialnetworks, AnnualReviewOfSociology,AnnualReviews, 2001 ,Vol. 27 ,pp. 415444 102Art.292010WP171ononlinebehaviouraladvertisingifanadnetworkproviderprocesses individualbehaviourinorderto'placehim/her'inaninterestcategoryindicatingaparticular sexualpreferencetheywouldbeprocessingsensitivedata 103Thisapproachwasfamouslydemonstratedinthecaseofsexualorientation,whereaverysimple algorithmusingonlybinaryfriendshipconnectioninformationandasmallnumberofmen knowntobehomosexualwassufficienttopredictthesexualorientationofabout6,000students atMITwithabout80%accuracy 104Lindamood,J.,Heatherly,R.,Kantarcioglu,M.&Thuraisingham,B.Inferringprivateinformation usingsocialnetworkdata,Proceedingsofthe18thInternationalConferenceonWorldWideWeb, ACM,2009,pp.11451146 105Mislove,A.,Viswanath,B.,Gummadi,K.P.&Druschel,P.Youarewhoyouknow:inferringuser profilesinonlinesocialnetworks,ProceedingsoftheThirdACMInternationalConferenceon WebSearchandDataMiningACM,2010,pp.251260
69
hobbies 109.Thistypeofinferencecouldimprovesignificantlygivenamorefinegrainedsocialgraph withinformationaboutthefrequencyanddurationofcommunicationbetweenindividuals. LimitstothescopeofcommunicationsdataBigBrowser CardinalRichelieu 15851642
"Ifyougivemesixlineswrittenbythemosthonestman,Iwillfindsomethinginthemtohanghim"
ThedefinitionofcommunicationsdatainthedraftCDBareessentiallyunchangedfromRIPA2000. Thedefinitionincludedthename orIPaddress ofwebsitesbrowsed www.bbc.co.uk ,but excludesanythingafterthefirstslash www.bbc.co.uk/news/ukpolitics18003315 . Itisworthrecallingthesequenceofeventswhichresultedinthislimitation.DuringtheRIPAdebate intheHouseofCommons,FIPRwarned 110thatanylogsofwebpagesvisited inthetransparent cachesofanISPorlogsretainedbyhybridcommunicationservicesincorporatingsearchenginesor portals couldbecaughtinthevaguedefinitions,andpromotedamendmentstodrawoutthe government'spositionintheHouseofLords.Aquickeningtempoofadversemediacoverage 111inthe tradeandbroadsheetpressincreasedthepressureforchangesandclarificationswhichhadbeen impassivelyblockedformanymonthspreviously LordLucas:...theidentityofeverysinglewebpagethatisvisitedisknown.Itisasifunderthe heading"communicationsdata"theGovernmentareabletoknowabouteveryshopthatI havevisitedandeverypageofeverybook,magazineorarticleIhaveread.IfImakearequest toasearchengine,inmostformatsthatcountsascommunicationsdatabecauseitisasignal toactuatethesearchengine. LordCopeofBerkeley:..."communicationsdata"ontheInternetwidenstheissueagreat deal,inparticular,inrelationtovisitstowebsites,andsoon....Webelievethatitmaybe necessarytohavegreatercontrolsovertheextentofthisintrusionthanatpresent. LordBassam:Itisbecomingclearthatthecurrentdefinitionisnotadequate...Idonothavea newdefinitionof"communicationsdata"tooffertoday Theminidebate 112showstheHouseofLordsatitszenithasarevisingchamber,butitspowersto convertforensiccrossexaminationintotextualchangeswere andare rathermodest.Thecritical factorwasagenerallossofconfidenceintheExecutive'scompetenceaboutthesubject's technicalities,whichobligedtheBillteamtomakeunusuallysweepingrevisionstotheseandother
106Zheleva,E.&Getoor,L.Tojoinornottojoin:theillusionofprivacyinsocialnetworkswithmixed publicandprivateuserprofiles,Proceedingsofthe18thInternationalConferenceonWorldWide Web,ACM,2009,pp.531540 107Kozikowski,P.&Groh,G.InferringProfileElementsfromPubliclyAvailableSocialNetworkData 2011IEEEThirdInternationalConferenceonPrivacy,Security,RiskandTrust2011,pp.876881 108Xu,W.,Zhou,X.&Li,L.Inferringprivacyinformationviasocialrelations,DataEngineering Workshop,2008.ICDEW2008.IEEE24thInternationalConferenceon2008,pp.525530 109Agarwal,A.,Rambow,O.&Bhardwaj,N.PredictingInterestsofPeopleonOnlineSocialNetworks, CSE'09:InternationalConferenceonComputationalScienceandEngineering 110FIPRPressReleaseonRIPThirdReadingHoCdebate9thMay2000 http://www.fipr.org/rip/PR3RHC.htm 111http://www.fipr.org/rip/#Observer250600 112http://hansard.millbanksystems.com/lords/2000/jun/19/regulationofinvestigatorypowers bill2#S5LV0614P0_20000619_HOL_458
70
sections,underanintensedegreeofpressscrutiny 113tokeepthemhonest,resultinginthe definitionswehavetodayforSubscriber,TrafficandUsedata 114. PolicerequeststoaccessSubscriberdata foraccountbilling haveneverneededjudicial authorization,butthiscategoryinaptlyincludesdeviceserialnumberswhichcantrackbehavior. Trafficdataisthemostprivacysensitive whoistalkingtowhatorwhom whichalsoincludes locationdata GPScoordinatesormobilebasestationIDs .HoweverdespitethehardwonBig Browseramendment,atechniqueinvolvingUsedatameanscontentcouldstillbededucedthrough fingerprinting 115thepagesofwebsites. Thisloopholeshouldbeclosedaspartofanewconceptofregulatingthemodeofanalysisforhuman rightscompliance seebelow ,butitwillneedCommissionerswithtechnicalaswellaslegalexpertise toapply seebelowonIoCCoversight . Theproblemofschizoidjurisdiction AproblemwhichhasdevelopedinthepastdecadeisthatsomeprovidersofInternetserviceswith headquartersintheUShavedevelopedthepracticeofrejectingtheapplicationofEUjurisdictionfor purposesofDataProtection forexamplerelyingonSafeHarborforminimalfulfillmentoftherights ofthedatasubject ,butontheotherhandtheywillrespondlocallyanddirectlytodemandsfromlaw enforcementauthoritiesforaccesstocommunicationsdata withoutinsistingontheanalogousstep ofrequiringLEAstoinvokeMLATprocedures .Thereisnolegalbasisforsuchaschizoidattitudeto recognizingjurisdiction,andthispracticeonlycontinuesbecause a theorganizationalfunctionsfor dataprivacyareoftendisconnectedfromtheservicingoflawenforcementrequests,and b some DPAsandeventheCouncilofEuropemaybeawareofthesepracticesbutfinditexpedienttoturna blindeyeabsentasharptestofdatasubjectrights.Nevertheless,personaldataarebeingprocessed withintheEUwhenlawenforcementdemandsareservicedinthiswayanddatasubjectsareentitled tofullexerciseoftheirrightsagainsttheControllerwithinEUjurisdiction. ItistotallyunclearhowforeignserviceprovidersoutsidetheUK ortheEU aregoingtoberequired tocomplywiththeprovisionsoftheCDB,butthereisclearlytheriskthattheproblemofschizoid jurisdiction,andlackoffull,promptandeffectiveenforceabilityofrightscouldbefurtheraggravated. Subjectaccessrightstothirdpartycommunicationsdata?
ExplanatoryNotesClause5:Accesstodata
orinpursuanceofacourtorder. ThisclauseostensiblyensuresaDataProtectionrightofsubjectaccess whichwasnotexpressly includedinthecorrespondingsectionofRIPAPt.1Ch.2 ,andthusoughttobewelcomeinprinciple. Howeveritisactuallyabeartrap,whichcouldmeanthatmostofthenewdatacollectedwouldbe ineligibleforsubjectaccess.
ProtectionAct1998 whichprovidesanindividualwiththerightofaccesstopersonaldata
30.Subsection 1 stipulatesthatcommunicationsdataheldbyatelecommunications operatorunderPart1canonlybeaccessedinaccordancewiththeprovisionsinPart2oras otherwiseauthorisedinlaw.Thesemayincludearequestundersection7oftheData
ThemajorpurposeofCDBisblanketcollectionofmetadataaboutuseof3rdpartyservices e.g. thosenotoperatedbytheuser'sISP ,tobecollectedbyDeepPacketInspection DPI boxeslocated 113Theauthorbriefedmorethan100journalistsovera12monthperiodfrom1999untilRoyal Assent 114DraftCDBClause28 3 :Dataidentifyingacomputerfileorcomputerprogramaccesstowhichis obtained,orwhichisrun,bymeansofthecommunicationisnottrafficdataexcepttothe extentthatthefileorprogramisidentifiedbyreferencetotheapparatusinwhichitisstored. 115https://blog.torproject.org/blog/experimentaldefensewebsitetrafficfingerprinting
71
throughouttheUKnetworkinfrastructure notnecessarilyjusttheretailoperatorwithwhomthe userhasabillingrelationship .TheowneroftheDPIbox ortheClause1apparatus willbethe putativeDataControllerforpurposesofsubjectaccess,buttheymaynotknow directlyorindirectly theidentityofthepersonwhosedataisbeingcollected.BecausetheDPA1998didnotgiveanyeffect tofourcrucialwordsofRecital26 orbyanyotherperson oftheEUDPDirective,dataisonly regardedaspersonalintheUKifitisdirectlyidentifiablebytheController,togetherwithother informationthatisormaylikelycometobeintheController'spossession.ThereforetheController willbeentitledtorefuseaccesstoanydatawhichitcannotexclusivelyanddirectlyassociatewiththe subject.Thismightincludeanydatapossiblybeingrelayedbytheuseronbehalfofanotherparty e.g.peertopeerroutingprotocolssuchasSkype 116 .Thepositionisnotevenclearfortheuser's directcommunicationswithanotherparty.TheISPonlyknowstheassociationbetweentheuser'sIP addressandsubscriberaccountdetails;itdoesnotknowabouttheuser'sidentifiersandhandlesat otherprotocollevelsofabstraction buttheISPwillneverthelessbeobligedtoinstallDPIboxes whichdocapturemetadatafromthesehigherlevelsofabstraction .TheControllermayevenrefuse tograntanaccessrequestonthegroundsthatthepartywithwhomtheuseriscommunicating if thatisanaturalperson hasatleastcoequalstatusasadatasubject,andonlyagreetofulfillthe requestwiththeexpressconsentoftheotherparty. WilltheuserbeabletomakeasubjectaccessrequesttotheoperatoroffilteringapparatusinClause 14,namelytheSecretaryofState,perhapsasaputative co ControlleroftheDPIboxes?Itappears thishasnotbeenprovidedforinClause5orelsewhere,andseveralDPA1998exemptionsmightbe arguable,notablys.28 nationalsecurity and/ors.29 prevention/detectionofcrime .Data processedbyGCHQorfornationalsecuritywouldbecategoricallyexemptfrommostpartsofthe DPA. Moreover,theproposednewEUDPRegulation,whichwouldotherwisebeexpectedtobroadenthe UKconceptofpersonaldata atlastunambiguously toincludeindirectlyidentifiabledata,willnot fillthislacunaiftheUK'sposition 117onthenewRegulationintheCouncilofMinistersprevails.The UKwishesthatonly"easilyidentifiable"datashouldbeconsideredpersonal footnote12 ,todelete theRecitalhighlightingthedangersofprofiling footnote11 ,and"questionedwhethersocalled online identifierswhichwereneverusedtotracebacktoadatasubjectshouldalsobeconsidered aspersonaldata" footnote14;seealsofootnote45 . ThecombinedeffectoftheseUKpositionsonthenewDPRegulationwouldmeanthatperhapsmost ofthecaptureddataabout3rdpartyserviceswouldbeineligibleforsubjectaccess,andresultina calamitouseviscerationofdatasubjectrights.Thefollowingstepswoulddisarmthisbeartrap: a arightofaccessmustbeestablishedagainsttheSecretaryofState,withexplicitwording topreventinvocationofDPAs.28/29exemptions,and b abroadmeaningofpersonaldatacomprehendingRecital26oftheEUDPDshouldbe adopted orthatintheunmolestednewRegulationwhichalreadyhassomeweaselworded Recitalsthatneedexcision Theeffectof a and b mustbeforthedatasubjecttobeabletoinvokethedistributeddatamining machineryof Clause.14 Filterstodiscoverwhatpersonaldatainabroadsensethetotalityof theCDBsystemknowsaboutthem.Anydatawhichcouldbeassociatedwiththedatasubjectasa resultofaRequestFilteroughttobeeligible.Onlyinthiswaycanthedatasubjectbeguaranteeda rightofinformationselfawarenesswhichwillallowthemtoregulatetheirconductinthesenseof ECHRArt.8qualityoflawrequirements.Thisisacorereasonfortheexistenceoftherightofsubject access. Distributeddatamining:thecoreoftheCommunicationsDataBill
116SeeStevensetal.IKnowWhereYouareandWhatYouareSharing" www.mpi sws.org/~stevens/pubs/imc11.pdf 117www.statewatch.org/news/2012/jun/eucouncilreviseddpposition1132612.pdf
72
Althoughithasbeentoutedasaconcessiontoandmeasureprotectiveofcivilliberties,froma technicalviewpointitiscoldcomfortthatthedraftCDBisbasedontheideaofleavingdatainthe distributedcustodyofserviceproviders,becauseveryprobablythenotionofacentralizeddatabase wasalwaysgoingtobeimpractical.Feworganizationhaveexperienceofdesigningnationalscale centralizeddatawarehousesforcommunicationsdata.TheNSAtriedwiththeirTrailBlazer 118project whichfailedexpensively.NSAsystemsarchitectandwhistleblowerWilliamBinneyexplained 119the keyproblemwithorthodoxrelationaldatabaseswasthattheycouldnotingestnewdatafastenough, sobecamebacklogged.Hehadsomesuccessobviatingthisproblemusingfastdatabasestructures suitableforverylargeworkingmemorysets,andexplainedthatoncetheconnectionsinthenational socialgraphgrewtoacertainscale,thegrowthincomplexitybegantoflattenoutbecausealready establishedconnectionsbegantoberepeated.Howevercollectionofallthedatadesiredbythe architectsofCDBisprobablyoutofreachevenofthesehighlyoptimizedtechniques,andthe intentionisclearlytousethedistributedcomputationaltechniquecommonlyknownas MapReduce 120.Essentiallythisisanefficientwayforapplyingafunctiontoavectorofdataphysically distributedacrossmanymachines,bringingtheintermediateresultsbacktoacentrallocation,and thenperformingafinalreductionofintermediateresultstoproduceafinishedmassivelyparallel computation. ThisiswhatisdescribedinClause14,andtheexplanatorymemorandumreadslikemarketingjargon fromasurveillancetradefair 121.Infactitmaybethefirstclauseoflegislationderivedfromasales brochure. ExplanatoryMemorandum82. ...TheRequestFiltermay:a providedetailsofdifferentoptionstheRequestFiltermay employtoprovidearesponsetoaspecificpublicauthoritydatarequest;andb foreach identifiedoption,providedetailsoftheanticipatedlevelsofinterferenceandthelikely precisionofthereturnedresults.TheinformationprovidedbytheRequestFilterwillenable thedesignatedseniorofficertounderstandhowtheFilterwillanswerparticularquestions, andwillguidehimthroughtheprocessofdeterminingwhichquestionshebelievesitis necessaryandproportionatetoask,takingintoaccountthefilteringandprocessingwhich willbeundertakenandthevolumeoffiltereddatawhichwillbedisclosed. AnamendmentwhichremovedthefollowinghighlightedpartsoftheMapReduceClausewould neutralizethecapacitytododistributeddatamining andthuspreventthesystembeingusedwith capabilitiesequivalenttoacentralizedsystem . 14 2 b i obtainingthedataordatafromwhichthedatamaybederived, ii processingthedataorthedatafromwhichitmaybederived, andretainingdata temporarilyforthatpurpose CompoundingthehyperOrwellianmenaceofdatamininganationaltrafficdatawarehouse describedbyaformerDPP 122asahellhouseofpersonalandprivateinformation ,isthe foreseeableriskthatinsiderscouldcolludetobypasscontrols.UsingseeminglylegitimateFilters whichtriggereddistributedqueriestomanyDPIboxes,informationaboutasurreptitioustarget couldbeextracted undertherubricofretainingdatatemporarilyforthatpurpose .Itwouldbe
118http://en.wikipedia.org/wiki/Trailblazer_Project 119KeynoteatHOPE9conference NewYorkCity,13thJuly2012, http://www.youtube.lu/watch?v hqN59beaFMI50m . 120http://en.wikipedia.org/wiki/MapReduce 121ISSWorld:BigDataAnalyticsandMassiveIPIntercept http://issworldtraining.com/ISS_WASH/track2.html 122SirKenMcDonald,31stDec2008 http://www.guardian.co.uk/uk/2008/dec/31/privacycivil liberties
73
verydifficulttodetectorprovethiswashappeningandtheIoCCaspresentlyoperatingwouldfind nothingsuspiciousinthelogfiles assuminghewasevenlooking . TheroleoftheInterceptionofCommunicationsCommissioner The2011report 123oftheInterceptionofCommunicationsCommissioner IoCC isthemostdetailed sincethefirstreportwaspublishedin1987.Themostseriousdeficiencyoftheoversightregimeis onlyfleetinglyacknowledgedit'sall literally apaperexercise. thepossibilityofsuccessfuldeliberateabuseisverysmallindeed,ifstatutorychannelsare beingused. Thereportshavealwaysbeensilentabouthowabusebyinsiderswiththetechnicaloradministrative abilitytobypassthepaperworkmightbedeterredordetected,yetthatissurelyoneofthemajor risks. FIPRsuccessfullypromotedaRIPAamendment 124allowingtheIoCCtoinsistthatreliableand verifiabletechnicalmeans 125mustbedesignedintointerceptionandcommunicationsdatalogging equipment,buthehasneverreferredinanyreporttoexercisingthesepowers,anditappearsthat effortsatverificationareconfinedtocomparingpapercopiesofdocumentsheldbydifferentparties. TheIoCCalwayshasappearedprimarilytorelyonthoseheischargedwithoverseeing,themselves volunteeringreportsoftheirownmistakes.Errorsarelamentedandusuallyrathertrifling typically atransposeddigit .Butover27years,theIoCChasneverdiscoveredanyseriouswrongdoingin interceptionpracticeswhatsoever thathehasrevealedpublicly . Thisyear,forthefirsttime,thereportquantifieserrorsdiscoveredbytheinspectionregime rather thanselfreported .Howeverthesizeoftherandomsample outofahalfmillionrequestseachof whichmayinvolvedataaboutmanyindividuals isnotgiven,withoutwhichtheoverallnumberof undetectederrorscanonlybeguesstimated,buttherearelikelytobethousands.TheIoCChas repliedthatitisnotpossibletogivethesamplesize.Whynot? Thereportmentionsthattwoindividualshavesufferedveryseriousconsequencesthroughsuch errors,butappearsblindtothestatisticalinevitabilitythanmanymorevictimsofsucherrorsmustbe sufferingequallyseriousinjustices. OveralltheUKappearsrelativelysecretiveandcomparespoorlytoothercountriesinthedegreeof Parliamentaryinvolvementintheoversightprocessaccordingtoacomprehensiverecentreportto theEuropeanParliament 126 Inthecaseofoversightofinformationsharing,itisdoubtfulifthecurrentUKarrangements satisfythestandardsproposedbytheUNSpecialRapporteur.Domesticlegislationfailsto outlineclearparametersforintelligenceexchange,includingtheconditionsthatmustbemet forinformationtobeshared,theentitieswithwhichintelligencemaybeshared,andthe safeguardsthatapplytoexchangesofintelligence.Nordoesitexplicitlyprohibittheuseof foreignintelligenceservicestocircumventnationallegalorinstitutionalcontrols....theUK experienceunderlinestheneedforcriticaldistancefromtheexecutivetobewoveninto
123InterceptionofCommunicationCommissioner2011Report www.intelligencecommissioners.com/docs/0496.pdf 124LordBassam'sremarksonAmendment50A10thJune2000 http://hansard.millbanksystems.com/lords/2000/jun/19/regulationofinvestigatorypowers bill#S5LV0614P0_20000619_HOL_82 125Asurveyofsuitablemethodsisoutsidethescopeofthispaperbutmightincludeahardware trustedcomputingbase,cryptographicallysignedandverifiableaudittrailsofprogramcodeand data,andmultiplesimultaneousdistributedlogfiles 126AidanWills,MathiasVermeulen2011:ParliamentaryOversightOfSecurityAndIntelligence AgenciesInTheEuropeanUnion http://www.europarl.europa.eu/committees/en/libe/studiesdownload.html?languageDocumen t EN&file 48800
74
oversightarrangements especiallyinsuchproceduralquestionsasappointmentof overseersandreporting ifpublicconfidenceistoberetained. Incontrast,undertheFrenchsystemaqualifiedperson withdeputies isappointedbyan independentcontrolCommission CNCIS 127 toconductpriorvalidationofallcounterterrorist requestsforcommunicationsdata,andtheCommissionalsoappliesscrutinyretrospectively.The Commissionalsoensurespriorauthorizationofallinterceptionwarrants turningroundemergency requestswithinonehour ,whicharecappedbelowafixednumberexpresslyforthepurposeof protectingcivilliberties.Authorizingdepartmentsmustapportionthisquotaceilingbetween themselves,andmakeprovisionfortheirowncontingencyreserve.Recentlytheindependenceof CNCISwastestedbyacomplicatedpoliticalscandalaboutcircumventionofproceduresbythe country'smostseniorintelligenceofficial,whoseobjectivewastotracethecommunicationsof journalistsatLeMondeandinhibittheirexposureofillegaldonationstothegoverningparty 128. Casestudieswhichdon'tstackup ThisyeartheIoCChasendorsed 129severalcasestudies,sixofwhichareofferedinsupportof presentpolicyoncommunicationsdata studies2,3,12,13,14,15 .Howeverfromeasilytraced mediareports,adifferentpictureemergeswhichpromptssomeskepticismabouttheimpressionhe gives CaseStudy2itisn'tclearifthesuspectswereidentifiedfromcellsiteanalysis butthatmay bethecase .Itisn'tclearifotherinvestigativemeansmighthaveidentifiedthesuspects. Oncethesuspectshadbeenidentified,itappearssubstantialotherevidencewasavailable andobtained. officerswereledtoKinsonCommononApril8duringasurveillanceoperationontarget suspects...AsthesearchcontinuedsodidthesurveillanceoperationandLammaliwas spottedwithfriendRyanDearcollectingsomethinginaholdallfromanareaofnearby RedhillCommon.Theywerestoppedbyofficersandfoundtobeinpossessionoffive furthershotgunsbelongingtoMrLangdown. 130
CaseStudy3concernsaccesstosubscriberdatatoconfirmtheidentityofanalreadyknown suspect,andthusdoesnotdemonstrateanynecessityforpriorretentionoftraffic/location data. CaseStudy12thesuspectwasnotidentifiedusingcommunicationsdata.Thecasecould notbetraced,soitisn'tclearwhetheranotherinvestigativestrategycouldhaveledtoa successfulprosecution AfingerprintfromthesceneidentifiedasuspectfromtheNorthamptonareaandtwoof hisknownassociatessubsequentlybecamesuspects.Mobiletelephoneswereidentified forthethreesuspects
CaseStudy13thesuspectwasnotidentifiedusingcommunicationsdata.Newsreports indicatethatblanketretentionwasnotnecessaryfordetectionorprosecution
127Commissionnationaledecontrledesinterceptionsdescurit18merapportd'activit Anne2009 http://www.ladocumentationfrancaise.fr/docfra/rapport_telechargement/var/storage/rapports publics/104000489/0000.pdf 128 http://fr.wikipedia.org/wiki/Affaire_Bettencourt#Violations_pr.C3.A9sum.C3.A9es_du_secre t_de_l.27enqu.C3.AAte_et_du_secret_des_sources 129IoCCAnnualReport2011ibid. 130 http://www.bournemouthecho.co.uk/news/districts/bournemouth/9341126.How_violent_ Bloxworth_robbers_were_caught/?ref rss
75
PoliceinvestigatingtheassaultandrobberyinKilmaursfoundtracesofhisDNAona handbagandarrestedGableashearrivedbackfromatriptoNorthernIrelandonaferry. Specialistsoftwarewasusedtodownloadinformationfromthesatnavdeviceinhiscar. Itlocatedhimatorclosetoeachofthecrimescenes.Hewasfoundtohavebeenjust20 secondsawayfromoneoftheautotellersheusedtostealcash 131
CaseStudy14concernsaccesstosubscriberdatatoconfirmtheidentityofanalready knownsuspect,anddoesnotdemonstrateanynecessityforpriorblanketretentionof traffic/locationdata. CaseStudy15theidentityofthesuspectwasalreadyknown,andastrategyof communicationsdatapreservationmaywellhavebeensufficientforprosecutionofongoing offences.
Thusonlyoneoutofsixrelevantcasestudiesgivesplausiblesupportforthestrictnecessity rather thanmereusefulness ofpriorblanketretentionoftheentirepopulation'strafficandlocationdata. Allowingthatnewsreportsmaynottellthewholestory,neverthelessiftheIoCCisretailingthese casesatfacevalue,presumablychosenfortheirpersuasiveness,whatdoesthistellusgenerally abouthisstandardsoflogicalrigourinapplyingatestofnecessity? WhatdoestheIoCCconsidernecessaryandproportionate? UndertheUKregime,almostalljurisprudenceaboutinterceptionandcommunicationsdatatakes placeinvisiblywithinthecraniumoftheIoCC,andalmostnowhereelse. Onpp.27ofthe2011reportitstatesthatinspectors "seektoensure...thedisclosurerequiredwasnecessaryandproportionatetothetaskin hand"
TheIoCCwasaskedbytheOpenRightsGroup ORG toexplainthemethodologyforverifyingthat authorizations/noticesscrutinizedbyrandomsamplingwereinfactnecessaryandproportionate. Forexample,isittheIoCC'sviewthathisfunctionsaredischargedifhesatisfieshimselfthatthe designatedpersonbelievedatthetimetheauthorizationwasnecessaryandproportionate,ordoes theIoCCapplyhisownjudgmentofnecessityandproportionality,ordoesheuseatestsuchasthe "manifestlyunreasonable"standardforjudicialreview?Here'sthereply: 21/8/12 Theinspectorsexaminethejustificationsfornecessityandproportionalitythat havebeensetoutintheapplication.Theinspectorswillalsoscrutinisethedecisionmadeby thedesignatedperson recordedintheirwrittenconsiderations .Thenecessityand proportionalitytestsforcommunicationsdataarequitespecificinordertojustifynecessity underSection22 2 theapplicantmustmakethelinkbetweenthecrime/offence orother purpose ,thesuspect,victimorwitness;andthephoneorcommunicationsaddress inordertojustifyproportionalitytheapplicantmustexplainhowthelevelofintrusionis justifiedwhentakingintoconsiderationthebenefitthedatawillgivetotheinvestigation, provideajustificationastohowthespecificdate/timeperiodsrequestedareproportionate andconsider,ifrelevant,whethertheobjectivecouldbeachievedthroughlessintrusive means.Collateralintrusionmustalsobeconsideredandanymeaningfulcollateralintrusion described forexample,theextenttowhichtheprivacyofanyindividualmaybeinfringed andwhythatintrusionisjustifiedinthecircumstance .Thecasemustbemadeforeach specificdatarequestandtheapplicationsupportingtherequestshouldstandonitsown.If theinspectorhasconcernsthatthetestshavenotbeenmet,theywillspeaktotheapplicant and/orthedesignatedperson.Theinspectormayalsoasktoseefurthersupporting documentation suchasthecasefile,policylogs,operationalbooketc . TheserepliesraisemanyquestionsaboutthespiritofECHRcompliance,withoutconcrete informationillustratingwhatisandisnotjudgedacceptable.Howmanypeople'sdatacanbe
131http://www.bbc.co.uk/news/ukscotlandglasgowwest15491273
76
accessedtoinvestigatewhattypesofcrime,whathappenstothatdatasubsequently,especiallyif somethingunexpectedisfound?Canarequestbewidenedifnothingisfoundinitially?Isanything donesystematicallytodetectattemptsatfishingexpeditions?Whatisthepolicyondisclosureof communicationsdataaccesstodefencecounsel?Thereisnopublishedpolicyonanyofthesematters. TheIoCCwasalsoaskedaboutpatternsofcommunicationsbetweenpeopleandwebsites seeabove Inferringsensitivedatafromthesocialgraph andwhetherheappliedparticularsafeguards,or requiredahigherlevelofjustification,forthismodeofanalysis.Hereplied: AllcommunicationsdatarequestsareprotectivelymarkedundertheGovernmentProtective MarkingScheme GPMS .Oncedisclosed,thecommunicationsdataissubjecttoDPA.DPAis notoverseenbytheInterceptionofCommunicationsCommissioner.
modalitiesofanalysisofinformationaboutprivatelifewhichisinscopeofECHRArt.8,butmaybe
Thisreplyillustratesakeydeficiencyofthecurrentoversightregime,whichfailstoregulatethe
whollyorpartiallyexemptedfromDataProtection,andtreatedasoutofscopebytheIoCC.Thenature andapplicationofthealgorithmsusedfordataminingandtrafficanalysismayseriouslyinfringe humanrights;thisisaseriouslacunainUKlegislation.
Appendices QueriesaboutpoliceoralevidencegiventoJointCommittee BothGaryBeautridgeandTrevorPearce repeatedly confusedtheInterceptionCommissionerwith theInformationCommissionerintheirevidence,castingsomedoubtabouttheiractualfamiliarity withoversightprocedures. HoweverthereisamuchgraverconcernaboutthegoodfaithofthepoliceevidencetotheCommittee on12thJuly 132,whenitwasstated: Q142 PeterDavies:Forsometimeithasbeenpossible,roughlyormoreprecisely,tolocate amobiletelephonethroughtheuseofcommunicationsdata.AteamIhaveledhasusedthat asalmostthesolemeansofdetectingaseriousdoublemurderinoneofmypreviousforces .... Q146 ...relatedtoaretiredcoupleshotdeadintheirhomeonthecoastofLincolnshirein August2004by,asitturnedout,thepreeminentorganisedcrimegroupthenoperatingin Nottinghamshire.Bluntly,withoutcommunicationsdatarelatingtocontactsbetweenmobile phonesitwouldnothavebeenpossibletodetectthatcrimeandlockupthepeople responsible... Q147 ...Bluntly,therewereotherpeopleinvolvedintheconspiracywhomit mighthavebeenpossibletoprosecuteandconvict,butwhoitbutwhoitwasnotpossibleto prosecuteandconvictbecausetherewasadatalossinthatinvestigation Tracingthiscaseusingthedetailsprovidedleadstonewsreportssuggestingthisaccountis materiallymisleading: Policefailedtoprotectinnocentcoupleexecutedinganglandrevengeattack,damning watchdogreportreveals 133 TheIPCCupheldfiveofsevencomplaintsmadebytheStirlands'family.Theyfound: AftertheshootingincidentattheirNottinghamhome,MrandMrsStirlandweregiven neitherprotectionnorhelpbyNottinghampolice.
132http://www.parliament.uk/documents/jointcommittees/communications data/uc120712Ev3HC479iii.pdf 133DailyMail22ndFebruary2008 http://www.dailymail.co.uk/news/article517442/Policefailed protectinnocentcoupleexecutedganglandrevengeattackdamningwatchdogreport reveals.html
77
Thatincidentwas"notproperlyinvestigated,despiterumourscirculatingaboutwhowas responsible". NottinghamshirePolice'sfailuretoshareintelligencewithLincolnshirePoliceaboutthe threattotheStirlandswas"unacceptable". TheresponsetoMrsStirland'scallabouttheprowlerwas"delayedandunsatisfactory". Moreoveritemergedtwoyearslaterattheinquestthat Stirlandrevengehitmen'knownbeforekillings' 134PolicehadidentifiedNottinghamcrime bossColinGunn'steamofsixhitmenweeksbeforetwokilledacoupleinarevengeattack,an inquestjuryheard....Theformerofficer,whoremainedanonymous,saidthetwomenwho killedtheStirlandshadbeennamedaspartofGunn'steamofhitmen. Althoughthiscasewasofferedinevidenceasanillustrationofthenecessityofblanketdataretention, inactualityitpreciselyillustrateshowdiligentandproactiveuseoftargeteddatapreservationcould bothpreventanddetectcrime.Hadcommunicationsdatapreservationcommencedpromptlyabout suspectsidentifiedweeksbeforethecrime,primafaciepolicemightwellhavebeenabletoprevent thecrimeaswellascatchtheperpetrators.Furthermore,itemerged,contrarytotheconclusionsof theIPCCinvestigation 135that: CorruptofficerfeddatatoColinGunnonStirlands 136Acorruptdetectivesearched NottinghamshirePolicecomputersforintelligenceaboutacouplekilledinagangland execution,aninquestheard. Itseemsironicthatthepoliceciteafatalcaseofpolicecorruptionanditssubsequentlybotched investigation,asjustificationforblanketretentionofdataabouttheentirepopulation.Itwouldbemore logicaltoproposeblanketretentionofdataontheentirepoliceforce.Thisisprobablynotthe conclusiondrawnbytheCommitteefromtheevidenceheard. Costsestimatesforpriorjudicialauthorizationtoaccesstrafficdata Inthe7thJulyevidencesession 137,AngelaPatrickofJUSTICEmadethesuggestion Q274 that additionalcostsforintroducingpriorjudicial magistrate authorizationtoaccessdatacouldbe estimatedbyextrapolatingcorrespondingHomeOfficefiguresprovidedfortheProtectionof FreedomsAct whichrequiredlocalauthoritiestogetmagistrateapproval Hereisthecalculation,basedontheHomeOffice'spublishedestimatesforPoFA 138 670kp.a ,and thenew2011InterceptionCommissioner'sreport. Localauthoritiesrequestscomprise0.4%ofthetotal pp.39IC .Supposemagistratesoughtto approvethe48% pp.29IC ofrequestscomprisingtrafficorusageorlocation orcombined data i.e.allrequestsnotpurelyforaccountsubscriberdata pp.29IC .Therationaleisthatsubscriber accountdataisretainedanyway,andthatdoesnotrevealdynamicbehavioraldatawhichisvery privacysensitive. Thereforetheinitialestimate 0.670/ 0.004x0.48 349mperyear However,thereisadiscrepancy,becausethetheHomeOfficefiguressay"wehaveassumedtherewill be5,500authorizationsbasedonlastyear'susage andweassessthemagistrate'sassessmentwill 134BBCNewsOnline3rdFeb2010 http://news.bbc.co.uk/2/hi/uk_news/england/nottinghamshire/8496826.stm 135http://www.ipcc.gov.uk/documents/stirland.pdf 136BBCNewsOnline17thFeb2010 http://news.bbc.co.uk/2/hi/uk_news/england/nottinghamshire/8496826.stm 137http://www.parliament.uk/documents/jointcommittees/communications data/uc170712ev4HC479iv.pdf 138RIPAandLocalAuthorities,IANo:HO0031Final,HomeOffice22/12/2010 http://www.homeoffice.gov.uk/publications/aboutus/legislation/freedombill/ripalocal ia?view Binary
78
take20mins ",whereastheIoCCsays"duringtheperiodcoveredbythisreport141localauthorities notifiedmetheyhadmadeuseoftheirpowerstoacquirecommunicationsdata,andbetweenthem theymadeatotalof2,130requests.Thisisanincreasefromthepreviousyearsfigures 134local authorities,1,809requests ." Accordinglywereducethe349mfigureprorata: 2130/5500 *349 135mperyear 139 Itshouldbeemphasizedthisestimateisanupperboundbasedonalargeextrapolation.A comprehensivesystemwhichintegratedpriorjudicialauthorizationofinterceptionwarrantsand communicationsdata,couldtriagedifferentcasestospecializedmagistrates,andsobemuchmore costeffectiveoverall 140. August2012
139However,itmightfairlybesaidthatthemagistratesconsideringtraffic/usage/combineddata requestswillbemakingmorecomplexdecisionsaboutproportionalityandnecessity.TheHome Officeestimatesthetotalcostofmagistrate'stimeas365/hr inclusiveofcourtoverheads 140TheFrenchCNCISregimeisnotbasedonseparatejudicialauthorization,butmanagesprior scrutinyofbothinterceptionsandcommunicationsdataaccess,withorganizational independence,atmuchlesscost
79
Greg Callus
1. Iamafreelancejournalist,abouttostartanewcareerasacommercialbarrister,andhavea particularinterestindigitaldevelopmentsastheyaffecttheworldsofjournalismandlaw. Thissubmissionisinapersonalcapacity,anddoesnotnecessarilyreflecttheviewsofany employer,grouporacademicinstitutionwithwhomIam orhavebeen affiliated.This submission,however,owesasignificantdebttocolleaguesattheOpenRightsGroupand allies,butinparticulartoAliceRossofTheBureauofInvestigativeJournalism TBIJ .
GENERALTHOUGHTS 2. Thereareothersubmissionswhicharefarbetterplacedtoexpressaviewonissuessuchas theTechnical,Costs,ScopeandEnforcement.Mysubmissionwillfocusalmostentirelyonthe Safeguardsquestions. 3. Briefly,though,IwouldmakejustashortcommentaboutthedistinctionbetweenContentof communicationsandCommunicationsData.ThedistinctionisrecognisedinRIPA,with Contentrequiringahigherdegreeofoversight,bothintermsoforiginalapprovalfor interception,andintheposthocscrutinybytheInterceptionofCommunications Commissioner's ICC inspectorate.CommunicationsDatainterceptionsareseenasless intrusive.Idonotbelievethisisactuallytrue. 4. Becauseofmywork,IgenerallyhavetobeincrediblycarefulaboutwhatIpublishitshould betruthful,itshouldbewithinthelaw,itshouldnotembarrassme.Consequently,thereis little ifanything thatIwrite whetherformyownpurposes,orinpublishedform,orin privatecommunications thatIwouldnotbepreparedtoseeinthepublicdomain.Iselfedit, evenselfcensor,becauseIconsideranythingIcommittowrittenformmightcomebackto hauntme. 5. Thisisovercautious,tobesure,butnomoresothanevenaslightlyclevercriminalor terrorist.ThecarecumparanoiaIwouldexpecttobeexhibitedbyaseriouscriminalor terroristwouldmeanthatmostofthemwouldcommunicateexpectingadegreeof interception,andselfcensoraccordingly.Selfcensorshipofcommunicationsrenders interceptedContentlessuseful,butalsolessintrusive. 6. Conversely,showmesomeone'swebbrowsinghistoryorwhotheysendatextmessagetoat 2am,andI'llknowmuchmoreaboutthem.CommunicationsDataislessobviouslyrich information,butitiscapableoftellingyoumoreaboutapersonthanselfcensoredcontent everwill.Whatmedicalconditionsdidtheygoogle?WhichFacebookprofilesdidtheydwell onlongest?WhichmobilephonemastsinRedLightDistrictsdidtheirphonemostfrequently use?CommunicationsDataisn'tjustprotoContentdata,orapreliminarystageof investigativedata:itoffersperhapsabetter yetmoreintrusive insightintotheprivatelife andthoughtsoftheuserofacommunicationstool.Youcanavoidsayinganythingsignificant inanemailorphonecall,butit'ssignificantlyhardertoavoidyourlocationbeinggivenaway byyourmobilephone.Byreflectingtheoftenunconsciouscommunicationsoftheuser or theirdevice ,CommunicationsDataiscapable,evenlikely,tosaymoreaboutthetarget's privatelifethanContentDataeverwill.Ideally,thebarforaccessingCommunicationsData wouldbeashigh,ifnothigher,thanforaccessingContentData.Thismaybeunrealisticgiven thedemandsoftheHomeOfficeandcurrentpractice,buttheassumptionthat CommunicationsDataislessintrusiveneedsexamination. SAFEGUARDS 7. Ihavelittletoaddtotheexpectedsubmissionsbycivillibertiesgroupsonthewarrants requiredforContentDataandtheinspectionregime.Thebiannualinspectionsseemtometo berelativelyappropriateoversightforthefewhundredsuchwarrantsissuedbyWarrant IssuingDepartments WIDs .Similarly,Ihavenoinsighttoofferontheissueofsafeguards surroundingPrisonerCommunications.Mysubmissionshallfocusonthesafeguards
80
surroundinginterceptionunderthecurrentChapterIIofRIPA:warrantlessinterceptionof CommunicationsData. 8. ThereisnoneedtoburdentheCommitteewithanexplanationofthecurrentRIPAsafeguard functions,butintheinterestsofbrevity,IwilldesignatethemajorrolesofRIPA authorisationwiththeirinitials:DesignatedPerson DP ,SinglePointofContact SPoC , SeniorResponsibleOfficer SRO ,andCommunicationsServiceProvider CSP . Therearethreesafeguardsissuesthatneedtobeaddressed,thoughtheirissuesoverlap significantly: a theworkingsoftheinternalsafeguardmechanism DP,SpoC,SRO b thesufficiencyoftheICCanditsinspectorateasanexternalsafeguard c thetransparencyofthetwosafeguardstoexternaloversightbythepress/public
9.
Thefirstisselfevidentlyimportant,andisscrutinisedintheICC'sannualreport,andthose reportsofferbothquantitativeandqualitativecauseforconcern.Thesecondissueisnota matterofqualitybutofscaleessentiallythedisproportionatevolumeofCommunications Datarequests,versusthesmallsizeoftheinspectorate.Thesetwoproblemscouldbothbe amelioratedbygreatertransparency requiringbetterdatacaptureinthefirstinstance ,so thatjournalistscouldstandabetterchanceofholdingpublicauthoritiestoaccountfortheir failures.Theissueoftransparencyandopendatasharingbybothpublicauthoritiesandthe ICCisthereforeoftheutmostconcern. 10. ThebestindependentworkontheinternalsafeguardshasbeendonebyAliceRossofThe BureauofInvestigativeJournalism TBIJ .ShesubmittedaseriesofFreedomof Information FoI requeststoallthePoliceForcesinEngland&Wales,andScotland,asking forthenumbersofRIPAaccessrequestsfrom20062011andtheproportionrejectedbythe DP.Herspreadsheetindicatesthatelevenofthethirtyeightforces includingthe MetropolitanPolice havenotprovidedthisdataattimeofsubmission.Herreportis summarisedhere:http://www.thebureauinvestigates.com/2012/04/05/variationsin policeaccesstophonerecordsraiseconcernsaboutoversight/
11. RossfoundsignificantdisparitiesbetweenpoliceforcesintheratesofrejectionofRIPA requestsbyDPs,rangingfrom0.19%toover30%.Whilstsomedemographic/geographical factors urban/rural,sizeofforceetc mightexplainpartofthis,eithersomeforceswere operatinganincrediblylaxsystemofinternalpushbackbyDPs,orotherforceswere submittingtotheDPahighproportionofinappropriateRIPArequests.Eitherwouldbe worrying,andourinabilitytosaywhichitisshouldalsobeofconcern.Theadequacyof training,andthestandardisationofproceduresshouldbeapriorityinmakingtheinternal regimemorerobustifitistocontinue.Thiswouldalsohelpmanagetheerrorrateidentified asrisinginthemostrecentICCreport. 12. Thereisworryinganecdotalevidence,bothfromRossbutalsointherecentICCAnnual Reports,thatthestrictoperationalindependenceofDPsfromtheinvestigatingunitseeking theRIPArequestisnotuniversallyguaranteed.Thisamountstoselfauthorisationof warrantlessinterceptionandinmyviewisthemosttroublingfailureoftheinternal mechanismofoversight.WhilstveryoccasionalinstancesinSpecialistForces suchasanti corruptionunitsinvestigatingthepolicethemselves mightrequirethistoensuresecrecyof operationsinternally,thereshouldbenoexcuseforthemajorityofpublicauthoritiesnot havinganentirelyoperationallyindependentDP. 13. Rossalsonotesthatcouncilsseemtobeespeciallytroublesome9%oferrorsrelatedtothe insufficientseniorityoftheDP,therewasfrequentfailuretogivereasonsforapproval,and aninstancewhereanApplicantwasalsoboththeDPandtheSPoC.ItisstrangethattheICC isnotvocallydissatisfiedwiththeuseofRIPApowersbycouncils,whocollectivelyaccount
81
for0.4%oftotalapplicationsbut10%oftotalidentifiederrors. 14. InthecourseofinvestigatingaspectsofthePhoneHackingscandalraisedbytheLeveson Inquiryproceedings,IwroteanarticleonthecurrentstateoftheICCinspectionregime,and itsfailings.Itshouldbeofextremeembarrassmenttousallthatoneofthelargestscale scandalsinmoderntimeswasrootedinthemisuseofinterceptedCommunicationsData especially'pinging'mobilephonestoascertainthelocationofcelebrities ,thattheNew YorkTimesreportedthatitwaspartlyduetoinformationobtainedunlawfullyoverthe courseofmanyyears,andthatthisentiresituationwentunnoticedinthereportsoftheICC. Imeannocriticismofthoseinvolvedmerelythatthevolumeofrequestsversusthefunding providedforexternalscrutinyandsafeguardsweresomismatchedastomakethetask impossible.Itisthesystemofoversightthatisinsufficient,nottheeffortsofthosewithan impossibletaskontheirhands.Ifhundredsofmillionsofpoundsaretobespentasproposed bytheDraftCommunicationsBill,isittoomuchtoexpectproportionatesumsshouldbe spentonrigidlyenforcingprivacyrights? 15. MyarticleonRIPAandpingingcanbereadhere: http://gregcallus.tumblr.com/post/20290988744/phonehackingmorepingingstill governmentpolicyandaparticularlyinterestingresponsebyleadingLiberalDemocrat bloggerMarkPackmayalsobeworthyourtime:http://www.markpack.org.uk/31123/six reasonstheinterceptionofcommunicationscommissionerhasfailed/ 16. Togiveaquickindicationofscale,inlastyear'sICCreport,therateofCommunicationsData accessrequestswasupto552,000orso,anincreaseof5%onthepreviousyear.Thereisno perfectwayofcorrelatingthistonumberofpeopleaffected:severalindividuals'datacanbe affectedbyasinglerequest,butasingleindividualcanbethesubjectofmanyaccess requests.However,thevolumeofrequestsaloneshouldgivepauseforthoughtastohowthis scaleofrequestscaneverbescrutinisedbyaChiefInspectorandfivecolleagues,whoalso havetooverseethe500 ContentDatawarrantsbyWIDs,andprisonercommunications interceptionsaswell.Samplingwouldbetheonlyway,andsamplingisidentifyingworrying numbersoferrors,butwhenevenasingleinstanceofunlawfulcommunicationsinterception issodeepabreachoftheindividualsprivacy,Idonotthinkthatthepaucityofexternal reviewisanythingclosetobeingadequate. 17. Ofgreatestconcernistheestimated31,000interceptionsofCommunicationsDataunderthe UrgentOralProcedure upfrom21,000orsothepreviousyear .Designedtosavetimeinlife andlimbdanger,forterroristplotsinprogressandkidnappings,itlowersthestandardsof oversightandrecordkeeping,makingscrutinybyeithertheICCinspectorateorothers almostimpossible.A50%increaseinUrgentOralRIPArequestssuggestseitherastartling leapinthedetectionofkidnappingsandterroristactivitythatsomehoweludedthenation's press,oragrowingmisuseofmorelaxroutestoaccessingCommunicationsData. 18. LackofdataeventhetotalnumbersofRIPAapplications versusthenumbersgranted is notuniversallyavailableanddatapaucitymakethesystemofsafeguardsopaqueto externalreview.Inmanypoliceforces,wecannotknowhowmanyaccessrequestsaremade, howmanyareinformallyrejected,whytheyarerejected.Thetypesofprocessmanagement softwarecommonplaceincommercialentitiesfororder/invoicemanagement asbuiltby companiessuchasSAPorORACLE seemswoefullylackinginthenoncommercialtradein CommunicationsData.Acentralisedsecuresystemforrequesthandling,authorisationbyDP, communicationtoSPOCandthenontoSCP,returnofdata,allwithtimestamps,reasoncodes andcomputerisedidentitycheckswouldgreatlyassistthesusceptibilityoftheRIPAregime tobothICCandjournalisticscrutiny. 19. Earlierthisyear,aspartofastoryIwasworkingon,IsentanFoIapplicationtotheHome Officerequestingthenamesandranks only ofthepastandpresentDP,SpoC,andSROat eachPoliceForceinEngland&Wales.MyFoIrequestwasturneddownongroundsthat releasingthenameswouldbeabreachoftheDataProtectionprinciples,whichisan allowableexceptionalbeit inmyview woefullymisappliedinthiscase.Internalreviewof
82
thisdecisionsawitupheld,andsoIhavereferredthecasetotheInformation Commissioner'sOffice. 20. TheDataProtectionprinciplesareimportant,buttheroleofscrutinisinglargescale surveillanceisapublicrole,andthepublicareentitledtoknowwhofulfilsthatrole.How elsecanajournalistdiscovertherelationshipsbetweenoperationalstaffandtheDPwho authorisestheirinterceptions?HowelsecanjournalistsdiscoveraDPwhoalsoactsasa SPoC?Howcanitbeprivatepersonalinformationforanypoliceofficertoholdthepositionof SeniorResponsibleOfficerforRIPAauthorisationsatherpoliceforce,andyetjournalists arenotabletoknowwhomtoholdresponsible,orevenhowseniorshemightbe? 21. IhaveconfidencethattheICOwillfollowcaselawinthisarea,andcompeltheHomeOffice toreleasewhatinformationithas,butthisisacommonthemeinRIPAstories.Comparedto morematureprocessessuchascivillitigationproceedings,orcriminaljusticefromarrest onwards,theRIPAregimeisincrediblyawkwardandopaque.AliceRosstoldmethatshe wasunabletoevencontacttheICC'soffice sometimesreferredtoastheIoCCO unableto actuallygetanaddressorphonenumberforthem,letalonereachapressofficerfor comment. 22. TheRIPAregimeoustedtheclassicalroleofthejudiciaryinissuingwarrantsforinvasive searches.ItisunlikelythattheDraftCommunicationsBillwillradicallychangethatposition. Ifwearetoacceptthepermanentlossofformaljudicialscrutinyinfavourofinternal authorisationandasmallinspectorate,thentwothingsbecomenecessary:transparencyof theinternalsafeguardsprocess,andanimprovedworkingrelationshipbetweentheIoCCO andthepress,sothatinlieuoftheadditionalmanpowerthatseemsunlikelytobe forthcoming,theinspectoratecanrelyonsupportofjournalistsinholdingpublicauthorities toaccount. 23. Inthetimeandspaceavailable,thiscouldonlybeawhistlestoptourofconcernsfromthe perspectiveofinvestigativejournalism.Ihopethatitbringssomesmallnoveltyof perspectiveorinformationthatmightproveusefulforyourpurpose.Ifthereisanywayin whichIcanassisttheJointCommitteefurther,pleasedonothesitatetocontactme.
August2012
83
Graeme Carter
1.ThedraftBillistheelectronicequivalentofplacingaGovernmentofficialineverypostalsorting officetorecordthedetailsofallmail. 2.AsDavidDavisMPhasstated,careercriminals oranyonewithanyunderstandingofinternet technology willbeabletoevadethemeasuresproposed. 3.PreviouslegislationsuchasRIPAhasbeenmisusedasdocumentedinnewspaperreports.Can therebeanydoubtthatthecurrentproposalswillsimilarlybemisused? 4.Officialsthroughouttheageshavesoughtthisdegreeofsurveillance.Willnobodystandupto them? 5.Justbecausesomethingismadepossiblethroughtechnologydoesnotmakeitdesirable:ifyou couldntdoitinonemedium,youshouldntdoitinanother. 6.TheseproposalssucceedbecausefewMPsandnoministershavethemoralfibretotellthepublic thatifwewishtoretainourhistoriclibertieswemaypayapriceinincreasedexposuretoterrorist andotherrisks.Officialstradeonthisweaknessbyadvisingministersthattheycanstandupinfront ofthecamerastosaytheyhavedonetheirbest. 7.Ifmorepeopledieinroadtrafficaccidentsthanthroughterrorism,whatdoesthatsayabout todaysprioritiesanddecisiontaking? 8.OtherActshavetakenthepowertoissuewarrantsoutofthehandsofmagistratesandintothe handsofunelectedofficials.Howmuchmoreofthisistobetolerated? 9.IfthisBillbecomeslawthenattheveryleasttheseniorinvestigatingofficerinacaseshouldhave torequestamagistrateswarranttoobtaindata,or,failingthat,awarrantshouldbesignedbythe electedPoliceCommissionerforthearea. August2012
84
Sean Cheshire
1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill?Gatheringdata oneveryUKcitizen,regardlessofifacrimehasbeencommitted 2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill?No 3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy?Itfitssowell,itcompletelysquashesanyprivacy /sarcasm 4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata?Requirewarrantbeforedataiscollected 5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider?Requirewarrantbeforedataiscollected 6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata?Zeroretention 7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasures thatcouldbescrappedasaquidproquotorebalancecivilliberties?Sackallthelawmakers,andhave themstartagain 8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKas alessattractivebase.Whatmightbetheeffectonbusiness?communicationsserviceproviderswill haveasignificantbarriertoentry,asthecostsinvolvedinsettingupthemonitoringrequiredare prohivitive Costs: 9.Istheestimatedcostof1.8bnover10yearsrealistic?No1.8bneveryyearwillbeclosertothe realcosts 10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic?Whatbenefits? Scope: 11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate? DotheysensiblydefinethescopeofthepowersinthedraftBill?Scopeistoowidetomakethisa reasonablequestion 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder?Novariation.Warrant required. 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty?Unrealistic foranyoverseasproviderSovereignlawappliesonlytostatenotanyotherstate UseofCommunicationsData: 14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect?Useofdatashould beusedtodetectthecrimeslistedinthewarrant 15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort?ToolongZero retentionunlessprovidedforbyawarrant
85
Safeguards: 16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR?Warrantrequiredforspecificinvestigation 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapply toallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe?Warrantsrequiredforallagencies,to includeSecretaryofState,andallgovernmentorganisations,includingMI5/6 18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible?No ParliamentaryOversight: 19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? No.Parliamentcannotbetrusted,astheycameupwiththislegislationinthefirstplace. Enforcement: 20.Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywith therequirementsofthedraftBill?Nopenaltiesshouldbeimposeduntilawarrantsystemisinplace 21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthe draftBillamounttoanoffence?Anypublicauthoritythatinappropriatelyaccessesthedatashould haveanyevidenceobtainedfromthataccessbarredfromanyandallcourts.Individualsthataccess thedataforpersonalreasonsshouldbedismissed,andinvestigatedforcriminaltrespass.Thiswould applytolawenforcementandMPswithoutexception Technical: 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent?Inthe currentcontext,itisavailable,butunlesstheamountsgiveninmyanswertoquestion9aretaken intoaccount,thecostwouldbeprohivitive 23.Howsafelycancommunicationsdatabestored?Bynotstoringitinthefirstplace. 24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible?No. 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? withcurrenttechnology,fairlyeasy.AprivateVPNtoanothercountrywillprovideyouwithawhole bunchofencrypteddata.Onlythosewhoareinherentlystupid whichthepolicecancatchwithout help orthosethathavenothingtohidewillgettheirdatastored.Thosethataretechnologically smart,orhavethemoneytopaysomeonetosetitupforthem,willbesafe,astheirdatawouldbeina formatthatcouldnotbedecrypted. 26.Arethereconcernsabouttheconsequencesofdecryption?No,forthereasonlistedintheanswer toquestion25 August2012
86
The Coalition for a Digital Economy

1.Introduction 1.1 The Coalition for a Digital Economy Coadec is an independent, nonprofit organisation that works to give UK digital startups and entrepreneurs their own voice in policy discussions and support legislation and other government policies that foster a vibrant, innovative and sustainable digital economy for Britain. We are made up of a wide range of members of the UK innovation community, including entrepreneurs, leaders of techdriven startups and SMEs, inventors and developers, and many others who believe that the future of Britain lies in the success of its digital economy. 1.2Weareawareofmanyindividualsandorganisationsthatwillrespondtotheconsultationonthe arguments surrounding the draft Bill's impact upon civil liberties and the technical problems surroundingtheimplementationofsuchabill,wewillberespondingonthebasisthatthebillmay havedetrimentaleffectonthebusinessesofthedigitalstartupsandentrepreneursthatweworkwith whowillfallintothecategoriesofCommunicationsServiceProviders CSPs . 1.3WeunderstandtheGovernment'saimandtheCSPsweworkwithallowforandaremorethan keentocomplywithlawfulrequestsfordata.IntheUKwehavesomeofthebesttimefordisclosure in the developed world and there are many existing methods for Government to obtain communications data from CSPs. On examining some of the new provisions within this Bill the businessesweworkwithwereextremelyconcernedonanumberoffronts. 1.4AsrequestedbyintheJointCommittee'scallforevidence,wehavekeptoursubmissionbrief.The discussionpointsbelowseektoaddressthemostrelevantquestionstothebusinessesweworkwith, butnotallofthequestionsinthecallforevidence. 2.Definitions 2.1WithregardstothedefinitionsofcommunicationsdataandCommunicationsServiceProvider,it is unclear whether the Home Office intended for these to be quite as broad as they could be theoreticallyapplied. 2.2ThedefinitionsastheycurrentlystandthrowupquestionssuchaswouldsmallandmediumCSPs beincluded?Doesitmatterifcommunicationsisonlyasmallaspectofyourbusiness?Isthelocation oftheserversanissue? 2.3 Under the current proposals any business providing any element of communications could be requiredtocollectdataontheirsubscribers.Thismeansitwouldnotjustbebigdigitalbusinesses whospecificallyprovideacommunicationsservice,suchasasocialnetworkoranemailprovider,but also retail sites that allow buyers to communicate with sellers, a recruitment website that allows employees to respond to adverts, a personal finance site that has contactable advisers, and many more. 2.4 These unclear definitions would create a legal uncertainty around digital startups and whether they would be required to comply with these measures. Uncertainty is a major disincentive for investors.AtatimewhenwearelookingtoincreaseinwardinvestmentinUKbusinesses,certaintyin cleardefinitionsisvital. 3.Costs 3.1 We are disappointed by the lack of consultation undertaken by the Home Office before these measures were proposed. When conducting the Impact Assessment to support the Bill which determinedthecostlevelannounced,theHomeOfficeonlyconsultedusersofthedata.Infailingto consultmorewidelywiththeCSPswhowouldbeexpecttodeliverthesesystemsitisdifficulttosee howthecostshavebeendetermined. 3.2Therearefurtherunknownfactorsthatmeanthepreviouscostscalculatedasthereremaintoo many unknown factors in the proposals. As mentioned earlier in this response the definitions are extremelybroad,soitisdifficulttodeterminethenumberofbusinessesthatwillbeaffected.Ifthere is no provision for small businesses, every single entrepreneur developing a digital business with somecommunicationselementcouldberequiredtoinvesttimeandcapitaldevelopingasystemto complyandrecoupthecosts. 3.3Thiswouldn'tjustapplytoexistingdigitalbusinesses.Thecostsforthispolicyaretobeapplied on a 10year basis, however 10 years ago many of the services we regularly use today didn't exist
87
suchasTwitter,Facebook,GmailandSkype.AsUKstartupsgrow,andtheaimofseeingworldleading digitalcommunicationsbusinessestorivalexistingorganisationstocomefromtheUKisrealised,this cost could increase phenomenally in a few short years. 4.Collectionandretention 4.1 As well as the initial concerns about whether digital startups and SMEs would be required to complywithsuchanorder,mostofthebusinesseswespoketoweredisturbedbythepossibilityof being asked to develop standardised systems for data collection and to retain data they would not normallycollect. 4.2Entrepreneurs,andearlystagestartupswhichoftenconsistofteamsof2or3peoplewouldface huge challenges installing collection systems and setting up automated access systems without compromising the security of their systems. Increasingly startups are encouraged to develop using leantechniquestodevelopproductsandserviceswithoutlargeamountsofinitialfunding,andoneof themostimportantprinciplesbehindthisisminimumviableproduct.Theideaistocreateaversion of a product or service that serves a test function and release it as soon as possible in order to continuetoiterateandreleaserepeatedlytorefinetheproduct. 4.3 Being forced to build into each iteration a standardised system for collecting, retaining and makingaccessiblecommunicationsdatawouldseverelyimpactuponadigitalbusinessesabilitytodo productdevelopmentandthesystemswillinalllikelihoodhavetoberegularlyupdatedtocopewith growthandanyadditionalservicesthathavebeenadded. 4.4Askingstartupstoretaindatathattheydonotneedinthecourseoftheirbusinesswouldseemto addanadditionalbarriertoentryandcapitalexpenseincollectionresourcesandimpactupontheir existing relationships with the customers. This was a core concern of the businesses we spoke to about these proposals who value the privacy of their customers data. They were shocked at the possibility of being asked to retain data without their subscribers knowledge and potentially being asked to disclose this without the option of having oversight of the data that would be released. 4.5 This would take away the control customers have over the privacy and use of their data out of theirhands.ForcustomersnotbasedintheUKthiswouldinalllikelihooddrivethemtousesystems basedelsewhereandbusinessesbasedoutsidetheUKwouldbeabletomarkettheirservicesonthe basisthattheydidnotautomatedsystemstoprovidelawenforcementagencieswithcustomersdata withoutanyoversightwhenincompetitionwithaUKbasedfirm. 5.Innovation 5.1 Asking digital businesses to standardise their data collection systems fundamentally misunderstandsthewaydigitalbusinessesaredeveloped.Theveryarchitectureofadigitalbusiness restsuponthewaytheyhandlethedatatheycollect.Ifdigitalbusinessesareforcedtostandardise thisyouriskkillinginnovationandkeepingUKbusinessesstuckin2012fortheforeseeablefuture. 5.2WealreadyfaceashortageofskilledcodersanddevelopersintheUK,andtheGovernmenthas recognised this and kickstarted the process of reforming ICT GCSEs to make them more able to deliver programming skills desperately required in digital industry. If you inhibit their ability to innovate they will be increasingly likely to be attracted by the prospect of growing their business abroad. 6.Growthofstartups 6.1IntheUKover8.3%ofourGDPisgeneratedthroughtheInternet,whichisalargersharethan anyotherEUeconomy.In2010thiswasworth121billion. Inatimewherewearelookingtothis vitalsourceofgrowthcreatinganewabarriertoentrywouldseemtocounterthePrimeMinister's aimtomaketheUKthebestplaceintheworldtostart,runandgrowahitechcompany. 6.2 Our fundamental concern regarding the process is that while the impact assessment seeks to determine the cost, and the Home Secretary has recognised the concern on the impact on civil liberties,nowhereintheBillorinstatementsfromtheHomeOfficehastheeffectthisbillwillhave onsmallbusinessesbeenrecognised. 6.3 To highlight some of the arguments we have made in this submission below are two existing businessesweworkwithwhocouldberequiredtocomplywithanorder. Zummer www.zummer.co
88
ThiskindofproposalcreatesanimpossiblesituationwhereIwouldbeexpectedtomakeall dataaccessiblewhilesimultaneouslyexpectingmetoclampdownondataintrusion.While thepoweroftheinternetcancauseconcernsformonitoringcommunicationactivity,onthe flipsideisitmeansIcanincorporatemycompanyanddatainanothercountry,whichwould seemfarmoreappealingifthisbillweretobepassedasitis.IfIwasgivenawarrantthat orderedmetohandoverdatathenofcourseIwouldcomply,buttheonuswouldn'tbeonme toputitinastandardisedformatforthepolice,thatsnotmyjob,anddoesn'tearnmoneyfor me,mybusiness,ormyinvestors.
Asocialappthatallowsuserstocreatealivewallforavarietyofusesincludinganevent,a topic, a question, and many other. The walls created on Zummer update in realtime, and feature photos, videos, locations, songs and comments can all be added to the live walls. Zummer was founded by Tony Million, a successful entrepreneur who previously co developedtheSoniquemediaplayerthathadover100millionusersinitspeakandwassold toLycosfor$55million. Tonytoldus:
7.Conclusions 7.1Whilewearegratefulthatwehavebeenaffordedthisopportunitytocommentontheproposals, itisourbeliefthatmanyoftheobjectionscouldhavebeenaddressedwithafullconsultationprocess, where expert opinion could have been consulted to avoid some of the most apparent flaws, particularlyinrelationtothetechnicalissues. 7.2Thebillasitcurrentlystandsunderminesthefundamentalnatureofdigitalbusinessesbydictating howtheyhandletheirdata.Itthreatensinnovationandrisksdrivingdigitalbusinessesawayfromthe UKbyreducingtheUK'scompetitiveness. 7.3 Thereneedstobeafullandproperconsultationprocess so the issues can be discussedand the Governmentcangarnerapropersoundingofthepublic'samenabilitytowardstheseproposalsand thebusinessesaffectedcanhavetheirconsiderationstakenintoaccount. 7.4 The cost needs to be more accurately assessed with supporting evidence and consultation with thosewhowillbeexpectedtodeliverthesesystem. 7.5Therangeofdatathatcanbecollectedfromabusinessshouldbelimitedtocommunicationsdata theyalreadycreateaspartoftheirregularbusinessactivitiesratherthanadditionaldatatheydonot use, and requirement for standardising data collection should be reconsidered as it undermines startupsabilitytoinnovateandgrow. August2012
We are particularly concerned aboutthe proposals as we would find itdifficulttoput up, eventemporarily,anyextracostsofimplementingasystemliketheonethatisproposed.We would also be concerned about any extra data we would be compelled to collect from our providers who use our service which could deter them from wanting to be listed on our platform.
Teddle www.teddle.com Teddle is an online service that connects providers with their community enabling customers tobook quality local servicessuchas cleaners, plumbers, carpenters,tutorsand manymore,instantly.TeddlewasfoundedbyJulesColeman,AlexDepledgeandTomNimmo andtheyfirmlybelievethatlocalsmallbusinessisattheheartofeverycommunityandtheir platformaimstohelpcustomersfeelpartoftheircommunitywhilealsodrivingmoneyand growthintothelocaleconomy. Theytoldus:
89
Wendy Cockcroft
ThesearemycommentsontheCommunicationsDataBill,AKAtheSnooper'sCharter,proposals.To cutalongstoryshort,theproposedbillisapointlesswasteoftimeandamassiveintrusionintothe privacyofthecitizensandresidentsoftheUK.Itrepresentsthevenal,selfish,sleazystateofthe membersoftheGovernmentwhoproposeditandisablightonBritain'srecordasafreeandfair country.Getridofitnow!Thisiswhy: General:
1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill?
2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill?
Ithasinsomeways:itwantstobeabletofindoutwhowehavebeencommunicatingwithonour phones,inourlettersandinouremails. However,ithasn'ttolduswhichprivatecontractorswillbeinvolvedandwhatfor.Italsohasn't explainedwhat"abusinesscase"forthecommunicationsdatarequiredbythelocalauthoritiesis.It alsohasn'ttolduswhyblanketsurveillanceofthepopulationisnecessarywhenatargetedapproach wouldbemoreeffective.
3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy?
No,notatall.Ifanything,ithasconvincedusthatthey'reinthralltotheindustrylobbyistswhostand togainconsiderablyfromthisintermsofdatamining that'swhatthe"businesscase"is,isn'tit? and managementfees.It'sparticularlygallingtolearnthatwetaxpayersaretofootthebillforthis nonsense.We'rehavingnoneofit! Itisoutrageousthatanygovernmentofficialwantstoknow,withoutawarrant,whoI'vebeen communicatingwithbymail,phone,oremail.It'sapresumptionofguilt!Haven'tyouheardofHabeas Corpus?Oh,wait,you'replanningtogetridofit.Sillyme,Ikeepforgettinghowmuchyouaredoing todismantlethestructureofourdemocracy.
4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata?
Nottocopytheoppressiveregimeswherethisisinforce.Haveyounoticedhowbadlytheir economiesaredoing?Chinaisonlyworkingatthelevelitisbecauseithasdevalueditscurrencies, practicesprotectionism,andpermitsWesterncompaniestooutsourcejobstothem.Stopoutsourcing andthetruthisrevealed:oppressionisbadfortheeconomy.Contrastthatwithcountriesthatdonot receivethesamelevelofFDA foreigndirectinvestment andyou'llseeIamright. Thecurrentproposalscreatemorehaystackstohideneedlesin.Atargetedapproachwithwarrants requiredtoaccessthedataworksmoreefficiently.Warrantssafeguardourrights,andmustbeissued forallattemptstoputanyoneundersurveillance.Warrantscanbeissuedperpersonratherthanper item,Iwouldn'topposethat.
5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider?
90
6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata?

Getridofallretention.Don'tretainanydatawithoutawarrant!
7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasures thatcouldbescrappedasaquidproquotorebalancecivilliberties?
Civillibertiesareunbalancedasitis.Getridofdataretentionexceptaspartofacriminal investigation.
8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKas alessattractivebase.Whatmightbetheeffectonbusiness?
Costs: ISPsthemselvesarebestplacedtotellyouthat.http://www.meritalk.com/pdfs/big data/MeriTalk_Big_Data_Gap_Press_Release.pdfprovidesanideaofwhatthislookslike.Bearinmind thatwhentheycollectthedatatheyhavetostoreitandthatmeansbuyingmoreservers.You demandthattheyunderwritethecostofthispointless,wastefulexercise,andtheyhavetopassthe costsontous.We'reinthemiddleofarecessionandI'mawebdesigner.Thisraisesmyoperating costs.WhyshouldIsupportitifit'sdoingnothingapartfromprovidingapowertripforsome bureaucrat?ShowmeAbenefit.Justone. Nowthinkaboutthetimespentlookingfortheinformationyouwant.Actuallythinkaboutit.Let's makethiseasyenoughforapoliticiantounderstand:ifyouhaveanemailaccountandgetalotof emails,howdoyoufindtheemailyouarelookingfor?InGmailthere'sasearchfunction.Imayusea nameorakeywordtofindwhatI'mlookingforbutitcantakesomeconsiderabletime,eveninmy ownpersonalemailaccount,tofindtheitemIamlookingforifthekeywordornameIamusingas thesearchtermisrepeatedalotintheemailsIhavestored. Nowmultiplythisbyabout50millionandyou'llseetheproblem.Someofushavemultipleemail accounts.Icertainlydo.NOWcanyouseetheproblem?Andyouwonderwhywefightagainstthis?
9.Istheestimatedcostof1.8bnover10yearsrealistic?
10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic?
No,notatall.Everytimethegovernmentcomesupwithaprojectedcostfornonsenseofthiskind, theactualcostsspiraloutofcontrol.
No,it'snonsense.Firstofall,wethetaxpayers,whovotedtheliarswhosaidtheywouldrollbackthe surveillancestateintooffice,areobligedtopaymoretoourISPstofacilitatethiswastefulnonsense. Theywillneedmoreserversandthewarehousespacetostorethemintostoreourdata. Actuallydecryptingthisisanothermatteraltogethersothedataitselfisjustsittingthereinthe servers,gatheringdustandcobwebs. Thenyouhavetopayforthemanhourstotrytogetholdofapieceofinformationusingsearchterms that,asIpointedoutearlier,maywellapplytohundredsofthousandsofotherpeople.Goodluckwith that. Trustmeonthis,the56bn probablymore willbegoingtotheprivatecontractorsyouplantoget tooverseethedataretentionanddecryption. Scope:
91
11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate? DotheysensiblydefinethescopeofthepowersinthedraftBill?
No,becausetheydismissthelegitimateconcernswehavethattheinformationwillbemishandled andthepowersabused.
12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder?
No.Getawarrant.Andgetridofthebill.
Ah,soyou'venoticedtheflawsintheplan?Theonlysolutionisconsolidationandpermittingthe centralizationthatwouldmaketheinternetvulnerabletoattack.Decentralizationiswhatkeepsit afloat.Ifyoudon'tunderstandhowitworks,don'tlegislateforit.
13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty?
14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect?
Allofthem,usingawarrant,inatargetedapproachthataccessesthecommunicationsdataofthe subjectsoftheinvestigation,notallofus.
15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort?
16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR?

Getawarrant!
Safeguards: Thereshouldbenomassdataretentionatall.ThesafeguardsareinadequateandasIpointedoutit's apresumptionofguilt.
17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapply toallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe?
18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible?
Warrantsshouldberequiredbyanyandallpersonsandagencieswhowishtohaveaccesstoour communicationsdata.Warrantsperpersonratherthanbyitemthatdescribethescopeandpurpose oftheinformationrequired,withevidenceforprobablecause,willsuffice.Resourcerequirementsfor thiswouldbelowerbecauseofthemanhoursthatwouldbespentdiggingforthisinformationwould befewerthaninamasssurveillancesituation. No,notatall. ParliamentaryOversight: Pointless,sinceyou'reinthebusinessoferodingourprivacyrights.Whywouldsomeonewhocares nothingforourprivacywanttoprotectitanddefendourrights?It'soxymoronic.
92
20.Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywith therequirementsofthedraftBill?
No,andIdon'tbelieveforamomentthattheywouldbeenforcedatall.
No,notatall. Enforcement: Notgonnahappen.RememberJeanCharlesdeMenezes?That'swhy.You'dletsomethingawful happen,shrug,sayit'snotyourfault,thendoitagain.Andagain,andagain.
19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory?
21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthe draftBillamounttoanoffence?

Youshouldjustscrapthebill.
Notreally.Imagineawallbetweenyouandthepropertyofthemannextdoor.Itcomesuptoyourhip inheight.It'saboundarymark,butthat'sit.Ifyouwanttotakeashortcuttogettohishouseyouhave onlytoclimboverthewall.Notevenclimb.Onelegover,thentheother,andyou'rethere.
22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent?
23.Howsafelycancommunicationsdatabestored?
Don't,exceptaspartofacriminalinvestigationunderjudicialauthority,withawarrant.
24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible?
It'sallahugepileofhogwashbecausethere'sahugegulfbetweenwhatyouclaimyouwantandwhat wouldactuallyhappeninpractice.
25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill?
VPNs,meshnetworking,codedconversations,othermethodsofcommunicationincludingtalkingto eachotherinlocationsoutofthereachofsurveillanceequipment.StopwatchingJamesBondand thinkabouthowpeopleactuallyoperateinpractice.DavidDaviesputitbestwhenhesaidyou'dcatch theinnocentandtheincompetent.He'sright,payattentiontohim.
26.Arethereconcernsabouttheconsequencesofdecryption?
Theymightinterferewiththeoperationoftheinternetitself,theymaycreatevulnerabilitiesfor criminalstoexploit...youknowhowverminandweedsdevelopimmunitytopoisons?That,buton theinternet.Peoplewillfindwaystostrengthenencryptionandyouwillfindwaystobreakit.See malwarefordetails. Conclusion: Youreallyhaven'tthoughtthisthrough,haveyou?Stopmessingwiththeinternetandstoperoding ourprivacyrights.Allthissurveillanceisacostlyfavourtotheprivatecontractorswhohave frightenedyouintoit.RemembertheSeventiesandEightieswhentheIRAwerebombingthe
93
country?Rememberthecompletelackofcallsforgeneralpublicsurveillance?Ilivedthroughthat andcanassureyouthatmasssurveillanceofthepublicisunwantedandunnecessary.Stopitnow! August2012
94
Paul Connolly
IamanaccountantlivingandworkinginNorthampton.AlthoughIcalluponmyownexperiencesin life,publicfinanceandITprojectfinanceinthisdocument,I'mnotholdingmyselfoutasanexpertin anyfield,rathersimplyasaninformedandconcernedcitizen. BelowIgivemypersonalopinionsrelatingtothedraftCommunicationsDataBillandwouldaskthat theJointCommitteeconsiderthesewhendeliberatingthebill. Ithinkthebillshouldbecompletelyscrapped.IhaveconcentratedonthreemainreasonswhyIthink this: DirectconflictwiththeHumanRightsAct. Technicalunfeasibility. Financialdetrimenttosmallbusinessandthuscreatingeconomicdamage. 1.DirectconflictwiththeHumanRightsAct 1.1ThebasicthrustofthebillisforInternetServiceProviders ISPs toautomaticallycollectnew widersetsofdatathateachcitizenhastransmitted.Nosuspicionofwrongdoingisneededto warrantthisexpansionofcollection,thisinformationistobegatheredbyvirtueofthesimplefact thatthecitizenexistsandcommunicates. 1.2Thisimpliesthateveryoneisundersuspicion,thattheiractionshavebeenrecordedasevidence fortheirpossiblefutureprosecution,waitingonlyforthepolicetoturntheirattentiontothat particularcitizenwhenthetimecomestoinvestigatethem. 1.3Promotersofthisbillarequicktoassureusthatthe"content" e.g.themessageinsidetheemail, ortelephoneconversation willnotbekept,andonlythe"communicationdata" whorangwhom, when,fromwhereandforhowlong willbekept. 1.4Thisstatementseemsintendedtoplacateoppositiontothebill,butbeliesthetruthofthe staggeringpowerthatprofilingwithcommunicationsdataactuallyhas.Imaginethat,ifGoogle,with currentcommunicationsdata,canautomaticallydropadvertsontoyourwebpagethatarespookily closetoyourowntastesandpastimes,thenwhataconcertedeffortbythesecurityforcescouldput togetherfromayetwideranddeepersetofyourcommunicationsdata. 1.5ThefalseimprisonmentoftheBirminghamSixspringstomind.Theywereinthewrongplaceat thewrongtimebut"fittedtheprofile". 1.6The"communicationsdata"asdescribedinthebillisclearly"correspondence"asdescribedinthe HumanRightsActarticle8.1.Bydenyingthecitizen'srighttokeephisorherdatafreefrom systematiccataloguingasevidence,thestatewouldnotberespectingprivatelifeandfamilyofits citizensnortheircorrespondence. 2.Technicalunfeasibility 2.1Inordertostripoutfromacitizen'scommunicationsthe"content"andkeeponlythe "communicationsdata",theISPsmustusesomethingcalled"DeepPacketInspection".Thisisa techniqueperformedbypurposebuilthardwareorsoftware a"snifferprogram" which interrogateseachblockofdataasitcomesdowntheline. 2.2Ananalogywouldbetosayitistheelectronicequivalentofopeningtheenvelopethatcontains mylettertoJohn,recordingeverythingbefore"DearJohn"andeverythingafter"Yourssincerely", thenreplacingtheletterinto,andresealing,theenvelope,thensendingtheenvelopeonwardsto John. 2.3Inelectronicscommunications,ISPswouldneedtousethesesnifferprogramstodothisbut,these daystheresomanyofformsofelectronic"envelopes"thatcontainthisdata,including,butnot restrictedto,email,webmail,socialmessage,chatandgamingapplications,viop e.g.skype ,instant messaging. 2.4Thatmeansfirstly,thatwritingandtestingtheseprogramswouldbeenormouslyproblematicand costly,Iwillexplainfurther. 2.5Let'stakeanemail.Thesnifferprogramwouldfirsthavetointerceptandassemblethatemail, figureoutwhatiscontentandwhatiscommunicationsdata,takeexactlyonlythecommunications dataandleavethecontentbehind. 2.6Rememberthatifeventhesmallestpartofcontentdataispulled,thenthatdataasevidenceis inadmissibleincourt,sotheprogramhastobehonedtonearperfection.
95
2.7Intheolddays,withaconventionalemail,mostofthiscommunicationsdatainformationsat convenientlyinanareacalledthe"header",whereitwaseasytogetatandstripout.Butwith webmail,itisnowmingledwiththe"html"codescatteredinthebodyofthewebpage. 2.8Astheuseofthistypeofwebcommunicationsgrows,thecomplexityofthesesnifferprograms willneedtobecomemoresophisticated.Themanipulationthattheseprogramsperformeffectsthe webpage'stransmissionspeed,soevenifthelexicographicalhurdlesweresomehowovercame,the speedoftheinternetwoulddramaticallyslowdown akintoChina . 2.9Overtimetheproblemofthisintermingledcontentandcommunicationsdatawithinwebpages wouldhitmoredifficulties: 2.10Everytimeachangeinthewiderinternetoccurs, agoodexamplewouldbethecurrentHTML5 rollout ,webpagecodewouldchangeandthesesnifferprogramswouldneedrecalibrating.A humanbeingwouldagainhavetounpickthehtmlcodetoseparatethecontentfromthedata communicationstoupdatethesnifferprogram. 2.11ThishumanwouldneedtobeanintelligentandexperiencedITprofessionalwhounderstands codeandthenatureofdata.Itisunlikelythatsuchpeoplewouldbeinterestedinsuchboringand unsatisfyingwork. 3.Financialdetrimenttosmallbusinessandthereforeeconomicdamage 3.1Thebillmentionstheimplementationcostbeing1.8bnandthebenefitsbeing5bnto6.2bn.I couldn'tfindanyitemisationofthesecostsandbenefitswhichiswhatIwouldexpectfromany professionallywritteninvestmentprojectproposal. 3.2GiventhespectacularfailureoftheIDcarddatabaseITproject;whereamalconceivedproject wasallowedtospendpublicmoneyunfetteredbeforecollapsing,thestateneedstoensurethesetting upofproperbudgetarycontrolintoitsproposals.Whichalsomeanssincereandtransparent attemptstoquantifytheirestimates. 3.3Theomissionofthesedetailspointseithertoanunwillingnesstosharetherealdetailor,justas worryingly,thattheHomeOfficecannotestimatethesecostsandbenefitsscientificallybecauseit doesn'tknowhowitwillimplementtheproject. 3.4Butevenourconcernoftheseunknowncosts,initself,isnotthemajorproblemhere.The cripplingeffectofthepushingofthatcostburdenontothesmallISPsistheproblem. 3.5WithDeepPacketInspectionsniffercapabilitydemandhigh,andcapableITtalentsupplylow, thentherecouldbealargefeeupliftdemandedbytheITdevelopersthatcandothiswork.SmallISPs wouldeitherhavetocaveintohighconsultingcostsorbebeholdentosomekindofsoftwareor hardwaresolutionofferedupbythebigplayerswhichtheywouldstillneedtomanage.Theywould stillenduppaying,eitherthroughexpensivetraining,orexpensivemaintenancecontracts. 3.6Abarriertoentrywouldbecreated,keepinghostingstartupsout.Thehostingindustrywould becomeincreasinglyvulnerabletothelargehostingcompanies. 3.7Largecompaniestendtoconsumetalentrathernurtureit.Theyconcentrateonconsolidating theircommercialpositionratherthandirectingcreativeenergythatconversely,aboundsinasmall business. 3.8Ifsmallbusinessesareeradicatedfromtheindustryinthisway,themultinationalswillbefreeto restructureoperationsviatheirfavouritetaxhavens e.g.similartowhatlargeinternetfirmsnowdo inIreland ,therebydenyingtheexchequerrightfultaxrevenuesfromoperationsintheUK,and createanothermarketfailurehereintheUK. August2012
96
Joe Corrall
General: 1. HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? No.Therehasbeenalargedegreeofdeflectionwhenaskeddirectquestionsaboutthescope andfocusofthebill. 2. HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedin thedraftBill? No.TheGovernmenthasnotprovidedstrongevidencethatexistingwarrantpowersare ineffectiveandthatthisleveloftrackingandsurveillancewillbepositive,ratherthan oppressive. 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusioninto individualsprivacy? Tomyperspective,whileEUlawsandotherorganisationsseektoprotectorenforceprivacy fortheindividual particularlytherecentdroppingoftheACTAproposalasanexample ,this isoddswiththatclimatebyenablinggreaterlossofprivacy. 4. Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? Haveyouconsiderednotspyingonyourowncitizens? 7. IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyother measuresthatcouldbescrappedasaquidproquotorebalancecivilliberties? Removalofonelibertyerodingmeasureshouldnotbeconsideredasacceptabletotradefor another.Wouldyoureplaceonedictatorwithanother? Costs: 9.Istheestimatedcostof1.8bnover10yearsrealistic? Absolutelynot.Giventhemassiveoverspendoneverysignificantgovernmentprojectforthelast10 yearstheoddsofhittingthisprojectedtarget10yearsinthefutureisvirtuallynil.Giventhecosts requiredinstoringtheamountofdataaimedtobecollectedalonewouldrackupbillsinthemillions peryear. 10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? Absolutelynot.Thisisageneralisedfigurepluckedfrommidairbasedonnothingbutassumptions. Storingdataandtrackingeverydigitalcitizenofthisnationcannotpossiblysavemoney,onlycost. Imamazedthisfigurehasbeenquotedasitshowsacompletenegligenceandperhapsignorancefor thebasictenantsofcommerce. Scope: 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? Intheeventofthisbillpassing,onlypoliceenforcementshouldhaveanyaccesstoitsdata.Political partiesshouldhavenoaccess,andnoeffect,overitscontents.ShouldsuchadatabasebecompiledI wouldtrustprofessionallawenforcementofficialsoveranMPwithanarthistorymajortobe handlingit. 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? GiventheGovernmentscurrentattitudetoextraditionrequestsfromtheUSAIwouldsayyoustand aboutasmuchchanceasasnowballinhellofsuccessfullypursuinganyorganisationabroadfor breachofduty.
97
UseofCommunicationsData: 15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? Drasticallytoolong.Ifthecrownprosecutionserviceisunabletoformulateacasewithin12months ofthecrimetakingplaceIwouldarguethattheyarewastingtaxpayertimeandmoney.Giventhatno databaseiseversecure Imasoftwaretester,trustmeonthis storinganysuchdataforanylength oftimeisonlyincreasingthesecurityriskofthisdatabeingtakenformaliciouspurposes. Safeguards: 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapply toallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? Ifthebillshouldpass,awarrantshouldbevitalforpreventingabuseandunnecessaryintrusioninto thepublicsprivatelife.Whiletheadditionaldemandonjudgeswouldbenoticeable,asmoother warrantapplicationprocess,andtheknowledgethatsuchmeasuresarealast,notafirst,resort shouldminimisethis. 18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? No.Weareinaclimateofausteritywhereanincreasingpercentageofthepublicstrugglestoafford daytodayliving,andyouwantthecreationoftwonewhighpayingcommissionerrolesforone aspectofpolicythatcouldbeeasilyhandledbythecurrentjudicialauthority?Idontthinkthats goingtobeaneasysell. Enforcement: 21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthe draftBillamounttoanoffence? Itshouldamounttoanoffence.Misuseofpublicoffice.Misuseofprivatedata.Misuseofpower. Takeyourpick. Technical: 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? No.ThisbillcompletelyneglectstoexaminetheuseofproxiesandVPNsystemswhichwouldplace allactivitybeyondthetrackingabilityofanyISP.Anyseriouscriminalactivity thetypethisbillis supposedtotarget wouldbeoperatedoverthesepubliclyavailableservicesandyousimply wouldntgetthelogyoudesire.Itseemsthisbillwouldonlyapplytothestupidortheinnocent. 23.Howsafelycancommunicationsdatabestored? Itcant.AsaleadsoftwaretesterIcanreliablyinformyouthatnosystemissecure,andnotdatabase doublyso.Giventhatyouwillwantthisdatabaseinternetaccessiblefordifferentdepartmentstouse itsamatterofwhen,notif,itgetshackedanddetailsmadepubliclyavailable. 24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? No.Whileyouclaimtorecordonlydataheadersofinternetcommunication,itsimpossibletoreceive thiswithoutalsoreceivingthecontentofthetransaction. 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Veryeasy.AquickGooglesearchwillgiveyoualostofproxyserverspubliclyavailablethatyou cannottrackactivityover. 26.Arethereconcernsabouttheconsequencesofdecryption? Yes.Ifyoudecryptanencryptedtransaction,youaddatokentothattransactionwhichindicatesthat theactionwasdecrypted.Thiswillrenderanumberoffinancialcommunicationsinvalidasitwould appearthecommunicationhasbeentamperedwith.
98
Idoubtverymuchyouveperformedafeasibilitystudyofthisaction? July2012
99
Simon Cramp
IthinkjustliketomakethefollowingpointwhichmaybefurtherquestionsandconcernedIhave Inthedraftbillitseemstomakeclearitwouldbeifenactedasthecommunicationsdataact2012.but whatIcantfindinthedraftbillisanyconsultationwiththedepartmentofculturemediaand Olympicsandsportandbusinessandinnovationandskillswhoarethesponsoringdepartmentof ofcomthetelecommicationsregulationassetupundertheofficeforcommunicationact2002and thenprovidedandcarryoutitspowersunderthecommunicationact2003andwithaviewrecently bythesecretaryofstatefordcmsinamendingitwithanewwhitepaperlaterthisyearintheformof thedraftcommunicationsbillwhyisthehomeofficeseemtobeactingaloneinthedraftbillwhenit seemstherehasbeennodiscussionbetweengovernmentdepartmentImaybewrong. TwoOfcomaskedfordataalreadyfortelevisionandotherthingonavoluntarybasisformotioning thingswhydoesnotsayinthedraftbillthatperhapscertainnumbersofpeopleeitherviaofcomor thesecurityserviceareventied Itjustseemstocomefromthewrongwaythatitjustthehomeofficethatistheonlygovernment departmenttobethesponsoringdepartment TheotherthinkIwasgoingtosayIamconcernedreifsomeaccedeintlyclickonawebsitethey shouldntandthenconsquesieshappeningsayiftheyhavealearningdisabilityoramentalhealth problemwillitbetreatedwithsymphyandsentively.AlthoughIacceptitcanworktheotheraswell
August2012
100
Patrick Cunningham
1. Thebillisnotrequired.Therearemorethanadequateoptionsinplaceforgovernment agenciestoaccesstheprivateinformation,bothphysicalandelectronic,ofpeoplesuspectedofcrimes orterroristacts.Thesearewelltriedandtested,aresubjecttoproperscrutinybythecourtsandby parliament,andhavesuitablechecksandbalancesinplacetoensurefairdealingandreasonable recourseforindividualswhofeelaggrievedorunjustlytreated. 2. Thepowersenvisagedinthebillwillnotonlyremovetheopportunityforindividualsto challengeunfairtreatmentatthehandsofthepolice,theintelligenceservicesandothergovernment agencies,itwillremoveeventheirrighttoknowthatcertainactshavebeencarriedoutanddata collectedandretained.Thisfliesinthefaceofourlonghistoryofrespectforindividualhumanrights andtherightforindividualstoknowwhatdataisbeingheldaboutthembygovernmentagencies. 3. Theargumentthattheinformationgatheredwillonlybeusedforbenignandlegitimate purposespresupposesthatthecurrentlyprevailingpolitical,publicorderandmilitaryconditionswill continue.Thisisafallaciousargument;afuturedictatorialgovernmentorpolicestatewouldusethe informationandinformationgatheringchannelswhichthebillwillestablishforitsownpurposes. 4. Eventhepresentregimesofpoliceandintelligencehavebeenshowntoindulgeincoverups, illegalactivitiesandcontraventionsofhumanrights.Miscarriagesofjusticebecauseoftheillegaland unjustactionsofmembersofthepoliceandintelligenceserviceshavebeen,andcontinuetobe, uncoveredonadepressinglyfrequentbasis.Thisbillwillmakeitmuchharderforindividualcitizens touncoversuchfailings,shortcomingsandillegalactivities,andmakeiteasierforthoseperpetrating themtodosowithoutfearofdiscovery. 5. TheWaronTerrorhasresultedintheremovalofmanypersonallibertiesalready unnecessarilyandfarinexcessofwhatisrequiredtomaintainanadequatelevelofpublicsafety. Insteadofspendingmillionsonenhancingoursecurityservicesthegovernmentshouldbemaking realandeffectiveattemptstonegotiateapropersettlementoftheunderlyingglobalissues Palestine,humanrights,culturalrespect,fairtradeandmutualsupport.TheWaronTerrorwill neverbewon,becauseitisnotawar,itisnotafightagainstanoppressor,butanunstablesituation arisingoutofdeepseatedinjustices.Theseinjusticesarecapableofbeingresolved;allwelackisthe politicalwilltoresolvethem. 6 Ourdemocracyreliesonrespectforthethreepowerstheexecutive,parliamentandthe courtstomaintainaproperbalance,avoidtheunacceptableexerciseofpowerbyoneelementand maintainthebalancebetweentherightsoftheindividualandtheneedsofthegovernment.Thisbill fundamentallyunderminesthatbalance.Therequirementforgovernmentagenciestoobtainconsent fromthejudiciaryforarangeofactivitiesisoneofthemostfundamentalexpressionsofour commitmenttothebalanceofthethreepowers,andonewhichhasstoodthetestoftimeand permittedoursystemofpolicingbyconsent.Ifthisbalanceisshiftedfurtherinthedirectionitis alreadygoing,thegovernment,theintelligenceservicesandthepoliceruntheriskoflosingthe consentofthepeople,andthiswillresultinarapidbreakdownofouruniquesociety.Thisisalready happening;insteadofrespondingtoitwithincreasingauthoritarianism,thegovernmentshouldbe strivingtoredressthebalanceandtoregainthetrustandconsentoftheBritishpeople. 7. Inotefromyourconsultationdocument http://www.parliament.uk/business/committees/committeesaz/jointselect/draft communicationsbill/news/callforevidence/thatTheHomeOfficesuggeststhebenefitsthatcould bedeliveredbytheenactmentofthedraftBillcouldbeworthbetween56bnandtheestimated cost is 1.8bnover10years.Whatarethebenefitsreferredtoandhowhavethisfigurebeen arrivedat?Itworriesmethatthesebenefitswillincludecommercialadvantagederivedfromthe governmentsproposedsurveillance,somethingwhichisnotsupposedlyanintentionofthebilland somethingwhichwouldbewhollyimmoral,unjustifiableandabhorrentifitweretobecomefact.I
101
cannotenvisagehowthecountrycouldbenefittothetuneof56bnpurelyfromtheuseofthedata collectedwithinthetermsofreferencesofardisclosed. 8. TheBillenvisagestheestablishmentofanotherwholelayerofpubliclyfundedposts;an InterceptionofCommunicationsCommissionerandanInformationCommissioner,alongwiththeir offices,staffandestablishments.Thesepostsareunnecessary;wealreadyhaveawellestablished courtssysteminplacewhichundertakesmanyofthedutiesthesepostswouldfulfil,anddoesso effectivelyandcosteffectivelyinabalancedwaywhichholdstherightsandresponsibilitiesofboth citizensandofficialsinequalregard.Theofficialsappointedtothesenewpostswouldbepolitical appointeesandwouldnotbedirectlyanswerabletotheelectorateorthegeneralpublic.Theywould besubjecttopoliticalpressureandwouldnotthereforeadequatelyfulfiltheroleofguardiansofthe rightsofthepublic.Theywouldalsorepresentanunnecessaryexpense. 9. Iobjecttothetoneofyourconsultationpaper linkedtoabove .Itappearstoacceptthatthe billwillbeenactedinsomeformandasksquestionsdesignedtofinetunethebill.Itdoesnot addressthefundamentalissueofwhethersuchabillisneeded.Idonotacceptthatthebillisneeded. Itshouldbeabandonedforthwith,andthegovernmentshouldinsteaddraftabilloutliningthe safeguardsneededtoavoidunauthorisedaccesstoelectronicdata,inordertobringlegislationinto linewiththeelectronicage,withthesamecriteriaasastartingpointthatarealreadyincorporated intoourlegislationprotectingtraditionalmethodsofcommunicationpostalservicesandtelephony, forexample.Thisshouldcoverunauthorisedaccessbyindividualsandbygovernmentagencies.The newbillshouldalsoclarifythelimitswhichthecourtsshouldimposeonthevarioussurveillanceand lawenforcementagencies,andenshrinetherequirementforacourtordertobeinplacebeforeany surveillanceiscarriedout,withrobustrequirementsforevidencetojustifytheorder.Further,the conceptoftherebeingsomesystemofbargainingoverlegislationoutlinedinyouritem7.is abhorrent.Itwillneverbeacceptabletotradeoneareaofpersonallibertyforanother.Personal libertyisastartingpoint,andanyerosionmustbebackedupbyoverarchingargumentsofnecessity ineverycase.Itcanneverbevalidtoexchangeoneareaofcivillibertyforanother;ifitmightbe acceptableunderthesecircumstancestoscrapaninfringementoflibertywhichalreadyexists,then thatinfringementshouldbescrappedanywaybecauseitisclearlynotnecessaryatthemost fundamentallevelrequiredtojustifyitinthefirstplace. Inconclusion,thisgovernmentscrappedtheillconceivedandantilibertarianproposalofthe previousgovernmenttobuildanationaldatabaseandimposeidentitycards,andforthatIam grateful.Itisverystrangethatthesamegovernmentisnowintentonimposingundemocraticand unaccountablepowerstointerferewithourpersonalcommunications.Pleasethinkagain.Ofcourse therearemanyoccasionswhenitwillbejustifiedforourenforcementagenciestoaccessthepersonal communicationsofindividualsinvolvedinterrorismorcrime,buttherighttodosoisonewhich shouldbeexercisedwithrestraintandpropercare,andonlyinexceptionalcircumstances.Thisbillif enactedwouldopenthefloodgatesandresultininnumerableofficialsdemandingtherighttoknow whatwearesayingtowhomandwhen,onthemostuntenablegrounds.Itgoesagainstour fundamentalhumanrightsascitizensoftheUnitedKingdom,andshouldbedropped. September2012
102
Chris Davey
HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? No,thereseemstobeseveralhighlevelobjectivesalongthelinesof Nationalsecurity,crime preventionanddetection butnoneseemtohavedetailedanalysisintohowthisbillwillspecifically addresstheseobjectives. HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraftBill? Thebilladdsapresumptiontoguiltontoeverypersoninthiscountry.Nomemberofparliament wouldagreetohavealloftheirphysicalmailoralloftheirfacetofaceconversationsmonitoredand recordedasitwouldbeagainsttheircivilliberties.Thesameshouldbetrueofeveryformof communication.Ifthereissuspicionofwrongdoingthenletthecourtsdecideifmonitoringisan adequateresponseinsteadofmonitoringthemajorityofpeoplewhoaredoingnothingwrong. Italsopresumesthatthepeoplewhoarecommunicatingaboutthingsofinterestedbetheycriminal orofnationalimportancewontbeencryptingthecontentoradjustingthedetailsofwhatisbeing senttowho.Itsthesamementalityasinternetprovidersblockingdirectaccesstopiracysites,this onlystopspeoplewhowouldntbeusingthemaccessingthem.Anyonewhowantstousethemknows howtoaccessthemviaothermeans.Inthesamewaythisisonlygoingtocaptureinformationon peoplewhodontwanttobetalkingviasecuremeans. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? Thebillisclearlyhighlyintrusive.Thevastmajorityofpeopledonothingwrongandyetyouwantto capturedataonallofthem.Howcanthisbeposedasareasonableresponsetocrimeornational security. Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtainingcommunications datathattheGovernmentcouldconsider? Yes,letthecourtsdecideonacasebycasebasiswhatcanbecaptureddependingontheriskinvolved inthecase. TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBillcould beworthbetween56bn.Isthisfigurerealistic? Whereistheevidencethatsupportsthis?Thepolicecanrequestaccesstothisinformationatpresent sohowisstoringitforlongerperiodsoftimegoingtoprovideanyformofpositivefinancialbenefit? Safeguards: Giventhegovernmentsformonkeepingdatasecureitisunlikelyanyamountofsafeguardscanmake thebillworthwhile.Therehavealsobeenanumberofhighprofilefailuresofcommunication providerstoproperlysecureinformationmuchofwhichhaslargelybeenleakeddirectlyontothe internetbyhackinggroups.HasanyanalysisbeenputintothecosttotheUKeconomyofall communicationrecordsbeingpotentiallypubliclyavailable? August2012
103
The Direct Marketing Association

Introduction TheDirectMarketingAssociation UK Limited DMA isEurope'slargesttradeassociationinthe marketingandcommunicationssector,withapproximately900corporatemembersandpositioned inthetop5%ofUKtradeassociationsbyincome.ThetotalvalueofdirectmarketingtotheUK economywasestimatedtobe9.1billionin2011.Thiscomprisesthreeseparatefigures;4.3billion onexpenditureondirectmarketingmediaandactivities,1.1billionongoodsandservicesbrought inbycompaniestoenabletheundertakingofdirectmarketingactivityand3.7billiononthe spendingofpeopleemployedintheindustryasconsumers PuttingaPriceonDirectMarketingThe DMAJuly2012 .TheDMArepresentsbothadvertisers,whomarkettheirproductsusingdirect marketingtechniques,andspecialistsuppliersofdirectmarketingservicestothoseadvertisersfor example,advertisingagencies,outsourcedcontactcentresetc.TheDMAalsoadministerstheMailing PreferenceService,theTelephonePreferenceServiceandtheFaxPreferenceService.Onbehalfofits membership,theDMApromotesbestpractice,throughitsDirectMarketingCodeofPractice,inorder tomaintainandenhanceconsumers'trustandconfidenceinthedirectmarketingindustry.The DirectMarketingCommissionisanindependentbodythatmonitorsindustrycompliance.Pleasevisit ourwebsitewww.dma.org.ukforfurtherinformationaboutus. TheDMAwelcomestheopportunitytorespondtothisinquirybytheJointCommitteeonthedraft CommunicationsDataBill. 1.GeneralComments. TheDMAwelcomestheGovernmentsplantorevisetheframeworkundertheRegulationof InvestigatoryPowersAct2000.Howeverwehaveamajorconcernovertheapplicationofthedraft CommunicationsDataBilltopostalservices. 2.PostalServices. WeareparticularlyconcernedoverClause25ofthedraftBillwhichextendstheapplicationofParts1 and2topostaloperatorsandpostalservices.Wearenotawarethatanypostaloperatorcurrently hasthetechnologytorecordtherelevantdetailssuchaswherealetterwithaparticularaddressonit waspostedorenteredthepostaloperatorssystem.Thecostofinstallingsuchasystemwouldbe immenseandwedoubtwhetherthebenefitswouldbeproportionatetothecostofinstallingsucha system. WenotethatinClause26ofthedraftBillthereisaprovisionrequiringtheGovernmenttomake arrangementstoensurethatpostaloperatorsreceiveanappropriatecontributiontowardtheircosts ofcompliancewithParts1and2.However,webelievethatthecostsofcompliancewouldbefarmore thananylikelycontribution. August2012
104
Mark Drury
1.IsubmitthatthedraftBilliswronginprinciplebecauseitseekstoturntheentireUKpopulation intocrimesuspects. 2.IfIamsuspectedofacrimethepoliceshouldinvestigateme,andobtainanorderfromajudgeif theyfeeltheneedtobreakintomyhomeorinterceptmycommunications.IfIamnotsuspectedofa crimethenthepoliceshouldleavemealonetogoaboutmybusiness. 3.Thepresumedlogicofthegovernmentsecurocratsappearstobe: Noactualcrimehasyetbeencommitted,butitmightbeinfuture,andbyanyone. Thereforeweneedtoputtheentirepopulationundersurveillance. 4.Thisisafurtherextensionofthestatecollecting,trawlingandretainingdataaboutpeople's everydayactivities'justincase'ANPRisanotherexample.ThisisinconsistentwithBritishvaluesas itviolatesboththeideaofbeing'innocentuntilprovenguilty'andthat'anEnglishman'shomeishis castle'. 5.HerMajesty'sGovernmentishappytopointthefingeratothercountrieswhichroutinelyspyon theircitizens.ButtheEastEuropeanSTASIcouldonlyhavedreamtofthesurveillancecapability moderntechnologyandthisdraftbillwouldhavegiventhem.Itiscompletelyinappropriatefora parliamentarydemocracy. 6.Inconclusion,asIamnotacrimesuspect,thestatehasnobusinessknowingwhoIamtalkingto freedomofassemblyandassociation ,whatIamreading respectformyprivateandfamilylife, homeandcorrespondence orwhatIamsaying freedomofexpression . July2012
105
Keith Edkins
1.3Thissubmissionrelatestotechnicalconsiderationsregardingcommunicationsovertheinternet. Letotherpensdwelloncostandprivacy. Sections2to4ofthissubmissionrelateto telecommunicationsoperatorsprovidingtelecommunicationsystems.Sections5and6relatetothe provisionofservices,andsection7toauthoriseddisclosureandtheRequestFilter.Finallyinsection 8Irefertothecommittee'squestions11,13,24&25andproffermyownanswers. 1.4Someofmycommentsarephrasedintermsthatimplementingalltherequirementswhichare theoreticallyprovidedforbytheBillwouldplacedisproportionateburdensonpersonsand companies.Ifitisnotenvisagedthatcertaintheoreticalrequirementswouldeverbeimplementedby order,thesecommentsmayalternativelybereadtoindicatethatthenonimplementationleavesgaps incoveragewhichindividualsororganisationscouldexploittocircumventtheintentionsoftheBill. 2.DomesticComputerSystems,andGeneralObservations 2.1Ingeneral,itappearstomethattheprovisionsintheDraftBillrelatingtocomputer communicationsaretoodeeplyrootedinanassumptionthatcomputerusageismuchlikelandline telephoneusage.Underthismodel,thecomputerusersitsathomeinfrontofacomputerconnected bycableorfibreopticstoarespectableBritishtelecommunicationsoperator,whoisentirely responsibleforhisinternetandemailcommunicationsandthereforeabletoseparatethedatafrom thecontent.Hehassignedawrittencontractwithhistelecommunicationsoperator whichIshall sometimesabbreviateasTO ,whothereforeknowswherehelives. 2.2EveninthissimplecasethereareuncertaintiesintheBill.TheExplanatoryIntroductionstates thattheBillwillnotrequirethecollectionofallinternetdatabutitisunclearwhatthismeans,and theBilldoesnotclarify.Doesitrequirethecollectionofallinternettrafficdata,viz.theaddressof everywebpagevisited,butnotthecontentsofthepages?Orwillitrequireonlyonerecordforeach domain aswww.officialdocuments.gov.uk visitedwithinsometimeperiod,perhapswithacount ofhowmanypageswereaccessed?Iassumethiswillbeclarifiedinthesection1orders,butitis regrettablethatitisnotpossibletocommentonitatthisstage.Iwill,fornow,pointoutthatmany webpagescontainadvertisements,foritistheadvertisingrevenuewhichfundsfreewebcontent.A samplepageonTheIndependentnewspaper'swebsite,forexample,invokedimagesandother contentfromnolessthan15domains,andatelecommunicationsoperatorisunlikelytobeableto distinguishthisadditionaltrafficfromthatwhichtheuserconsciouslyinitiated.Itwouldseemthat, whateverthelevelofcommunicationsdataintendedtobeheld,theamountofitthatwouldbe generatedisconsiderablymorethanmightatfirstsightbeexpected,andover90%ofitmaybe irrelevanttotheuser'sintendedactivity. 2.3ItislikelythattheuserwillbeconnectedtotheinternetthroughadomesticRouterorHubdevice whichalsoprovidesconnectivityforothermembersofhishousehold,includingwirelessconnectivity tootherrooms.Isahouseholderwhooperatessuchadeviceregardedasatelecommunications operatorwithregardtoothermembersofthehousehold?itwouldseemthathesatisfiesthe definitionofcontrollingorprovidingatelecommunicationsystem.Isagentlemantoberequiredto storecommunicationsdatainrelationtocomputerusagebyhischildren,hiswife,orhisservants?It isprobablynottheintentionthatasection1orderwouldbemadeoranoticeissuedinaninstance suchasthis;butsupposethehouseholdisacollege,oranentireapartmentblock,connectedtothe internetbyfairlysophisticatedroutingequipmentwoulditberequiredthattheoperatorsofthis equipmentrecordcommunicationsdata,overandabovethoserecordskeptbytheexternal telecommunicationsoperator,inordertodeterminewhichcommunicationsdatarelatestowhich individualcomputeruser? 2.4Ifacompany suchasBTRetail providesafullinternetserviceforsomecustomersandphysical connectiontothirdpartyinternetsuppliersforothercustomers,canordersmadeundertheBillbeso phrasedastoplacedifferentresponsibilitiesonitwithregardtothetwoclassesofcustomer?Andif, forexample,BTRetailisinturnbuyingsystemorservicecapacityfromBTWholesale,aretheyboth TOs,andifsocanordersbesophrasedastoavoidcompellingdoublecollectionofcommunications data?
106
2.5Willallnoticesmadeundersection1 2 b bepublished;ifnotwilltheexistenceandcontentsof noticesbeobtainablefromtheSecretaryofStateunderFreedomofInformationlegislation?Canan orderimposerequirementsorrestrictionsdirectly,withoutrecoursetoanotice,asthewordingof sections1 2 b and4 1 a ii appearstoallowbutforwhich8 1 b doesnotimposeadutyof compliance?Cananoticeeverbecancelled? 2.6HowistheSecretaryofStatetoidentifypersonswhoaretelecommunicationsoperatorswho needtobemadethesubjectofanorderandanotice?Thereisnorequirementonpersonswhothink theymightberegardedasTOstoproactivelydeclarethemselves. 2.7Insection28personincludesanyassociationorcombinationofpersons,whileinsection7 1 anoticeoftheSecretaryofStatemustspecifythepersontowhomitisgiven.Howshallthe SecretaryofStatespecifyanassociationorcombinationofpersonswhichisnotanorganisationwith arecognisedcorporatename?Ifthisistobedonebynamingseverallyalltheindividualsassociated orcombined,wouldthenoticebevoidforinaccuracy,orlapseuponanychangeintheassociationor combination?Further,whatconstitutespublicationin7 1 c ?itisneitherdefinedherenorinthe InterpretationAct1978.ArewetosupposethattheLondonGazetteisnormalreadingmatterfor telecommunicationsoperators?Writingisdefined intheInterpretationAct asincludinga mechanicallyproducedvisibleformsofwords.Doesthismeanitisimpossibletoserveanoticeby electroniccommunication,oronablindtelecommunicationsoperator? OthersectionsoftheBill havetheoptionofinaformwhichproducesarecordofithavingbeengiven. 2.8Willtelecommunicationsoperatorsbepermittedtonotifytheircustomersastowhat,ifany, communicationsdatatheyareholding? 3.PublicWiFiConnections 3.1Thesimpledomesticmodeldescribedin2.1aboveisnottheonlywayinwhichourcomputeruser canconnecttotheinternet.HecantakehislaptopcomputertoalocationofferingWiFiconnectivity. SuchWiFihotspotsmaybefound,interalia,incafs,ontrainsandlongdistancecoaches,andin hotels,andatpresentmayormaynotinvolvepaymentorregistration.Connectiontotheinternet maybethroughtwoconnectedsystems,onebeingprovidedbythelocationandonerunbya telecommunicationsoperatorcontractedbythelocation. 3.2IstheoperatorofaWiFihotspot caf,trainoperatingcompany,etc. toberegardedasa telecommunicationsoperator?Willheberequiredtoobtainpersonalidentificationbeforeallowing computeruserstoconnecttotheinternetviahissystem whichhemaynotneedtodoforbusiness reasons ,andtoretainthisinformation;oratleasttorecordsomeuniqueidentifierofthecomputer, suchasitsMediaAccessControl MAC address?Alternatively,ifthehotspotisconnectedtothe internetthroughaseparatetelecommunicationsoperator,willthatTOberequiredtoobtainand retainuserorcomputerinformationadditionaltothatrequiredwhenprovidingservicetoadomestic user,forthepurposeofidentifyingtheindividualwhousedthesystems? 4.PublicComputers 4.1Apersonmaymakeuseofacomputerwhichisnothisown,butisprovidedasapublicor commercialservice.Publiclibrariesareatypicallocationwheresuchcomputersmaybefound,asare InternetCafs. 4.2Istheoperatorofaccesscomputers libraryauthority,InternetCaf,etc. toberegardedasa telecommunicationsoperator?Willthatoperatorbeexpectedtoobtainpersonalidentification,as askedin3.2above?Wouldschoolsallowingpupilstousecomputersberequiredtokeepdataonthis use?Wouldasimilarrequirementextendtoemployersprovidingcomputersfortheuseoftheir employeeswouldthisdependonwhetherornottheemployerpermitsadegreeofprivateuseof thecomputers? 5.Webmailservices,andInternationalconsiderations
107
5.1Movingonfromthesystemstotheservicesaspectoftelecommunicationsprovision,thecomputer usermaychoosenottousetheemailserviceofthecompanyprovidinghisinternetconnection,but insteadtouseawebbasedemailservicesuchasthepopularoneprovidedbyGoogleMail,currently brandedasGmail. 5.2 Digression SinceGoogleisbasedinMountainView,California,USA,thisisaconvenientmoment forsomeremarksoninternationalaspectsoftheDraftBill.Section33 4 statesthatthisActextends toEnglandandWales,ScotlandandNorthernIreland thatis,theentireUnitedKingdom .Thisis standardphraseologyforanActofParliament,andisoverriddenintheDraftBillonlybythe definitioninsection28ofatelecommunicationsystemexistingintheUnitedKingdomor elsewhere;butfailstoaddressthefactthatwearedealingwithaWorldWideWeb.Forexample, againinthedefinitionsection28,communicationincludessignalsservingeitherforthe impartationofanythingbetweenpersons,betweenapersonandathingorbetweenthings.Arewe thentoreadthisasmeaningimpartationbetweentwopersonsorthingsbothofwhomareinthe UnitedKingdom?Itseemsveryunlikelythatthisisactuallytheintention.Isit,then,supposedto meanimpartationbetweentwopersonsorthingsatleastoneofwhomisintheUnitedKingdom? Possibly,althoughthiswouldseemtobethemoststrainedreadingpossibleofsection28,anda difficultobjectiveforaTOtoachieve.ItwouldseemthatonceaTOismadesubjecttoanoticeofthe SecretaryofState,theycanonlypracticallyobeyitbyretainingallcommunicationsdatawhichcomes theirway,throughanypartoftheirtelecommunicationsystem.Ifthelawfulnessofthis,possibly excessive,retentionisquestionedinotherjurisdictions,theymustarguethatthisisconductin pursuanceoftherequirementofwhichtheyhavebeennotified,undersection8 3 b .Further, sections5&6definerequirementswithregardtothesafeguardingandthetimelydestructionof communicationsdataheldinaccordancewiththeBill;howeveritwouldappearthattheseclauses wouldnotbecontravenedbydatadisclosureoroverlongretentionoccurringoutsidetheUnited Kingdom,particularlyifthedatawasinitiallycollectedoutsidetheUK. 5.3Asfurtherdigressions,withregardstosection5 andperhaps6 ,shouldnottheBillprovidethat theSecretaryofStatemaybyOrderpermitthatcommunicationsdataheldtosatisfyUKlegislation mayalsoberetainedandusedtosatisfyspecifiedparallel,suitablysafeguarded,legislationofother nations toavoidthenecessityofTOshavingtoretainaseparatecopyoftheircommunicationsdata foreachnationtheyoperatein ?Further,withregardstosection8 1 a asitbearsonsection5,is anapplicationforinjunctivereliefreallyaneffectivemeansofenforcingaprovision viz.prohibition ofdisclosure wherethebreachoftheprovisionwillonlybecomeapparenttotheSecretaryofState afterthebreach,andanyensuingdamage,hasalreadyoccurred?Withregardtothedefinitionin section28ofatelecommunicationsystemexistingwhollyorpartlyintheUnitedKingdomor elsewhere,thisappearstoincludethecasewhollyelsewhereisthatreallytheintentionorshould theorelsewhereberemoved? 5.4Returningtowebmail,isanoverseascompany,suchasGoogleinrespectofGmail,toberegarded asatelecommunicationsoperatoronwhomanoticecanbeservedundersection1 2 b ?Inthelight ofsection33 4 Iwouldarguenot,evenbytheBill'sownphrasing,letalonethepracticallimitsofthe powersofourParliament.Icontendthatinsection28telecommunicationsoperatormeansa personintheUnitedKingdom regardlessofwheretheirsystemexists ,andthatpersonincludes anorganisationintheUnitedKingdom;andthatinsection7 1 c thenoticeoftheSecretaryofState mustbegivenintheUnitedKingdom.Furtherthatevenifanoticewereconsideredserved,under section8 2 thedutyisonlyenforceablebycivilproceedingsintheUnitedKingdom,wherethe Courtswouldhavetroubleestablishingjurisdictionoveracompanybasedoverseas.Insection 9 3 d anauthorisedofficercouldonlyissueanoticeintheUnitedKingdomtorequirea telecommunicationsoperatortodisclosedata.Sections5and6onlimitsofaccessanddata destructionwouldnotapplyatalltoaTOoutsidetheUnitedKingdom.Numerousotherlimitations couldbeevinced;forthemomentIwillconcludebyassertingthatundersection26 6 cost contributionpaymentswouldbeeligibletobemadeoutofmoneyprovidedbyParliamentonlywhen paidtoTOsintheUnitedKingdom. 5.5InthecaseofaUKbasedwebmailoperatoronwhomanoticecouldbeserved,issection 1 2 a i expectedtobeusedtorequiresuchoperatortoobtainacoresetofSubscriberdata
108
whichhemaynotrequireforhisbusinesspurposes,suchasrealname,addressandperhapsdateof birthoftheuser?Atpresent,asanexample,thesignupforGmailrequestsonlynameanddateof birth,anditseemsnoattemptismadetoverifyeventhese.Itisthereforeextremelyeasytoobtain multipleemailaccounts,oraccountsinbogusnames,fromsuchcompanies,asExplanatoryNote73 pointsout andregistrationsformanyotherservicesareonlycheckedbyrequiringaresponseto anemail,whichisreallynocheckatall .Wouldtheoperatorberequiredtotakestepstovalidatethe subscriberdata,e.g.bydemandingacknowledgmentofapostalcommunicationsenttothepurported address which,quiteasidefromitsludicrouslowtechnatureanddelaywouldn'tactuallyprovethe name ?Iftheoperatorisrequiredtoobtainsuchdata,wouldhethenberequiredtoattempttokeep theaddressuptodate,giventhatmanycomputeruserswillchangeaddressquiteoften?Wouldhebe requiredtoobtainthisdataretrospectivelyfromuserswhosignedupbeforethepassageoftheBill intoanAct?ItseemslikelythatimposingamoreoneroussignupprocedureonTOssubjecttonotice thanthatusedbyotheroperatorswoulddriveuserstochooseoneoftheotheroperatorsformere convenience,eveniftheyhavenoactivereasontoconcealtheiridentities. 5.6Doesthedefinitionoftelecommunicationsoperatorsextendtopersonsforwhomprovisionofa telecommunicationsserviceisincidentaltotheirprincipalactivity?WhatIhaveinmindis collaborativeprojectswhichprovideameansforcollaboratorstocontactoneanotherwithout publiclydivulgingemailaddresses andtherebyexposingthemtotheactivityofspammers .I myselfsometimesreceiveemailthroughthreesuchprojects:GeographBritainandIreland,Project GutenbergDistributedProofreaders,andOpenStreetMapping,towhichIcontribute.Itisofno importancetothecollaboratorswhetherthesearebasedoverseas PGDPisbasedinNewJersey or intheUK astheothertwoare .Registrationfortheseprojectstypicallyonlyrequiresonetogivea name whichisn'tvalidated andanemailaddress whichaswehavesaidbeforecaneasilybe obtainedwithoutvalidation .Asfarastheemailstageofthecommunicationgoes,theprojectsare indeedactingastelecommunicationsoperators,butintheemailheaderthesenderappearstobethe project,nottheoriginatinguser,whose purported nameappearsonlyascontentoftheemail.To obtainsubscriberdata forwhatitisworth itwouldbenecessarytocaptureinformationatan earlierstageintheprocess,atthepointwhereawebconversationisusedtogenerateanemail. 6.SocialMedia 6.1Thespaceofthissubmissionisnotgoingtopermitmetoaddresscomprehensivelythequestion ofmessagessentthroughmodernsocialmediasystems,whichdonotutiliseemailatall.Iwillmerely makesomeobservationswithregardstotrafficdataandTwitter,thesystemwithwhichIammost familiar ignoringforthemomentthecomplicationthatTwitterisbasedinSanFrancisco . 6.2Twittermessages tweets canreachrecipientsinatleast3ways.Theclassicmethodisthata tweetisnotexplicitlyaddressed,butisroutedtothoseotheruserswhoarefollowingthetweeter. Thelistoffollowerscanbeextremelylongforapopularaccount:theofficialaccountforsingerAdele hasover8millionfollowers thisnumberappearstobeincreasingbysome1520perminuteand willthereforebeapproaching9millionbytheclosuredateforsubmissionstoyourCommittee.I believethisisthegreatestnumberoffollowersforanyBritishperson,andthatmanyofthefollow linksareautomaticallygeneratedratherthandeliberatelylodgedbythefollowers. Canthedefinition ofTrafficDatalogicallyassociatedwithacommunicationbestretchedtocoverthisfollowerlist? Well,perhaps,althoughIwouldsayitislogicallyassociatedwiththeaccountratherthanthe message.Inanycasethereisthequestionofthepracticalityofstoringthesheervolume;becauseas eachperson'slistoffollowersmaychangebetweensuccessivetweets,thecurrentlistoffollowers willhavetobestoredseparatelyforeachtweet.Itseemsquitepossibleforthecommunicationsdata associatedwithatweettobeamilliontimeslargerthanthetweetcontents!Andinanycase,Twitter donotholdvalidatedsubscriberdata,onlyapurportednameorpseudonym,andanemailaddress whichmayhavebeencreatedforabogusname,foreachTwitteraccount. 6.3Thesecondmethodisforatweettobeexplicitlyaddressedtoanotheruserbyincludingtheir usertaginthemessage,as@keithedkins inwhichcasethetweetwillalsobeseenbyyour followers;althoughifyoureplytoanincomingtweetthereplyisonlyseenbythoseofyourfollowers whoalsofollowthesender.Areyoustillwithme? .ThistagnodoubtqualifiesasTrafficdata,being
109
informationidentifyingtherecipientcomprisedinthecommunication,andTwittermusthaveto extractitforoperationalpurposes,sopresumablywouldbeabletoretainit.Suchextractionwould howeverconflictwiththestatementintheExplanatoryIntroduction andvariantstothesameeffect intheexplanationsbutnotsoclearcutintheBill thatcommunicationsdataisverydifferentfrom communicationscontent,forsuchatagisbothdataandcontent.Apopularformoftweetisa recommendationofaccountsworthfollowing,whichconsistsalmostentirelyof@tags,andtherefore thetrafficdatarequiredtobestoredwouldcomprisealmosttheentirecontentofthemessage. 6.4Thirdly,tweetscanberetrievedbyuserstowhomtheyarenotdirectlyaddressed,andwhoare notfollowingthesender,bysearchingonthecontents.Thesendermayfacilitatethisbyincludinga hashtag,thus#TellDaveEverythingalthoughwiththecurrentTwittersoftwareanywordor wordsinthetweetmaybesearchedfor.Theuseofhashtagsenablesspontaneouslyformedinterest groupstocommunicateinamannerwhichescapestheclutchesoftheDraftBill,asthereceiptof messagesisentirelybasedoncontentwhichcouldnotplausiblyberegardedastrafficdata. 6.5Otherwaysofcommunicatingwithoutemailaretoonumerousformeeventolistfully,letalone considerindetail.AmongstthemareothersocialmediasitessuchasFacebookandLinkedIn, discussionforums,"haveyoursay"boxesonnewssites,weblogsorblogswhichallowresponsesto beposted,directcommunicationswithwebsitessuchasebankingandecommerce,and collaborativelyeditedsitessuchasWikipedia.Afrequentfeatureinsuchsystemsisthatthe distinctionbetweencommunicationsdataandcommunicationscontentisobscure,orthat communicationsareavailabletobereadbypersonsnotconnectedtothemessageby communicationsdatainanyway. 7.Disclosure&theRequestFilter 7.1Iwillnowmakesomeobservationsonsections1416regardingRequestFiltering,withsome commentsonauthoriseddisclosureingeneral.Asaleadin,section9 1 b ii ,relatingtothe obtainingofcommunicationsdataforthepurposesoftestingordevelopingsystems,whileclearly verynecessary,appearstobesomethingofanafterthoughtthispurposeisnotfollowedthroughin section9 6 .Isjudicialapprovalundersection11requiredforalocalauthoritytoobtaindatawith whichtodeveloportestitssystems?Does9 5 b ,whichforbidsthedisclosureofPart2datatoany personotherthananauthorisedofficer,permitittobedisclosedtothesystemprogrammersfor testingpurposes,giventhatthesemaybeemployedbyexternalcontractorsandevenbased overseas?Aparallelprovision16 5 a regardingtestingofsystemsusedforfilteringwouldappear torequiretheSecretaryofStatetoobtainoperationalcommunicationsdataforthepurposeof testing.Thispurposeisfollowedthroughin16 2 b and16 3 ,althoughsomewhatcumbersomely requiringeveryindividualwhomayread,obtainorprocessthedatatobeauthorisedbythe SecretaryofState;buttheredoesnotappeartobeanydefinedprocedurefortheSecretaryofStateto obtainthisdata,onherownbehalf,bysomeformofnoticewhichfallsshortofbeinganauthorisation. 7.2TheExplanatoryNotes 84 appeartoenvisagetheoperationoftheRequestFilter,potentially correlatingseveralstreamsofrawdatatoproducethelimiteddatarequestedbythedesignated seniorofficerapublicauthority,asapurelyautomatedprocess.Thisstrikesmeaswhollyunrealistic. IwouldhaveexpectedeachinvestigationforwhichrecourseisneededtotheRequestFiltertobe uniqueincharacterandneedtobeundertakeninaninteractivemannerinwhichsentienthuman beingsattemptdataextractions,viewtheresults,andrefinetheirattemptsaccordingly frankly,I doubtwhetheritcanbemadetoworkatall,butIwillleaveotherstodiscussthis .Iwouldexpect thesehumanoperatorstoneedamixtureofdetectiveskills suchasonemighthopetofindinthe verypolice&securityforceswhichtheRequestFilterisservingtokeepatarm'slengthfromthe data anddatabasemanipulationskills whichwouldmostlikelybefoundinexternalcontractors ; andindeedsection16 1 a providesfortheSecretaryofStatetoauthoriseindividualstocarryout theseactivities.Iwonderquitewhotheseparagonsofvirtueare,whocanbetrustedtohandledata whichthepoliceandsecurityservicescannot.Ialsofeelitislikelythatwhenthedataisdeliveredup tothedesignatedseniorofficerconcerneditwillprovetobenotquitewhathewanted,especiallyif heisonlyabletomakehisrequirementsknownthroughtheoriginalauthorisationinwriting or othermeansleavingarecord ;andifhehasthentoissueanamendedauthorisationtotelltheFilter
110
whathereally,really,wants,theinterestsofjusticewillnotbewellservedifthebasicdatahas alreadybeendestroyedinsuchawaythatitcanneverberetrieved. 7.3Withregardtodisclosure,thistermdoesnotseemtobedefinedintheBill.Isuggestitshouldbe madeclearthatmerelypassingcomputermediafrompersontopersoncontainingfilesof communicationsdata,incircumstancesinwhichitcannotbereasonablyanticipatedthattheywillbe readorprocessedbyunauthorisedpersons,doesnotconstitutedisclosure.Suchpassingwould includeplacingbackuptapesinsecuredepositories,andtheconveyanceofauthorisationdataon dismountablemedia DVDs,say byRoyalMailorothercarriers.Thereprobablyalsoneedstobe provision,connectedtosection13 1 ,toprovidethatauthorisationdatamustbedisclosedina convenientform,toavoidthepossibilityofarecalcitrantTOdisclosingthedataintheformofa truckloadofpaperprintoutoronamillionfloppydisks andthenaddinginsulttoinjuryby reclaimingthecost . 7.4Explanatorynote9statesthatCommunicationsdatacanbeusedasevidenceincourt.Willthe SecretaryofStateretainexpertwitnessestoexplainhowtheRequestFilterworksingeneralandhow itwasappliedinaspecificcase,andwhatlevelofcredencecanbeplacedinitsoutput?Willitnot causeadversecommentincourtiftheCounselfortheProsecutionstatesthattheevidenceheis presentinghasbeenprocessedandfiltered,andthatmoreovertheoriginalevidencehasbeen destroyedinsuchawaythatitcanneverberetrieved?HowfarbackintotheRequestFilterprocess willtherequirementofdisclosureundertheCriminalProcedureandInvestigationsAct1996extend, ifatall? 8.Conclusion 8.1FinallyIwillprofferanswerstofouroftheCommittee'sQuestions.MyresponsetoQuestion11. Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill? No.Theyaretoobroadlyphrasedtobeimplemented,therequirementoninternetdataisnoteven clear.Conversely,whatcanactuallybeimplementedwillbesignificantlyincomplete. 8.2MyresponsetoQuestion13.Howrobustaretheplanstoplacerequirementsoncommunications serviceprovidersbasedoverseas? Aboutasrobustasachocolateteapot. 8.3MyresponsetoQuestion24.Aretheproposalsforthefilteringarrangementsclear,appropriate andtechnicallyfeasible? No;unanswerablebecauseoftheothersectionsofthisresponse;probablynot. 8.4MyresponsetoQuestion25.Howeasywillitbeforindividualsororganisationstocircumvent themeasuresinthedraftBill? Aseasyasobtaininganuntraceablewebmailaccount.About2minuteswork. July2012
111
Bruce Elliot
ThedraftbilltroublesmedeeplyandIdonotbelievethatitshouldbepassedinitscurrentform. Thenatureoftheintrusionconcernedwithcollectingandanalysingcommunicationsdata Istartfromtheobservationthatthecollectionofcommunicationsdatawhichthebillseeksto facilitateisextremelyintrusive.Acomprehensivesetofsuchdatarelatingtoapersonorpersons wouldenabletheownerofthedatatodrawfirmconclusionsabout: Thesexualpreferencesofthepeoplemonitoredandtheiractualpractices Thereligiousandpoliticalbeliefsofthepeoplemonitoredandtheirmembershipofpolitical organisations Thesocialcontactsofthepeoplemonitored,includinganyextramaritalaffairs Anyactualorsuspectedhealthconditionsforthepeoplemonitored Itseemsquiteclearthatthecollectionofsuchdataisasignificantinvasionofprivacy,ofsimilar magnitudetothesearchingofaprivateresidence.Ifanyoneisindoubtaboutsuchastatement,they mightliketoconsiderthe hopefully hypotheticalpossibilitythatsuchdatamightfallintothehands ofthelessscrupulouspartsofthemedia. Thesafeguardsagainstmisuse Iacceptthatthereareoccasions,inattemptingtopreventanddetectgreatcrimes,wheresuchan invasionmaybejustified.Itseemstomethatthesafeguardsagainstabuseshouldbeofsimilar strengthtothoseagainstabuseofthepowertosearchprivateresidences.Itthereforeseemstome thisdatashouldonlybecollectedunderthatauthorityofawarrantissuedbyajudge.Italsoseemsto methatadditionalsafeguardsshouldincludethefollowingasaminimum: Thereshouldbearequirement,exceptinverylimitedcaseswherepublicsafetymightbe compromised,thatsubjectsofdatacollectionshouldbeinformedthatthedatahasbeencollectedon themwithinaperiodoftimefromthecollection.Afterall,onecannothaveoneshomesearched withoutknowingaboutit. Thereshouldbearequirementforcommunicationsdatacollectedtobedeletedwithinalimited periodunlessitisbeingusedinanactiveinvestigationandproceduralsafeguardsthatthatexception isnotusedasaloophole Thereshouldbearequirementongovernmentagenciescollectingcommunicationsdatatopublish statisticsonhowmanypeoplearethesubjectofsuchcollection,bothasamatterofprincipleandto reassurethepublicthatthepowersarenotbeingmisused. IamnotanexpertontheECHRbutitseemstomethatthespiritoftheconventionwouldrequire safeguardsofthissortofstrength,iftheUKistoclaimcompliance. TheneedtoavoidinadvertentlycriminalisingthosewhousecommunicationsprovidersoutsidetheUK Asaseparatepoint,itseemstomethatthosedraftingthebillshouldtakegreatcarenottodosoina waywhichcriminalisesthosewhousecommunicationsprovidersoutsidetheUKbyplacing obligationsuponthempersonallytoretaincommunicationsdata,whichinpractice,thegreat majorityofindividualswillbeunabletocomplywith. August2012
112
Equality & Human Rights Commission

Scopeofthissubmission 1. ThissubmissionsetsouttheEqualityandHumanRightsCommissions theCommissions analysisofthedraftCommunicationsDataBill;specifically,howproposalsalignwithequality andhumanrightslaw. ThisrelatestotheCommissionsstatutorydutytomonitorandadviseonequalityandhuman rightsenactmentsandadviseonthelikelyeffectofaproposedchangeoflaw 141. Inparticular,proposalsforthisdraftbillhavebeenassessedinrelationtoArticle8ofthe HumanRightsAct:
2. 3.
Article8:Righttorespectforprivateandfamilylife 1 2 Everyonehastherightforhisprivateandfamilylife,hishomeandhiscorrespondence. Thereshallbenointerferencebyapublicauthoritywiththeexerciseofthisrightexceptsuch asisinaccordancewiththelawandisnecessaryinademocraticsocietyintheinterestsof nationalsecurity,publicsafetyortheeconomicwellbeingofthecountry,forthepreventionof disorderorcrime,fortheprotectionofhealthormorals,orfortheprotectionoftherightsand freedomsofothers. Inconsideringhowthelegislativeframeworkforcommunicationsdatashouldbereformed, theCommissionhasdrawnonitsresearchstudypublishedin2011,'Protectinginformation privacy' 142.Asummaryofthisissetoutbelow.
4.
Introduction 5. Oneofthemostimportantdutiesofastateistoprotectthesecurityofitscitizens,especiallyby enablingcriminaljusticeagenciestopreventanddetectcrime.Inextremecases,thismay engageArticle2oftheHumanRightsAct:therighttolife 143.TheCommissionrecognisesthat dischargingthisobligationwhilestillprotectingfundamentalcivilliberties,suchastherightto privacy,presentssignificantdifficultiesinmoderntimes. 6. Technologicalchanges,particularlyoverthelastdecade,havecreatednewproblemsin gatheringintelligencetopreventanddetectcrime.Peoplearecommunicatinginanincreasing
141EqualityAct2006,section11. 142'Protectinginformationprivacy',Raab,C.AndGoold,B.,EqualityandHumanRightsCommission
2011http://www.equalityhumanrights.com/uploaded_files/research/rr69.pdf
143Article2:RighttoLife,HumanRightsAct1998
1 Everyone'srighttolifeshallbeprotectedbylaw.Nooneshallbedeprivedofhislifeintentionally saveintheexecutionofasentenceofacourtfollowinghisconvictionofacrimeforwhichthe penaltyisprovidedbylaw. 2 DeprivationoflifeshallnotberegardedasinflictedincontraventionofthisArticlewhenitresults fromtheuseofforcewhichisnomorethanabsolutelynecessary a indefenceofanyperson fromunlawfulviolence; b inordertoeffectalawfularrestortopreventtheescapeofapersonlawfullydetained; c inactionlawfullytakenforthepurposeofquellingariotorinsurrection.
113
varietyofnewwaysandingreaternumbers.Datageneratedthroughelectronic communicationsisalreadyvastandwillcontinuetogrow. 7. Developmentsinelectroniccommunicationshavealsoalteredpublicperceptionsofwhatisor isnotintheprivatedomain.Theconceptofinformationprivacyisstrugglingtoevolveinline withthepaceoftechnologicaladvances.Thisdraftbillprovidesanopportunitytoaddressthis andtoreconsiderandreachconsensusonwhatinformationprivacymeans. Mostwillagreethecurrentlegislation,particularlyRegulationofInvestigatoryPowersAct 2000 RIPA ,hasbecomeoutdated,soreformisrequiredtomodernisethelaw,butthereare othergoodreasonstochangethelawtoo. Devisingaworkableregimethatcanplugtheintelligencecapabilitygapwithoutcreatinga statesurveillanceregimeamountingtoasnooperscharter bydefault isthedifficulttaskthat thegovernmentandlegislatorsface. Thehumanrightslegalframeworkprovidesthebasistofindtherightbalancebetween competingconsiderations,suchassecurityandprivacy.Thecentralquestionfromahuman rightsperspectiveiswhetherthemeasuresinthebillareaproportionateintrusiononthe righttoprivacyandalsootherhumanrightsthatcouldalsobeengaged.
8.
9.
10.
TheCommissionsevidence 11. In2011,theCommissionpublishedareportoninformationprivacy,examiningthreats, particularlyrelatedtotheactivitiesofthestate,whichhaveemergedinrecentyears144. 12. Thecentralfindingofthisreportwasthattheexistingapproachtotheprotectionof informationprivacyintheUKisfundamentallyflawed,andthatthereisapressingneedfor widespreadlegislativereforminordertoensurethattherightscontainedinArticle8 145are respected. 13. Thereportarguesfortheestablishmentofanumberofkeyprivacyprinciplesthatcanbe usedtoguidefuturelegalreformsandthedevelopmentofsectorspecificregulation.It identifiestwoprincipalareasofconcern:thestateshandlingofpersonaldataandtheuseof surveillancebypublicbodies Keyfindings 14. Theprivacylandscapehasbeentransformedinrecentyearsbyaseriesoflandmarklegislative reforms,includingtheHumanRightsAct,theDataProtectionActsof1984and1998,andRIPA. 15. Therehasalsobeenadramaticincreaseintheamountofpersonalinformationheldbythe publicsector,duetotechnologicaldevelopmentsandasteadyexpansionoftheroleofthe state.
144'Protectinginformationprivacy',Raab,C.AndGoold,B.,EqualityandHumanRightsCommission
145Article8:Righttorespectforprivateandfamilylife,HumanRightsAct1998
114
16.
Thecurrentsystemhasaweak,fracturedandpiecemealapproachtotheprotectionofhuman rightstoprivacy.ActssuchastheDPAandRIPAareriddledwithgapsandcontradictions,and arealsointerpreted,administeredandoverseenbyarangeofseparateregulators, independenttribunals,andcourts.Asaconsequence,ithasbecomeverydifficultfor individualstounderstandwhathappenstotheirpersonalinformation,orwhattheyshoulddo whenthatinformationismisused.Thecurrentsystemhasfailedtoprotectprivacyrightsina numberofcases. Theproblemislikelytobecomemoreacute.Thestatesdemandsforpersonalinformationwill continuetogrowinrelationtonationalsecurity,lawenforcementandcitizensaccesstopublic services.Sofar,thisexpansionhasbeenaccompaniedbyonlyarelativelysmallincreaseinthe powersorresourcesavailabletoregulatoryauthoritiessuchastheInformation CommissionersOfficeorthevariousCommissionersinthefieldofsurveillance. Amorecomprehensiveapproachtoprivacyisneeded,basedonafirmcommitmentto implementationofArticle8oftheECHR.Thisinvolvesreformingthelawandtheregulatory systemtocreateacomprehensiveprivacyprotectionregimetosupersedethepiecemeal inventoryofmeasuresortoolsimplementedinadisjointedfashionbyvariousagents.The relevantregulatoryagenciesneedtobestrengthened. Lawisessential:withoutlegalspecificationofprivacyrights,otherinstrumentsarelikelytobe incapableofprovidingtheremediesthatindividualsmayneed.Thelawneedstobeflexible enoughtorespondtothemanyandvariedthreatstoprivacy. Theprincipleswrittenintolaworunderpinningitmustbereflectedinthespecificationof otherinstruments.Theseareseenasreinforcementsandcomplementstothelawandnotas substitutesfor,orweakerversionsof,privacylaws. Therearemanywaysofprotectingprivacyinadditiontolegalprovisions,includingself regulatoryapproaches,'privacyenhancingtechnologies',privacybydesign,andpublic awarenessandeducation.Suchcomplementary,nonlegalapproachestotheprotectionof informationprivacyhaveanimportantparttoplayinupholdinginformationprivacyrights.
17.
18.
19.
20.
21.
Recommendations 22. Thisreportmakesfourmainrecommendations: 23. AclearsetofprivacyprinciplesshouldbedevelopedbasedontheHRAprovisionsandused asthebasisforfuturelegislation,andtoguidethedecisionsofregulatorsandgovernment agenciesconcernedwithinformationprivacyanddatacollectionindifferentcontexts. 24. Existinglegislationthattouchesonprivacyshouldbereformedtoensurethatitisconsistent withtheprivacyprinciplesrecommendedearlier.Atminimum,suchreformshouldconsolidate andimprovetheexistingRIPAanddataprotectionregimesinrelationtoinformationprivacy andsurveillance. 25. Greaterregulatorycoherenceshouldbepromoted.Thereshouldbeanefforttorationaliseand consolidatethecurrentapproachtotheregulationofsurveillanceanddatacollectioninthe UK,withparticularattentionpaidtotherelationshipbetweenthevariousstatutory Commissionersresponsibleforprotectinginformationprivacy.
115
26.
Improvedtechnological,organisational,andothermeansofprotectionshouldplayanintegral partininformationprivacyprotection.Thedevelopmentanduseoftechnologicalandnon legalsolutionstotheproblemofinformationprivacyprotectionshouldbeencouragedby government,andmoreresourcesdevotedtopubliceducationandawarenessaroundprivacy.
27.
Therighttoprivacyisatriskofbeingerodedbythegrowingdemandforinformationby governmentandtheprivatesector.Unlesswestarttoreformthelawandbuildaregulatory systemcapableofprotectinginformationprivacy,wemaysoonfindthatitisathingofthe past. TheCommissionsanalysis 28. Respondingtothejointcommittee'scallforevidence,theCommissionwillsetoutananalysis ofthehumanrightsissuespertainingtotheDraftCommunicationsDataBill,basedonour expertperspectiveasaUnitedNationsaccredited'Astatus'NationalHumanRightsInstitution NHRI . 29. Insummary,theproposalsinthedraftbilltocollectandstoreallformsofelectronic communicationsintheUKfor12monthswhichsomepublicauthoritiescanthenaccess, basedonanumberofbroadlydefinedpurposesappeartobetoovagueandwillinterfere withtherighttoprivacy.Consequently,themeasureswillneedtobeclearlyjustifiedand thoroughlyscrutinised.Currently,basedontheinformationpresented,ouranalysisisthata cogentandcompellingcasefortheproposedmeasureshasnotbeenmade. 30. Everyoneconcernedabouttheirsecuritywishestoseethepolicegivenjustifiablepowersto investigatecrimes.However,sincethenatureandextentoftheproblemsthepolicehave experiencedresultingfromtheintelligencecapabilitygaparenotknown,itisdifficultto answerquestionsrelevanttoassessingtheproportionalityofthemeasures.TheCommission wouldadvisethatitmaybeusefulforthejointcommitteetobepresentedwithfurther evidence,fromtheHomeOfficeand/ortherelevantpublicauthoritieswhowouldliketohave thesepowers,toenablebetterconsiderationoftheeffectivenessoftheproposedmeasuresand investigationofalternatives. 31. Itisclearthatsensitiveinformationconcerningthereasonsforthediminishingintelligence capabilitygapcannotbedisclosedpubliclybecausethiscouldcompromiseexistingcrime preventionandinvestigationcapabilities.Nevertheless,theimportantdemocratictaskof parliamentarylegislativescrutinymustbeproperlysupportedbythegovernmentandrelevant publicauthoritiesinrelationtothisbill. 32. TheCommissionsanalysiswouldfurthersuggestRIPAisunlikelytobethebestvehicleforthe newlegislation.TheCommission'sanalysisofRIPAandtherighttoprivacyaresetoutfullyin theresearchreport'Protectinginformationprivacy' 146.Thiswouldsuggestabetterstarting pointthanRIPAfortheproposalsisrequired. 33. Despiteassurancesfromthegovernmentandthepolice,validconcernswithhumanrights implicationsstillremainconcerning:
146'Protectinginformationprivacy',Raab,C.AndGoold,B.,EqualityandHumanRightsCommission
116
34.
what'communicationsdata'actuallyisandwhethercontentcanreallybeseparated, thebreadthofpurposesforwhichdataistobecollectedandstored, thenumberofpublicauthoritieswhowillhaveaccesstosuchdata,and thenatureandqualityofsafeguardstopreventmisuseandprotectimportantindividualrights, includingtherighttoprivacy. TheCommissionsanalysiswouldsuggestsubstantialimprovementstothedraftbillcanbe madeintheseareas.Otherwise,therearesignificantrisksthatthemeasuresinthedraftbill couldcompromisehumanrightssafeguardsandresultingreateropportunitiesforhacking, identifyingwhistleblowers,compromisingtheworkofinvestigativejournalistsandintruding onthelawyer/clientrelationship.Consequently,webelievegreaterscrutinyofthemeasures andimprovedsafeguardsarerequired. Formostpublicauthorities,apartfromlocalauthorities,theauthorisationprocesstoaccess communicationsdataisdependentonlyoninternaldecisionmakers.Thepresent authorisationsystemisperceivedtolackindependenceanditisprobablynotthebestprocess tobalanceandsafeguardindividualrights. Externaloversightandregulationinthisareaiscurrentlycoveredbyanumberofbodies, includingtheInformationCommissioner,theInterceptionofCommunicationsCommissioner andtheInvestigatoryPowersTribunal.Concernsaboutthecomplexityandlackof effectivenessofthisregimearerealandneedtobeaddressed. Preventingmisuseispreferabletoactingafterithasoccurred.Effectiveregulationmaynotbe possibleaftertheevent,ifundertakenbyaregulatorresponsibleforprobingupwardsofhalfa milliondataaccessrequestsona'casebycase'basis.Thisisnotasufficientsafeguardin relationtotheproposalscontainedinthedraftbill,andsignificantimprovementsareneeded inthisregard. Lackofknowledgeaboutdatabeingaccessedhindersindividualrightstoseekredressthrough regulatorsorcourtsandtribunals.Again,theCommissionsanalysissuggestsrelianceonthis currentsystemisnotasufficientsafeguardinrelationtotheproposalscontainedinthedraft bill.Significantimprovementsarealsoneededinthisregard. Finally,alotofthedetailinrelationtothedraftbillislefttotheSecretaryofStatetodevise throughdelegatedordermakingpowers.NotwithstandingthefactthatParliamenthasarole inauthorisingtheseorders,theCommissionwouldsuggestitispreferabletohaveasmuch detailonthefaceofthedraftbillaspossible,ratherthaninseparateorders.Ultimately,this increasesdemocraticscrutiny,aidsunderstandingandreducescomplexityforallconcerned.
35.
36.
37.
38.
39.
Improvedsafeguards 40. Inthissubmission,theCommissionhassetoutitsanalysisofhowthedraftCommunications DataBillalignswithhumanrightslegislation,drawingonthefindingsofitsresearchreport, 'Protectinginformationprivacy' 147.Basedonthis,thefollowingimprovementsmaybe necessaryandproportionatetoimprovethedraftbillandtherebystrengthencompliancewith therequirementsoftheHumanRightsAct1998:
147Ibid.
117
41. Itispositivethatacommitmenthasbeenmadetoincorporate'Privacybydesign'and'Privacy enhancingtechnology'intothetechnologythatwillbeconstructed.However,asastarting point,thedraftbillrequiresclearprinciplesperhapsbasedonthoseinSchedule1oftheData ProtectionAct1998.
42. 43. Whatamountstodatacontentshouldbedefinedonthefaceofthedraftbill,asshouldthose bodiespermittedtoaccessdata.Thepurposesshouldberestrictedtothosepermittedunder theHRA.Clause5 1 b shouldstatewhatinfactisalreadyauthorisedbylaw. Thelegislationneedstobemuchclearerandlesscomplex,soeveryonecanunderstandtheir rightsandresponsibilitieswithouthavingtoresorttolawyersand/ortocourtsandtribunals.
44. Independentauthorisationofdataaccessrequests bythejudiciaryorotherindependent body shouldbethenorm,especiallyformoreintrusiveinformationbeyondbasicsubscriber details.Thisshouldcomplementinternalapprovalprocesses.Aworkablesystemisrequired forurgentrequests,perhapswithretrospectivescrutiny.
45. Thethresholdtoaccessdatashouldbesetatahighlevelinthelegislationtopreventtrivial andotherdisproportionaterequests.Clause9 6 istoobroadinpermittingdatarequestsfora numberofreasonsthatdonotnecessarilyfallwithinlimitationssetoutinArticle8HRA.
46. Thereisalackoftransparencyinthepresentproposalsintermsnotifyinginnocentpeopleat anappropriatepointintimethattheirdatahasbeenaccessedanddestroyed.Individuals as wellasregulators shouldreceivenotificationatanappropriatepointintime,subjecttoother considerationsforexample,notcompromisinganongoinginvestigation.Thiswillactasa deterrentagainstmisuseandaidaccountability.
47. Alegalrequirementtohaveasystemcomprehensivelyrecordingwhatdatahasbeenaccessed, bywhom,when,forwhatpurpose s andwhenthedatahasbeendestroyedshouldalsobe requiredonthefaceofthedraftbill.
48. Sanctionsformisusehavetobesetatalevelthatprovidesarealdeterrent.Consideration shouldbegiventoimposingcriminalsanctions,includingbreachesofSection55oftheData ProtectionAct1998andbreachesofarelevantcodeofpractice.
49. TheSecretaryofStatesdelegatedpowersunderthebillshouldbeconsiderablyreduced; furtherchangesincludingadditionalpowers,shouldrequireprimarylegislationthatcanbe thoroughlydebatedandscrutinisedbyParliament.
50. Alegalrequirementtomonitor,reviewandreportontheoperationofthelegislationshouldbe placednotonlyonregulators,butalsoongovernmentandrelevantpublicauthorities.
118
August2012
119
The foundation for Information Policy Research

TheFoundationforInformationPolicyResearch FIPR isanindependentbodythatstudiesthe interactionbetweeninformationtechnologyandsociety.Itsgoalistoidentifytechnicaldevelopments withsignificantsocialimpact,commissionandundertakeresearchintopublicpolicyalternatives,and promotepublicunderstandinganddialoguebetweentechnologistsandpolicymakersintheUKand Europe. WewouldliketomakethefollowingcommentsandrecommendationstotheJointCommitteeonthe draftCommunicationsDataBill.AmemberofourAdvisoryCouncil,ProfessorPeterSommer,has submittedaresponsediscussingtechnicaldetails,whichwewillnotrepeathere;inthisresponsewe focusonthestrategicaspects. 1.Astatethatcanwatchanybody,orastatethatcanwatcheverybody? Indemocraticcountrieswehavehistoricallylimitedourcapacityforgovernmentsurveillancein variousways,whiledespotstrytowatchthewholepopulation.Inthepastthismayhavebeenpartly amatterofpriorities;citizenswhocanvoteoptforschoolsandhospitals,notsecretpolicemen.Butas technologyslashesthecostofsurveillance,itmightjustbepossibletohaveschoolsandhospitals,and watcheveryonetoo.Shoulddemocraticgovernmentsgiveintothistemptation,ortakeamore principledposition?TheBillmaybetheonerealopportunityforthisParliamenttoconsiderthis question. Britainshouldremainoneofthestatesthatcanwatchanybody,butnoteverybody.Weunderstand thatBTalreadyhastheDPIcapacity installedforthepurposesofinterception tomonitorabout 100,000Internetsubscribers.TheotherbigISPspresumablyhaveasmuchagain,andGCHQnodoubt hasfurthercapacityonbackbonelinks.RatherthanacceptingtheHomeOfficebidforamassive expansionofthisalreadysubstantialcapability,theCommitteeshouldinsteadrecommendapolicyof selectivedatapreservation:communicationsdatawouldbecollectedonlyfortargetedindividuals, suchasseriouscriminalsreleasedonlicense,oronthesexoffendersregister.Inanycase,we recommendthatcollectionshouldbesubjecttoanoverallvolumelimit say100,000subscribers to compelthepoliceandintelligenceagenciestoprioritise.Itshouldbesubjecttojudicialoversight. 2.Communicationsdataonly,orinterceptiontoo? InthedraftbillanditstestimonytotheCommittee,theGovernmenthasbeenvagueaboutwhatit intendstodowiththenewpowers.IthasbeenmuchlessvagueinitsworkontheEuropean TelecommunicationsStandardsInstituteTechnicalCommitteeonLawfulInterception ETSITCLI ,a standardsbodystaffedbypeoplefromintelligenceagencies,telcos,ministriesandswitchgear suppliers,withaverystrongBritishcontingent.ETSITCLIdrewupthetechnicalstandardsfor governmentaccesstomobilephonelocation,trafficdataandcontent,andhasnowdecidedtoextend itsstandardstothefacilitiesthatGoogle,Facebookandothercloudserviceproviderswillbeordered toofferthepoliceandtheintelligenceagencies.WestronglyurgetheCommitteetostudythe documentETSIDTR101567LawfulInterception LI Cloud/VirtualServices CLI ,whichwe incorporatehereinbyreference 148.Thismakesclearthattheagenciesgoalisnotjustaccessto communicationsdata,butinterceptiontooaswiththepreviousGovernmentsInterception ModernisationProgramme. TheCommunicationsDataBillwillgivetheSecretaryofStatethepowertocompelserviceproviders toinstallinterceptionequipmentofthegovernmentschoice,bysecretorder.AlthoughtheBillclaims thatitdoesnotempowerinterception,nothinginitpreventsitsbeingusedtodirecttheinstallation ofequipmentwhichisthenusedforinterceptionunderotherlaws.TheDPIequipmentthatcanbe usedtocollecttrafficdatacanequallybeusedforinterception;thisisjustamatterofitsinstructions.
148http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_LI/2012_45_Bratislava/SA3LI12_044.doc
120
WerecommendthattheCommitteeamendtheBillsothatequipmentinstalledunderitspowers cannotbeusedforinterception.IftheHomeOfficewillnotacceptthis,thentheCommitteewillhave atleastachievedclarityaboutgovernmentintentions. 3.Shouldcloudserviceaccessbeautomated? Atpresent,cloudserviceproviderssuchasGoogle,YahooandFacebookscreenlawenforcement accessrequestsmanually.Onereasonisthatcanbeveryhardtotellwhetherapoliceforceor intelligenceagencyhasjurisdiction. ImaginethatafutureBritishministerordiplomatpassesthroughCairoInternationalAirporten routetoSouthSudanonanofficialvisit.Sheopensherlaptoptocheckhergmail.Thelocal intelligenceservicenotices,andinvokesitslawenforcementinterfacetohergmailaccount.Suppose thattheCommunicationsDataBillpassedinitspresentform,whereupontheUKcompelledallcloud serviceproviderstobuildaninterfaceforaccesstowebmail.Othercountriesthendemandedaccess too;eveniftheproviderslimitaccesstodemocraciesinwhichtheyhaveemployees,itishardtosee howtheycandenyaccesstoFrance,Italy,andEgypt. Nowconsider:howmuchshouldtheMukhabaratbeabletoget?Onlythosemailitemsshesent, receivedorviewedwhileonEgyptiansoil?Everythingshegotinthelast14days?Everythingshell sendandreceiveinthenext14daystoo?Allofherinbox?HerGoogledocsandhercalendartoo?The agencieswillgrabthelotiftheycan.Butwhatisproportionateandnecessary,andhowcansystems bebuiltthatrespectjurisdiction?Itisnotcleartousevenhowtospecifysuchsystems,letalonebuild them. Designingalawenforcementinterfacethatwillgiveautomaticaccessbutrespectusersrightsis madeevenharderbythefactthattargetsofinvestigationusecloudsystemsinnonstandardways. Forexample,anumberofterroristgroupshaveusedwebmaildeaddrops,wheretheycommunicate bysharingtheusernameandpasswordtoawebmailaccount,andleavingmessgesinthedraftsfolder ratherthansendingthemasformalemails.Sotrafficdatamaynotreallybe,ormean,whatit ostensiblysays;indeedtheagenciescanredefinetrafficdatabydescribinganewmodusoperandi realorimagined . Intheabsenceofaclearanddetailedexplanationofhowtopreventsuchaninterfacebeingabused byforeignintelligenceservicestothedetrimentoftheUKscriticalinterests,theUKshouldnotbe pushingforittobebuilt. TheCommitteemightnotethatCESG,whichdoesprotection,isa subsidiaryofGCHQ,whoseprimarymissionisoffensive,sooffencemaybefavouredoverdefencein policyadvice. Inanycase,werecommendthatlawenforcementaccesstocloudservicesshouldbydefaultinvolve manualscrutinybytheserviceprovider;andtoensurethatthescrutinyiscareful,nonewlawshould indemnifytheprovideragainstprovidinginformationcontrarytootherlaws.Itisquiterightand properthatcloudservicecompanyexecutivesshouldfacelitigationorevenprosecutionifthey violateusersrightsbyhandingoverprivateUKinformationtoaforeignintelligenceagency orfor thatmattertoanewspaperoracriminalgangthatbribesanemployeeofagovernment . 4.Ifsomeaccessisautomated,whatshouldthescopebe? Whatlawenforcementinterfacesshouldbeautomated?Existingsystemsgiveautomatedaccessto phonerecordsandhandletensofthousandsofrequestsamonth.Thisispossiblebecausephone recordsaresimple;thequestionofjurisdictiondoesntarise.Cloudservicesarecomplex,and jurisdictionisnottheonlyfactor:therearemorethanfortywaysfortwoFacebookusersto communicatewitheachother,andnewmechanismsareintroducedconstantly.Arequirementfor automatedeavesdroppingwouldimpairinnovation,asateamdevelopinganewfeaturewouldhave tothinkthroughalltheaspectsofinterceptionincludingjurisdictionandliabilitybeforethefeature couldship.
121
Complexitycanalsobeanemergentproperty,andinthisrespectweareconcernedaboutthedraft billsprovisionsonfiltering.Theideaistoenableaninvestigatortomakecomplexqueriesonsimple dataheldinmultipledifferentsystems.SupposeforexamplethatanoppositionMP,orajournalist, wereleakedasensitivepolicydocumenttowhichonlytwelvecivilservantshadaccess.Atpresent investigatingsuchaleakmightinvolveinterrogatingthetwelvesuspects,orevenarrestingtheMP.In future,aninvestigatorwouldbeabletoquerythehundredsofdifferentCSPssayingtellusallthe peoplewithwhomthesethirteentargetscommunicatedinthelasteighteendays.Thesecontactlists wouldbecombinedatGCHQ,whomightspotthatofficialnumberninephonedanacademiccriticalof governmentpolicy,andhalfanhourlatertheacademiccalledtheMPsmobilephone.That,atleast,is thetheory.ThefilteringprovisionsopenupthedoortolargescaledataminingoftheInternet;what Googledidforthecitizensearchingforstuff,theBillwilldoforinvestigatorssearchingforvillains. Inpracticethereareseriousobstacles.First,theindividualcommunicationsserviceproviderswould havenowayofassessingwhetheranyparticularrequestfordataisproportionate,necessaryor otherwiselawful,soifsuchrequestscanbemadeautomaticallytocloudserviceproviderstheywould raisetheissuesalreadydiscussed.Second,asProfessorSommerpointedout,theboundarybetween trafficdataandcontentischangingconstantly,andhassomehardcases.Agoodexampleisyour diary.Manyfirmsnowadaysrunoncorporatecalendaringsystems,whichcanbeavaluableresource forinvestigators:anFSAofficialinvestigatinginsidertradingwouldlovetotrawlallthestaffdiaries ofthetargetbank.Butisthistrafficorcontent?Nodoubtagencieswillarguetheformer;butbankers maywellbeunrelaxedabouttheideathattheirinternalandclientcontactscouldbetraced automaticallyviasurreptitiousintelligenceserviceaccesstotheircorporatecalendaringsystem. Third,ThewaytheBilliscurrentlydrafted,itwillcatchallsortsofmachinetomachinetransactions suchasATMsandcardtransactionsinshops,securitywebcams,wirelessdorbells,insurancecar trackingsystems,andevensettopboxesthattrackwhatyouwatch;theseposefurtherproblemsof contentversustraffic.Finally,itsproposedthatthefilteringrequestswouldincluderequestsfor contentaswellastrafficdata,whichGCHQwouldfiltersoastopassononlyrelevanttrafficdatatoa requestingpoliceforce.SothefilteringprovisionsoftheBillappeartoauthoriseGCHQtocollect arbitrarydata includingcontent fromanyCSP.ItsworthnotingthatinNSA/GCHQterminology, interceptioniswhathappenswhencontentisscrutinisedbyahumananalyst;ifitsjustscrapedup intoadatabaseforfutureusethatscalledcollection.TheCommitteeshouldbecarefulabout terminology! WerecommendthatthefilteringprovisionsberemovedentirelyfromtheBillandthatthedefinition oftrafficdatabemadecompletelyexplicitinordertopreventmissioncreep. 5.WilltheBillimpaircompetition? IfcommunicationsserviceprovidersarecompelledtoinstallenoughDPIequipmenttomonitorall subscriberconnections,thiswillbeeasierforrelativelycentralisedCSPssuchasBTthanformanyof itscompetitors.IfCSPsarerequiredtohavestaffwithsecurityclearancestomaintaintheDPI equipment,thiscouldbedifficultforsmallprovidersandimpossibleformoststartups. Ifcloudserviceprovidersarerequiredtoprovidelawenforcementinterfacesonthesamebasisas traditionaltelcos,theywillsuffersubstantiallyhighercostsbecauseoftheirmorecomplexservice offeringsandbecauseoftheuncertaintiesinjurisdictiondiscussedabove.Alegalrequirementforall newcommunicationsservicestobeinterceptreadycouldimposeaveryhighcostonstartups; sensibleentrepreneurswouldgoelsewhere.ThiswouldbeevenworseifanyITstartuprequired someonewithaclearance alargenumberoftechstartupsinvolveforeignnationals .TheBillas proposedmightbewelcomedbyBT,whichmightrebuilditsnetworkattaxpayerexpense,butits effectsoninnovationcouldbesevere.Theremustbealevelplayingfield,sotheproposalthatthe HomeSecretaryacquirethepowertogivesecretorderstoCSPsisunacceptable.Werecommendthat anyinterceptionrequirementimposedonfirmsbeappliedtoallfirmsequally,andbesubjectto publicconsultationfollowedbyavoteinParliament. 6.Shouldthestatebeabletocompeltreachery? TheBillwillempowertheHomeSecretarytoordercompaniesorindividualstobuildbackdoorsinto
122
theirsystems:ineffect,todoublecrosstheircustomersoremployers.Thewriterdeclaresaninterest, asoneofmypostdocsisamaintainerofTor,ananonymouscommunicationsystemusedbycitizens incountrieslikeIranandChinatocircumventInternetcensorship.IfthecurrentBillweretobecome law,theHomeSecretarycouldserveuswithasecretordercompellingustomodifythesoftwareto createundocumentedlogsandmailthemtoGCHQ.WewouldprobablysafeguardTorsintegrityby postingamonthlydeclarationunderoathonourwebsitethatwehavenotbeenplacedunder compulsion.Shouldthisfailtoappear,ourcolleagueselsewherewillknowthatnomoresoftware fromtheUKshouldbetrusted. Theimpactonbusinessofapowertocompelstafftobesilentlydisloyalmightbefarreaching.A prudentUSsoftwarefirmmightdecidenottolocateanydevelopersintheUK,forexample.Butthe implicationsarenotrestrictedtosoftware.Part3oftheRegulationofInvestigatoryPowersAct permittedaChiefConstabletoseizeacryptographickey;eventhoughsuchnoticeshavetobeserved ondirectors,theirveryexistencehasledatleastoneinternationalbanktoremovekeymaterialfrom thecontrolofLondonstaff,whichinturnledtoitsauditfunctionforEuropemovingfromLondonto Switzerland.Legalisedtreacheryisbadforbusiness,andtheBillmustnotenableministerstocompel it. 7.Whichagencyshoulddothewatching? Formanyyears,muchofthecivillibertiescommunityhasconsideredGCHQsinterception operationstobealowpriority,becausemostoftheirsurveillanceactivitiesweredirectedoutside Britainandbecausetheproductwasverycloselyheld.Buttheworldappearstobechanging. TheUSNationalSecurityAgencymovedtointernalsurveillanceafter9/11,turningitsresources againstUScitizensinwaysthatbrokeUSlaw albeitretrospectivelylegalisedbyCongressin2008 . NowtheNSAisGCHQsmentor;itnotonlyleadstheFiveEyesintelligencesharingagreementbut spendsmuchmorethantheUK,Canada,AustraliaandNewZealandputtogether.SotheNSAsets doctrineandstandardsacrossalliedgovernmentsforcommunicationsintelligenceandinformation security.AstheUSAisthelargestbuyer,andthedominantplayerintheWassennaarArrangement whichcoordinatesexportcontrols,italsoshapesthemarketforinterceptionequipment.Evensuch minoraspectsofUSpolicyasthesponsorshipofacademiccentresofexcellenceininformation securityhavebeenimportedintotheUK. SoitisnotsurprisingtonotethattheBillwillgreatlyexpandGCHQsdomesticsurveillance capabilities.ButParliamentshouldthinkhardabouttheprospectofGCHQtransformingitselffroman essentiallymilitaryagency,taskedwithuncontroversialjobssuchasdecipheringHitlerstelegrams ortappingChairmanMaosphone,intoaninternalpoliceagencywithbroadscopeandnoeffective oversight.Itsimplyhasthewrongculture.Thecandoapproachadoptedfordealingwithenemiesin wartime orduringtheColdWar isnotrightforinternaluseinanationatpeaceandwiththelowest recordedcrimeratesever.Acentralcommsdatafacilitydrivenbyintelligenceagenciesmightalsobe oflittleusetothepolice;theywouldnothavethesecurityclearancetoknowwhatitcontained.Ifthe UKneedsaninternaltechnicalsurveillanceagencyitshouldbemoreliketheFBIthantheNSA;it mustbeabodythatsharesthepoliceethosandissubjecttodemocraticaccountability. Wethereforerecommendthatanycentralfunctionsrelatingtothecollectionandprocessingof communicationsdatashouldbeunderthecontroloftheproposednewNationalCrimeAgency,orthe MetropolitanPolice,ortheNPIA,ratherthanGCHQortheSecurityService. 8.Whoshallwatchthewatchers? TheInterceptionCommissionerandhiscolleagueshavefailedtowinmuchconfidence.Thereisa tendencyforregulatorstobecaptured;aregulatedindustryusuallyknowsmuchmorethantheydo aboutwhatsgoingon.Itshouldsurprisenoonetoseethisintheinterceptionbusinessbecauseof thehighlytechnicalnatureoftheactivity. Britainisalmostaloneintheworldinnotpermittinginterceptproducttobeusedinevidence.
123
Officialswhoarguethattheskywouldfallifpolicyweretochangecanneverexplainwhytheskyhas notfalleninsomanyothercountriessuchastheUSAandtheNetherlands.Butonceintercept productisusableinevidenceitwillbetestedinthecourts;thistransparencywilldomoretoprevent abusethananyregulatorcould.Also,asnotedaboveandexplainedbyProfessorSommer,the distinctionbetweencontentandtrafficdataisbecomingincreasinglyproblematic.Wetherefore recommendthatthelawbechangedtoallowinterceptproductinevidence,andfurthermorethat targetsofsurveillancewhoarenotprosecutedshouldeventuallybenotifiedofthesurveillance. Sunlightisthebestdisinfectant. 9.Thehumanrightstest Itisextremelydoubtfulthatmasssurveillancewithoutwarrantorevensuspicioncouldcomplywith humanrightslaw,specificallysection8oftheEuropeanConventiononHumanRights.TheData RetentionDirectivewasmuchlessdraconian,yetthetwosupremecourtsthatexaminedlocal implementations inGermanyandRomania foundthemnoncompliant.EveniftheHumanRights Actwererepealed,itsreplacementwouldsurelyreimplementECHRsolongasBritainremainsinthe CouncilofEurope.TheECHRwasreflectsbothEuropesandBritainsdeepestvalues. ThefactthattheBillostensiblyonlyfacilitatesaccesstocommunicationsdatadoesnotreallymitigate theproblem.Suchdatacanrapidlydisclosethemostsentitiveaspectsofacitizenslife; communicationwithapsychiatrist,aminorityinterestdatingsiteoraservicesuchasNarcotics Anonymouscanbeprofoundlyrevealing.Yet,aswenotedabove,theBillappearsoncarefulstudyto facilitateinterceptionaswell. WethereforerecommendthattheCommitteecommissionindependentlegaladviceonwhat amendmentsmayberequiredtothedraftBilltoensurehumanrightscompliance. Summary Wemakethefollowingrecommendations: 1. Collectionshouldbesubjecttoanoverallvolumelimit say100,000subscribers tocompel thepoliceandintelligenceagenciestoprioritise,andshouldbesubjecttojudicialoversight. 2. TheCommitteeshouldamendtheBillsothatequipmentinstalledunderitspowerscannot beusedforinterception. 3. Lawenforcementaccesstocloudservicesshouldbydefaultinvolvemanualscrutinybythe serviceprovider;andtoensurethatthescrutinyiscareful,nonewlawshouldindemnifythe provideragainstprovidinginformationcontrarytootherlaws. 4. ThefilteringprovisionsmustberemovedentirelyfromtheBillandthedefinitionoftraffic datamadecompletelyexplicitinordertopreventmissioncreep. 5. Anyinterceptionrequirementimposedonfirmsmustbeappliedtoallfirmsequally,andbe subjecttopublicconsultationfollowedbyavoteinParliament. 6. TheBillmustnotempowerministerstocompeltreachery. 7. Anycentralfunctionsrelatingtothecollectionandprocessingofcommunicationsdata shouldbeunderthecontroloftheproposednewNationalCrimeAgency,ortheMetropolitan Police,ortheNPIA,ratherthanGCHQortheSecurityService. 8. Thelawshouldbechangedtoallowinterceptproductinevidence,andtargetsofsurveillance whoarenotprosecutedshouldeventuallybenotifiedofthesurveillance. 9. TheCommitteeshouldcommissionindependentlegaladviceonwhatamendmentsmaybe requiredtothedraftBilltoensurehumanrightscompliance. August2012
124
The Financial Services Authority

1. We welcome the opportunity to submit this memorandum to the Joint Committee on the draft CommunicationsDataBill.Inthismemorandum,wesetout: a. b. c. d. e. f. the FSAs role and responsibilities, and the extent and nature of our interest in communicationsdata; ouraccesstocommunicationsdata; ouruseofcommunicationsdata; thespecificmeasuresweusetosafeguardcommunicationsdata; theimpactthatawarrantingsystemwouldhaveonourabilitytoreducefinancialcrime andtacklemarketabuse;and theroleoftheInterceptionofCommunicationsCommissionersOffice IOCCO .
Executivesummary 2. We welcome the draft Communications Data Bill, which would consolidate and update powers essentialtoourenforcementwork. 3. 4. Wearealerttothesensitivitiesofusingcommunicationsdata,andhavemechanismsinplaceto ensurethatsuchinformationisusedappropriatelyandsecurely. We recognise that there must be a balance between the safeguards in the process to acquire communicationsdataandtheefficiencyofthatprocess.WeconsiderthatthedraftBillgetsthis balancerightandweasktheCommitteetoconsidercarefullyanypossiblechangestothedraft Bill that would have a detrimental impact on our ability to reduce financial crime and counter marketabuse.
FSAroleandresponsibilities 5. 6. The FSA is the single statutory regulator for the great majority of financial services in the UK. OurpowersareconferredprimarilybytheFinancialServicesandMarketsAct2000 FSMA . FSMArequirestheFSAtopursuefourobjectives: a. b. c. d. 7. marketconfidencemaintainingconfidenceintheUKfinancialsystem; financialstabilitycontributingtotheprotectionandenhancementofstabilityoftheUK financialsystem; consumerprotectionsecuringtheappropriatedegreeofprotectionforconsumers;and the reduction of financial crime reducing the extent to which it is possible for a regulatedbusinesstobeusedforapurposeconnectedwithfinancialcrime.
The Financial Services Bill currently going through Parliament introduces a new regulatory environment, splitting the FSA into the Financial Conduct Authority FCA and the Prudential RegulationAuthority PRA .TheFSAsfinancialcrimeobjectivewillmovetothenewFCA.Asthe Billstands,theFCAwillhaveanoperationalobjectivetoprotectandenhancetheintegrityofthe UKfinancialsystem.TheintegrityoftheUKfinancialsystemincludes:
125
a. b. c. d. e. 8.
itssoundness,stabilityandresilience; itsnotbeingusedforapurposeconnectedwithfinancialcrime; itsnotbeingaffectedbybehaviourthatamountstomarketabuse; theorderlyoperationofthefinancialmarkets;and the transparency of the price formation process in those markets. Financial Services Bill,cl.5 1
We currently have powers under the Regulation of Investigatory Powers Act to acquire communications data for the purposes of criminal investigations. Under the European Market AbuseDirective,theFSAmustalsohavepowerstoobtaincommunicationsdataforcivilmarket abusecasesthesepowersarecurrentlyprovidedunderFSMA,butwouldbeconsolidatedinto theCommunicationsDataBill.
Accesstocommunicationsdata 9. ItisofvitalimportancetotheFSA,andgoingforwardtheFCA,thatweretainourabilitytoaccess communicationsdata.
10. Wearenotoneofthecoreauthorities suchaspoliceforcesorHMRC mentionedinthedraft CommunicationsDataBill.AsanoncoreauthorityweneedtobedealtwithbyanOrderbythe Secretary of State. We have no concerns about this as the Bill stands. However, if the Bill is amended to distinguish between core and noncore authorities, we would consider our substantivepositiontobethesameasthecoreauthorities,andwouldrecommendappearingon thefaceoftheBill. 11. Ourprocessestosafeguardcommunicationsdataarepracticallythesameasthecoreauthorities. Wewouldthereforehaveseriousconcernsabouttheimpactonourabilitytoinvestigatecasesas aresultofanyadditionalrequirementsonus. Usingcommunicationsdata 12. Legislation needs to keep pace with developing technologies as we are seeing increasing sophisticationbycriminalsseekingtoevadedetection.WewelcomemeasuresintheBillthatwill ensurecommunicationsdataisavailable. 13. Our use of communications data regularly supports and underpins successful criminal prosecutions. Communications data is intrinsic to our ability to investigate effectively and prosecutemanyofthecriminaloffenceswedealwith.Ithasplayedakeyevidentialrolein121 criminalenquiriessinceFebruary2009.Thesecomprised:96enquiriesintoallegationsofinsider dealingcontrarytos52CriminalJusticeAct1993;14enquiriesintoallegationsofunauthorised business contrary to s19 of FSMA; and 11 enquiries into allegations of market manipulation contrary tos397 FSMA. Some ofthese enquiries have resulted in criminal prosecutionsand/or the disruption of serious financial crime and have enabled us to achieve convictions against individualsresultinginsignificantcustodialsentencesandconfiscationproceedings. 14. Communications data frequently provides critical evidence in preventing, detecting and prosecutingmarket abuse criminal and civil and unauthorised business criminal cases. The communicationsdataprovidesinitialinvestigatoryleadsthatenableustoidentifythoseinvolved in alleged criminality andalsoto evidence directly communications between suspects. Without thisevidenceitwouldbeimpossibletoprosecutethemajorityofthecaseswedealwith. 15. Marketabusecasesinvolvinginsiderdealingareoftenreferredtoasaninformationcrime,as theactionunderlyingtheoffenceisthatofpassinginformationbetweenparties.Intrinsicallythe abilitytodemonstratecontactbetweenpartiesisakeyelementintheevidencerequiredtoprove
126
insiderdealinghasoccurred.Withoutcommunicationsdataitwouldbeimpossibletoprosecute mostoftheseoffences. 16. We investigate a wide range of serious criminal offences. Recently, communications data was used in an investigation into an illegal investment scheme to successfully locate the suspects office premises. Typically, given the criminal nature of their activity, suspects move office location every few weeks. Finding the current location of the office allowed us to apply to the Courtforasearchwarrantandexecuteasearchatthepremisesbeforeitmovedagain. Retentionperiod 17. Inevitably, any cutoff point for retaining data means that it will not be possible to investigate someleads.Weappreciatetheneedforbalanceandtheproposed12monthperiodforretaining communicationsdataisproportionateinthecurrentregulatoryenvironment. 18. However,theretentionperiodmayneedtobereviewedifawarrantingsystemisintroduceddue totheanticipateddelaysthiswouldcause.Inthesecircumstancesitislikelythatanunacceptable amount of relevant communications data would be lost as a result of it falling outside the retentionperiodandwewouldrequestalongerretentionperiodtotakeaccountofthis.Wenote, however,thatevenalongerretentionperiodwouldnotmitigatethediversionofresourcesand delayininvestigationsifawarrantingsystemwastobeintroduced. Safeguards 19. We believe our processes provide a robust level of scrutiny to communications data requests. Belowwesetoutourprocedurestoensuredataisusedappropriatelyandsecurely. 20. Our application process is identical to that used by Law Enforcement, SOCA, HMRC and the IntelligenceServices.WeuseaHomeOfficeapprovedapplicationformthatwesupplementwith additional guidance and advice to applicants about the information required to satisfy the applicationthresholds. 21. In accordance with IOCCO guidance, any FSA applicant requesting authorisation to access communications must be employed within a relevant area and have completed our approved trainingprogramme. 22. OurDesignatedPersonsmustbeemployedasaHeadofDepartmentintheEnforcementDivision. Nooneofalowerrankisauthorisedtoapproveanapplicationforanyformofcommunications data. 23. TheApplicantcanonlysubmitarequestforauthorisationtoobtaincommunicationsdatafroma HeadofDepartmentwhoisnotresponsiblefortheinvestigation,ensuringtheindependenceof theDesignatedPerson. 24. OurSinglePointofContactconsistsoftwoaccreditedofficerswhoarestationedinasecurearea within the FSA. They are the only two FSA employees able to access the secure sites and download communications data which they do through the Government Secure Intranet. The data is downloaded from this separate IT system and is transferred to us using government approvedsecureUSBdrives.TheseUSBdrivesarekeptatalltimeswithinthesecureareaatthe FSA. 25. Applicationsforcommunicationsdataandtheresultingdataareencryptedandheldsecurelyon our server. Only our two accredited officers have the necessary digital keys and passwords to accesstheinformationwehold. Impactofapotentialwarrantingsystem
127
26. We do not consider a warranting system to be appropriate for our obtaining communications data. The cases that we prosecute are very technical in nature. To understand the offence, explanationofthetypeoftrading,methodoftradingandthenatureofthefinancialmarketsis required. If we were to request a warrant for communications data then the background information in support of our application would require technical market or trading explanations. We are concerned that this will have an impact on any such application, causing delayandcoststobothourselvesandHerMajestysCourtService,reducingboththenumberof leadsweareabletofollowandthenumberofcaseswecanprosecute. 27. Wecurrentlymaintainasystemthatiswellbalancedbetweenthesafeguardsoutlinedaboveand anefficientsystemthatallowsustofrequentlyapproveorrefuserequestswithin24hoursand maintainthepaceofinvestigations.WecurrentlyassignthesameDesignatedPersontodealwith requests under RIPA for communications data that may arise during an investigation. This DesignatedPersonisabletoreadthebackgroundofthecasefromtheoutsetandiswellplacedto consideranddealwithrequestsfordatathroughoutthelifespanoftheinvestigation.Thisavoids the need for numerous individuals to read the background material before determining an application,whichinturnenablesrequeststobedealtwithefficientlyandeffectively. 28. EveniftheCourtwasablededicateresourcestoasimilarprocessofassigningasinglejudgeto eachinvestigation,wewouldanticipatesignificantdelay.Therearesomecomparisonswiththe arrangements we have in place to apply to a Magistrates Court to obtain search warrants for premises under the Police and Criminal Evidence Act 1984. We are often asked to give our applicationsinadvancetotheMagistratesCourtsothattheycanbeassignedtoanexperienced DistrictJudge,ratherthanamagistrate.Thejudgeoftenconsidersthepapersinadvancebefore ourapplication.AsaresulttheseapplicationsunderstandablytakesometimefortheCourtsto dealwith. 29. Other than in exceptional circumstances, applications for communications data would not be dealtwithbythecourtsasurgentlyassearchwarrantsare.Delayswouldreducethenumberof leadswecouldinvestigateandthereforecaseswecanprosecute. 30. Inadditionweapplyforarelativelylownumberofsearchwarrantsannually.Bycomparison,in 2011wemade2,325requestsforcommunicationsdata.Ifwecontinuereducingfinancialcrime and countering market abuse effectively, we will need to make multiple applications to Court everyworkingday,withadetrimentaleffectonbothFSAandCourtresources. RoleoftheInterceptionofCommunicationsCommissionersOffice IOCCO 31. We believe IOCCO plays an important role providing a complete independent review of our procedures. 32. WhenIOCCOattendourofficetheylogintooursystemasourSinglePointofContact.Thisgives them unfettered access to all our computer folders and they have complete access to every applicationmadebyus.Theytestatrandomanddipsampleourcases,givingthemanopenand accurateabilitytoreviewourapplications. 33. WehavereceivedconsistentlypositivereportsfromIOCCOfollowinginspections.IOCCOstated initslatestreporttheFSAemergedwellfromthisinspection.Theinspectorwassatisfiedthat
the public authority is acquiring communications data lawfully and for a correct statutory purpose.OverallthepublicauthorityhasagoodlevelofcompliancewiththeActandCoP.Avery good standard of application is being produced and the principles of necessity, proportionality andcollateralintrusionarewelljustified.
34. These reports from IOCCO are indicative of the fact that we take our obligations in relation to communicationdataveryseriously. August2012
128
Mike Gerbrais
GENERALOBSERVATIONS Clarityandspecificityaremoreessentialthanusualinthepresentdraft.Lawsoriginallydrafted becauseofoverridingneedinoneareaareattimesabusedormisusedinothersinwaystheoriginal draftershadnotanticipated. Beforecommentingonthisdraft,itisinstructivetoconsidertheRegulatoryofInvestigatoryPowers. Thereisnothinginherentlyquestionableabouthavingcloseto700publicbodiesaddedtotheRIPA, untilputinthecontextthattheoriginaldrafterslistedjust32andmayhavewishedinretrospectto controltheadditionsmoretightly.Thereisnothingwrongwithlegislativepowertomonitorfor terrorism,untilputinthecontextofcouncilsusingpowersgrantedforterrorismcrises,toticketfor dogfouling.Itisalsosoberingtoconsiderthedisproportionateusesthatgoodintentionscanleave inthepastthishasseenlawsintheCriminalJusticeAct2003intendedtoreduceextremelyviolent photographsusedtoprosecuteacartoonofTonytheTiger,antiterrorismlawsusedforlittering,and anautisticcitizenunderextradition.IntheUnitedStatesandthe2011SOPAmarkuphearing, legislatorsproposedmeasuresofgreatharmtotheinternet,referringtoworldclassexpertsin securityderisivelyasnerds.Theriskispresent. Technologyandsurveillancelawsperhapsbeyondallothers,havethescopetobeabusedthisway. Safeguardsneedtobecorrespondinglymorerigorousthanusual.Scrutiny,gooddefinitions,and clarityofunintendedoruncontrolleduses,canensurethatfutureSI'sandusageremainsbroadlyas parliamentplanned. Whilethegoalislaudable,Ifearfortheactualoutcome.Keyclausesanddefinitionsinthislawareso openastoallow almost anythingtobeappliedto almost anyone.Inafewyearsdetermined criminalswillbemoredataliterate;seriouscriminalswillcovertheirtracksevenindata communicationswhileabilllikethepresentwillbeusedforcrimeswhicharetrivial,onthegrounds thepowerexistsandthemattersarecrimes,howeversmallregardlessoftherisktosocietal structure,privacyandchillingoffreespeech. Lawmakersaredeeplyurgedtoconsiderthescopeforgoodintentionstobeabused,lessonsof history,tonotbecomplacentordismissiveofthefearsandrisksinherentinabilllikethis,andapply thegreatestdegreeofcautionandrigour,ifindeedtheydecidetopressahead. Wecanlivewithoccasionalcrime,howeversevere.Wecannotlivewellwithlossoftherighttospeak andassociatefreelythatsuchdraconianbroadandopencontrolsdefineforus. THEDRAFT 1 TheSecofStatemaybyorder afterconsultation "imposerequirementsorrestrictionson telecommunicationsoperatorsorotherpersons"Whatotherpersons?Asitstands,thisallows impositiononanybusiness,typeoforganisation,ornaturalpersonnotbeingtelecommunications operators.Thereisonlyobligationtoconsult. Severity:Hugepotentialforconcern. Action:Delete otherpersons ,oradd uponsomeformofparliamentaryconsent .Ifathreat issoserioustoaddanentireclassofpeople,orpersonswhoareinnowaytelecoms operators,itisseriousenoughthatparliamentarycontrolisbetter. "Requirements"isveryopen.Thiscanmandatethatindustryandindividualsadoptmeasuresthat areoutdated,deemedlesssecureorcompetitive,ordetercuttingedgebestpracticesbeyondthe normsuchasadvanceddatasecuritymeasures,restrictstoragelocationsorbackups,prevent
129
upgrades,andgenerallydisruptBritishbusinessasaworldleader.Datasecuritymovesveryfastand operatorsmayneedtomigrateorupdatefasterthantheycanobtainconsenttoupdate.Itisgenerally bettertospecifyaninterfaceorstandardbycreatingwhereneededamandatoryspecificationtobe metorexceeded,thenleavingtheresttotheopenmarket. 3 AtelecommunicationsoperatorwhoholdscommunicationsdatabyvirtueofthisPartmust a securethatthedataisofthesamequalityandsubjecttothesamesecurityandprotectionasthedata onanysystemfromwhichitisderiveddataiscommunicatedfromandviamanysystems.Howon earthdoesthedraftercontemplateanoperatorwillknowwhatsystemdataisderivedfrom,much lessbeabletoensurethesamesecurityandquality?Thisisarequirementthatcannotreasonablybe imposedasdrafted.ActionPerhapswhatismeant:whoholdscommunicationsdatamustsecure thatthedataheldbythem,orontheirbehalf,isofthesamequalityandsubjecttothesamesecurity andprotectionasanysystemundertheircontrolfromwhichitwasderived? QUESTION:Isthereadutytoretaincontrol,ortonotremovedataoutsidetheUK?Itisnot beyondcontemplationthatacompanymaychange,beacquired,havesystemsmovedoverseas byaparent,oroutsourcetoathirdparty notatelecomsoperator sothatinsome circumstancesdatamayceasetobeundertheirpracticalcontrol.Mustsecurethatthedata remainsundertheircontroland etc ? 5 Theoperatormustputinplaceadequatesecuritysystems includingmanagementchecksand controls governingaccesstothedatainordertoprotectagainstanydisclosure Thisisroutinelydonepoorlyinmostindustries.EvenmajorbodiessuchastheMinistryofDefence, DepartmentofWorkandPensions,Google,Microsoft,Sony,havehadseriousdatatheftorloss. Mediumtelecomsoperatorswillnotmeetorexceedthesecuritycapabilitiesofmultibillion organisations.Thisclauseistoothless.Inanylossofdataitisalmostimpossibletoshowculpability ofaresponsibleindividualunlessactionscanbemeasuredagainstaclearstatementofrequired criteria.ACTIONAtelecomsoperatorshalldesignateoneormoredirectorsorequivalenttobe eachresponsibleforensuringcompliancewiththisrequirement. Itiseasyandcorrecttoclaimnosystemisperfect.Thesinglebestpracticalcontrolisnot technical,butastrictdutyofvigilance,bywhichtheresponsibleofficerisrequiredtoatleastidentify weaknesses.Thereisnojustificationforlackofvigilance,andadutytobewatchfulaswellassecure createsthesinglebestdefenceofanyexpectationofsecurity.ACTIONIndividualoffencesrelatedto failuretoeither i takenecessarystepsfortheidentificationofweaknesses,or ii maintainsystems inasecurestate. 7 Boardhaveto"consider"anyissuesandtheSecofState"consider"likewise. Canwehavesomespecificgroundsorcriteriastatedforappeal?Otherwisethisisnosafeguardand toothless. 9 THISSECTIONHASSERIOUSFLAWSPERHAPSTHEMOSTSEVEREINANYSECTION Thissectionasitstandsisthewholeterrorismlawusedfordogfoulingproblemallover. a There isnodeminimislevelofinfractiononanycategory,althoughnobodywouldexpectthistobeused fordogfouling. b Categoriesaresovagueastobewhateveronewishesthemtomean. c The controlsoverproportionalityandcorrectuseareveryweaklydrafted. d Thereisnoallowancefor thepossibilitythatanauthorisedpersonmaynotknowthebestwaytoachievetheirpurposeorthat theoperatormayhaveanequallyvalidpreferencethatreducescostordamage. e TheSecretaryof Statemayauthoriseanypersonandanyconductwithoutrestrictionorreasonableness. f Thereis noobligationtostatethepurposetotheoperator,evenintermssuchastoobtainthefollowing dataordatapertainingtosoanoperatorcannotknowiftheauthorisationisabusedormoreis donethanshouldbe. g Ifawiderangeofactionsareauthorisedinsomematteroutofabundanceof caution asmaybeexpected thereisnocontrolthatanauthorisedpersonshallminimisethedataor
130
activitiesundertakenorlookattheminimumdatacompatiblewiththepurpose,iftheydiscoverthat lessinvasivenessthanauthorisedwillsuffice. h Thereisnotestofreasonablenessinanymatter. Forexample Deminimis:Anadditionalclausetobeadded,thatforeachcategoryofpurposestatesalevel ofseverityorspecificactionsthatisasdeminimisforthatcategory,inordertoringfence lessseveremattersoractionsthataregenerallynotintendedtobecomepurposes.For exampleforcrime,onemightspecifyacrimecapableofimprisonmentforacertaintime. ActionAddto 9 6 subjectineachcasetoademinimisrequirementsetout bySIor similar andappendto 9 7 "...andtheirdeminimisrequirements" Strongersafeguardonconduct: 9 1 c and 9 2 "conductauthorisedisproportionateto whatissoughttobeachieved"areunwieldybecausetheyfirststatetheauthorisationis proportionate,thenappeartoreversethatbyauthorising"anyconduct"unlimited.Alsowhat maybenecessaryisoftenlessthanwhatis outofabundanceofcaution authorised.Since 9 2 canonlyapplyif 9 1 c hasalreadyapplied,amend 9 2 toread"toengagein conductthatis i notinexcessoftheauthorisedconductand ii nomorethanthat reasonablyrequiredinordertoensuretheachievementof orprocure thepurpose" Absolutecourseofaction:Itmaybethatanauthorisedpersonisnotsufficiently orfalsely believesthemselvestobe knowledgeableaboutthesystem,dataorimplicationsofthe conductconcerned,ortherearemorethanoneacceptablewaytoprocurethepurposeand theoperatorconsidersonewaytobepreferableto,orlessdisruptivethan,another.Thereis nosafeguard. Bywayofexampleitmaybethatinsomecircumstances,anauthorisedcourseofconduct would fortechnicalreasonsunappreciatedordismissedbytheauthorisedperson cause riskofsomelossordamage,ofneedlessoperatorhardship,forexampleiftheirproposed activitywouldfailduetoabackuporcausedatainconsistency.Anauthorisedpersonhas absoluteauthoritytodoanactionthemselves,orrequireitsdoingbyanotherperson,and maypresson.ActionThissectionshouldcontemplatetechnicalissuesknowntothe operatorthatmaycausedamageordisruption,andtakestepstominimisethem.Theymay havesignificancetotheauthoriser,theoperator,orboth. Validpurposes:Theseareunreasonablywide.Tociteafew: NATIONALSECURITY.Putinandtherecentshowtrial?China? DETECTIONOFCRIME.Allcrime?Dogfouling? INTERESTSOFECONOMICWELLBEING.Anydemandcoercedbyanysubstantialoverseas power?IftheUnitedStatesplayinghardballsaystheywill hypothetically onlyallow favourabletermsonatradematterifweagreeinprincipletopasssomekindsof communicationsdatatothem,isthatwhatismeant?Arethereanysafeguardsorstrong restrictionsrelatedtodatabeingpassedoverseas? PUBLICSAFETY.Dogfouling? ANYTAX.Anyamounttoanydepartmentofanykind? 10 Statementofpurpose: Thereisnorequirementtostatethepurpose.Thepurposeofaccessistoobtaindatapertainingtoa matter,orofaspecifictype,orofspecificcurrency,recencyorthelike.Insomecasesthepurpose maybesecret,butthenatureofdatasoughtwilloftennotbe,astheoperatorscooperationis required.Agivenconductmaybeusedinanymanner,reasonablyorotherwise.Ifanauthorisation statesthepurpose,thenitbecomesmucheasiertoprevent,identifyandaddressconductnotwell relatedtothepurposeorusedforotherpurposes.
131
AsummaryofapplicablelawapprovedbytheSecretaryofStateshouldberequiredtobeincludedor annexedwithanyauthorisation,forreferenceofthepersonexecutingtheauthorisation,and person s presentedwithit 13 Reasonablenessclause:thestateddutyisto"comply",notto"reasonably"comply.Ifcompliance wouldcauselossordamage,thenthiscouldbeaproblem. 13 3 append: "...ormaycausedisproportionatedamage includinglossorriskoflossofdata ,disruption, orcost." "Suchanoperatororpersonisrequiredinsteadtoprovidegoodcauseandtouseall reasonableeffortstoprocuretheachievementofthepurposebyanothermeansasmaybe agreedbytheauthorisedperson." 14 THISSECTIONALSONEEDSMORESAFEGUARDS TherearenorestrictionsessentiallythisseemstosaytheSecretaryofStatemayaccessandexamine alldatatofindanythingthatmaypossiblybeanykindofitem broadlyinterpreted in9 6 ".Thisisa chartersowideastooverturnanyprivacyrestrictions,ifnotsafeguarded. Ataminimum,filteringgenerallyisoftwotypes: a specifictargetedfilteringinwhichalldataisscannedondemandforspecificwords, communications,patternsorotherdatalikelytobeofvalueinaspecificincidentor investigation; b generaluntargetedfilteringinwhichallorsomecategoryofdataisindiscriminatelyand routinelyscanned,withoutpriorknowledgeofanyspecificmatter,inordertoidentifysuch mattersortheirpossibleoccurrence. Generaluntargetedfilteringistheonerequiringrestriction,becauseitlooksateveryoneandevery actionofanycitizen,andprovidesameansofdataaccessand"datamining"thatisattheheartof widespreadpublicapprehension.Theappropriaterestrictionsarethatbydesignoftherelevant systems,communicationsdatashouldmandatorilynotbereadilyaccessible directlyorotherwise orprovidedtoanypersonorothersystem,exceptinafewcircumstances.Especially: Generaluntargetedfilteringshallnotbeperformedonsystemsthatbydesign,minimise exposureofdetailsofpersonsandcommunicationsdata,otherthan a fortestingpurposes or b encounteringdatathatitisintendedtonotifyandreportaspotentiallysignificant. Otherthantheseexceptions,systemsusedforgeneraluntargetedfilteringshallbedesigned tominimizeandpreventunauthorisedreviewofdata,datamining,orprivacybreachbyany personorpersons,ortransmissionordeliveryofthesametoanypersonorsystemoutside theapprovedfilteringprocess. And 15 4 alsorequiresreflectionofademinimis 16 through 21 Confusingtermauthorisationdatadoesntintuitivelymakesense.Canthisbereplacedby authorisedcommunicationsdata? 28 Thedefinitionofcommunicationdataitselfisstrange,see a i .Avisualimageisnotbyitsnature acommunication ifIscananimageofapictureorkeepanaudiorecordingofabookonmy computeristhisacommunication.Theclause a i isalsoredundantbecausesaveddata,images etcarealreadydocuments.Therealsenseofacommunicationiscapturedby ii anyway. ConcernUnclearastoneedfor a i whichalsoappearstomakethisactencompassanundesirably hugerangeofnoncommunications.
132
Action 1. remove a i ,ifneededmergingitscontentsintothedefinitionofdocument; 2. ifatanypointthetermcommunicationneedstoencompassthedeletedmeaningof a i , thenamendtostatecommunicationsordocumentwhichisclearer. August2012
133
The Global Network Initiative

1.TheGlobalNetworkInitiative GNI welcomestheopportunitytoprovidewrittenevidencetothe CommunicationsDataBillJointScrutinyCommittee.Wehavethreespecificconcernsthatwedetailin oursubmission: a Broadening the collection and retention of new data on anyone in the UK using communicationsservices; b The assertion of jurisdiction over nonUK based communications service providers when servicesareaccessedintheUK; c A reserve power that would empower the Home Secretary to require UK providers to captureandretaindata specificallyandonlyforlawenforcementpurposes ifrequirements tocaptureandretaindatacannotbedirectlyimposedonanonUKprovider. 2.GNIisamultistakeholdergroupofcompanies,civilsocietyorganizations includinghumanrights andpressfreedomgroups ,investorsandacademics,whohavecreatedacollaborativeapproachto protect and advance freedom of expression and privacy in the Information Communications and Technology ICT sector. GNI has developed a set of Principles and Implementation Guidelines to guide responsible company action when facing requests from governments around the world that could impact on the freedom of expression and privacy rights of users. These Principles and Implementation Guidelines are based on international human rights standards and are attached to thiswrittenevidenceinAppendixA.AppendixBhasafulllistofparticipantsandobserversofGNI. 3. It is the duty of governments to respect, protect, promote and fulfil human rights, including to ensure that national laws, regulations and policies are consistent with international human rights lawsstandards.GNIacknowledgesthedutyofagovernmenttoprotectitscitizensandpublicsafety. Itisrightthatgovernmentsconsiderhowthechangingcommunicationslandscapeimpactspolicing operationsandeffortstoprotectnationalsecurity.However,theapproachtakenmustreflectthefew and limited circumstances within the Universal Declaration of Human Rights that provide for the limitationoftheserights.Findingtherightapproachisnoteasy,particularlyintheglobal,complex, andconstantlyevolvingICTsector. 4. No other democratic nation has proposed the approach set out in this Bill. The UK plays an important leadership role in the development of international legal standards and has far reaching influencesonpolicythinkinggenerally.Thisincludesthedevelopmentofpolicyandlegalframeworks relatingtocommunicationstechnologyandtheprotectionofhumanrights.Forexample,theUKused its convening power to assemble government, industry and civil society representatives to the London Conference on Cyberspace in October 2011, the first gathering of its kind that brought together the cybersecurity community with the human rights community. 149 The UK also engaged early to help form an international coalition of governments now working together on freedom of expressionontheInternet. 150 5. There are very active debates internationally on the future of Internet governance. Several proposals,includingoneattheUNGeneralAssemblyforacodeofconductoninformationsecurity areindicativeofeffortsbyrepressiveregimestoexertagreaterdegreeofcontrolovertheInternet. Thiscouldincludeplacinggreaterrequirementsoncompanies. 151
149Formoreinformationseehttp://www.fco.gov.uk/en/globalissues/londonconference
cyberspace/.
150SeeFreedomOnline:JointActionforFreeExpressionontheInternet,TheHague,9December
2011,availableat http://www.minbuza.nl/binaries/content/assets/minbuza/en/the_ministry/declarationfinalv 14dec.pdf. 151InternationalCodeofConductforInformationSecuritypresentedtoUNGeneralAssembly12 September2011,http://news.dotnxt.com/2011/09/13/chinarussiasecuritycodeofconduct.
134
6.WhilstthesebroaderissuesareoutsidethedirectscopeoftheUKCommunicationsDataBill,they demonstratethewiderinternationalcontextwithinwhichthedraftBillsits.WeurgetheCommittee toconsidertheglobalcontextinitsscrutinyofthedraftBillandbemindfulofpossibleunintended consequencesthat could undermine the UKs ability to support and further freedom of expression andprivacyrightsinternationally.WewouldsuggestitisnotinthebroaderinterestsoftheUKto initiatelegislationthatcouldgiveauthoritarianregimesjustificationfortheirapproach. 7. The Bill broadens the collection and retention of new data on anyone in the UK using communications services. This includes requirements to generate datanot required for business purposes and not routinely collected by providersspecifically and only for the purpose of law enforcementaccess.ThisprovisiongoesbeyondtheexistingrequirementsundertheRegulatoryand InvestigatoryPowersAct RIPA andtheEUsDataRetentionDirective. 8. This aspect of the Bill could set a powerful precedent for repressive regimes to follow when seeking to justify surveillance on their own populations. Regimes attempt to claim legitimacy for theiractionswhentheyareabletopointtosimilarrequirements,evenifonlyintheformofpolicy statements or draft legislation, in leading democratic nations. An example of exactly this type of reactioncamefromChinainresponsetostatementsmadeinParliamentbythePrimeMinisterDavid Cameroninthedaysfollowingtheriotsin2011aroundtheneedtoconsiderplacinglimitsonsocial networks and allowing greater government access to user communications in certain circumstances. 152 9. This is an enabling Bill that would require secondary legislation or Notices/Orders to be fully implemented. It is not clear whether secondary legislation or Orders, including those that would specifythedatasetstobecollected,wouldbemadepublic.Thesedetailsshouldbemadeavailableso thatstakeholdersandParliamentcanmakeproperassessmentsaboutproportionalityandtheimpact oftheGovernmentsproposals. 10. Technological advances are also blurring the distinction between communications data and content that is at the heart of this Bill. For example, the URL for a web address can provide considerableaccesstoinformationaboutthetypeofcontenttheuserisviewing.Stakeholdersmust be reassured that communicationsdata could be reliably extractedwithoutalsodisclosing content. Takenalongsidetheexpandedscopeofdatacollectionforanyoneusingcommunicationsservicesin theUKthismustbeconsideredwhenassessingtheproportionalityoftheproposals. 11.TheassertionofjurisdictionovernonUKbasedcommunicationsserviceproviderswhenservices are accessed in the UK is problematic. Companies considering the provision of services in markets wherefreeexpressionandprivacyrightsmaybeatriskmayconsiderwaystomanageandoperate theirservicestomitigatehumanrightsrisks.ThisisoneoftherequirementsinGNIsPrinciples.Itis alsoconsistentwithintheUNProtect,RespectandRemedyframeworkandGuidingPrinciples. 153We have seen worrying trends in legislative proposals in a range of countries that hold intermediaries liablefortheactivitiesoftheirusersinwaysthatcouldhaveseriousimplicationsforfreespeech.One example is the draft Internet decree by the Government of Vietnam that places requirements on foreignprovidersnotlocatedinVietnamtocollaboratewiththegovernmentinthefilteringofawide variety of information such as that which could undermine the fine customs and traditions of the nation. Whilst filtering requirements and retention of communications data are not analogous,
SpecificcommentsontheCommunicationsDataBill
152GlobalTimes,RiotsleadtorethinkofInternetfreedom,13August2011,availableat
http://www.globaltimes.cn/NEWS/tabid/99/articleType/ArticleView/articleId/670718/Riots leadtorethinkofInternetfreedom.aspx. 5UNGuidingPrinciplesonBusinessandHumanRights:ImplementingtheUnitedNations'Protect, RespectandRemedy'Framework",availableathttp://www.business humanrights.org/SpecialRepPortal/Home/ProtectRespectRemedy Framework/GuidingPrinciples.
135
assertionsofjurisdictionare.ThedraftBillcouldprovideunintendedjustificationforactionsbyother governments.TheUKGovernmentshouldconsidertheseconsequences,includingtheimpactoflaws enactedinotherjurisdictionsontheprivacyrightsofUKcitizensasitpreparesthislegislation. 12.Evenifotherjurisdictionsdonotenactsimilarorcontrarylaws,UKcitizensdatacouldstillbeat jeopardy. Once other governments become aware of the storage of this additional communications data,lawenforcemententitiesinotherjurisdictionswillseektoobtainitaswell.IfICTcompaniesare required to obtain and retain communications data for UK residents law enforcement entities in otherjurisdictionscouldhavealegitimateclaimtoseekaccesstoit.NonUKlawenforcemententities may either try to obtain it through UK law enforcement or by exerting pressure on companies to releasethedatawithoutUKcooperation. 13.AreservepowerproposedintheBillwouldempowertheHomeSecretarytorequireUKproviders tocaptureandretaindata again,specificallyandonlyforlawenforcementpurposes ifrequirements cannot be directly imposed on a nonUK provider. Setting aside the technical challenges of whether this can be done, there are two specific problems. First, this requirement could have the effect of increasingpressureonnonUKproviderstocooperatewithlawenforcementininformal,voluntary agreements. In contrast, GNIs Implementation Guidelines commit companies to encourage governmentstobespecific,transparentandconsistentinthedemands,laws,andregulationsthey issue. Secondly, although we understand the challenge that law enforcement faces in regard to accessingcommunicationsdatainatimelyfashion,proposalstoaddressthisissueshouldbeginwith existing processes. If processes such as mutual legal assistance treaties MLATs are insufficiently fleet of foot, then government should initiate a concerted effort to review and improve them. This wouldbeafarmoreproportionateresponsetothelegitimateconcernthatdatamaynotbeavailable by the time a lawful request is served on a provider. In June 2012 a GNI commissioned report recommendedthataccesstodatathroughtheMLATprocessneedstobemademoreefficient,with safeguardsinplace. 154
Conclusion
14.Asitconsidersthislegislation,thecommitteehasanopportunitytoguidegovernmentonhowthe legitimateneedsoflawenforcementcanbeconsistentwithinternationalhumanrightsstandards.It hastheopportunitytodevelopanapproachthatwouldserveasaworthymodelforothercountries. ThedraftBilldoesnotsucceedinthisrespect.Werecommendthatmoretimebetakenandrevisions consideredtoensurethattherightsofindividualsarerespected,soastoshapearegimethattheUK wouldbecomfortablehavingcopiedbyothergovernments. GlobalNetworkInitiative WrittenEvidencetotheCommunicationsDataBillJointScrutinyCommittee AppendixA:GNIPrinciplesandImplementationGuidelines PrinciplesonFreeExpressionandPrivacy 1. Preamble 2. FreedomofExpression 3. Privacy 4. ResponsibleCompanyDecisionMaking 5. MultiStakeholderCollaboration 6. Governance,Accountability&Transparency AnnexA:Definitions AnnexB:EndNotes
154IanBrownandDouweKorff,DigitalFreedomsinInternationalLaw:PracticalStepstoProtect
HumanRightsOnline,June2012,availableat http://www.globalnetworkinitiative.org/news/newreportoutlinesrecommendations governmentscompaniesandothershowprotectfree.
136
1.Preamble ThesePrinciplesonFreedomofExpressionandPrivacy thePrinciples havebeendevelopedby companies,investors,civilsocietyorganizationsandacademics collectivelytheparticipants . ThesePrinciplesarebasedoninternationallyrecognizedlawsandstandardsforhumanrights, includingtheUniversalDeclarationofHumanRights UDHR ,theInternationalCovenantonCivil andPoliticalRights ICCPR andtheInternationalCovenantonEconomic,SocialandCulturalRights ICESCR . 155156 Allhumanrightsareindivisible,interdependent,andinterrelated:theimprovementofoneright facilitatesadvancementoftheothers;thedeprivationofonerightadverselyaffectsothers.Freedom ofexpressionandprivacyareanexplicitpartofthisinternationalframeworkofhumanrightsandare enablingrightsthatfacilitatethemeaningfulrealizationofotherhumanrights. 157 Thedutyofgovernmentstorespect,protect,promoteandfulfillhumanrightsisthefoundationofthis humanrightsframework.Thatdutyincludesensuringthatnationallaws,regulationsandpoliciesare consistentwithinternationalhumanrightslawsandstandardsonfreedomofexpressionandprivacy. InformationandCommunicationsTechnology ICT companieshavetheresponsibilitytorespectand protectthefreedomofexpressionandprivacyrightsoftheirusers.ICThasthepotentialtoenablethe exchangeofideasandaccesstoinformationinawaythatsupportseconomicopportunity,advances knowledgeandimprovesqualityoflife. ThecollaborationbetweentheICTindustry,investors,civilsocietyorganizations,academicsand otherstakeholderscanstrengtheneffortstoworkwithgovernmentstoadvancefreedomof expressionandprivacyglobally. Forthesereasons,thesePrinciplesandtheiraccompanyingImplementationGuidelinesestablisha frameworktoprovidedirectionandguidancetotheICTindustryanditsstakeholdersinprotecting andadvancingtheenjoymentofhumanrightsglobally. Theparticipantshavealsodevelopedamultistakeholdergovernancestructuretoensure accountabilityfortheimplementationofthesePrinciplesandtheircontinuedrelevance,effectiveness andimpact.Thisstructureincorporatestransparencywiththepublic,independentassessmentand multistakeholdercollaboration. Theparticipantswillseektoextendthenumberoforganizationsfromaroundtheworldsupporting thesePrinciplessothattheycantakerootasaglobalstandard. 2.FreedomofExpression Freedomofopinionandexpressionisahumanrightandguarantorofhumandignity.Therightto freedomofopinionandexpressionincludesthefreedomtoholdopinionswithoutinterferenceandto seek,receiveandimpartinformationandideasthroughanymediaandregardlessoffrontiers. 158
155Itisrecognizedthatotherregionalhumanrightsinstrumentsaddresstheissuesoffreedomof
expressionandprivacy,including:TheEuropeanConvention,implementedbytheEuropean CourtofHumanRights;theAmericanConvention,implementedbytheInterAmericanCourtof HumanRightsandInterAmericanCommission;andtheOrganizationofAfricanUnity, implementedbytheAfricanCommissiononHumanandPeoplesRights.
156ThesePrincipleshavealsobeendraftedwithreferencetotheWorldSummitontheInformation
SocietyTunisAgendafortheInformationSociety. 157ItshouldbenotedthatthespecificscopeofthesePrinciplesislimitedtofreedomofexpression andprivacy. 158TakenfromArticle19ofUniversalDeclarationofHumanRightsandArticleof19ofthe InternationalCovenantonCivilandPoliticalRights.ItshouldbenotedthattheseArticles
137
Freedomofopinionandexpressionsupportsaninformedcitizenryandisvitaltoensuringpublicand privatesectoraccountability.Broadpublicaccesstoinformationandthefreedomtocreateand communicateideasarecriticaltotheadvancementofknowledge,economicopportunityandhuman potential. Therighttofreedomofexpressionshouldnotberestrictedbygovernments,exceptinnarrowly definedcircumstancesbasedoninternationallyrecognizedlawsorstandards. 159Theserestrictions shouldbeconsistentwithinternationalhumanrightslawsandstandards,theruleoflawandbe necessaryandproportionatefortherelevantpurpose. 160 161 Participatingcompanieswillrespectandprotectthefreedomofexpressionoftheirusersby seekingtoavoidorminimizetheimpactofgovernmentrestrictionsonfreedomof expression,includingrestrictionsontheinformationavailabletousersandtheopportunities foruserstocreateandcommunicateideasandinformation,regardlessoffrontiersormedia ofcommunication. Participatingcompanieswillrespectandprotectthefreedomofexpressionrightsoftheir userswhenconfrontedwithgovernment 162demands,lawsandregulationstosuppress freedomofexpression,removecontentorotherwiselimitaccesstoinformationandideasin amannerinconsistentwithinternationallyrecognizedlawsandstandards. 3.Privacy Privacyisahumanrightandguarantorofhumandignity.Privacyisimportanttomaintaining personalsecurity,protectingidentityandpromotingfreedomofexpressioninthedigitalage. Everyoneshouldbefreefromillegalorarbitraryinterferencewiththerighttoprivacyandshould havetherighttotheprotectionofthelawagainstsuchinterferenceorattacks. 163 Therighttoprivacyshouldnotberestrictedbygovernments,exceptinnarrowlydefined circumstancesbasedoninternationallyrecognizedlawsandstandards.Theserestrictionsshouldbe consistentwithinternationalhumanrightslawsandstandards,theruleoflawandbenecessaryand proportionatefortherelevantpurpose. Participatingcompanieswillemployprotectionswithrespecttopersonalinformationinall countrieswheretheyoperateinordertoprotecttheprivacyrightsofusers.

referencetherighttofreedomofopinionandexpression,andthendescribethelimited circumstancesinwhichtherighttofreedomofexpression i.e.notopinion canberestricted. ThatistheapproachtakenbythesePrinciples. 159ThenarrowlydefinedcircumstancesshouldbetakenfromArticle19oftheInternationalCovenant onCivilandPoliticalRights ICCPR ,namelytheactionsnecessarytopreservenationalsecurity andpublicorder,protectpublichealthormorals,orsafeguardtherightsorreputationsofothers. ThescopeofpermissiblerestrictionsprovidedinArticle19 3 oftheICCPRisreadwithinthe contextoffurtherinterpretationsissuedbyinternationalhumanrightsbodies,includingthe HumanRightsCommitteeandtheSpecialRapporteuronthepromotionandprotectionofthe righttofreedomofopinionandexpression. 160SeeAnnexAforanillustrativedefinitionofRuleofLaw. 161ThesePrincipleshavebeendraftedwithreferencetotheJohannesburgPrinciplesonNational Security,FreedomofExpressionandAccesstoInformation.TheJohannesburgPrinciplesprovide furtherguidanceonhowandwhenrestrictionstofreedomofexpressionmaybeexercised. 162Participatingcompanieswillalsoneedtoaddresssituationswheregovernmentsmaymake demandsthroughproxiesandotherthirdparties. 163TakenfromArticle12oftheUniversalDeclarationofHumanRightsandArticle17ofthe InternationalCovenantonCivilandPoliticalRights.
138
4.ResponsibleCompanyDecisionMaking TheimplementationofthesePrinciplesbyparticipatingcompaniesrequirestheirintegrationinto companydecisionmakingandculturethroughresponsiblepolicies,proceduresandprocesses. ParticipatingcompanieswillensurethatthecompanyBoard,seniorofficersandothers responsibleforkeydecisionsthatimpactfreedomofexpressionandprivacyarefully informedofthesePrinciplesandhowtheymaybebestadvanced. Participatingcompanieswillidentifycircumstanceswherefreedomofexpressionand privacymaybejeopardizedoradvancedandintegratethesePrinciplesintotheirdecision makinginthesecircumstances. ParticipatingcompanieswillimplementthesePrincipleswherevertheyhaveoperational control.Whentheydonothaveoperationalcontrol,participatingcompanieswillusebest effortstoensurethatbusinesspartners,investments,suppliers,distributorsandother relevantrelatedpartiesfollowthesePrinciples. 164165166 5.MultistakeholderCollaboration Thedevelopmentofcollaborativestrategiesinvolvingbusiness,industryassociations,civilsociety organizations,investorsandacademicswillbecriticaltotheachievementofthesePrinciples. Whileinfringementonfreedomofexpressionandprivacyarenotnewconcerns,theviolationofthese rightsinthecontextofthegrowinguseofICTisnew,global,complexandconstantlyevolving.For thisreason,sharedlearning,publicpolicyengagementandothermultistakeholdercollaborationwill advancethesePrinciplesandtheenjoymentoftheserights. Participantswilltakeacollaborativeapproachtoproblemsolvingandexplorenewwaysin whichthecollectivelearningfrommultiplestakeholderscanbeusedtoadvancefreedomof expressionandprivacy. Individuallyandcollectively,participantswillengagegovernmentsandinternational institutionstopromotetheruleoflawandtheadoptionoflaws,policiesandpracticesthat protect,respectandfulfillfreedomofexpressionandprivacy. 167 6.Governance,AccountabilityandTranparency
Participatingcompanieswillrespectandprotecttheprivacyrightsofuserswhenconfronted withgovernmentdemands,lawsorregulationsthatcompromiseprivacyinamanner inconsistentwithinternationallyrecognizedlawsandstandards.
164Operationalcontrolmeansthepower,directlyorindirectly,todirectorcausethedirectionof
themanagementandpoliciesoftheentity.Thismaybebycontract,ownershipofvotingstockor representationontheBoardofDirectorsorsimilargoverningbody.
165SeeAnnexAforadefinitionofBestEfforts. 166Itisrecognizedthattheinfluenceoftheparticipatingcompanywillvaryacrossdifferent
relationshipsandcontractualarrangements.Itisalsorecognizedthatthisprincipleappliesto businesspartners,suppliers,investments,distributorsandotherrelevantrelatedpartiesthatare involvedintheparticipatingcompanysbusinessinamannerthatmateriallyaffectsthe companysroleinrespectingandprotectingprivacyandfreedomofexpression.Theparticipating companyshouldprioritizecircumstanceswhereithasgreatestinfluenceand/orwheretherisk tofreedomofexpressionandprivacyisatitsgreatest. 167Itisrecognizedthatparticipantsmaytakedifferentpositionsonspecificpublicpolicyproposalsor strategies,solongastheyareconsistentwiththesePrinciples.
139
ThesePrinciplesrequireagovernancestructurethatsupportstheirpurposeandensurestheirlong termsuccess. ToensuretheeffectivenessofthesePrinciples,participantsmustbeheldaccountablefortheirrolein theadvancementandimplementationoftheseprinciples. Participantswilladheretoacollectivelydeterminedgovernancestructurethatdefinesthe rolesandresponsibilitiesofparticipants,ensuresaccountabilityandpromotesthe advancementofthesePrinciples. Participantswillbeheldaccountablethroughasystemof a transparencywiththepublic and b independentassessmentandevaluationoftheimplementationofthesePrinciples. AnnexA:Definitions FreedomofExpression:FreedomofexpressionisdefinedusingArticle19oftheUniversalDeclaration ofHumanRights UDHR andArticle19oftheInternationalCovenantonCivilandPoliticalRights ICCPR : UDHR:Everyonehastherighttofreedomofopinionandexpression;thisrightincludes freedomtoholdopinionswithoutinterferenceandtoseek,receiveandimpartinformation andideasthroughanymediaandregardlessoffrontiers. ICCPR:1.Everyoneshallhavetherighttoholdopinionswithoutinterference. 2.Everyoneshallhavetherighttofreedomofexpression;thisrightshallincludefreedomto seek,receiveandimpartinformationandideasofallkinds,regardlessoffrontiers,either orally,inwritingorinprint,intheformofart,orthroughanyothermediaofhischoice. 3.Theexerciseoftherightsprovidedforinparagraph2ofthisarticlecarrieswithitspecial dutiesandresponsibilities.Itmaythereforebesubjecttocertainrestrictions,buttheseshall onlybesuchasareprovidedbylawandarenecessary: a Forrespectoftherightsorreputationsofothers; b Fortheprotectionofnationalsecurityorofpublicorder ordrepublic ,orof publichealthormorals. Privacy:PrivacyisdefinedusingArticle12oftheUniversalDeclarationofHumanRights UDHR and Article17oftheInternationalCovenantonCivilandPoliticalRights ICCPR : UDHR:Nooneshallbesubjectedtoarbitraryinterferencewithhisprivacy,family,homeor correspondence,nortoattacksuponhishonourandreputation.Everyonehastherightto theprotectionofthelawagainstsuchinterferenceorattacks. ICCPR:1.Nooneshallbesubjectedtoarbitraryorunlawfulinterferencewithhisprivacy, family,homeorcorrespondence,nortounlawfulattacksonhishonourandreputation. 2.Everyonehastherighttotheprotectionofthelawagainstsuchinterferenceorattacks. RuleofLaw:Asystemoftransparent,predictableandaccessiblelawsandindependentlegal institutionsandprocesseswhichrespect,protect,promoteandfulfillhumanrights. PersonalInformation:Participantsareawareoftherangeofdefinitionsforpersonalinformationor personallyidentifiableinformationandacknowledgethatthesedefinitionsvarybetween jurisdictions.ThesePrinciplesusethetermpersonalinformationandinterpretthistomean
140
informationthatcan,aloneorinaggregate,beusedtoidentifyorlocateanindividual suchasname, emailaddressorbillinginformation orinformationwhichcanbereasonablylinked,directlyor indirectly,withotherinformationtoidentifyorlocateanindividual. User:Anyindividualusingapubliclyavailableelectroniccommunicationsservice,forprivateor businesspurposes,withorwithouthavingsubscribedtothisservice. BestEfforts:Theparticipatingcompanywill,ingoodfaith,undertakereasonablestepstoachievethe bestresultinthecircumstancesandcarrytheprocesstoitslogicalconclusion. AnnexB:EndNotes ImplementationGuidelinesforthePrinciplesonFreeExpressionandPrivacy 7. PurposeofthisDocument 8. ResponsibleCompanyDecisionMaking 9. FreedomofExpression 10. Privacy 11. MultiStakeholderCollaboration 12. Governance,Accountability&Transparency AnnexA:Definitions 1.PurposeofthisDocument ThePrinciplesonFreedomofExpressionandPrivacy thePrinciples havebeencreatedtoprovide directionandguidancetotheInformationandCommunicationsTechnology ICT industryandits stakeholdersinprotectingandadvancingtheenjoymentofthesehumanrightsglobally. TheseImplementationGuidelinesprovidefurtherdetailsonhowparticipatingcompanieswillputthe Principlesintopractice.Thepurposeofthisdocumentisto: DescribeasetofactionswhichconstitutecompliancewiththePrinciples. ProvidecompanieswithguidanceonhowtoimplementthePrinciples. AsdescribedintheaccompanyingGovernance,AccountabilityandLearningFramework,each participatingcompanywillbeassessedontheirprogressimplementingthePrinciplesaftertwoyears andannuallythereafter. TheeffectivenessoftheseImplementationGuidelineswillbereviewedandassessedasexperiencein implementationofthePrinciplesgrows.Thereviewprocesswillinclude: Removing,revisingoraddingguidelinesasappropriate. ConsideringthedevelopmentofdifferentversionsoftheImplementationGuidelinesthatmaybe tailoredtospecificregionsorsectors. 2.ResponsibleCompanyDecisionMaking BoardReview,OversightandLeadership TheBoardsofparticipatingcompanieswillincorporatetheimpactofcompanyoperationson freedomofexpressionandprivacyintotheBoardsreviewofthebusiness. TheBoardwill:
141
Receiveandevaluateregularreportsfrommanagementonhowthecommitmentslaidoutin thePrinciplesarebeingimplemented. Reviewfreedomofexpressionandprivacyriskwithintheoverallriskmanagementreview process. ParticipateinfreedomofexpressionandprivacyrisktrainingaspartofoverallBoard education.
HumanRightsImpactAssessments Participatingcompanieswillemployhumanrightsimpactassessmentstoidentifycircumstances whenfreedomofexpressionandprivacymaybejeopardizedoradvanced,anddevelopappropriate riskmitigationstrategieswhen: Reviewingandrevisinginternalproceduresforrespondingtogovernmentdemandsforuser dataorcontentrestrictionsinexistingmarkets Enteringnewmarkets,particularlythosewherefreedomofexpressionandprivacyarenot wellprotected. Reviewingthepolicies,proceduresandactivitiesofpotentialpartners,investments, suppliersandotherrelevantrelatedpartiesforprotectingfreedomofexpressionandprivacy aspartofitscorporateduediligenceprocess. Designingandintroducingnewtechnologies,productsandservices. Thehumanrightsimpactassessmentswillbeundertakentodifferentlevelsofdetailandscope dependingonthepurposeoftheimpactassessment.However,participatingcompaniesshould: Prioritizetheuseofhumanrightsimpactassessmentsformarkets,products,technologies andservicesthatpresentthegreatestrisktofreedomofexpressionandprivacyorwhere thepotentialtoadvancehumanrightsisatitsgreatest. Updatehumanrightsimpactassessmentsovertime,suchaswhentherearematerial changestolaws,regulations,markets,products,technologies,orservices.
ApplicationGuidance:BoardcouldmeanaManagementBoardorExecutiveBoardifthesearemore appropriatefortheparticipatingcompanysstructure.
Drawuponresourcesfromhumanrightsgroups,governmentbodies,international organizationsandmaterialsdevelopedaspartofthismultistakeholderprocess. Includeaconsiderationofrelevantlocallawsineachmarketandwhetherthedomesticlegal systemsconformtoruleoflawrequirements. Utilizelearningfromreallifecasesandprecedents. Focusonpotentialpartners,investments,suppliersandotherrelevantrelatedpartiesthat areinvolvedintheparticipatingcompanysbusinessinamannerthatmateriallyaffectsthe companysroleinrespectingandprotectingprivacyandfreedomofexpression. Incorporatetheoutputsofhumanrightsimpactassessmentsintoothercompanyprocesses, suchascorporateriskassessmentsandduediligence.
Partners,SuppliersandDistributors
142
ParticipatingcompanieswillfollowthesePrinciplesandImplementationGuidelinesinall circumstanceswhentheyhaveoperationalcontrol. Whentheparticipatingcompanydoesnothaveoperationalcontrolitwillusebesteffortstoensure thatbusinesspartners,investments,suppliers,distributorsandotherrelevantrelatedpartiesfollow thePrinciples. Participatingcompaniesshouldfocustheireffortsonbusinesspartners,investments,suppliers, distributorsandotherrelevantrelatedpartiesthatareinvolvedintheparticipatingcompanys businessinamannerthatmateriallyaffectsthecompanysroleinrespectingandprotectingfreedom ofexpressionandprivacy.Theparticipatingcompanyshouldprioritizecircumstanceswhereithas thegreatestinfluenceand/orwheretherisktofreedomofexpressionandprivacyisatitsgreatest.
ApplicationGuidance:Itisassumedthatthisapproachwillbetakeninallrelevantcontractssigned aftercommittingtothePrinciplesandtoallrelevantpreexistingcontracts. ApplicationGuidance:Operationalcontrolmeansthepower,directlyorindirectly,todirectorcause thedirectionofthemanagementandpoliciesoftheentity.Thismaybebycontract,ownershipof votingstockorrepresentationontheBoardofDirectorsorsimilargoverningbody.
IntegrationintoBusinessOperations Participatingcompanieswilldevelopappropriateinternalstructuresandtakestepsthroughouttheir businessoperationstoensurethatthecommitmentslaidoutinthePrinciplesareincorporatedinto companyanalysis,decisionmakingandoperations. Overtimethiswillinclude: Structure Thecreationofaseniordirectedhumanrightsteam,includingtheactiveparticipationof seniormanagement,todesign,coordinateandleadtheimplementationofthePrinciples.
ApplicationGuidance:Itisrecognizedthattheinfluenceofparticipatingcompanieswillvaryacross differentrelationshipsandcontractualarrangements.Seethedefinitionofbesteffortsprovidedin AnnexA.
ApplicationGuidance:Thisteammaybuildonexistinginternalcorporatestructures,suchas corporatesocialresponsibility,policy,privacyorbusinessethicsteams.
Procedures Establishingwrittenproceduresthatensureconsistentimplementationofpoliciesthat protectfreedomofexpressionandprivacyanddocumentingcompliancewiththesepolicies. Documentationofpoliciesandcomplianceshouldbesufficientlydetailedastoenablelater internalandexternalreview. Establishingameansofremediationwhenbusinesspracticesthatareinconsistentwiththe Principlesareidentified,includingmeaningfulstepstoensurethatsuchinconsistenciesdo notrecur. Incorporatingfreedomofexpressionandprivacycomplianceintoassuranceprocessesto ensurecompliancewiththeprocedureslaidoutinthePrinciples.
Ensuringthattheproceduresrelatedtogovernmentdemandsimplicatingusersfreedomof expressionorprivacyrightsareoverseenandsignedoffbyanappropriateandsufficiently seniormemberofthecompanysmanagementandareappropriatelydocumented.
143
Maintainingarecordofrequestsanddemandsforgovernmentrestrictionstofreedomof expressionandaccesstopersonalinformation. Employees CommunicatingthePrinciplestoallemployees,suchasthroughthecompanyintranet,and integratingthecompanyscommitmenttothePrinciplesthroughemployeetrainingor orientationprograms. Providingmoredetailedtrainingforthosecorporateemployeeswhoaremostlikelytoface freedomofexpressionandprivacychallenges,basedonhumanrightsimpactassessments. Thismayincludestaffinaudit,compliance,legal,marketing,salesandbusinessdevelopment areas.Whereappropriateandfeasible,theorientationandtrainingprogramsshouldalsobe providedtoemployeesofrelevantrelatedpartiessuchaspartners,suppliersand distributors. ComplaintsandAssistance Developingescalationproceduresforemployeesseekingguidanceinimplementingthe Principles. Providingwhistleblowingmechanismsorothersecurechannelsthroughwhichemployees andotherstakeholderscanconfidentiallyoranonymouslyreportviolationsofthePrinciples withoutfearofassociatedpunishmentorretribution.
3.FreedomofExpression GovernmentDemands,LawsandRegulations Participatingcompanieswillencouragegovernmentstobespecific,transparentandconsistentinthe demands,lawsandregulations governmentrestrictions thatareissuedtorestrictfreedomof expressiononline. Participantswillalsoencouragegovernmentdemandsthatareconsistentwithinternationallawsand standardsonfreedomofexpression.Thisincludesengagingproactivelywithgovernmentstoreacha sharedunderstandingofhowgovernmentrestrictionscanbeappliedinamannerconsistentwiththe Principles. Whenrequiredtorestrictcommunicationsorremovecontent,participatingcompanieswill: Requirethatgovernmentsfollowestablisheddomesticlegalprocesseswhentheyareseeking torestrictfreedomofexpression. Interpretgovernmentrestrictionsanddemandssoastominimizethenegativeeffecton freedomofexpression. Interpretthegovernmentalauthoritysjurisdictionsoastominimizethenegativeeffectonto freedomofexpression.
Note:Forexample,eachcompanymightappointordesignateaninternalombudsmanor auditortomonitorthecompany'sbusinesspracticesrelatingtofreedomofexpressionand privacy.
ApplicationGuidance:Itisrecognizedthatthenatureofjurisdictionontheinternetisa highlycomplexquestionthatwillbesubjecttoshiftinglegaldefinitionsandinterpretations overtime.
144
Seekclarificationormodificationfromauthorizedofficialswhengovernmentrestrictions appearoverbroad,notrequiredbydomesticlaworappearinconsistentwithinternational humanrightslawsandstandardsonfreedomofexpression.
ApplicationGuidance:Overbroadcouldmean,forexample,wheremoreinformationis restrictedthanwouldbereasonablyexpectedbasedontheassertedpurposeoftherequest.
Requestclearwrittencommunicationsfromthegovernmentthatexplainthelegalbasisfor governmentrestrictionstofreedomofexpression,includingthenameoftherequesting governmententityandthename,titleandsignatureoftheauthorizedofficial.
ApplicationGuidance:Writtendemandsarepreferable,althoughitisrecognizedthatthere arecertaincircumstances,suchaswherethelawpermitsverbaldemandsandinemergency situations,whencommunicationswillbeoralratherthanwritten.

Adoptpoliciesandprocedurestoaddresshowthecompanywillrespondininstanceswhen governmentsfailtoprovideawrittendirectiveoradheretodomesticlegalprocedure.These policiesandproceduresshallincludeaconsiderationofwhentochallengesuchgovernment demands. Challengethegovernmentindomesticcourtsorseektheassistanceofrelevantgovernment authorities,internationalhumanrightsbodiesornongovernmentalorganizationswhen facedwithagovernmentrestrictionthatappearsinconsistentwithdomesticlawor proceduresorinternationalhumanrightslawsandstandardsonfreedomofexpression
CommunicationsWithUsers Participatingcompanieswillseektooperateinatransparentmannerwhenrequiredbygovernment toremovecontentorotherwiselimitaccesstoinformationandideas.Toachievethis,participating companieswill,unlessprohibitedbylaw: Clearlydisclosetousersthegenerallyapplicablelawsandpolicieswhichrequirethe participatingcompanytoremoveorlimitaccesstocontentorrestrictcommunications. Disclosetousersinaclearmannerthecompanyspoliciesandproceduresforrespondingto governmentdemandstoremoveorlimitaccesstocontentorrestrictcommunications. Giveclear,prominentandtimelynoticetouserswhenaccesstospecificcontenthasbeen removedorblockedbytheparticipatingcompanyorwhencommunicationshavebeen limitedbytheparticipatingcompanyduetogovernmentrestrictions.Noticeshouldinclude thereasonfortheactionandstateonwhoseauthoritytheactionwastaken. 4.Privacy DataCollection
ApplicationGuidance:Itisrecognizedthatitisneitherpracticalnordesirablefor participatingcompaniestochallengeinallcases.Rather,participatingcompaniesmayselect casesbasedonarangeofcriteriasuchasthepotentialbeneficialimpactonfreedomof expression,thelikelihoodofsuccess,theseverityofthecase,cost,therepresentativenessof thecaseandwhetherthecaseispartofalargertrend. ApplicationGuidance:Policiesandproceduresadoptedbyparticipatingcompanieswill addresssituationswheregovernmentsmaymakedemandsthroughproxiesandotherthird partiestoevadedomesticlegalprocedures.
145
Participatingcompanieswillassessthehumanrightsrisksassociatedwiththecollection,storage,and retentionofpersonalinformationinthejurisdictionswheretheyoperateanddevelopappropriate mitigationstrategiestoaddresstheserisks GovernmentDemands,LawsandRegulations Participatingcompanieswillencouragegovernmentstobespecific,transparentandconsistentinthe demands,lawsandregulations governmentdemands thatareissuedregardingprivacyonline. Participatingcompanieswillalsoencouragegovernmentdemandsthatareconsistentwith internationallawsandstandardsonprivacy.Thisincludesengagingproactivelywithgovernmentsto reachasharedunderstandingofhowgovernmentdemandscanbeissuedandimplementedina mannerconsistentwiththePrinciples. Participatingcompanieswilladoptpoliciesandprocedureswhichsetouthowthecompanywill assessandrespondtogovernmentdemandsfordisclosureofpersonalinformation.Whenrequiredto providepersonalinformationtogovernmentalauthorities,participatingcompanieswill: Narrowlyinterpretandimplementgovernmentdemandsthatcompromiseprivacy. Seekclarificationormodificationfromauthorizedofficialswhengovernmentdemands appearoverbroad,unlawful,notrequiredbyapplicablelaworinconsistentwith internationalhumanrightslawsandstandardsonprivacy.
ApplicationGuidance:Overbroadcouldmean,forexample,wheremorepersonalinformation isrequestedthanwouldbereasonablyexpectedbasedontheassertedpurposeofthe request.
Requestclearcommunications,preferablyinwriting,thatexplainsthelegalbasisfor governmentdemandsforpersonalinformationincludingthenameoftherequesting governmententityandthename,titleandsignatureoftheauthorizedofficial.
ApplicationGuidance:Writtendemandsarepreferable,althoughitisrecognizedthatthere arecertaincircumstances,suchaswherethelawpermitsverbaldemandsandinemergency situations,whencommunicationswillbeoralratherthanwritten.

Requirethatgovernmentsfollowestablisheddomesticlegalprocesseswhentheyareseeking accesstopersonalinformation. Adoptpoliciesandprocedurestoaddresshowthecompanywillrespondwhengovernment demandsdonotincludeawrittendirectiveorfailtoadheretoestablishedlegalprocedure. Thesepoliciesandproceduresshallincludeaconsiderationofwhentochallengesuch governmentdemands. Narrowlyinterpretthegovernmentalauthoritysjurisdictiontoaccesspersonalinformation, suchaslimitingcompliancetouserswithinthatCountry.
ApplicationGuidance:Itisrecognizedthatthenatureofjurisdictionontheinternetisa highlycomplexquestionthatwillbesubjecttoshiftinglegaldefinitionsandinterpretations overtime.

Challengethegovernmentindomesticcourtsorseektheassistanceofrelevantauthorities, internationalhumanrightsbodiesornongovernmentalorganizationswhenfacedwitha governmentdemandthatappearsinconsistentwithdomesticlaworproceduresor internationalhumanrightslawsandstandardsonprivacy.
ApplicationGuidance:Itisrecognizedthatitisneitherpracticalnordesirablefor participatingcompaniestochallengeinallcases.Rather,participatingcompaniesmayselect
146
CommunicationswithUsers Participatingcompanieswillseektooperateinatransparentmannerwhenrequiredtoprovide personalinformationtogovernments.Toachievethis,participatingcompanieswill: Disclosetousersinclearlanguagewhatgenerallyapplicablegovernmentlawsandpolicies requiretheparticipatingcompanytoprovidepersonalinformationtogovernment authorities,unlesssuchdisclosureisunlawful. Disclosetousersinclearlanguagewhatpersonalinformationtheparticipatingcompany collects,andtheparticipatingcompanyspoliciesandproceduresforrespondingto governmentdemandsforpersonalinformation. Assessonanongoingbasismeasurestosupportusertransparency,inaneffectivemanner, regardingthecompany'sdatacollection,storage,andretentionpractices.
casesbasedonarangeofcriteriasuchasthepotentialbeneficialimpactonprivacy,the likelihoodofsuccess,theseverityofthecase,cost,therepresentativenessofthecaseand whetherthecaseispartofalargertrend. ApplicationGuidance:Policiesandproceduresadoptedbyparticipatingcompanieswill addresssituationswheregovernmentsmaymakedemandsthroughproxiesandotherthird partiestoevadedomesticlegalprocedures.
5.MultistakeholderCollaboration EngagementinPublicPolicy Participantswillencouragegovernmentsandinternationalinstitutionstoadoptpolicies,practices andactionsthatareconsistentwithandadvancethePrinciples. Individuallyorcollectivelyparticipantswill: Engagegovernmentofficialstopromoteruleoflawandthereformoflaws,policiesand practicesthatinfringeonfreedomofexpressionandprivacy.
ApplicationGuidance:ParticipatingcompanieswillworkwiththeOrganizationtoraise awarenessamongusersregardingtheirchoicesforprotectingtheprivacyoftheirpersonal informationandtheimportanceofcompanydatapracticesinmakingthosechoices.
ApplicationGuidance:Promotingruleoflawreformcouldincluderuleoflawtraining, capacitybuildingwithlawrelatedinstitutions,takingpublicpolicypositionsorexternal education.
EngageindiscussionswithhomegovernmentstopromoteunderstandingofthePrinciples andtosupporttheirimplementation. Encouragedirectgovernmenttogovernmentcontactstosupportsuchunderstandingand implementation. Encouragegovernments,internationalorganizationsandentitiestocallattentiontothe worstcasesofinfringementonthehumanrightsoffreedomofexpressionandprivacy. Acknowledgeandrecognizetheimportanceofinitiativesthatseektoidentify,preventand limitaccesstoillegalonlineactivitysuchaschildexploitation.ThePrinciplesand ImplementationGuidelinesdonotseektoalterparticipantsinvolvementinsuchinitiatives.
147
Participantswillrefrainfromenteringintovoluntaryagreementsthatrequiretheparticipantsto limitusersfreedomofexpressionorprivacyinamannerinconsistentwiththePrinciples.Voluntary agreementsenteredintopriortocommittingtothePrinciplesandwhichmeetthiscriterionshould berevokedwithinthreeyearsofcommittingtothePrinciples.
InternalAdvisoryForum AconfidentialmultistakeholderAdvisoryForumwillprovideguidancetoparticipatingcompanieson emergingchallengesandopportunitiesfortheadvancementoffreedomofexpressionandprivacy. ExternalMultistakeholderLearningForums ParticipantswillpromoteglobaldialogueandunderstandingofthePrinciplesandsharelearning abouttheirimplementation.Participantswillengagewithabroadrangeofinterestedcompanies, industryassociations,advocacyNGOsandothercivilsocietyorganizations,universities,governments andinternationalinstitutions. Participantswillcreateagloballearning,collaborationandcommunicationprogram.Thisprogram willidentifystakeholders,topicsandforumsforlearning,collaborationandcommunicationactivities.
ApplicationGuidance:Itisrecognizedthatparticipantsmaytakedifferentpositionsonspecificpublic policyproposalsorstrategies,solongastheyareconsistentwiththeseprinciples.
ApplicationGuidance:Thiscouldinclude,forexample,theInternetGovernanceForum,the InternationalTelecommunicationsUnion,theUNGlobalCompactandtheUNSpecialRepresentative oftheSecretaryGeneralonhumanrightsandtransnationalcorporationsandotherbusiness enterprises.
PartofthislearningprogramwillbeanannualMultistakeholderLearningForumfocusingonthe rightstofreedomofexpressionandprivacy,thespecificscenariosinwhichtheserightsareaffected andotherbroaderissuesrelatedtotheimplementationofthePrinciples. Whereparticipantshaveactivitiesoroperationsinthesamecountriestheywillseektocollaborate onthedevelopmentoflocaldialoguesonrelevantprominentissuesandemergingconcernsinthose localities. Participantswilldevelopandshareinnovativetools,resources,processesandinformationthat supporttheimplementationofthePrinciples. Includedinthelearningprogramwillbeaconsiderationoftherolethattoolssuchasencryption, anonymizingtechnologies,securityenhancementsandproxytechnologiescanplayinenablingusers tomanagetheirmediaexperiencesandprotectfreedomofexpressionandprivacy. 6.Governance,AccountabilityandTransparency Governance AmultistakeholderrepresentativeBoardwilloverseethisinitiative,describedinmoredetailinthe accompanyingGovernance,AccountabilityandLearningFrameworkdocument. ReportingonImplementation Therewillbethreedifferentlevelsofreportingontheprogressbeingmadetoimplementthe Principles,describedinmoredetailintheaccompanyingGovernance,AccountabilityandLearning Frameworkdocument. IndependentAssessment
148
TherewillbeasystemofindependentassessmentoftheimplementationofthePrinciples,described inmoredetailintheaccompanyingGovernance,AccountabilityandLearningFrameworkdocument. AnnexA:Definitions FreedomofExpression:FreedomofexpressionisdefinedusingArticle19oftheUniversalDeclaration ofHumanRights UDHR andArticle19oftheInternationalCovenantonCivilandPoliticalRights ICCPR : UDHR:Everyonehastherighttofreedomofopinionandexpression;thisrightincludes freedomtoholdopinionswithoutinterferenceandtoseek,receiveandimpartinformation andideasthroughanymediaandregardlessoffrontiers. ICCPR:1.Everyoneshallhavetherighttoholdopinionswithoutinterference. 2.Everyoneshallhavetherighttofreedomofexpression;thisrightshallincludefreedomto seek,receiveandimpartinformationandideasofallkinds,regardlessoffrontiers,either orally,inwritingorinprint,intheformofart,orthroughanyothermediaofhischoice. 3.Theexerciseoftherightsprovidedforinparagraph2ofthisarticlecarrieswithitspecial dutiesandresponsibilities.Itmaythereforebesubjecttocertainrestrictions,buttheseshall onlybesuchasareprovidedbylawandarenecessary: a Forrespectoftherightsorreputationsofothers; b Fortheprotectionofnationalsecurityorofpublicorder ordrepublic ,orof publichealthormorals. Privacy:PrivacyisdefinedusingArticle12oftheUniversalDeclarationofHumanRights UDHR and Article17oftheInternationalCovenantonCivilandPoliticalRights ICCPR : UDHR:Nooneshallbesubjectedtoarbitraryinterferencewithhisprivacy,family,homeor correspondence,nortoattacksuponhishonourandreputation.Everyonehastherightto theprotectionofthelawagainstsuchinterferenceorattacks. ICCPR:1.Nooneshallbesubjectedtoarbitraryorunlawfulinterferencewithhisprivacy, family,homeorcorrespondence,nortounlawfulattacksonhishonourandreputation. 2.Everyonehastherighttotheprotectionofthelawagainstsuchinterferenceorattacks. RuleofLaw:Asystemoftransparent,predictableandaccessiblelawsandindependentlegal institutionsandprocesses,whichrespect,protect,promoteandfulfillhumanrights. PersonalInformation:Participantsareawareoftherangeofdefinitionsforpersonalinformationor personallyidentifiableinformationandacknowledgethatthesedefinitionsvarybetween jurisdictions.TheseImplementationGuidelinesusethetermpersonalinformationandinterpret thistomeaninformationthatcan,aloneorinaggregate,beusedtoidentifyorlocateanindividual suchasname,emailaddressorbillinginformation orinformationwhichcanbereasonablylinked, directlyorindirectly,withotherinformationtoidentifyorlocateanindividual. User:Anyindividualusingapubliclyavailableelectroniccommunicationsservice,forprivateor businesspurposes,withorwithouthavingsubscribedtothisservice. BestEfforts:Theparticipatingcompanywill,ingoodfaith,undertakereasonablestepstoachievethe bestresultinthecircumstancesandcarrytheprocesstoitslogicalconclusion. GlobalNetworkInitiative WrittenEvidencetotheCommunicationsDataBillJointScrutinyCommittee AppendixB:GNIParticipantsandObservers
Participants
149
ThefollowingorganizationsareparticipatingintheGlobalNetworkInitiative. AnnenbergSchoolforCommunication,UniversityofSouthernCalifornia ChristineBader,KenanInstituteforEthicsatDukeUniversity BerkmanCenterforInternet&SocietyatHarvardUniversity BostonCommonAssetManagement CalvertGroup CenterforDemocracy&Technology CentreforInternet&Society CentrodeEstudiosenLibertaddeExpresin ChurchofSweden CommitteetoProtectJournalists DominiSocialInvestmentsLLC ElectronicFrontierFoundation Evoca F&CAssetManagement Folksam GoogleInc. HumanRightsFirst HumanRightsinChina HumanRightsWatch IndexonCensorship InternationalMediaSupport IMS Internews MicrosoftCorp. Movements.org RebeccaMacKinnon,NewAmericaFoundation ResearchCenterforInformationLaw,UniversityofSt.Gallen TrilliumAssetManagement UniversityofCalifornia,BerkeleySchoolofInformation Websense WorldPressFreedomCommittee Yahoo!Inc.
Observers
ThefollowingcompaniescurrentlyhaveobserverstatuswiththeGlobalNetworkInitiative: Afilias Facebook
150
William Heath
ThisDraftCommunicationsBillisnotworthtinkeringwith;itshouldberejectedoutofhand.The intentionformasdataretentioniswrongandtheapproachtosolvingtheproblemiswrong. Falsepremiss TheGovernmentsaysitislosingaccesstocertaincategoriesofdata.Theworldisindeedchanging fast,andpeoplewithbadintentionsusenewtools.Butitfailstosetoutthewidercontext:thereisa floodofhighlyspecificdataavailabletogovernmentandtothesecurityagencies.Askthem:dothey ordotheynotroutinelyhaveaccessnowtovastlymoredataaboutanyindividualcomparedwith20 yearsago?Whyistherenopublicdebatesetinthiscontext? Thecasethismerelyrestoresacapabilitywhichhasbeenerodedisatbestunproven,atworst deliberatelymisleading. Corruptionofpublicservantsandofsuppliers Acceptingthatmostpublicservantsarehonestandmostsupplierstogovernmenttrytodoagood job,neverthelessroutinelyplacingvastamountsofhighlyrevealingdataabouteveryoneinthehands ofCSPsandaccessibletolargenumbersofpublicservantscreatesrisk.Itfurtherdamagespeople's trustinpublicservantsandinstitutions.Forthelargelyhonestandlawabidingcitizenitchangesthe roleoftheircommsserviceproviderssothatinsteadofwhereessentialdoingtheirlawfuldutyas requiredtheyworkroutinelyforthesecretstateagainsttheindividual'sinterests. Humanrights;whistleblowers OthersmaketheargumentthisisnotconformanttoourEuropeanhumanrightsobligations.Ifind thispersuasiveanditisaseriouspoint.Iparticularlyfeartheimpactonwhistleblowers.CDPisan apparatusforensuringaGovernmentdoingwrongcanshootthemessenger. GovenmentITspend MypreviouscompanytrackedwithaweandgrowingconcernnotjustthescaleofgovernmentIT spend,butthelackofefficacywithwhichitwasdone.Worstofallwastheprofoundlywrong intentionbehindmuchofwhatwasdone:centraliseddatabasesforhealth,education,childrenand theNationalIDScheme. Thisisnowstartingtoberectifiedwithatotallydifferent,citizenoriented,designdriven,lowcost, agilecultureinthenewGovernmentDigitalService. ButCDPisoldschool:hyperambitious,basedontheflawedpremissthatshinytechnologypoliticians don'tproperlyunderstandwillneverthelesscureoursocialillsandkeepussafe,pronetomassive escalatingcosts,nocrediblecostbenefitanalysispublished.Itfavoursbigestablishedservice providersovernewagiletechbusinessesbyplacingoverhead,complexityandadditionalcostonthe servicestheyoffer. Ithinkthe1.8bncostestimateislowballedtogetthisthrough.AnecdotallytheusualhistoricMoD practicewasbidlowtogetprojectsthroughParliament;youmultiplythatfirstestimatebypi 3.14 togettherealcost.Thatmayapplyhere.Wesimplydon'tknow,becausetheHomeOfficeisso secretiveaboutitscostestimates asifthecostofourITprojectswerethevitalinformationthat renderstheUKunsafe . SomeofwhatisinthedraftBillissooutrageous egthegeneralpowersgrantedtotheHome Secretary thatitmaybedeliberatelyintendedforsacrificetogetthemainpointsthrough.Dontplay along.Thisshouldberejectedoutofhand.
151
Insteadweneed ashared"problemstatement"onwhichmostinformedparticipantscanagreeonthefacts anopenconsultationordebatewhichistechnically,legallyandcommerciallywellinformed evaluationofthewiderrangeofoptionsavailablenowandinthefuture,inthewidercontextof whattheworldisbecoming aformaldesignprocesswhichaddressesthecoreprobleminahumanandintelligentmanner.This countryhasbrilliantservicedesignerswhocanaddressthemselvestoproblemsofcrimeand security.ThereisnosigntheuhavebeennearthisdraftBill. This"politiciansfallacy"modelofsolvingseriousproblemsbycreatingmassiveITprojectsthrougha legislativeprocesshasbeenprovenrepeatedlytofail,andatgreatexpense.Theclearestsignalyou cansendthatthisissimplynotgoodenough,thattimeshavechanged,andthingswillbedone differentlyisnottotinkerwiththis.Justrejectit. August2012
152
HMRC
HMRCistheUKstaxauthority.ItisresponsibleforsafeguardingtheflowofmoneytotheExchequer throughitscollection,complianceandenforcementactivities.Thedepartmentalsoadministersthe paymentofbenefitsandcreditstothoserequiringfinancialsupport.In2011/12HMRCcollected 474.2billionintaxesandpaidoutover42billioninbenefitsandcredits. TheflowofsuchlargesumsofmoneyacrossHMRCstaxandbenefitssystemsinevitablymakesthe departmentatargetforpredatoryandsophisticatedOrganisedCrimeGroups OCGs attractedbythe prospectoffinancialgain. ThethreattotherevenuefromOCGsappliesequallyacrossthefullrangeoftaxsystems.Examples includesophisticatedandsustainedattacksagainstonlinedirecttaxregimessuchasIncomeTaxSelf AssessmentbyOCGsoperatinginthecybercrimearena;indirecttaxfraudssuchascigaretteand tobaccosmuggling,alcoholsmuggling anddiversion ;hydrocarbonoilssmuggling andlaundering andVAT includingMultiTraderIntraCommunityMTICfraud .Tocombatthiscriminalactivity HMRCdeploysthefullrangeofintelligencegatheringcapabilitiesincludingtheacquisitionof communicationsdata CD whichfeaturesintheoverwhelmingmajorityofourcriminal prosecutions. CDprovidesintelligencetosupportoperationalactivityleadingtoarrests,andseizuresofmoneyand contraband.Itisalsoadducedinevidencetosupportcriminalprosecutions. General: 1. HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? Yes.TheEUDataRetentionDirectivedoesnotimposeanobligationonUKCommunicationsService Providers CSPs toretaindatatheyotherwisewouldnotretainaspartoftheirnormalbusiness processes.Thismeansthatcertaincategoriesofcommunicationsdataparticularlyinrelationto offshoreCSPsarenotavailabletosupportinvestigationsintocriminalactivity. Insomecasesweareabletoobtainthismaterialundertheprovisionsofmutuallegalassistance treatiesbutthisisacumbersome,bureaucraticand,aboveall,slowprocessthatpreventsanyreal timeinvestigationofcrimeandprovidesnoguaranteethatthematerialrequestedwilleventuallybe madeavailable.TheBillwillcorrectthissituationbyobligingUKCSPstoretainthisdataasitpasses overtheirnetworks.Thematerialwillbeheldfornomorethan12monthsinlinewithcurrent legislationandlawenforcementagenciessuchasHMRCwillonlybeabletoobtaindatathatrelates toaspecificinvestigationaslongasitisproportionateandnecessarytodoso.Wefullysupportthe aimsoftheobjectivesoftheBill. Arecentinvestigationhighlightsthedifficultieswearecurrentlyexperiencing.Aspartofan investigationintoa600millionMissingTraderVATfraudchainwecouldnotobtainfroman overseasCSPtheIPloginhistoriesofseveralkeytargets.Asaconsequencewewereunableto identifylinksinthecriminalconspiracyandwewereunabletouseCDtoevidenceassociation betweenconspiratorsduringthesubsequentcourtcase. 2. HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedin thedraftBill? Yes.CDisacriticalinvestigativeandevidentialtoolforthelawenforcementagencies.Adegradation inthiscapabilitywouldputlivesatriskandasfarasthisDepartmentisconcernedhinderour abilitytoidentifyandprosecutecriminalgangsandindividualsthatattacktheUKtaxsystem. OperationTulipboxwasaMissingTraderIntraCommunityVATfraudinvestigationwhich highlightedtheimportanceofcommunicationsdata.CDprovidedkeyintelligencetolinktargets,
153
establishfraudulenttradingpatternsandrebutdefencearguments.Thetrialconcludedwith sentencesof15,14and9yearsforthethreecoconspirators.10millionworthofassetswere identifiedforconfiscation,andwepreventedarevenuelossof91.2millionbyidentifyingand closingdownthefraudulenttradingnetwork.Perhapsmoreimportantly,thestrategicintelligencewe gatheredwhilstconductingtheinvestigationenabletheGovernmenttochangetherateofVATonthe tradedcommoditytozero,therebypreventingotherorganisedcrimegroupsfromexploitingthe potentialforfraudulentgain. WewouldnothavebeenabletoachievetheseresultswithoutaccesstoCDandtherefore maintenanceofthiscapabilityiscriticallyimportanttous. 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusioninto individualsprivacy? ThisBillprovidesnonewpowerstolawenforcementagencies.CDrequestsmustbemadeinthe contextofasubjectsRighttoRespectforPrivacy.Theymustbenecessary,proportionateandmust takeintoaccountthedegreeofcollateralintrusion.Furthermore,communicationsdataisprobably theleastintrusivemethodofcovertinvestigation.ItseemsoddlypossiblethatifthisBillshouldfail, lawenforcementagenciesmayhavetorelyonmoreintrusivemethodsofinvestigationto compensatefortheirinabilitytoacquirerelevantcommunicationsdata. COSTS: 10. TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraft Billcouldbeworthbetween56billion.Isthisfigurerealistic? PlacedinthecontextofHMRCsviewthatCDwasinstrumentalinprotectingsome870millionof revenueinthelastfinancialyearthenapredictedbenefitfromthedraftBillofbetween56billion spreadacrossthewiderlawenforcementcommunityoveratenyearperiodseemsareasonable estimate. AllofourmostseriouscrimeinvestigationsrelyonCDtoidentifysuspects,establishrelationships withinandbetweencriminalorganisations,anddirectoperationalactivitytoevidencecrime,seize contrabandandcriminalcashandmakearrests. AsCDasaninvestigativetooldegradeswemaypartiallyfillthegapwithmorecostlyandmore intrusiveformsofsurveillancehoweveritisunlikelythatwewillbeabletofullycompensateforthe declineintheavailabilityofCDwithouttheproposedBill.This,inturn,willhaveasignificantimpact onourabilitytomeetthechallengingSpendingRoundtargetsthatwehavebeensetbythe Government. USEOFCOMMUNICATIONSDATA 14. Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? Yes.WeuseCDfortwopurposesonly,thepreventionanddetectionofcrimeandtheassessmentof tax.WeusetheformertosupportinvestigationsintocriminalattacksontheUKstaxsystems.The latterrepresentslessthan1%ourtotalCDrequestsandislimitedtosubscriberchecksonly RIPA s21 4 c butisneverthelessakeytoolinidentifyingthosewhoowesubstantialsumsintax. Isthe12monthperiodfortheretentionofdatatoolongortooshort. 15. WebelievethecurrentUKdataretentionperiodoftwelvemonthsrepresentsafairbalancebetween theneedsoftheinvestigatorandtheArticle8rightsoftheindividual.Wenotethatitisinlinewith thepositiontakenbythemajorityofourEuropeanpartners. SAFEGUARDS
154
17. Wouldawarrantsystembemoreappropriate? Webelievethatthecurrentsystemstrikesagoodbalancebetweentheneedsoftheinvestigatorand thesafeguardingofsensitiveandprivateinformation. AcrossHMRCapproximately100HigherOfficers equivalenttoInspectorrankinthepolice are accreditedtoauthoriserequestsforsubscriberdata RIPAS21 4 c .Thesesocalleddesignated persons DPsRIPAPart1,Chapter2CodesofPractice receivespecifictrainingfortheirrolealong withcontinuousprofessionaldevelopmentingoodpracticeandnewguidance.Theywillbe independentofanyinvestigationrequiringtheirauthoritytoacquiresubscriberdata. WehavethreeSeniorOfficers equivalenttoSuperintendentrankinthepolice whocanauthorise moresensitivecommunicationsdata RIPAS21 4 a&b .Theyareexpertsintheacquisitionof communicationsdataandareACPOaccreditedSinglePointsofContactabletoengagedirectlywith CSPs.Theyarenotattachedtoanyoperationalteamsotheycanbefullyindependentofanyrequest theymayhavetoauthorise.Theyprovideoutofhourssupporttooperationsandarealso responsibleforreviewingthequalityofthesubscriberdataauthorisationsbytheHigherOfficers. ArobustinspectionprogrammeoverseenbytheInterceptionofCommunicationsCommissioners Office IOCCO assurestheseprocesses.WearevisitedonceayearbyIOCCOwho,duringavisit usuallylastingfourtofivedays,willfullyreviewtheendtoendapplicationprocess,includingthe qualityofconsiderationsbytheDP. Itishardtoenvisageasystemofjudicialauthorisationthatcanmatchthecurrentlevelofscrutiny withoutadverselyimpactingontheefficiencyandeffectivenessoftheinvestigationprocess.Weare concernedatthepotentialforjudicialauthorisationtobeaslower,andpossiblylessinformed, processaswellasraisingsomepracticalissues. Wewouldenvisagethatanyhearinginrespectofanapplicationforcommunicationswouldrequire thepresenceoftheapplicanttoansweranyquestionsthatthemagistratemayhave. Anyquestionsinrelationtotheavailabilityofthedatarequested,theprocessesforobtainingitand thepotentialadditionaldatawhichcouldbeobtainedwouldrequiretheadditionalpresenceofan accreditedSPoCincourtandpossiblyarepresentativeoftheCSP. Wouldcourtsbepreparedtositatshortnoticeorwouldtherebespecifieddayswhencourtshandled communicationsdatarequests? Howwouldcourtshandlereferrals?Thatis,thoserequestswherethereisachangeofCSPorwhere theoriginalnoticewasservedandhasnotbeencompliedwithandneedstobereissued.Wouldthere beautomaticaccesstotheoriginalmagistrate? WouldmagistratesappropriatelytrainedinCDbereadilyavailabletodealwiththelevelofrequests? Wouldsuchrequestsbemanagedgeographicallyorwouldtherebedesignatedmagistrateswitha nationalremit? IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformationCommissioner sensible? Inourview,theOfficeoftheInterceptionCommissionerprovideseffectiveandprovenoversightof theprovisionsofRIPAPart1Chapter2.Theannualinspectionsarecomprehensiveandthoroughand thefindingsarepublishedintheInterceptionCommissionersannualreport.Wheredeficienciesin anagencyorforcearedetected,thereisarequirementfortheagencyorforcetorespondwitha detailedactionplantoremedythedeficiency. ENFORCEMENT 21. Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccess tocommunicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthe draftBillamounttoanoffence?
155
AstheUnitedKingdomstaxadministration,HMRCiskeenlyawareoftheimportanceofpolicing accesstosensitiveinformation.TheS.19oftheCommissionersofRevenue&CustomsAct2005 createsanoffenceofwrongfuldisclosureofrevenueandcustomsinformationanditisamatterof recordthatwewilltakefirmactionagainstmembersofstaffwhoacquireandmisuseinformationto whichtheyarenotentitled,uptoandincludingdismissalandprosecution. WewouldhavenoobjectiontotheinsertionintotheBillofanoffenceofwrongfulaccesstoand/or misuseofcommunicationsdata,shouldthisreassurethepublic. August2012
156
ISPA
AboutISPA TheInternetServicesProvidersAssociation ISPA isthetradeassociationforcompaniesinvolvedin the provision of Internet Services in the UK. ISPA was founded in 1995, and seeks to actively representandpromotetheinterestsofbusinessesinvolvedinallaspectsoftheUKInternetindustry. ISPA membership includes small, medium and large Internet service providers ISPs , cable companies, web design and hosting companies and a variety of other organisations. Our members may be affected by the Communications Data Bill in various ways. ISPA currently has over 215 members, representing more than 95% of the UK Internet access market by volume. ISPA was a foundingmemberofEuroISPA. We have been involved in the area of communications data for many years, including the development of data retention provisions under both the AntiTerrorism Crime and Security Act 2001 and the Data Retention EC Directive Regulations 2009 and ISPA members have great experienceinhandlingRIPArequests. Introduction 1. ISPA members accept that law enforcement agencies should have reasonable access to communicationsdatainordertohelpinthedetectionandinvestigationofseriouscrimeandto safeguardnationalsecurity.However,anycommunicationsdataregimeneedstobeworkablefor the industry and capable of earning user trust, as well as be proportionate and balance the requirementsoflawenforcementwithboththelevelofintrusionintousersprivacyandthecost andburdenplaceduponcommunicationserviceproviders CSPs . 2. Webelievethatthecurrentregimeperformsfairlywell,inparticularthededicatedexpertisein the Single Point of Contact System SPOC , which has provided for an effective means of structuringtherelationshipbetweenlawenforcementauthorities LEAs andCSPs.Thecurrent system also ensures that the costs that CSPs incur when they comply with requests can be reimbursedsothatCSPscontinuedinvestmentininnovationandservicedevelopmenthasnot,so far, been adversely impacted by data retention requirements. This also acts as a safeguard to ensurethatlawenforcementtoonlyrequestsdatawherethecostcanbejustified.Itiscrucial thattheseelementscontinueaspartofanyfuturecommunicationsdataregime. 3. AsanassociationrepresentingavarietyofCSPs,ISPAhasparticularexperienceandknowledge of costs and burdens placed on CSPs. Below we will argue that a great deal of uncertainty surrounds the proposals and the main changes should be viewed as significant extensions to current capabilities. We have grouped our comments according to the themes raised in the Committeescallforevidence. 4. Industryneedsclearerandmoredetailedinformationonwhattheproposalswillactuallymean inpracticefordifferentCSPs.TheywillhaveasignificantimpactonhowtheUKInternetisrun and our members need to fully understand how this will affect them. We would urge the Committee to address the points summarised below with Government so that the whole data retentionprocessisclearandproportionate. Summaryofmainpoints 5. We accept that law enforcement should be able to access communications data in a changing communications environment, but this has to balance the requirements of law enforcement, privacyofusersandtheimpactonbusiness.ItisnotcleariftheDraftBillachievesthis.
157
6.
WewelcomethatcostrecoveryisincludedintheDraftBillasitensuresamoreeffectivesystem andreflectsthefactthatourmembersdonotgainfromretaininganddisclosingcommunications data. TheDraftBillhasthepotentialtoputtheUKatacompetitivedisadvantageanddestabilisethe market, with the UK seen as a less attractive and more onerous place to do business digitally, affecting both inward investment and services being made available. In challenging economic timeswequestionwhetherthisshouldbeagovernmentpriority. InourviewtheDraftBillamountstoasignificantextensionofthecurrentcapabilitiesandshould beviewedassuch.Thisisparticularlytrueofthepowerstocaptureandretainthirdpartydata andthefilteringarrangement. Dueinparttothelackofdetailedinformationmadeavailable,weareyettobeconvincedthatthe proposals technically possible on the scale envisioned or that foreign CSPs will provide the necessaryinformationtoUKlawenforcement.
7.
8.
9.
10. ThechangingdefinitionsofCSPandcommunicationsdatahavethepotentialtoincludeawider rangeofCSPsanddatathanpreviously. 11. Far too much discretion is given to the Home Secretary without the necessary Parliamentary oversight to ensure that significant changes proposed are proportionate and necessary. Parliamentshouldbetoldwhatdatawillberetained,forwhatpurposesandmakesurethatthe necessarysafeguardsareinplacetobalancethedifferinginterestsoflawenforcement,usersand businesses. Generalcomments/requirementsoflawenforcement 12. ISPA members fully understand that the communications landscape is changing and that this warrants a review of the current communications data regime. However, we feel that that the DraftBillismissingcrucialdetail,principallybecauseofthenumberadditionalrequirementsthat couldbeintroducedbyorder,noticeandregulations.Agreatdealmoreworkneedstobedone toexplainwhatthecurrentproposalswillmeaninpractice.Whilstweunderstandthatconcerns about security and confidentiality may limit what can be revealed publicly and what can and cannotbewrittenonthefaceoftheDraftBill,wefeelthatthecurrentlevelofinformationmakes it hard to undertake an adequate, indepth assessment of the proposals. To help us fully understandtheimplicationsofwhatisbeingproposed,wewouldurgetheCommitteetoseekas clearinformationfromtheHomeOfficeaspossibleonwhatthe DraftBillwillmeaninpractice forallinvolved. 13. TheHomeOfficearguesforlawenforcementtobeabletomaintainaccesstocommunications dataastechnologyandwaysofcommunicatingevolve.However,itisnotclearthattheproposals in the Draft Bill merely maintain current capabilities in a changing environment. For example, the obligation to generate data that is not required for business purposes, the requirement to captureandretaindataofathirdpartyandtheextendeddefinitionofCSPrepresentsignificant changes. We question whether such extensive additional powers are proportionate and necessaryandwhetherlessintrusivealternativesmightbemoreappropriate. 14. On this basis, we believe that the Draft Bill would in fact extend existing capabilities in that it would require CSPs to retain data that they would otherwise not retain for business purposes and capture and retain data about services they do not own or operate. This could create a capability to track relationships and interactions between individuals in multiple contexts and acrossmultipleonlineenvironmentswheretheymeet.
158
15. IncomparisonwithotherWesterncountriestheproposalsarefarreachingandbeyondcurrent norms.ItcouldsetaprecedentforsimilarlegislationelsewheresoitisimportantthattheDraft Bill is fully scrutinised and explained as clearly as possible. How the proposals fit with the GovernmentswidergoalsofmakingtheUKadigitalhubtohelpboostgrowthanditssupportof theInternetfreedomagendaisunclear. Costs 16. It is currently difficult to determine with any accuracy the costs of the proposals to ISPA members but we note that the Home Offices cost estimates and risk assessments are made on the basis of optimistic assumptions. We would encourage the Committee to test these assumptions.Thereappeartobethreekeyelements: 1 costsincurredbyCSPs; 2 abilitytobringoverseasprovidersintotheretentionregime;and 3 thecontinuingdevelopmentofcommunicationsservices. 17. The costs that will be incurred by CSPs could be significant but there is insufficient detail to determine whether the Home Offices assessment of 859 million is correct. ISPA believes, however,thatthekeycostsrelatedtotheretentionelementoftheproposalswillbeduetothe Home Office and not CSPs. This is because the final costs will primarily be dependent on the retentionnoticesissuedbytheHomeOfficetoCSPs,whichwillspecifythetechnologythatCSPs willberequiredtodeployandtheamountofdatatheyarerequestedtoretain. 18. WestronglywelcometheHomeOfficescommitmenttomaintainingthecurrentsystemofcost recoveryforCSPs.CSPsdonotgainfromretaininganddisclosingcommunicationsdata.Itisfor thisreasonthatwehopethattheCommitteeendorsesParliamentssupportforthecostrecovery systemandweencourageCommitteememberstogofurtherandensurethatthecostrecovery for CSPs is guaranteed on the face of the Bill. This would provide a longterm guarantee that would bar future Governments from transferring retention costs to CSPs and thereby jeopardisinginvestmentofCSPsinnetworkinfrastructureandservices. 19. Therequirementtocaptureandretaindatatypeswhicharenotrequiredforbusinesspurposes or to collect data relating to third party services is likely to impact the way CSPs build and operatetheirbusinesses.ThisisnotwhyISPsruntheirnetworksandistechnicallyverycomplex. Thisobligationcouldforceourmemberstoredesigntheirnetworksbasedontheobligationto retain, rather than on commercial interest or economic effectiveness. Furthermore, there is a concernforsmallandstartuptechcompaniesthattheymaybebroughtintotheregimeatany moment.Thiscouldseverelyimpactoninnovation,affectcurrentandnewbusinessmodelsand divert resources away from business investment and discourage international companies from choosingtobasethemselvesintheUK.TheHomeOfficeshouldbeabletooffercertaintytoCSPs aboutwhoandwhatisinscopeandhowtheprocessmaycomeabout. 20. The estimated costs seem to be based on a number of assumptions. In the interests of transparency, and to enable Parliamentandthe wider public to understandthe whole process, furtherdetailshouldbeprovidedonhowthefigureof859millionwascalculated.Theaccuracy oftheseestimatesisimportanttoanassessmentoftheoverallproportionalityoftheDraftBill. Not only must the costs be accurately assessed but industry must be assured that the costs of complying with the eventual obligations can be fully recovered. We therefore query whether contingency plans are in place for a situation where it becomes clear that the money that has
CostsincurredbyCSPs
159
been allocated turns out to be insufficient e.g. because the need to retain third party data exceedsexpectations . 21. Two of the key elements of the new proposals are the extension of retention requirements to providers outside the UK and the ability to require UK CSPs to retain data of third party providers. According to comments made by the Home Office, these two proposals are closely interlinked as the third party data retention requirement would only be used if overseas providerswereunwillingtocomplywithanordertoretaindatainthefirstinstance.Theability tobringoverseasprovidersintotheretentionregimewillthereforehaveasignificantimpacton overallcostsasthecapturingoftherelevantoverseasdataviaUKproviderswouldbetheleast costefficientsolution. 22. Thereisaconcernoverhowtheserequirementswillbeviewedinothercountriesandpossibly copied. Asserting UK jurisdiction on overseas providers is a significant step and it is not clear thatthisisaproportionate,necessaryorrealisticpolicystep.WedonotfeelthattheHomeOffice has provided a compelling case for such sweeping powers and it is not clear that less radical alternatives suchasreformingMutualLegalAssistanceTreaties havebeenfullyexplored.We wouldencouragetheCommitteetoexplorethisfurther. 23. AtpresentGovernmentestimatesthatthereisa35%gapincommunicationsdataavailability which,iftheproposalsareintroduced,couldbereducedto25%.Itisunclearhowthebaseline i.e.100%ofdata forthisassessmenthasbeenderived,howitwilldevelopwithnewformsof communicationsandwhetheritwillstayatthecurrentlyestimatedlevel.Itisnotcertain whetherthedatacontainedinthisgapisnotalreadyavailabletoLEAsbutisnotcurrently requestedproperly.Wefurtherquestionwhethertheproposalsarejustifiedandrepresentvalue formoneyforonlya10%increaseincurrentcapabilities.Developmentsinthecommunications industryaredifficulttopredictandthereislittleexplanationintheconsultationdocumentof howtheGovernmenthastakenaccountofthisintheestimationofcosts. Levelofintrusionintousersprivacy 24. ISPAmembersbelievethatanyintrusionintousersprivacyshouldbekepttoaminimumandbe proportionate and necessary in order to avoid a situation where average users feel inclined to change their online behaviour in response to the proposals. The Draft Bill should be viewed within the wider debate around privacy and use of data online, which is based on a system of trust and a trend towards greater transparency. The level of intrusion is actually not fully explainedorunderstoodbecauseagreatdealofthedetailremainsunclear. 25. ThefilteringcapabilitiesthattheDraftBillincludescouldpresentadditionalriskstoprivacy.As anadditionalthirdpartyisbeingincludedinthedisclosureofprivatedata,itcouldbecomean additional attack vector for malicious agents looking to obtain information about individuals. There also exists the possibility for legal representations being made by other parties via the courtstoaccessdataretainedforthepurposesofcivilcasesorasdefencematerialinothercases. 26. Questions of intrusion, proportionality and necessity arise in relation to the retention of and accesstodata.Thescope,definitionsandalsothepresenceofappropriatesafeguardsproposed bytheDraftBillwillplayanimportantpartindeterminingtheanswertothesequestions.
Abilitytobringoverseasprovidersintotheretentionregime
Thecontinuingdevelopmentofthecommunicationsindustry
Scope&Definitions
27. WhilsttheDraftBillappearstomakeonlyaminorchangetothedefinitionofcommunications data it potentially has a substantial impact. The introduction of the new term telecommunications operator and the inclusion of overseas providers effectively makes a
160
significantchangecomparedtotheestablisheddefinitionsofpubliccommunicationsproviders under the Regulation of Investigatory Powers Act 2000 RIPA or communications providers undertheAntiTerrorismCrimeandSecurityAct2001 ACTSA . 28. TheDraftBillstermtelecommunicationsoperatorreferstoapersonwhocontrolsorprovidesa telecommunications system, or provides a telecommunications service and will thus cover, amongotherthings,socialnetworkingproviders,webmailandinstantmessaging. 29. If the definition of communications data is applied to these wider areas, for example, then it becomes clear that these providers will not only be required to retain new types of data comparedtoatraditionalCSP butthatthesedatatypesalsohavethepotentialtobefarmore revealing and intrusive than the data that is currently being retained for law enforcement purposes.Forexample,thedraftBilldefinessubscriberdataasinformation otherthantraffic data or use data held or obtained by a person providing a telecommunications service about thosetowhomtheserviceisprovidedbythatperson.Socialnetworksoftenasktheirusersfor information about their gender, religion, relationship status etc. which should not only be consideredasverypersonalinformationbutisalsoinformationthatiscurrentlynotretainedfor lawenforcementpurposes. 30. A further challenge of definition is determining what within a communication application constitutescommunicationsdataand,assuch,wouldneedtoberetained,asopposedtodatathat wouldneedtobecollectedthroughlawfulintercept.Withincommunicationsapplicationssuchas socialnetworkingservicesoronlinegaming,thedifferentialsbetweenwhatwouldtraditionally constitute Internet traffic and content become less distinct. The Committee should consider whethercommunicationsdatacanbereliablyextractedfromcontentdatainthisscenario. 31. Inadditiontochangingdefinitions,theDraftBillextendsthescopegeographicallybyrequiring overseasproviderstoretaindataorbymakingthisdataaccessibleviaUKCSPs.TheHomeOffice says that these new retention requirements only cover data relating to UK citizens or people staying within the UK during the time for which the data is requested, yet the requirement provides access to a wider data set than this. The Committee should consider whether such a broadpowerisnecessaryandproportionateifthepolicingneedismuchnarrower. 32. Theprecisedatatypesaswellastheproportionalityandfeasibilityoftheproposedextensionto thescopeofthedataretentionregimemeritfurtherinvestigationbytheCommittee.Untilthisis known,theimpactoftheproposalscannotbeaccuratelyquantifiedbyParliamentorCSPs. 33. Higher levels of intrusion would warrant the introduction of new safeguards and additional oversightmechanisms.Aswearguedearlier,thisshouldbeappliedtoboththeretentionofand theaccesstocommunicationsdata.Asothersmayfocusmoreonaccesstodata,wewillfocuson theretentionofdata. 34. Oversight of data retention should take place on multiple levels. Parliament plays a key role in thisandwewelcomethattheCommitteehasbeengiventheopportunitytoscrutinisethecurrent proposalsintheformofaDraftBill.Weareconcerned,however,thatnumerousrequirementsin addition to those on the face of the Draft Bill could be introduced by orders, notices and secondarylegislation,i.e.withlimitedparliamentaryoversight.Forexample,thedatatypesthat CSPswouldhavetoretainwouldonlybespecifiedinnoticesbytheSecretaryofState,without furtherscrutiny.Ascurrentlydrafted,thecurrentDraftBillwouldputagreatdealofpowerinto
SafeguardsandEnforcement
161
the hands of the Home Secretary and to ensure that the retention of data is proportionate, Parliamentaryoversightneedstoberobust. 35. It is proposed that oversight would be provided by the Interception of Communications CommissionersOffice IoCCO andtheInformationCommissionersOffice ICO .Theproposals of the Draft Bill lead to a situation in which CSPs would be required to retain much larger volumesofcommerciallysensitivedatawithacorrespondingincreaseinburdenstostoreand manage it appropriately, including securing and restricting access to it, for law enforcement purposesauthorisedbytheDraftBill.TheCommitteemustbesatisfiedthat,whateverproposals are passed by parliament the IoCCO and ICO are sufficiently resourced to address these issues. Theymustalsohavethenecessarypowersandaccesstoinformationtheywouldneedtoperform their oversight roles effectively. We would also welcome clarification on what proposed role Ofcomwillhaveintheprocess. 36. TheCommitteewillbeawarethattheEUDataRetentionDirective EUDRD isunderreview,and thereisapotentialfortheperiodofretentiontobereduced.Anyreformorchangestothewider communications data landscapeshould be flexible and allow fordevelopments inEurope tobe reflectedintheUK. TechnicalaspectsoftheDraftCommunicationsDataBill 37. TheDraftBillraisesseriousconcernsabouttechnicalfeasibilitywhichhaveyettobeexploredin detail. 38. Requiringcompaniestogeneratedataspecificallyandonlyforlawenforcementpurposesorto capture and retain data about third party services sounds simple but they are technically very complexanddifficultpropositions.Wewouldliketodispeltheideathatexistingequipmentcan be easily reconfigured to capture and retain third party data. DPI and such technology can be used by ISPs for legitimate traffic management processes, but it does not follow it could be repurposedtofulfiltherequirementssetoutintheDraftBill.Weareyettobeconvincedthat currenthardwarecanhandlethevolumeoftrafficthatmovesacrossserviceprovidernetworks atthislevel. 39. There is a further concern that the inline devices that would be placed into the network are vulnerabletohackersandcriminalsandpronetocausesinglepointsoffailure.SincetheDraft Bill and the backstop powers rely heavily on such complex technical solutions, we would encouragetheCommitteetoconsiderwhetherthisapproachcouldbetechnicallyfeasibleorcost effectivetoimplement. 40. The Draft Bill contains powers for law enforcement to use a filtering arrangement to match individualsvariouscommunicationsacrossdifferentplatforms.Again,wefeelmoreinformation is required to better understand what this will mean in practice and whether more safeguards need to be put in place to safeguard privacy. By extending the value chain and analysing data from multiple sources rather than from the source itself, as the filter is expected to do, the reliabilityofthedatacouldbecompromisedanditsevidentialandintelligencevaluelost. 41. Intermsoftheutilityofcapabilitiesproposed,ISPAisconcernedthattheywouldbeevadednot onlybecauseuserswillincreasinglyturntoencryptingtraffic,butalsobytheprospectthatitwill become the norm and be built in as standard by third parties, i.e. even where users havent specificallydecidedtoencrypt.ThiswouldimpairtheabilityofCSPstomanagetrafficontheir networks,asitwouldallappearasastreamofdifferentencryptedcommunicationsstreamswith
162
no easy way to differentiate the content within those streams. In addition, we are yet to be convincedhowthirdpartydatacouldbereliablyextractedfromencryptedtraffic. August2012
163
Dr Dominic Jackson
Iamaprivateindividualrepresentingnoonebutmyself.Iamatechnologyenthusiastand keenstudentoftheworkingsoftheInternethoweverIamalsoapersonwhoguardsmy privacyjealously. Insummary,thedraftcommunicationsdatabillisanabhorrentpieceoflegislation.Itdoes farmorethanmerelyupdatingexistingpowersandseekstogivebroadpowerstospyon allUKInternetusersfornogoodreason.Itisaclassicsolutioninsearchofaproblemand shouldberejectedattheearliestopportunity. TheGovernmenthasmadenoconvincingcaseoftheneedforthepowersproposedinthis Bill.Theonlyvaguejustificationsarehandwavinghypotheticalscarestoriesabout terroristsusingtheInternet,socialmediaandtheliketocommunicateandplanatrocities. Theimprovedconveniencetolawenforcementofthepowerssoughtisnowherenearenough justificationforseekingtorecordwhocommunicateswithwhatorwhom,ineveryInternet operationcarriedoutintheUK. ItisdisappointingtoseeaGovernment,whichcampaignedonthebasisofrepealingsomeof theLabouradministration'sexcessessuchastheIdentityCardsAct,introducesuch legislation.ThedraftCommunicationsBillsharesmanyofthefundamentalfailingsofthe IdentityCardsAct,suchaslackofcleardescriptionoftheproblemstobesolved,appealsto fears,scaremongeringandparanoiaaboutterrorismandcoststhatwillalmostcertainly spiraloutofcontrolatatimewhenthecountrycanillaffordsuchwastefulness.Moreover,if passed,thepowersintheBillwillalmostcertainlybesubjecttodemandsfromothers,such asthemediaindustrylookingtoprosecutecopyrightinfringers. IamconcernedthattheUK'sapproachwillactasagreenlightandatemplateforother countriestointroducesimilarlegislation.Canadaattemptedtointroducedatamining powerswhichwererebuffedonlyafteramassiveoutcry andarguably,incompetencefrom seniorCanadiangovernmentfiguresduringthedebateandcontroversialguerillatactics fromthoseopposedtotheplans .Australiahasalsoproposedsimilarplans,apparently modelledontheUKapproach. TheintersectionofthedraftCommunicationsDataBillwithdataretentionpowersisofdeep concerntome.DataretentioninEuropewaspassedbecauseofaclassicpieceofpolicy launderingbytheBlairgovernmentduringthemid2000satatimewhenterrorism scaremongeringwasaneverydayoccurrenceinGovernmentrhetoric.Havingtried unsuccessfullytogetsuchlegislationpasseddomestically,theBlairgovernmentmovedto EuropeandmanagedtoobtainanEUDirectivetomandatethatwhichtheycouldnotachieve athome.DataretentionhasalreadybeenrejectedinsomeEUstates notably,Germanyand Romania asunconstitutional.TheremainsofthispowerintheUK,togetherwithvague representationsaboutwhatcommunicationsdatashouldbecollected,representamassive infringementofcivilliberties,againfornogoodreason seepreviouscommentsabout Governmentterrorismhype .Thequestionofif12months'retentionistoolongortooshort isemphaticallyansweredwithtoolongbutthecorrectperiodshouldbeeithernothingor nexttonothing e.g.24or48hours .Theperiodofdataretentionalsoobviouslyhasa bearingonthecostsoftheproposalgiventhestoragecapacityneededtoretainthedata. IamdeeplyscepticalaboutthecostsandbenefitsquotedforthisBill.GovernmentIT projectssuchasthisALWAYSoverrunintermsoftimingsandcosts.Theyareinevitably subjecttofeaturecreepastheprivatesectorcontractorsinvolvedgorgetheirfaceson lucrativeGovernmentcontracts.ThishasbeenseenwithcountlesspreviousGovernmentIT projectssuchasNHSSpineandindeedtheIdentityCardsAct.Iseenojustificationforthe benefitsquotedfortheBillandsuggestthatthemoneyallocated,ifitneedstobespentatall, shouldbedirectedtowardsbetterpolicing. Thenotionthatcommunicationsdata suchaswhoiscommunicatingwithwhomandthe
164
dateandtimeofthecommunications canbeseparatedfromthecontentofthe communicationitself,isacompletefallacyinInternetterms.IfitisrecordedthatIvisited www.example.comthenitisobviouslytrivialtoreplaymyvisitandprobablyinspectthe contentofthecommunicationeventhoughthiswasnotoriginallystored.ThedraftBillis alsoworryinglysilentonwhetheronlythefactthatIvisitedwww.example.comwillbe recorded,orwhethertheindividualpageswithinthatsite somepossiblywithcustomURLs arisingfrompersonalinformationsuchasauserloginthatIpasstothesite willbe recorded.ThisfallacyisakeyunderlyingassumptionofthedraftBillandthatitis demonstrablyfalsedoesnotinstilconfidenceintherestoftheBill.TheBillalsofailsto appreciatethat,withmoderntechnology,itisperfectlyfeasibleforcommunicationsdatato consistofafiveminuteAmazonEC2instancethattalkedtoawebapplicationthat momentarilyexistedinsomeothercloudsomewhereandthenvanished.Thedatacollected onsuchephemeral,virtualcommunicationsis,forallpracticalpurposes,useless. Likewise,thequestionsraisedaboutsecurityofthedataoncecollectedignoretheelephant intheroomofthehumanfactor.Thatistosay,anydatabasesecurityisonlyasstrongasits weakestlink,andaboveacertainlevelofbasiccomputersecuritythisweaklinkwill inevitablybethehumanoperatorsofthedatabase.Eveniftheyarenotinherentlycorrupt thentheycanbecorruptedthroughblackmail,extortionandthelike.Wehaveseenfromthe recentNewsInternationalscandalshowthiskindofinfluencecanbebroughttobearoncivil servantsandotherfiguresentrustedwithprivatedata.Giventhatthedaytodayrunningof thepowersproposedbythedraftBillwouldalmostcertainlybeoutsourcedtominimum wageslavesemployedbyG4Sandthelike,itisnothardtoimaginethemotivesfor corruption,northeopportunity,whichjustleavesthemeanswhichisn'thardtoimagine either. ThesecondmajorfallacyofthedraftBillisthatstoringthedatacollectedinanumberof separatedatabaseswillsomehowbesaferthanifitwasallstoredinonecentralised database.Againthisbetraysalackofunderstandingofmoderntechnology;itisjustastrivial withmoderncomputingpowertoindexandthussearchacrossamultitudeofdatasources asitistosearchjustone.Google'sbranchingoutintoimageandvideosearchingwithjust onesearchtermshouldbetreatedasanexampleofthis.Itwillbetrivialtoassemblea completepictureofpeople'slivesfromthevariousdatasourcesthisBillcontemplates creatingwhichrepresentsamassiveinvasionofprivacy. ThemeasuresproposedintheBillcouldbeeasilycircumventedeitherbyuseofencryption andVirtualPrivateNetworks,deliberatelyusingnonUKprovidersorbyswitchingtooffline communications.Theseriousterroristwilldoubtlessadoptthesemeasures,leadingtothe Billonlyaffectingtheincompetentamateurandthelawabidingcitizen.Thesuggestion madeinGovernmentcirclesthatencryptioncouldbebrokenforthepurposesofthisBilldo notbearthinkingabout:strongencryptionunderliesmanyofthepositiveaspectsof21st centurylifesuchasonlinebanking,ecommerceandonlineservicingofutilityaccountsand convenientinteractionwiththeState suchasupdatingtheelectoralregisterandpaying counciltaxonline . TheunintendedconsequencesofthisdraftBilldonotrequiremuchthought.Investigative journalistsmightunintentionallyrevealtheirsources,CEOsofcommercialorganisations loggedascommunicatingwithoneanothermightunintentionallyrevealtakeoverplans, abusedwomeninhidingmighthavetheircoverblown.Thenotionalapplicationofthe powersinthedraftBilltoidentifyingterroristcellswouldbeequallyapplicableto identifyingmembersofothercellsofcivilsociety suchasGreenpeace,digitalrights campaigners,Occupy .ThesameobjectionsapplyastotheIdentityCardsAct:today's governmentsmightconsiderthemselvesbenigntowardssuchmovementsbutwhatof tomorrow'sBNPgovernment?OncehandedovertotheStatetheinformationcanneverbe erasedfromtheState'slogsandthisaloneshouldbereasontoscrapthedraftBill. Theevidenceprofferedinfavouroftheproposedpowersisweakandconsistsofhand
165
August2012
wavingWhatifscenarios.Morepeoplearekilledinroadaccidentsthaninterroristattacks eachyearintheUK.Terroristsdoubtlessuseofflinecommunicationsmethodssuchas meetinginpubs,restaurantsandotherpublicplaces.Doesthismeantheproprietorsofsuch establishmentsshouldberequiredtorecordwhoenterstheirpremisesandwhotheytalkto, andpassthisontotheState?Ofcoursenotcommonsenserevoltsattheidea!Takentoits logicalconclusion,everyoneshouldbelockedupinprisonuntiltheycanprovetheyarenota terrorist,butlogisticsaside,acivilisedsocietyagainfindsthisidearepulsive. Ultimately,preventingterroristatrocitiesisamatterforhighlyskilledhumanintelligence workers.Itisaclassicneedleinahaystackproblem;aftertheeventitisofteneasy with hindsight toidentifythelinksbetweentheperpetratorsandthentoshowthat,actually,the authoritieshadallthisinformationalreadyandcouldhavejoinedthedotsandthus stoppedtheattack.However,beforetheevent,theproblemistoidentifytherelevantdots inamongsttheseaofotherdotsandofjoiningthe relevant dotsbeforeitistoolate. Fromthiscontext,throwingmorehayontothestackontheoffchancethatitcontains anotherneedle,isclearlyawasteofeffort.Onewouldusesophisticatedtechniquesto narrowdowntheareaofthehaystackthatneedssearching,forexampleusingmetal detectorsoraskingwhereaneedlewaslastseen. Toconcludethethemesofthepreviousparagraph,presumingitisarealthreatandnotjust hypeandparanoia whichisinitselfdebatable ,theproblemsofseriouscrimeandterrorism willbeaddressedbycleverpoliceanddetectivework;identifyinglikelyperpetratorsand concentratingonTHEMALONEtoidentifytheirnetworkofcontacts,thenuseundercover officerstoinfiltratethegangs,preventthemobtainingexplosivesandweaponsandgathered evidencetobringthememberstojustice.Thereisampleevidencefromglobalnewsreports thatintelligenceagenciesacrosstheworldarehavingsomesuccesswiththesetactics.There isnoevidencethatwarrantless,unjustifiedmasssurveillanceofthepopulationisachieving orwillachievethesameresults. TheoftquotedmaximisIfyou'venothingtohide,you'venothingtofear!Thisishighly disingenuous.IDOhavesomethingtohide,namelymypersonalprivacyanddesireto proceedwithmydailylifefreeofinterruptionorharassmentbytheState.Everysingle personhasthissamefactor;ourownreasonableexpectationsofprivacyandtherefore,by implication,theconverseoftheclichdmaximmustbetrue.WeALLhavesomethingtohide andsoweALLhavesomethingtofearfromlegislationsuchasthis. ThedraftBillhasnosolidunderlyingfoundationinfactorreality,itisthelatestinaseriesof terroristparanoiapiecesoflegislation.IasktheCommitteeandParliamentasawholeto pleaseburytheideasitcontainsbackinthegroundwheretheycamefrom,ideallywitha stakethroughtheheartandsaltingtheearthabovethemtopreventtheconceptsrisingfrom thedead,astheyhavedoneinthislatestrehashoftheLabourgovernmentsdiscredited InterceptModernisationProgramme.
166
Andrew James
General: 1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? Ithasbuttheproblemisithasntoutlinedhowitwilldothis. 2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? No,theargumentisnotconvincing.Theargumentisfundamentallyflawedinthatanylegislation wouldneverbeflexibleenoughtoprovidefortheveryproblemitisintendedtosolvetherapid changeincommunications. 3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? Thewiderlandscapeischangingatsucharapidrate,thateventhemostrecentlegislative instrumentscanbearguedasquicklybecomingoutdated.Butmoretothepoint,communications datanowdescribesonespersonallifetoamuchdeeperlevel shoppingtransactionsforexamplecan bearguedasacommunicationsdatawhereaspreviouslyitwouldnotbecommunicationdata,aresult ofourchangingbehavioursutilisingtheinternet . 4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? TheUKisentirelyuniqueintermsofhistoriccontextandtherelationshipbetweenthe telecommunicationindustryandthepolicing/intelligencearena.Itwouldbemisleadingtolookat othercountriesintermsofstrategiclessons. 5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? Yes,thegovernmentshouldtakeariskbasedapproachtoidentifyingapplicationbased communications Skype,MSN,Facebook,FaceTimeetc. andascertainhowthemanagingcompanies Microsoft,Google,Apple canprovidemeaningfulcommunicationsdataonaneedsdrivenbasis.The obligationshouldbedrawnawayfromthecommunicationprovider/ISPandtowardstheapplication layer.Thisiswherethetrendisheading.Theresponsemustbemuchmoreagile intechnicaland legalterms thanwhatthegovernmentiscurrentlyproposingoritwillbemoneyunwiselyspent. 6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? TheEUDRDisahighlevelguidelinethatoffersnoclarityonexactlyhowCDwouldbecollectedand managedintheUK,nordoesitofferanyrelevance,specifically,forthelawenforcementlandscapein theUK. Ofcourseitwould,butthegovernmentispushingthisthroughasanurgentlegislationandEU requirementswouldnotallowforachangeintheharmonisationpolicyrequiringanEUregulationin thisareasothisisamootquestion. 7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasures thatcouldbescrappedasaquidproquotorebalancecivilliberties? Thelegislationprovidesforpowerswhichcanbeinterpretedinanumberofways,itisnotclearatall, howtheHomeOfficeintendstoutilisethesenewpowers,whetheritwouldmaintainaregisterofall communicationsdata,oraskoperatorstodothat. 8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKas alessattractivebase.Whatmightbetheeffectonbusiness?
167
ForSMEs,theanswerwillbeofcourseitwillbelessattractive.Theratesinvolvedinstoringand beingabletoprovidecommunicationsdataisahugeadministrativeburden. Costs: 9.Istheestimatedcostof1.8bnover10yearsrealistic? Noway.Firstly,howcansomethingsounpredictableasthecommunicationsmarketbepredicted withanyreliabilityfor10yearsaway weareinthispositionbecausewedidntpredictwhereweare nowwouldhappen! .Secondly,over85%ofdefenceandsecurityprogrammes majorprojects have beenseriouslyunderestimatedinthelast20years.Thisissimplyafingerintheairguess.The governmenthasalreadyspenthundredsofmillionsonthissince2005andhasnotyetdelivered anything. 10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? Againtherearenorobustquantitativeassessmentsthatcouldpossiblymakethisfigurerealistic.It isaroughestimateatbestandisbasedonconjectureandopinionoftheagencieswhostandto benefit,thefigureoughttobeproperlyassessedbytheNAOasshouldtheentirecostbasisofthe programme. Scope: 11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate? DotheysensiblydefinethescopeofthepowersinthedraftBill? No.ThedefinitionofcommunicationdataisbasedontheformerdefinitionofCDfromRIPA.Itmakes nodistinctiontonewcommunicationdata.Forexample,howdoesonedefinethelimitbetweenthe communicationdataandthecontentforanamazontransactionforabookoncounterterrorism,or aconversationonSkype?Howwouldthelegislationbesecuredenoughtonotallowforcatchall interpretationtotheactualreallifemechanismsthatwillbedevelopedtocaptureCD?Thedefinitions andscopeareconfusedandmisguided. 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? Thelistshouldbedeterminedonariskbasedapproach,withimmediatethreattolifebeingfirstand soon. 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?ManyUKcompaniesarebasedabroadandregulatedbyBritishlaw.Aslongasacompany operatesheretheyareexposedtoBritishregulationSantanderinSpainetc.Howeverthedetailof theregulationofoverseasthirdpartdatamustbeaddressedintighterdetailintheplans.The problemhereisthatitisincrediblyeasyforsomeoneintheUKtoturnontheircomputerand communicateviaamethodthathasnolegalbaseintheUKthisisamajorprobleminthelegislation thatisagainnotaddressed.E.g.IfanappcompanycreatesanappsuchasWhatsApp,sayinRussia, andIcommunicateonthatusingmylaptop,isittheoperator mybroadbandprovider orWhatsApp thatprovidesthecommunicationdata.Techically,theoperatorhasnoaccesstothecommunication data,andlegally,theWhatAppownersarebasedinRussiasohavenoobligationtoprovidethatdata totheUKoperator.Ifthiscantbeansweredthewholepointofthisprogrammeoflegislationis entirelyflawed. UseofCommunicationsData: 14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? 15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? Itistooshortforcomplexandhighprofileinvestigations.Itistoolongforcivillibertiespurposes. Safeguards:
168
16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapply toallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? Howwouldthisworkinathreattolifesituation?Theresourceimplicationsaremassive. 18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? Yes. ParliamentaryOversight: 19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? Theyarebetterthan2yearsago! Enforcement: 20.Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywith therequirementsofthedraftBill? TherearenopenaltiesdescribedinthedraftBill.ThedraftBillreferstotheFinancialServicesand MarketsAct2000only. 21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthe draftBillamounttoanoffence? Technical: 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? Technologyexisttostoreanysortofdataaslongasthatdataisdefinedandtheprocessisauthorised. Communicationsdataandcontentdefinitionsarefarfromclearandarevariableacrosstypesof communication,sotheanswertothisquestionisno. 23.Howsafelycancommunicationsdatabestored? Dependentonmultiplevariables,veryornotatall.Thequestionispointlesswithoutgivencontext. 24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? No. 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? AnyorganisationwhocanarguethegreynessoftheclausesinthisdraftBillwillbeableto circumventcompliance.Anyindividualwitha4yearoldstechnicalabilitycouldcommunicatewith anyoneelsewithoutbeingexposedtothemechanismsintendedbythisdraftBill. 26.Arethereconcernsabouttheconsequencesofdecryption?
169
Ithinktherearebiggerconcernsherethandecryption.Acriminalisnotgoingtouseencryptionwhen theycansimplyuseanumberofcommunicationappsinsequence GChat,WhatApp,iMessage, MyMessage etc. Thecommunicationsenvironmentinthelast10yearshasmovedonfromtelephonesandpost,toa worldwhereIcananddouseover10typesofIPbasedapplicationandnonapplicationlayer communicationsperday.Thegovernmentistryingtomatchthishumanevolutionandsociety evolutionledrapidchangewithapieceoflegislationandacostlytechnologicalsolutiondesigned nowandforthenext10years.Thelogictotheapproachisflawed.Itwontwork,itwillonlycostthe taxpayerbillionsandmoveusinthewrongdirectioninthedelicatebalanceoflibertyandsecurity. August2012
170
JANET
1. ThisisthesubmissionoftheJNTAssociation,tradingasJanet,totheJointCommitteeonthedraft CommunicationsDataBill. 168JanetistheUKsNationalResearchandEducationNetwork,ahigh speedprivatedatanetworkthatconnectsalluniversities,colleges,researchorganisationsand schoolsnetworkstoeachotherandtothepublicInternet. WeareconcernedthatthedraftBillwill,perhapsunintentionally,affectamuchwiderrangeof networks,dataandusersintheUKthanthecurrentDataRetentionRegulations Q1,2,11 ,andthat itcoulddamagethereliabilityof,andconfidencein,computersandnetworksthatisessentialifthe UKistoachievethesocialandeconomicbenefitsofaninformationsociety Q9,26 .Wealsobelieve thatthepossibilityofmanynewprocessesforobtainingcommunicationsdatawillleadtoconfusion andcreatenewopportunitiesforunauthorisedaccesstothatdata Q16,23,26 . Q1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? Q2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? 3. ThedraftBillwouldgivetheSecretaryofStatethepowertoorderthecollectionofcommunications datafromanytelecommunicationsoperator;thisisdefinedinclause28 1 ofthedraftBillsoasto includepublicandprivatenetworksbothinsideandoutsideeveryorganisationintheUKaswellasa highproportionofdomesticproperties.Currentdataretentionrequirementsonlyapplytothemuch smallernumberofpubliccommunicationsproviders,asdefinedinRegulation2 e oftheData Retention ECDirective Regulations2009,derivingfroms.151oftheCommunicationsAct2009. TheHomeOfficescasefortheBilldoesnotmentionnorjustifythissignificantincreaseinthe networks,organisationsandusersthatmaybesubjecttodataretentionrequirements,norcanwesee anyneedforittoachievetheBillsstatedpurpose.Wethereforerecommendthatthescopeofthe Clause1powerbereducedtopubliccommunicationsprovidersasunderthecurrentdataretention regime. Q9.Istheestimatedcostof1.8bnover10yearsrealistic? 5. Thefinancialcostslargelydependonhow,andhowoften,thepowerscreatedbytheBillare exercised,socannotbeestimatedfromtheinformationthathasbeenpublished. Howeverwenotethatthepowersmayalsoimposenonfinancialcostsontelecommunications operatorsandtheirservices.Manynetworks,includingJanet,havebeendesignedtoensurethata singlefailuredoesnotcauselossofconnectivity.Asideeffectofthisimprovedresiliencethroughthe provisionofmultiplepathsistomakeithardertocollectcommunicationsdataasthereisnolonger anysinglepointwherealldatacanbecollected.TheBillappearstogivetheSecretaryofStatethe powertoordersuchresiliencetoberemovedtofacilitatetheavailabilityofcommunicationsdata, eventhoughthiswouldmakethenetworkunsuitableforthegrowingrangeofteaching,researchand operationalpurposesthatdependonhighlyreliablenetworks.Anordertoaddnewmonitoring devicesintoanetwork,ortoalterthenormaltrafficrouting,couldalsohaveanunpredictableeffect onitsreliabilityandperformance.
2.
4.
6.
data/commsdataCfE.pdf
171
7.
TheBillmayalsorequiretelecommunicationsproviderstoinstallandmanagenewsystemstocollect communicationsdata,andwillrequirethemtokeepcollecteddatasecure.Thiswillrequire continuingeffortbyexpertnetworkandsecurityengineersandprivacyspecialists.Organisationsthat havesuchspecialistswillforgopartoftheircontributiontothedevelopmentandoperationof productsandservices;organisationsthatdonotcurrentlyhavesuchskillswillneedtorecruitthem inareassubjecttoskillsshortages. Q11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill?
8.
ThedraftBilldoesnotusethetermcommunicationsserviceprovider,whichonlyappearsinthe Notes.ThedraftBillinsteaddefinesandusesthetermtelecommunicationsoperator.Wedonot considerthateitherthedefinitionoftelecommunicationsoperatororcommunicationsdata in clause28 1 5 isappropriate. AsinourresponsetoQ1&2above,wedonotbelievethattelecommunicationsoperator,asdefined inclause28 1 oftheBillistheappropriatescopefortheclause1power.
9.
10. Thedefinitionofcommunicationsdatainclauses28 1 to28 5 willextendmuchwiderthanthe normalmeaningofthatterm andthestatedintentionofthedraftBill whenitisappliedto organisationssuchasuniversities,webmailandsocialnetworkservices,allofwhichappeartobe includedinthecurrentdefinitionoftelecommunicationsoperator. 11. Thisisbecausecommunicationsdataisdefinedinclause28 1 astheaggregateofusedata, trafficdataandsubscriberdata.Clause28 5 thendefinessubscriberdataasinformation otherthantrafficdataorusedata heldorobtainedbyapersonprovidingatelecommunications serviceaboutthosetowhomtheserviceisprovidedbythatperson.Inotherwords communicationsdatawillcompriseallinformationheldbytheserviceprovideraboutthe individualswhousetheservice.Inthecaseofauniversityorsocialnetworkthiswouldcovermuch morethanisnormallyconsideredsubscriberorcommunicationsdata:forexampleitwouldincludea studentsacademicrecordoramemberofstaffspersonnelfile.Indeedsince,unlikeclause28 4 definingusedata,clause28 5 doesnotexcludethecontentofcommunications,itappearsthat communicationsdatawouldalsoincludethecontentofalltheusersmessagesthatwereheldbythe telecommunicationsoperator. 12. ToremovethisproblemthedraftBillsdefinitionofsubscriberdatashouldbereplacedbya definitionthatstateswhatsubscriberdatais,ratherthanwhatitisnot. Q16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould designatedseniorofficerbedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? 13. ThecurrentRegulationofInvestigatoryPowersActPart1ChapterII RIPA regimeestablishesa single,welldefined,processforaccessingcommunicationsdata.Thishasallowedcommunications providerstodeveloptheirownprocessesforhandlingRIPAnoticesthroughasinglepointofcontact, ensuringthatalldisclosuresofcommunicationsdataareprompt,lawfulandefficient.Topromote suchefficiency,theHomeOfficeCodeofPractice 169prohibitsanyuseofotherpowerstoobtain communicationsdata.
169http://www.homeoffice.gov.uk/publications/counterterrorism/ripaforms/codeofpractice
acquisition
172
14. Clause9 2 ofthedraftBillwouldreversethisapproachbypermittinganyconducttobeusedto requestororderthedisclosureofcommunicationsdata.Communicationsproviderswouldnolonger beabletoadoptstandardprocesses,sincetheymightreceivevalidrequestsorinstructionsthrough anyprocessandinanyformthatanydesignatedseniorofficerconsidersnecessaryand proportionate.Thiswillinevitablyslowdowntheprocessofaccesstocommunicationsdataand increaseitscosts.AsdiscussedinourresponsetoQ23&25below,webelieveitwillalsoincreasethe opportunityforfraudulentaccesstostoredinformation. 15. Clause9 3 encouragesalternativestothestandardRIPAprocess whichisdescribedinclause 9 3 d ,bygivingexamplesofaskinganypersonapparentlyincludingwithinacommunications providerwhomaybeabletoobtaincommunicationsdatatodoso;Clause9 4 wouldthen authoriseobtainingordisclosure...oranyotherconductbysuchaperson,evenifitwould otherwisebeacriminaloffenceforexampleunders.55oftheDataProtectionAct1998.Indeedclause 9 2 appearstoallowsuchapersontoberequired,ratherthanjustasked,toobtainanddisclose data,whichwouldmaketheRIPAprocessredundant.TheexistingRIPAprocesswasdesignedto promotetheinterestsoflawenforcement,communicationsprovidersandusers.Wedonotconsider thatcreatingalternativeprocessesunderclause9 2 willbesatisfactoryforanyofthoseinterests. Q23.Howsafelycancommunicationsdatabestored? Q25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? 16. Itishighlyunlikelythatcommunicationsdata orindeedanyotherdata canbestoredcompletely safely:thereareexamplesofinformationbeingobtainedwithoutauthorisationfrombothpolice 170 andISP 171databases.Successfulattackscanusebothtechnicalandhumanweaknesses,asdiscussed intheInformationCommissionersreportsWhatPricePrivacy 172andWhatPricePrivacyNow. 173 17. Weareespeciallyconcernedthatallowingmultipleprocessesforobtainingcommunicationsdata underClause9 2 particularlysincetheseprocessescanbelessformalthanthecurrentRIPAone willmakeitmucheasierforblaggerstoobtaincommunicationsdatabyfraudulentimpersonation. Telecommunicationsprovidersandotherswithaccesstocommunicationsdatawillberequiredby thatClausetorespondtonewandvariedformsoflegitimaterequestandorder,makingitmuch easierforablaggertoexplainwhyhisrequestvariesfromthosethathavebeenseenbefore. Protectingagainstthisriskwillrequirescrupulouschecksbytherecipientsofallrequestsunder Clause9 2 ,thusdelayinglawfulaccesstodataandincreasingtheworkloadforbothprovidersand thedesignatedseniorofficerswithwhomtheywillhavetoverifyeverynewprocess. 18. ThedatacollectionandstoragesystemsenvisagedbytheHomeOfficewillrepresentattractive targetsforthosewhowishtoobtaindataaboutusers.Evenifonlylocalcommunicationsdatais storedthiswillbeinlargerquantitiesthanatpresent.HowevertheHomeOfficehavealsoindicated thatitwillbepossibletoobtaindataaboutcommunicationsusingthirdpartyproviders;thiscanonly bedonebyexaminingthecontentofcommunicationsandextractingcommunicationsdatafromit.
170http://news.bbc.co.uk/1/hi/uk/7033935.stm 171http://www.theaustralian.com.au/australianit/telecommunications/anonymoushackersdump
stolendatabelongingtoaustralianfirmaapt/storyfn4iyzsr1226437681976
172
http://www.ico.gov.uk/upload/documents/library/corporate/research_and_reports/what_price _privacy.pdf 173http://www.ico.gov.uk/upload/documents/library/corporate/research_and_reports/ico wppnow0602.pdf
173
Suchsystemswillbeaparticularlyvaluabletargetforattack,sinceaccess eitherthroughahumanor technologicalattack tosuchasystemcouldprovidetheabilitytoreadallthecommunications contentthatpassesthroughit,asisreportedtohavehappenedtoVodaphonePanaphonssystemsin Greece. 174 Q26.Arethereconcernsabouttheconsequencesofdecryption? 19. Ourconcernsthatdatastorageandcollectionsystemswillbeanattractivetargetforunauthorised accesswouldbeincreasedifthosesystemswerestoringoraccessingtheplaintextofinformationor communicationsthatarecurrentlyencrypted.Aswellastheharmresultingfromthelossof informationconsideredsufficientlysensitivetojustifyencryption,evenarumourofunauthorised accesstoadecryptingsystemcoulddamagepublicandbusinessconfidenceintheInternetasasafe waytocommunicate.TheGovernmentsplansforanesocietydependoncitizensandbusinesses beingwillingtosendandreceivesensitiveprivateinformationovertheInternet,whethertoe government,ehealthorebusinesssystems.Ifindividualsdonotbelievethatbrowserencrypted communicationsaresafethenitwillbedifficulttopersuadethemtousethesesystems. August2012
174http://spectrum.ieee.org/telecom/security/theathensaffair/
174
Peter John
General: 1. HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill?
ItisimportanttounderstandthatcrimesliketerrorismoftenusedbytheHomeOfficetojustify masssurveillancepresentlyposeanegligiblerisktolifeintheUK; UKDeaths,PerAnnum
Toputthosenumbersinperspective,6peopledieeveryyearfallingoutoftrees.Butthereisno expectationthatcrashmatswillbeplacedunderalltreesintheUKjustincase. Ifyouwanttosavelives,theconclusionisinescapableBestvalueisderivedbyspendingbillions preventingpeoplesmoking.Ratherthanspendingbillionsinterceptingthecommunicationsof innocentpeopleandthelawabidingbusinessesthatservethem. Theothercrimefrequentlycitedasjustificationformasssurveillanceistheheinousoffenceofchild murder/paedophilia.TheHomeOfficecitedtheshockingexamplesofIanHuntley&LeviBellfield. InthecaseofHuntley,however,itwasrevealedthathehadbeenasuspectinaseriesofsexual offencesandburglaries..yethadstillbeenallowedtoworkinaschool.Thereisnothingtosuggest thatretainedcommunicationsdatawouldhavepreventedHuntleysoffences.Therewasaserious failurebypublicauthoritiestoaccuratelyvethisbackground,andaseriousfailurebypoliceto reconciledataonhisbehaviour. Bellfieldwasnamedbypoliceasasuspectinconnectionwithnumerousunsolvedmurdersand attacksonwomendatingbackto1990,andthemurderofa14yearoldgirlin1980.AssistantChief ConstableJerryKirkbysaid,"QuestionswillbeaskedwhetherBellfieldcouldhavebeencaughtand wemustaccept,anddo,thatmistakesweremade".Thereisnoevidencetosuggestthatretained communicationsdatawouldhavepreventedBellfieldsoffences. Inbothcases,aseriousfailurebypolicetocorrelateavailableconventionalintelligenceallowedthe offencestooccur.
175
2.
HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthe draftBill?
No seeprevanswer . Britainisbroadlyasaferplacenowthanithaseverbeen. Consequently,areductioninunwarrantedsurveillance,andgreaterpromotionofdemocratic freedom,wouldbeawelcomechangeofstrategy. 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusioninto individualsprivacy?
TheUKhasthroughthelaissezfaireindifferenceoflazyandcorruptregulatorsbecomeasocietyI barelyrecogniseitfrommychildhood.Aplacewhereintrusionintopersonalprivacyhasbecomeso ubiquitousitexceedsthedystopianvisionofGeorgeOrwells1984. Atthesametime,theopportunitiesforredresswhenpublic&privatesectororganisationsoverstep therightsofcitizenshavebeencompletelyunderminedbytimidandcorruptregulation&law enforcement. Thereisnoeffectiveprotectionorremedywhenthelawisbroken. Forthatreason,Ifullyexpecttoemigrateinthenext12months,toasocietywherepersonallibertyis betterprotected. 4. Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata?
TheJointCommitteemightbewisetolooktooverseashistory;Thosewhocannotlearnfromhistory aredoomedtorepeatit. TheretheactivitiesoftheStasibearcomparison.TheStasioperatedoneoftheworld'sbiggestmass surveillanceoperations.TheStasiusedmasssurveillancetoidentifypoliticaldissentamongcitizens. Becausecitizenswereawarethattheirgovernmentwasspyingonthemacultureofmistrust resulted.Politicswereonlydiscussedwheresurveillancecouldnotreach,andonlywithclosefamily. IsthatreallytheexampleyouthinktheUKshouldfollow?Adatabasethatencompassestheprivate communicationsofallUKcitizens?Ifso,Ifearyoureignoringhistoryatyourperil. 5. Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider?
Interceptionofcommunicationsshouldbealastresort,usedinonlythemostseriouscasesof criminalmisconduct,andonlywhenawarranthasbeenobtained. Masssurveillancewillcompeltheunconditionaluseofencryption,ultimatelydrivingupthecostof masssurveillanceinanescalatingselfdestructivespiralofcountermeasures. ThatimpactsboththecoststoGovernment,andthecosttoUKtelecommunicationsusers including commercialandpersonalusers . 6. ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesof legislationinterrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthat governstheretentionofcommunicationsdata?
176
ItwouldbepreferableiftheJointCommitteeweretorecommendthatlegislationcompliedwiththe EuropeanConventiononHumanRightsarticle8,whichstipulates;
Everyonehastherighttorespectforhisprivateandfamilylife,hishomeandhis correspondence.
Retainingcommunicationsdataofinnocentpeople andwearepresumedinnocentuntilproven guiltyofacrime isnotproportionate.UnlessyouconsidertheUKanationofcriminalsuspects. 7. IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasures thatcouldbescrappedasaquidproquotorebalancecivilliberties?
No. ToquoteBenjaminFranklin;
"Theywhocangiveupessentiallibertytoobtainalittletemporarysafety,deserveneitherliberty norsafety."
Theprivacy/security/integrityofmycommunicationsisnotacommodityIampreparedtotrade. 8. WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseethe UKasalessattractivebase.Whatmightbetheeffectonbusiness?
TakingforexamplethePhormaffair,UKcommunicationsserviceprovidersdemonstratedthatthey wereincapableofbeingtrustedtorespecttheprivacy/security/integrityofUKtelecommunications. PhormWebwisewasanindustrialespionagescamthatharvestedcommercialintelligencefromUK telecommunications,andsoldtheresultingintelligencetothehighestbidder. Theeffectonbusiness?Theonlyrationalresponsetosuchasurveillancethreatistostopusingthe UKtelecommunicationsnetwork,oradoptthestrongestpossibleencryptionmethods. IwouldnotrecommendanyonelaunchabusinessintheUKatpresentbecausetherearenoeffective safeguardsinthiscountryagainstunlawfulcommunicationssurveillance. Costs: 9. Istheestimatedcostof1.8bnover10yearsrealistic?
Itseemsverypoorvalueformoney. 10. TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? IdontbelievetheHomeOfficecouldeverjustifythatfigure.Themoneywouldbebetterspent addressingthedeficienciesinpoliceinvestigativeprocedures,intelligencehandling,thechild protectionregister,andeliminatingrampantpolicecorruption. Scope: 11. Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate? DotheysensiblydefinethescopeofthepowersinthedraftBill?
177
Sorry,noresponsetooffer. 12. WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? Sorry,noresponsetooffer. 13. Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? Essentially,itisanonsensetobelievethatyoucaneverpoliceoverseasproviders,orimposeeffective constraintsonthem.KingCanutehadmoresuccessturningthetides. ThebeliefamongsomeMembersofParliamentthattherecouldeverbeaglobalstandardfor communicationsregulationissimplydelusional.Inconsistentregulationwillalwaysexistbetween democraticnationsononehand,andthecorruptauthoritariannationsontheother. TheissueismoreaboutdeterminingwhethertheUKbecomesamodelofademocraticnation,ora modelofacorruptauthoritariannation. UseofCommunicationsData: 14. Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? CommunicationsDatashouldbeusedtodetectanyseriouscriminaloffence.Itshouldnotbegathered frominnocentpeopleuntilacrimeissuspected. 15. Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? CommunicationsDatashouldnotberetainedwithoutawarrantobtainedinadvance.Theevidence shouldbedestroyedonceapoliceinvestigationhasconcluded. Andretainednolongerthanthat. Safeguards: 16. Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguards includingapprovalbyadesignatedseniorofficerwithinthepublicauthoritymakingthe request.Howshould"designatedseniorofficer"bedefined?Isthissystemsatisfactory?Are thereconcernsaboutcompliancewithArticle8ECHR? EverysupposedsafeguardfailedwhenBTconductedillegalcovertsurveillanceofitssubscribers usingPhormsRussiandevelopedspywarein2006,2007and2008. TheICOrefusedtointervene. Ofcomclaimedithadnopowerstoact. ThevariousSurveillanceCommissionersclaimedtheyhadnoroletoplay. Andthepolicerefusedtoinvestigate. TheCPSrefusedtoprosecute.
178
SoifBritishTelecomcancovertlyinterceptthecommunicationsof200,000oftheirsubscribersand thebusinesseswhoservethem,usingRussiandevelopedspyingtechnology,withcomplete impunityWhydoyouthinkanyonewouldhaveanyconfidenceinthesupposedsafeguardsthe HomeOfficeclaimwillguaranteeprotectionfromabuse? Itissimplyapreposterouslie. 17. Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthis applytoallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbe necessaryinallcircumstances?Andwhatwouldtheresourceimplicationsbe? Yes,awarrantbasedsystemwouldbemoreappropriate. 18. IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? TheInvestigatoryPowersTribunalhashistoricallyupheldfewifanycomplaints; IPTComplaints20012008
Inaddition,theyclaimtheyhavenoroleoverseeingtheactionsofprivatesectororganisationsthat engageinunlawfulsurveillance. Untiltheoversightdemonstrablyincludesrobustenforcementofthelaw,andthescopeofthe oversightisextendedtoprivatesectororganisations,themeasuresareutterlyinsufficient. ParliamentaryOversight: 19. ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBill satisfactory? Parliamenthasdemonstratednocapabilitytoeffectivelyoverseecommunicationssurveillance.Ido notbelieveMPshavethetechnicalexpertiserequiredtounderstandthemeansorextentofunlawful surveillance.Whydoyoubelievethatsituationwouldchangeasaconsequenceofthisbill? Enforcement: 20. Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomply withtherequirementsofthedraftBill?
179
No,theyaretooweak.Evidencesuggeststhatthepolice&regulatorswillnotenforcepenalties againstpeoplewhoviolatethelaw,andwillevencitethetrivialnatureofpenaltiesasreasonnotto engageinenforcement. 21. Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccess tocommunicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedfor inthedraftBillamounttoanoffence? Theunlawfulinterceptionofcommunicationsisalreadyacriminaloffence.Butfewpeopleareever prosecuted. Technical: 22. Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? ThetechnologyexiststoallowCSPstocapturesomeaspectsofcommunicationsdataaboutinnocent peopleandthebusinessesthatservethem. Howeverthequestionismorewhetheritiseverappropriateforthemtogathersuchinformation withoutawarrant,ortheexplicitconsentofthesenderANDrecipient. Ibelievetheanswertothatquestion,inademocraticfreesociety,isalwaysno. 23. Howsafelycancommunicationsdatabestored? Verysafely.Untilitiscompromised. ExamplesofsecurityspecialistsrecentlycompromisedincludeStratfor emailstolen ,HBGary emailsstolen ,USArmy theWikileaks/BradleyManningaffair .Andmanyothers. Iforganisationssuchasthesecannotprotecttheirowncommunicationsdatasecurely,theJoint Committeemightcontemplatewhyanyassurancesofabsolutesecuritycaneverbetakenatface value. Inshort,communicationsdataoncestoredislikelytobestolen,abusedandcompromised. 24. Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? No.Icouldexplainwhytheywillneverbetechnicallyfeasible,butnotin6pagesusinglanguageyou wouldunderstand. 25. HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill ? Thebillwillsimplyhastentheblanketuseofencryptionand/oronionroutingwhichwillentirely defeat oratleastsubstantiallyimpair thevalueofmasssurveillance. Inaddition,countersurveillancetools someofwhichIhavedeveloped willlikelyfurtherdiminish thevalueofretaineddatabycreatingablizzardofunusablenoise thatwillalsoneedtoberetained . 26. Arethereconcernsabouttheconsequencesofdecryption? Ifencryptedstreamsareroutinelyinterceptedanddecrypted,confidenceinanyformofUK telecommunicationsencryptedorotherwisewillbelost.
180
Atthatpoint,anyuseoftheUKcommunicationsnetworkbecomeswhollycompromised,andthe infrastructurebecomesinherentlyuntrustworthy.TherethenremainsnobasisforassumingthatUK telecommunicationsareprivateorsecureagainstunauthorisedsurveillance. Whichwouldbeatragedy,butassumingIcanemigrate,onethatwouldbeyourproblemtoresolve,and notmine. August2012
181
Just West Yorkshire

WedonotbelievethattheUKgovernmenthasputforwardaconvincingorcogentcasefortheneed forthenewpowersproposedinthedraftBillandwebelievethattheproposedmeasureserodecivil liberties. WeendorsethefindingsoftherecentlypublishedReportbyBigBrotherWatch acivilliberties group entitledAlegacyofsurveillancewhichhighlightsveryseriousconcernswiththeuseof surveillancebypublicauthoritiesandthelackoftransparencythatcurrentlyexists.Thispositionis alsoendorsedbytheCommunitySecretaryEricPickles. http://www.guardian.co.uk/politics/2012/aug/22/bbcofstedsecrecysurveillance WeconcurwithNickPickles,directororthecampaigngroupBigBrotherWatch,condemnationofthe proposals:
"Thisisanunprecedentedattackonprivacyonlineanditisfarfromclearthiswillactuallyimprove publicsafety,whileaddingsignificantcoststointernetbusiness.Noamountofscaremongeringcan hidethefactthatthispolicyisbeingcondemnedbyMPsinallpoliticalparties."
Clearlythereisaveryrealriskofthenewproposedpowersbeingabusedormisusedbypublicsector organisations.Theplanswouldgiveunrestrictedandcarteblanchepowertoinstitutionswithoutthe properchecksandbalancesbeinginplace.TheextensiveuseoftheRIPAlegislationbylocalcouncils andpublicservicesclearlyhighlightthepotentialforabuseofanylegislationwhichseekstostrip awaytheindividualsrightstoprivacy. Weconsidertheargumentthatthesepowerswillhelptoreducecrimetobefatuous.Positive outcomesincriminalinvestigationsarebestachievednotthroughincreasedsurveillancebutthe appropriatedeploymentofpoliceofficerstotacklecrime. Furthermorethepressandmediahaveconsistentlyhighlightedcasesofpolicecorruptionandfraud theverygroupsthatismostlikelytousethislegislation.JUSTalsobelievesthatthelackofpositive relationshipsbetweenBMEcommunities viz,Muslims,AfricanCaribbeangroups andthepoliceasa consequenceofthepolicetargetingpotentialterroristsandextremistsandgunandknifecrimecould leadtothesegroupsbeingunfairlytargetedundertheproposedmeasures.Thereisarealriskof sensitive,privateandpersonalinformationbeingabused. Althoughtheproposedmeasurehighlightsoneofitskeybenefitsastheabilitytotrackpedophiles, therecentexampleofaformerpoliceofficerwithWestYorkshirePolicewhowasconvictedof makingindecentimagesofchildren,highlightsthatinthewronghands,thesepowerscarryagrave risktotheindividual.http://www.wakefieldexpress.co.uk/news/local/morewakefield news/formerwestyorkshirepolicedetectiveschildpornshame14712857 TheOfficeoftheInformationCommissionerhasexpressedgravedoubtsaboutthemasssurveillance projecttoo.Hebelievesthecasehasnotbeenmadetojustifythesweepingexpansioninthepowerof thepoliceandotherpublicbodiestotrawlthroughprivatecommunications,includingvisitsto FacebookandeBay. Thegovernmenthasclaimedthisproposalisneededtofightterrorismandseriouscrimes; HowevercomputerdatabasesandsystemssuchasNICHE,PNC,ANPR,VENOM,HOLMES,OIS,WYSE alreadyexistandprovidethepoliceandotheragencieswithanextraordinaryamountofdataand intelligenceonindividuals,propertiesandbusinesses. Likewiseautomaticclassification,riskbasedprofiling,systematictrackingandrecordingoftravel anduseofpublicservices,automateduseofCCTV,analysisofbuyinghabitsandfinancial transactions,andtheworkplacemonitoringoftelephonecalls,emailandinternetusearealready usedextensively.
182
Underthenewproposals,ISPswouldinstallhardwarefromGCHQtheGovernment'selectronic snoopingagencyallowinginvestigatorstotapintoarealtimefeedofdata,andexaminewhen communicationsweresent,andwhoto,inordertobuildupintelligenceoncriminalactivity.Itisour clearpositionthatsufficientpowersalreadyexist,whichservelawenforcementandpublicagencies adequately. OnlyveryrecentlyaSupremeCourtrulinghasconfirmedthattheretentionofinnocentpeoplesDNA bythePoliceaftertheyhavebeeninvestigatedandclearedofanoffenceisunlawfulandthatitwas incompatiblewitha2008EuropeanCourtofHumanRightsdecision.Clearlythereforeinthesame logicaroundthelawfulretentionofdatainrelationtoinnocentpeopleshouldapply. Ourconcernsaboutthelackofsafeguardsaroundtheconfidentialityoftheinformationis substantiatedfollowingtherecentadmissionbytheMinistryofJusticethattheirsystemshadbeen subjecttoanonlinecyberattack.http://www.independent.co.uk/news/uk/politics/homeoffice andministryofjusticetargetedbyanonymoushackersinassangeprotest8069811.html FurthermoreaccordingtoGooglesTransparencyReport,fromJanuaryJune2011lastyear,they received1,279userdatarequestsfromUKauthoritiesandrefusedtocomplywith37%.Clearlythere wereconcernsaroundthereleaseofpersonaldatathatdidnotmeetthedisclosuretestsunderthe DataProtectionAct.Underthisproposal,thatnumberofrefusalswoulddroptozerosignalingno validityorthresholdtestsfortherequests. Theproposalisamassiveencroachmentonprivacy,andhasmanyassociatedsecurityrisksand potentialforfurtherabuse.Tostoredetailsofinternetuseforayeartoallowpoliceandintelligence servicestoaccessitiswhollydisproportionateandunnecessary.ThereiscleardisquietamongMPs toowiththemostrecentconcernbeingarticulatedbySeniorToryDavidDavisMPwholabeledthe proposal"incrediblyintrusive" ThehugecostofthespyingprojectatatimewhentheGovernmentismakingcutselsewhereisnot justifiable.Inaneraofausterity,themoneywouldbebetterspentonfundingkeypublicservices suchashospitals,schoolsandcommunityprojectsandaddressthewideningdeficit. JUSTWestYorkshirefearsthattheverypeoplethatsnoopingplansareintendedtouncoverserious organisedcriminalgangs,majorfraudsters,paedophilesaretheveryoneswhoarealreadyusing technologytoavoidbeingsnoopedupon.Thereforetheproposedlawisnotonlyadisproportionate responsebutwhollyinadequatetodealwiththeproposedproblem. August2012
investigators,subjecttocomplyingwiththerelevantlegalrequirementsduringtheinvestigationor detectionofacrime. notsurewhatthismeans
Presently,ISPskeepdetailsofwhichwebsitesusersvisit,andwhotheysendandreceiveemailsand internetphonecallsfrom,for12months.Thisinformationcanbeaccessedretrospectivelyby
183
JUSTICE
ExecutiveSummary Surveillanceisanecessaryactivityinthefightagainstseriouscrime.Whentargeted,itcanplaya vitalpartinournationalsecurity.Unnecessaryandexcessivesurveillance,however,destroysour privacyandblightsourliberty. TheDraftBillbuildsontheexistingandinadequateregulatoryprovisionsinRegulationof InvestigatoryPowersAct2000 RIPA .JUSTICEconsidersthattheRIPAmodelisneitherforward lookingnorhumanrightscompliant. TheprovisionsintheDraftBillproposeanationwideandblanketintrusionintotheprivatelifeof everypersonintheUKusingmoderntechnologytocommunicate,toenhancetheirdailylivesand supporttheirfreedomofexpression.Itwouldprovidefortheexponentialexpansionofthecollection ofinformationabouthowweusetheinternet,mobiletelephones,landlinesandthepostto communicatewitheachother.TheInformationCommissionerhascalledthisastepchangeinthe relationshipbetweentheStateandthecitizen.Weagree. TheprovisionsintheDraftBillarebroad,vagueandunjustified.Nosignificant,newsafeguardsare offered.Importantly,weareyettoseeclearevidencetosupporttheGovernmentscasethatsuch expansionisnecessaryorappropriate. Currently,around500publicauthoritiesarecapableofaccessingourcommunicationsdatausing existingsurveillancepowers.RIPAallowsthesepublicbodiestoselfauthoriseaccesstoourpersonal information.JUSTICEconsidersthatthisapproachposesasignificantthreattoourpersonalprivacy. Priorjudicialauthorisationforaccesstosurveillancepowers,includingaccesstocommunications datashouldbethedefaultinmostcircumstances.Fewerpublicauthoritiesshouldbeabletoaccess thissensitiveinformationaboutourprivatelivesandaccessshouldbelimitedtothosecircumstances whensurveillanceisstrictlynecessary,principally,forthepurposesofpreventinganddetecting seriousoffences. Rootandbranchreformofourexistinglawonsurveillanceisneededtoprovidefreedomfrom unreasonablesuspicionandamodernsurveillanceframeworkforadigitalage;notthefurther expansionofsurveillancecapabilitywithouttrulyeffectivesafeguardsagainstabuse. a Introduction 1. Foundedin1957,JUSTICEisaUKbasedhumanrightsandlawreformorganisation.Itsmissionis toadvanceaccesstojustice,humanrightsandtheruleoflaw.ItisalsotheBritishsectionofthe International Commission of Jurists. Last year, we published Freedom from Suspicion:
Surveillance Reform for a Digital Age, calling for the wholesale reform of the existing legal
frameworkforsurveillance,intheRegulationofInvestigatoryPowersAct2000 RIPA . 175 2. WewelcometheopportunitytosubmitbothwrittenandoralevidencetotheJointCommitteeon the Draft Communications Data Bill the Joint Committee . We regret that the Draft Communications Data Bill the Draft Bill is severely lacking in detail and posed as a broad enablingpowertoarrangeforthecollection,retentionanduseofpersonalinformation,withvery
175JUSTICE,
FreedomfromSuspicion:SurveillanceReformforaDigitalAge,Nov2012.Hardcopiesof thisreportwillbeprovidedtomembersoftheJointCommitteeonrequest.Chapter4,which considerscommunicationsdata,isprovidedasanAnnextothissubmission. http://www.justice.org.uk/resources.php/305/freedomfromsuspicionHererin,Freedomfrom Suspicion.
184
little detail provided on how these powers might be exercised in practice. This approach will significantlyunderminetheeffectivenessofprelegislativescrutinybyParliament,commentators andthewiderpublic. b Background 3. The Communications Data Bill introduced in 2008 by the previous Government, would have, among other things, required communications service providers to give police and intelligence agencies unprecedented access to their networks for the purposes of facilitating interceptions andrequestingdata.ItwaswithdrawninthefaceofwidespreadoppositionfromJUSTICEand othercivillibertiesorganisations,Parliamentariansandthepublic.TheformerDirectorofPublic ProsecutionsSirKenMacdonaldQC,forinstance,describedthoseproposalsasseekingtocreate an unimaginable hellhouse of personal private information. 176 In 2009, the Labour GovernmentconsultedonaseriesofproposalswhichwouldenabletheGovernmenttorequire privateproviderstocollectcommunicationsdata,againforthepurposesoffacilitatingaccessto thatdatabypublicauthorities.Again,inthefaceofopposition,theseproposalswereshelved. 177 4. The Coalition Programme for Government committed to end the storage of internet and email recordswithoutgoodreason. 178Yet,earlyinitslife,theCoalitionalsocommittedtointroducing a programme to revisit access to communications data. 179 However, the Government also promised to legislate in order to put in place the necessary regulations and safeguards that would ensure that our response to this technology challenge is compatible with the Governmentsapproachtoinformationstorageandcivilliberties. 180 5. 6. Unfortunately,theDraftBillfailstomakegoodonthesecommitmentstorobustsafeguardsfor theprotectionofourrighttoprivacyonline. The Draft Bill builds upon our existing framework for surveillance in the Regulation of Investigatory Powers Act 2000 RIPA . RIPA currently provides for requests for access to communications data. Communications data is defined by RIPA and includes subscriber data, traffic data and user data. Broadly, subscriber data is information held by a provider about a user;trafficdataoutlinesinformationsuchasthelocationofthecommunicationandthepeople
PrivatefirmmaytrackallemailandcallsbyRichardNortonTaylorandAlanTravis,The Guardian,31December2008. 177JUSTICEssubmissiontotheHomeOfficeConsultation,Protectingthepublicinanchanging communicationsenvironment,in2009isavailable,here: http://www.justice.org.uk/resources.php/190/communicationsdatacollectionandusejustice response 178CabinetOffice,TheCoalitionProgrammeforGovernment,p11 179SecuringBritaininanAgeofUncertainty:TheStrategicDefenceandSecurityReview Cm7948, October2010 ,p44. 180SecuringBritaininanAgeofUncertainty:TheStrategicDefenceandSecurityReview Cm7948, October2010 ,p44.
176See
185
involved,anddetailsoftheequipmentused;andusedatarelatestotheusemadeoftherelevant service forexample,whatwebsitesauserhasvisitedetc . 181Namedpublicbodiescanaccess different categories of data for different purposes, following internal administrative authorisation by a senior officer within their organisation. Following the passage of the Protection of Freedoms Act 2012, local authorities may only access limited data following authorisationbyamagistrate althoughtheseprovisionsarenotyetinforce . 7. The request to a service provider may be in the form of an authorisation section 22 3 or a notice section 22 4 , the difference being the former is a request for information that the provideralreadyholds,whileanoticeisadirectiontotheprovidertoacquireitonbehalfofthe requestingbody.Noticesandauthorisationslastonemonthunlessrenewed. 182Serviceproviders mustcomplywithnoticesrequiringaccesstocommunicationsdataunderRIPA,unlessitisnot reasonablypracticabletodoso. 183Ifnecessary,theSecretaryofStatecanseekaninjunctionfor theenforcementofthenotice. 184OversightisprovidedbytheInterceptionofCommunications Commissioner. 185 Since late 2005, public bodies able to make requests have been subject toan inspectionregimecarriedoutbyaninspectorateunderthedirectionofaChiefInspectorandthe supervisionoftheCommissioner. 8. The Data Retention EC Directive Regulations 2009 which implement the EU Data Retention Directive 9.
186 require certain public communications operators to retain information originally
heldforcommercialpurposesforupto12months. 187 The overriding difference between the existing framework and the Draft Bill is the shift away from the presumption that for limited purposes, the State may access data already retained or reasonablyobtainablebyserviceproviders,whenshowntobenecessaryandproportionatefor thepreventionordetectionofcrimeandotherreasonswhichservethepublicinterest.Whilethe existingmeasuresareflawed wereturntothisbelow ;theDraftBillwouldcreateapowerfor theSecretaryofStatetodeterminethatallcommunicationsdataaboutthepopulationsactivities and habits should be retained on a blanket basis, just in case it should prove justifiable for a publicauthoritytoseektoaccessthatinformation.Thispotentiallyexponentialexpansionofthe storageofdataaboutourpersonalliveswouldcreateanew,andJUSTICEsubmits,inappropriate, understandingabouttheroleoftheStateinprivatecommunications.
181
interceptionofcommunicationsdata.Sections21and22,RIPAgovernthecurrentframework. 4 and 7 . 183Section22 7 . 184Section22 8 . 185Section57 2 b .SeefurtherChapter3above. 186Directive2006/24EC 187SI859/2009

182Section23
Freedomfromsuspicion,Chapter4,providesfullerdetailsontheexistingrulesgoverning
186
c TheDraftBill 10. Part1oftheDraftBillcloselyfollowstheintentionofthepreviousGovernmentbyproposingthat thegeneration,collectionandretentionofdataaboutallonlineandtelephoniccommunications in the UK becomes universal, with information about us all gathered and stored without any connectiontothelikelihoodthatourcommunicationsareconnectedwithcriminalbehaviour. 188 11. Clause 1 creates a broad delegated power which will allow the Secretary of State to compel telecommunications operators to generate, collect or otherwise obtain new data about our communicationswhichisneitherrequiredbyprovidersforcommercialpurposesnorcurrently held. 189Itmakesclearthattherequirementswhichcanbeimposedwillbeverybroad,including togenerate,collect,retainandprocessdata;tocomplywithspecificstandardsortousespecific systems includingthroughthedevelopment,acquisitionanduseofnewsoftwareorhardware . 12. However, the detail of how these arrangements will be secured is left to secondary legislation and very little information is provided in either the Explanatory Notes or the accompanying impact assessments prepared by the Home Office. No Draft Order has been produced for considerationbytheCommittee.DetailedarrangementswillbemadebyacombinationofOrder by affirmative resolution and subsequent notices served on individual providers which may notbepublishedorprovidedtoparliamentforscrutiny . 190Giventheseriousnessofthechange proposed by the Draft Bill, the limited information provided for the purposes of parliamentary andpublicscrutinysignificantlylimitstheabilityofbothdecisionmakersandcommentatorsto closelyexaminehowthetechnologyandproceduresenvisagedbytheGovernmentwilloperate inpractice. 13. Part2oftheBillprovidestheregulatoryregimeforaccesstothedatacollectedunderPart1.It broadly replicates the existing administrative procedures in RIPA, with the only prior judicial authorisationrequiredbylocalauthorities Clause11 .Allotherpublicauthoritieswillbeable
188ThepreviousproposalsinitiallyproposedaGovernmentdatabaseforthispurpose;earlyinthe
oppositiontoitsintentthoseproposalsshiftedtofocusoncompulsionofprivateprovidersto gatherinformationabouttheirusersforthepurposesofensuringthatmaterialshouldbe availableshoulditberequestedbypublicauthorities. 189Clause1 190Clause7 1 explainsthatnoticesservedandprovidedforbyanyOrdermadeunderClause1must beinwritingandmustspecifythepersontowhomitappliesandmustbegiveninsuchawayas todrawittothatpersonsattention.Thereisnorequirementforpublication.Itisclearthatthe SecretaryofStatewouldbeempoweredtopublishbutnotrequiredtodoso.Whileproviders mightinsistonacertaindegreeofcommercialconfidence,sinceasignificantamountofdetail abouthowourcommunicationsdatawillberetainedandprotectedfrominadvertentdisclosure maybeinsuchnotices,itlimitstheopportunityforbothparliamentaryandpublicscrutiny significantlyifeventhegeneraltermsofhowthetechnologyandprocessesenvisagedbytheBill willoperateinpractice.Similarnoticesservedunderexistingpowerse.g.undertheData RetentionRegulationshavenotbeenpublished.Whenrequestsforpublicationhavebeen made,theyhavebeenrefusedforreasonsofnationalsecurity.
187
toaccessthedataafterselfauthorisationfollowinganadministrativeprocesssetoutintheDraft Bill Clause 9 . The list of public authorities empowered to access the data collected will be provided by Order no draft has been provided, as the Secretary of State is reviewing whether existingauthoritiesempoweredtoaccesscommunicationsdatatocontinuetodoso .Atahigh point, in 2007, 795 public bodies were eligible to access communications data under RIPA. 191 Thereremainover500bodiescurrentlyauthorisedunderRIPA. 192 14. Clause 14 of the Bill gives the Minister the power to establish filtering arrangements for the purposesoffacilitatingthelawful,efficientandeffectiveobtainingofcommunicationsdata.The Government has explained that the filtering mechanism will be automated but will be able to searchacross different sources ofdata held by different providers to ensure the most effective answertoanindividualpublicauthorityrequestforaccesstodata.TheExplanatoryNotesmake clear that the filtering mechanism may operate before a request has been formulated that is, beforeanindividualauthorityhasdeterminedthatarequestisnecessaryandproportionate . 193 The Government stresses that although this information will be processed by a Government controlled mechanism, it will be done automatically and will not allow the public authority in question to access data unless specifically authorised under Part 2. The Bill provides for the Secretary of State to delegate the operation of this filtering mechanism to another public authority.Itisunclearhowthisfilterwilloperate,itsintendedtechnicalspecificationsorwhoits intendedoperatorwillbe. d Privacy,communicationsanddata 15. Thateachofthedistinctactsofcollection,retentionanduseofpersonalinformationisprotected byourrighttorespectforprivatelife,homeandcorrespondenceguaranteedbyistrite. 194The
191
FreedomfromSuspicion,para173.
192Inhislastreport,theInterceptionofCommunicationsCommissionerreportedthat400local
authoritiesalonewereeligibletoaccessdata heinspected71ofthosebodies .Heinspecteda further99publicauthoritiesalsoauthorisedtoactunderRIPAforthispurpose.SeeAnnual ReportoftheInterceptionofCommunicationsCommissioner2011,HC496. 193ExplanatoryNotes,paras7477. 194InMalonevUK 1984 7EHRR14,theCourtconsideredtheattachmentofametercheckprinter toatelephonelineforthepurposesofrecordingthetimecallsweremade,towhomandforhow long.TheCourtconsideredthatthecollectionofthisinformationengagedtherighttoprivacy, butinthesecircumstancescouldbejustifiedbyreferencetothecommercialneedforasupplier ofservicestolegitimatelyensureasubscriberischargedcorrectly.Thisusewasproportionate andjustifiable.However,passingtheinformationtothepolicewithoutstatutoryauthorityand relevantsafeguardsagainstabusewasnot.See,forexample,paras5684.Itisworthnotingthe gatheringandcollationoftheinformationhereisjustifiedbythecommercialneedtoretain information.TheDraftBilldoesnotlimititseffecttomaterialalreadyheldbysuppliersand operators,butwillrequirethegenerationorretentionofdatanotneededforanycommercial purpose.Thequestionofjustificationheregoestowhetherthegenerationorretentionofthis informationcanbejustifiedforthepurposessetoutbytheHomeOfficeinconnectionwiththe potentialforsomecommunicationstoinforminvestigationsandinquiriesbypublicauthorities. InAmannvSwitzerland 2000 30EHRR843,forexample,theCourtheldthatthestoringof informationabouttheapplicantonacardinafilewasfoundtobeaninterferencewithprivate life,eventhoughitcontainednosensitiveinformationandhadprobablyneverbeenconsulted.In RotaruvRomania 2000 8BHRC449,atpara43,theCourtstressedthatevenpublic
188
protectionofprivatecorrespondenceisguaranteedbyinternationalandEuropeanlaw,inboth Article 8 of the European Convention on Human Rights and the equivalent provision of the European Charter of Fundamental Rights. 195 The collation, retention and use of personal information are specifically protected by the domestic and EU legal framework on data protection,forexampleintheDataProtectionAct1998. 16. The authority for both the extension of the collection of data in Part 1 of the Bill and the provisionsforaccesstoit inPart2 mustbejustifiedseparatelybyreferencetoalegitimateaim andmustbeshowntobeproportionateandnecessarytomeetthataim.Toavoidviolatingthe righttorespectforprivacy,thestatutoryprovisionsauthorisingbothretentionandaccessmust beinaccordancewiththelaw: a. AretheprovisionsintheDraftBillsufficientlyclearandprecisetoallowindividualsto understand when their data will be retained, and in what circumstances it may be accessedbytheState? b. c. HasevidencebeenproducedtoshowhowtheprovisionsintheBillwillbenefitthisaim, and to support the Governments case that the interference with individual privacy posedbytheBillwouldbeproportionatetothebenefittobeachieved? d. e. AreadequateandeffectivesafeguardsagainstabuseprovidedintheBill? 17. Weexplainbelowwhy,inourview,eachofthedistinctpartsoftheDraftBillposeasignificant risktotheindividualrighttoprivacy.Asexplainedinoneoftheleadingcases,surveillanceoften occurs without the knowledge of the individual whose rights are in play. So, in most cases an individual will never know whether his information has been reviewed or what has been retained.Onlyinthelimitedcircumstanceswhentheinformationisusedinatrialorwhenan authorityacknowledgesthesurveillancethatanindividualmaybeabletochallengeitspropriety. Aretheproposalstheleastrestrictivemeansofachievingtheaiminquestionandhave alternativesbeenconsidered? Dotheprovisionsaddressalegitimateaim,addressingthepreventionanddetectionof crimeorothersignificantpublicinterests?

informationcanfallwithinthescopeofprivatelifewhereitissystematicallycollectedandstored infilesheldbytheauthorities. 195Article7.
189
In thesecircumstances, there is asignificant obligation onthe Stateto ensure that surveillance powersarecloselydrawn,safeguardsappropriateandprovisionmadeforeffectiveoversight:
itis unacceptablethattheassuranceoftheenjoymentofarightcouldberemovedby thesimplefactthatthepersonconcernediskeptunawareofitsviolation.. 196

18. TheCourtstressedthatthejustificationofanysurveillancemeasuresplacesasignificantburden onStatestoadopttheleastintrusivemeasurespossible:
P owersofsecretsurveillanceofcitizens,characterisingastheydothepolicestate,are tolerableundertheConventiononlyinsofarasstrictlynecessaryforsafeguardingthe democraticinstitutions. 197

19. JUSTICEstronglyopposestheproposalinPart1oftheBilltoexpandthegeneration,collection and retention of communications data. We consider that the expansion of the pool of data collectedaboutouronandofflinerelationshipswithoneanotherposesasignificantrisktoour privacyandultimately,theGovernmenthasfailedtoprovideevidencetosupportthisextended provision for the capturing of data. Existing provisions under RIPA to access communications dataarealreadyextremelybroadandtheGovernmenthasfailedtoillustrateclearlywhythese powersareinadequateorwhyproposalsofthebreadthproposedintheBillarejustifiable. 20. Theretentionofdataposesaninterferencewiththerighttoprivacy,bothinitscreationandin the risk that it may be accessed unlawfully or in error. As the Newton Committee reported in 2003,thereareobviousriskstoprivacyinkeepinginformationaboutindividuals.Theexistence of data creates its own demand for access to it from a wide range of bodies for a variety of reasons, mostly unrelated to national security. It also creates the potential for abuse. 198 We thereforeconsiderthattheexistingpoolofcommunicationsdataliabletoberetainedshouldnot beexpandedunlessacaseofstrictnecessitycanbemadeout. 21. TheGovernmentmustillustratewhythesemeasuresareneeded.Weacceptthattechnologyis changing; as is the way we communicate with each other. However, simply because it may be possible for the State to gain access to a significantly greater pool of information about our private lives as a result of this shifting technological and social base does not mean that it necessarilyshould.
196
1978 72EHRR214,paras36,41.
197Ibid,para42.SeealsoPara49:
TheCourt,beingawareofthedangersuchalawposesof underminingorevendestroyingdemocracyonthegroundofdefendingit,affirmsthatthe ContractingStatesmaynot,inthenameofthestruggleagainstespionageandterrorismadopt whatevermeanstheydeemappropriate.

December2003 ,para398.
198ReportoftheReviewofPrivyCounsellorsoftheAntiTerrorismCrimeandSecurityAct2001
190
22. WeregretthattheECHRmemorandumandthePrivacyImpactStatementpreparedbytheHome OfficeandtheothermaterialprovidedtotheJointCommitteefallssignificantlyshortofproviding parliamentarians and the public with adequate information on its case for reform. We are particularlyconcernedaboutanumberofstatementsmadebytheGovernment: a. Expansion, not maintenance: We take issue with the repeated assertion in the consultationdocumentandassociatedmaterialswiththeassertionthattheseproposals areneededbecauseavitaltoolisdisappearingorthattheprovisionsarenecessaryto ensure communications data is availablein the future as it has been in the past. 199 This is compounded by the ECHR Memorandum which refers to the reduction in the availability of communications data that will have serious consequences for the UK and the need to mitigate the reduction in capabilities caused by the decline in the availability of communications data. 200 This capability gap is not evidenced in any of the documents associated with the Draft Bill. The Impact Assessment asserts that increasingly police and others are unable to get access to communications data; some data is no longer retainedfor business reasons; some providers offering services in this country are based overseas. 201 There is little clarification of the circumstances when communications data which would previously available is no longer, nor any evidenceprovidedofhowthisgaphasimpactedontheabilitytopreventordetectcrime. Neither is information given about the Governments predictions on the impact of changingtechnologicalcapabilities.Inotherwords,thegovernmentseekstojustifythe expansion of its already considerable powers to require the retention of communicationdataonthebasisofaseriesofpredictions,eachofwhichisquestionable atbestandspeculativeatworst. 202 Themotivationforthischangeisintheevolvingwaythatwecommunicatewitheach other.Thereisnochangeordecreaseinthecapacityoftheauthoritiestoaccessexisting data,asprovidedbyRIPA byissuinganoticeunderRIPA,apublicauthoritycanrequire abodytogenerateinformationnototherwiseheldorunderanauthorisationtoprovide dataalreadystored .Instead,therealconcernisthataswechangeourmeansof communicating,thepotentiallyavailablepoolofcommunicationsdataisexpanding. Muchofthedatathatcouldbecollectedabouthowwerelatetooneanotherisnot currentlycollectedanditmaybetechnicallyimpossibleforproviderstodousingtheir existingsystems.Withoutanystatutorycompulsionorbusinessneed,thereisno
199Foreword,
DraftCommunicationsDataBill,TheresaMay.
200DraftCommunicationsDataBill,page100. 201ImpactAssessment,page3 202ThisreflectsthelastconsultationonthisissueundertakenbythepreviousGovernmentonthis
issue.TheJUSTICEresponsetothatconsultationisavailablehere: http://www.justice.org.uk/resources.php/190/communicationsdatacollectionandusejustice response.Seepara6.
191
motivationforprivateproviderstogeneratethisdataabouttheirusersactivities.This isexplainedmoreclearlyintheImpactAssessmentwhichacceptsthattheGovernment hasconsideredtwospecificproblems: a thatcertaintypesofdataaboutour communicationsisnotcurrentlygenerated;and b thatmanynewformsoftechnology arebasedoverseasandthirdpartyproviderswithintheUKdonotroutinelystore informationabouttheirusersactivitiesontheseforums. TheprovisionsintheDraftBillarenotdesignedtoredressareductionincapability. Insteadtheyaredesignedtoincreasetheabilityofpublicauthoritiestoaccess informationabouthowwecommunicatebywideningthepoolofinformationthatisheld intheUKaboutouractivitiesonandoffline.Specifically,theywilltargetouruseofnew technologieslikeFacebookorGmailwhicharewebbasedandwithoutanyneedtostore informationaboutuserswithintheUK.Itwillalsocoverprivatecommunications networks,suchasthoserunbyBlackberryorinternalcommunicationsnetworks operatedbycompaniesandotherbusinesses. 203 b. Statecollectionofpersonalinformation:TheGovernmenthasimpliedthat,sincethedata retainedundertheBillwillberetainedbyprivatesectorproviders,theobligationonthe State to justify the retention is less onerous. The Governments view is that the only obligationinplayontheStateinthesecircumstancesmaybeapositiveobligationto effectively regulate the activities of the private sector in order to secure the safe retentionofthedata,includingbyenforcingtheexistinglegalframework. 204 Thisispotentiallymisleading.TheStatehasdistinctpositiveobligationstoregulatethe processingofpersonalinformationbyprivateindividuals,inordertoprotectindividual rights.However,theissuesraisedbytheBillarefarremovedfromthequestionsraised bythemishandlingofpersonalinformationgatheredbytheprivatesector;forexample, afailureoftheStatetoregulatethemisuseofprivatelygatheredCCTVfootage.The DraftBillwouldplaceacompulsoryobligationontheprivatesectortoretain informationwhichitwouldnototherwiseneednorwant.Itisthiscompulsory obligationtoretainanactoftheState,nottheprivatesectorwhichmustbejustified. Itmayassist,inthesecircumstances,toviewtheprovidersasagentsactingonbehalfof theGovernmentforthepurposesofcollectingandretainingdata.Thefirstquestion mustbewhethertheGovernmenthasproducedsufficientevidencetojustifythe requirementtoretain.Thesecond,whetherthatretentionisinpracticeaccompaniedby adequateandeffectivesafeguardsfortheprotectionofprivateinformation. 205
DataWatchdogquestionscaseforemailsnooping,02April2012.The InformationCommissionersOfficereferredtotheexpansionofthecollectionofcommunications dataasastepchangeintherelationshipbetweenthecitizenandtheState. 204ExplanatoryNotes,ECHRMemorandum,paras1015 205DraftCommunicationsDataBill,pages9699,paras815.Inthissectionofthememoranda,the GovernmentreliesonaseriesofcaseswhichrelatetothepositiveobligationsoftheStatetoact toprotectoneindividualagainsttheactionsofanotherprivateindividualbyregulatingtheir conductbylaw,includingthroughthecriminallaw.So,inBottavItaly,theItalianGovernment hadapositiveobligationtoenforcedisabilitylegislationagainstprivateproviderstoensure accessfortheapplicant;inKUvFinland,theinabilitytoforcethedisclosureoftheidentityofthe userofaninternetservicemeantthattheGovernmentfailedinitspositiveobligationtoprovidea formofredressandprotectionforachildwhoseidentityhadbeenabusedonline;andinVon Hannover,theStatehadanobligationtoprotectanindividualsprivacyagainstthepublicationof photographstakeninapublicplacebyaprivateproviderwithoutconsent.Noneofthesecases areanalogoustotheproposalsintheBillandweurgetheCommitteetoexaminetheevidence
203TheTelegraph,
192
c.
What does data mean?: The Government explains its view that interception of the content of communications should be considered a more serious interference than the data associated with it. However, the historical distinction about the retention of communicationsdataandtheinterceptionofcommunicationsisnotnecessarilyfeasible in the light of evolvingtechnology. The information recorded by a phone meter in the early1980sisnothing,whencomparedtowhatistodayrecordeddigitallyinrespectof everymobilephonecall,textmessageorinternetsession.Trafficdataforaphonecall, forinstance,includesnotonlythenumbersofthecallerandthecalled,thetime,dataand durationofthecall,butalsodatashowingthelocationofeachparty,whetherthenearest telephone exchange or increasingly GPS data. Similarly, the traffic data associated with a single email message will typically include not only the data and time of the message, when it was sent and received, etc but also the senders login name and IP address, from which can be gained a variety of information including, in certain cases, theparticularcomputerusedanditslocation.Trafficdatafromaninternetsessionwill include similar information as well as, for instance, the URLs of websites visited e.g. www.justice.org.uk , and the time spent on each site. In addition to socalled traffic data, communications data also includes service use data produced by service providers, e.g. itemised phone bills or internet records, and subscriber data; i.e. the name and date of birth of the customer, their billing address, contact and payment details.
Inthissense,theideaofcommunicationsdataasbeingpurelyenvelopedataishighly misleading:nobodywritestheirfriendscreditcarddetailsonanenvelope,stilllesstheir own.Itshouldalsobeobviousthattheunnecessaryordisproportionatedisclosureof detailsaboutapersonsprivatecommunicationscaninsomecasesbeeverybitas damagingtothatpersonsprivacyasanactualinterceptionoftheircommunications, particularlywhenitrevealstheirlocationataparticulartimeanddateorthefactoftheir contactwithaspecificperson.Similarly,areviewofapersonsinternetactivitiescan allowanintimatepicturetobebuiltabouttheirindividualchoicesandpersonalhistory, includinginformationabouttheirhealth.Storingthesumofourannualcommunications dataacrossmultipleproviderscouldcreateanextremelyfullpictureofourpersonal preferences,activitiesandhabits.Thecollationofthiskindofdata,accessibledirectlyor

whichtheGovernmenthasprovidedtojustifytheneedtocompelprivateproviderstogenerate, collateandretaindataforitspurposesclosely.Thesecaseshavemoreincommonwiththecases wheretheGovernmenthascollatedmaterialbutnotnecessarilyusedthematerialinpracticeor whereithasconductedstrategicsurveillance seeforexample,RotaruvRomania,Ammanv SwitzerlandandLibertyvUK AppNo58243/00,Judgmentdated1July2008 .The GovernmentreferstothecaseofMalonevUK,consideredabove,wheretheCourtconsideredthe collationofmeteringinformationforbillingpurposeslegitimateandcompatiblewithArticle8 ECHR.Asexplained,thecollectionofinformationforlegitimatecommercialreasonswillinvolve distinctconsiderationtotheproposaltorequiretheprivatesectortoretainmaterialitwouldnot otherwiseretainforpublicpurposes.
193
acrossdatasetsthroughafilteringmechanismcouldhaveaseriousimpactonourright torespectforourprivatelives. Othersaremorecapableofcommentingonthetechnologicalfeasibilityofdividing contentandcommunicationsdata,butJUSTICEunderstandsthatthisisincreasingly difficult.AsagroupofacademicsintheInformationSystemsandInnovationGroupof theLondonSchoolofEconomicsnotedintheir2009briefingonthegovernments InterceptionModernisationProgramme, 206thedistinctionbetweensocalledtraffic datarelatingtointernetuse,ontheonehand,andtheactualinterceptionofthecontents ofacommunication,ontheother,isbecomingincreasinglyblurred,particularlybythe useofdeeppacketinterception: 207 d. Doescollectingdataviolateourprivacy?:TheGovernmentarguesthatthecollectionand retentionofdatarequiresalesserdegreeofjustificationthanuseofdata.Weacceptthat theproportionalityofindividualmeasureswillvaryaccordingtotheseriousnessofthe interference concerned and its potential impact and the significance of the evidence that the measures utilised are necessary and proportionate to any legitimate aim. However, the documents accompanying the Bill give very little weight, if any, to the proposed interference with individual privacy posed by the expanded retention of communicationsdata.Importantly,althoughthePrivacyImpactAssessmenttacklesthe privacyimplicationsofaccessunderPart2,andsafeguardsassociatedwithretention,it makes no provision or assessment of the justification for the compulsory retention provisionsinPart1.Significantly,itfailstograpplewithongoingEuropeanchallengesto the Data Retention Directive; the specific implications of the collection of data for particular groups of individuals; or any wider human rights considerations associated withthegenerationandcollectionofdata: i. These provisions will operate in addition to the existing Data Retention Regulationswhichprovideforsomeproviderstoretaincertainuserdataforup to12months.TheRegulationsfurtherthanrequiredbytheEUDataRetention Directive. The Draft Bill would go significantly further by creating a default assumption that all information about our communications with each other mightberetainedjustincase,onarolling12monthbasis,ensuringthatatany one time the State will have access to an annual history of our on and offline activities.AsignificantnumberofEUcountrieshaverefusedtoimplementthe EU Data Retention Directive; and its provisions, or associated implementing legislation, declared unconstitutional by judicial authorities in a number of countries, including Ireland, Belgium and Germany. The European Court of
BriefingontheInterceptionModernisationProgramme June 2009 . 207ProfessorPeterSommeroftheInformationSystemsandInnovationGroupquotedintheLSEpress release,HomeOfficeinternetsurveillanceproposalswontworksaysLSEstudy,17June2009.

206LSEPolicyEngagementNetwork,
194
Justice is expected to consider the compatibility of the Directive and its implementation across Europe in more detail during the next year when it considersacasereferredtoitfromIreland DigitalRightsIreland . 208Thatthe Governmenthaschosentopressaheadwiththeexpansionofourframeworkfor the collection and retention of communications data while this uncertainty continuesataEuropeanlevelissurprising. ii. ThattheGovernmentfailstograpplewiththeprivacyimpactoftheretentionof communications data is disappointing; but it also neglects to consider the potential impact of Part 1 on particular groups. For example, the Bar Council has, in its evidence to the Joint Committee highlighted the specific problems which may result from the collation of information generated by individuals communicatingwiththeirlegalrepresentatives,bylawyerscommunicatingwith their clients or with lawyers communicating with each other about their cases. 209Insofarasitfailstoeffectivelyrecognisetherighttolegalprofessional privilege, the existing RIPA framework is flawed. That this Draft Bill fails to recognisethepotentiallychillingeffectthatPart1couldhaveontheconfidence of clients in the secrecy of their communications with their legal advisers is worrying.Further,therearenospecificexemptionsprovidedfromthescopeof Part 1 at all. This could mean that individual legal firms could be required as telecommunications operators to comply with an individual notice to generate data.JUSTICEconsidersthatthiswouldclearlyviolateboththerighttorespect for private life and the right to due process. However, without a clear exemption, or any indication from the Government on how these particularly sensitive communications will be handled, it is difficult to be assured. Other groupsareequallyoverlooked.CommunicationsbetweenParliamentariansand lobby groups, between MPs and their constituents; the communication of journalistswiththeirsources;andtheactivitiesoftradeunions,protestgroups andoppositionpartieswillallbecoveredbyPart1. iii. Theinternetisavitalmodernresourceforfreedomofexpressionandfreedom ofassembly.Thepublicreactiontotheprospectthatourinternetusemightbe monitoredthroughtheretentionofdataaboutourusehasbeenvehement.This
DigitalRightsIrelandvTheMinisterforJusticeandOthers, 2010 2006/3785P. AfullerconsiderationofeachofthechallengesisprovidedbytheEuropeanCommissioninits reporttotheCouncilandtheEuropeanParliamentonthisissue:COM 2011 225. http://ec.europa.eu/commission_2010 2014/malmstrom/archive/20110418_data_retention_evaluation_en.pdf 209http://www.barcouncil.org.uk/mediacentre/newsandpressreleases/2012/august/barcouncil callsfor'snoopers'charter'toprotectlegalcommunications/
208Seeforexample,
195
has been replicated in other countries where increasingly draconian controls havebeenplacedbytheStateontheconditionsforitsuse forexampleinother EU countries implementing the EU Data Retention Directive . That the Government has failed to grapple with the potentially chilling impact of these measures on ordinary users of these services is some cause for concern. The lackofpublicconsultationbeforetheDraftBillwaspublishedisperhapsrelated to the Governments narrow view of its potential and perceived impact on individualusers. e. Whataretherealcrimefightingbenefits?:TheGovernmentsclearestassessmentofthe justification for retention is found in the Impact Assessment, which sets out in broad assertions the business case for reform and the expected benefits of the change proposed.However,theinformationprovidedisexceptionallyslim.Expectedbenefitsof thechangesproposedintheDraftBillareassessedat5.06.2billionandarebased upon: ananalysisofcriminalbehavioursbytheSeriousandOrganisedCrimeAgencyandan
analysisofthefuturecommunicationsmarketbasedonOFCOMandothermarket sources.
Thebenefitsaresaidtoaccruefrompreventingtaxfraudandfacilitatingtheseizureof criminalassets.However,theyalsoincludebenefitsaccruedfromlivessavedand childrensafeguardedbasedonstandardestimatesbyHomeOfficeeconomists.Other benefitswhichcannotbemonetisedincludedrugsseized,successfulmurderconvictions andthepreventionofterrorism.Withoutfurtherexplanationitisextremelydifficultto understandhowtheseassertedbenefitshavebeencalculated.Itisclearthatfurther evidencehasbeenproducedbytheGovernmentandParliamentariansmaywishtoask forfurtherinformation. However,nowhereintheinformationprovidedbytheGovernmentisthereaclear explanationoftheGovernmentsviewthattheblanketcollectionofallcommunications datawithoutconnectiontoanyspecifictypeofcommunicationortothelikelihoodthat thecommunicationsmayleadtoevidenceofcriminalitycanbejustified.This unfortunatelyreflectstheapproachofthepreviousGovernmenttotheblanketretention ofDNAgatheredfrompeoplearrestedbutnotconvicted.Thepotentialusefulnessof successfulDNAmatcheswasinappropriatelytakenasthestartingpointforjustification, asheretheusefulnessofaccesstocommunicationsdataisheldoutasthesolepillarto supportPart1oftheBill.However,thisisinadequateforthepurposesoftheimposition ofablanketruleofthistype,whichmustbeexaminedcloselyforclearjustificationthat thedataretainedisnomorethannecessaryandproportionate. 210Forexample,the Governmentmakesnoestimateofwhatproportionofthedataretainedislikelytobe
210Seeforexample,
MarpervUK 2009 48EHRR50.Inthatcase,theCourtexplainedthatmeasures whichoperatewithoutregardtoindividualimpactandcharacteristicsmustbeaccompaniedby clearjustificationandappropriatesafeguards,concludingthatthethenarrangementsforthe indefiniteretentionofDNAsamplestakenfrominnocentpeoplearrestedbutneverconvicted wasdisproportionateandinviolationofArticle8ECHR.
196
usedinconnectionwiththepreventionanddetectionofcrime;nordoesitgiveany indicationofhowmanycaseswherecommunicationdataassistedinconviction,that convictioncouldnothavebeenobtainedbyothermeans;similarly,nofiguresare providedfortheprojectedincreaseincapacitytosecureconvictionsfollowingthe expansionofthecollectionofcommunicationsdataproposedbyPart1.Theanswersto atleastsomeofthesequestionsmusthavebeenpreparedinordertosecurethefinancial estimatesgivenintheImpactAssessment.However,theyhavenotyetbeendisclosed. f. Strikingtherightbalance?JUSTICEconsidersthatitisclearthattheproportionalityof thesemeasureshavenotyetbeenfullyexploredbyGovernment.TheGovernmenthas not, satisfied the requirement for compelling evidence that these measures are strictly necessary.Inourview,itisclearthattheyarelikelytoviolatetherighttorespectfor privatelife. e Therelevanceofsafeguards
25. The safeguards outlined by the Government in connection with the expanded collection and retentionofcommunicationsdataarethemselveslimited: a. Retention is limited to 12 months. The Government explains its view that the data retainedwillbedestroyedafter12months exceptwhereextendedforthepurposesof legal proceedings is a significant safeguard against abuse. 212 However, this safeguard shouldnotbeoverplayed.Whiledatawillonlyberetainedforayear,theeffectofPart1 will be to create at any point in time an annual picture of the populations communications activity. This rolling diary of communications data could be kept for each individual in the country, albeit stored across multiple providers and accessed throughtheGovernmentcontrolledfiltermechanism. b. Useandprocessinglimited:TheGovernmentalsopointstotheexpressresponsibilityon providerstodestroythedatawhenitisnolongerlawfullyheldandthatuseofthedata otherthanauthorisedbytheDraftBillwillbeprohibited. 213However:
Thegeneration,collectionandretentionofnewdata Part1
23. The Government relies predominantly on proposed safeguards against the arbitrary abuse of the new powers to support its case forreform. The caselaw from Strasbourg on surveillance has focused closely on the efficacy of safeguards associated with surveillance in their examinationoflocallawsfortheprotectionofthenationalinterest.Asaninternationalcourt,it has generally afforded a significant margin of appreciation to States in connection with State surveillanceinassessingthenecessityforparticularmeasures.211 24. However, there can be no question that it is for Parliament to be satisfied that these intrusive measuresaretrulynecessaryandappropriatebeforeproceedingwiththeproposalsintheDraft Bill. Safeguards alone cannot justify the shift in the relationship between the State and the individualenvisaged.
211
FreedomfromSuspicion,Chapter2.
212DraftCommunicationsDataBill,ECHRMemorandum,para14 213Ibid
197
i. This fails to acknowledge the significant number of public bodies who are alreadycapableofaccessingcommunicationsdataforanextremelybroadrange ofpurposes wereturntothisissue,below ; ii. Italsoneglectsthatthelargerthepoolofdatacollated,thegreatertheriskthat itmaybemismanagedordisclosedinerror.Inhislatestreport,theInterception of Communications Commissioner refers to almost 900 self reported errors undertheexistingframeworkforaccess.Afailuretounderstandthescopeof thepowersintheDraftBillcouldleadtounlawfuldisclosure.However,human andmechanicalerrorcanequallyleadtotheunlawfuldisclosureofdata.Both privateandpublicbodieshave,overthepastfiveyears,sufferedfromsignificant embarrassment as a result of lost data for example the Department for Work andPensionslosinginformationaboutfamiliesclaimingchildbenefit . iii. TheDraftBillanditsExplanatoryNotesmakeclearthatnotonlywillaccessbe permittedforthepurposesspecifiedintheBill,butforotherlawfulpurposes. TheGovernmenthaveexplainedthatthiscouldincludeaCourtOrder. 214So,for example, disclosure might be sought in the course of civil litigation from a telecommunications provider through the use of a Norwich Pharmacal Order, forexample,whereonepartytolitigationarguesthattheproviderismixedup in the dealings of the other party as a result of the use of his service for wrongdoing. iv. The Draft Bill provides for the Secretary of State to expand the purposes for whichaccessispermittedbyOrder wereturntothisbelow ; v. The Draft Bill does not propose to create an offence of unlawfully disclosing data. If material is disclosed other than in accordance with the Draft Bill, it is likelythatthemostsignificantdeterrentwillbeafineimposedundertheData ProtectionAct1998.Inlightofthefactthattheserequirementsmaybeapplied to businesses with a multimillion pound turnover, a fine may not be a significantdeterrent.Whilewearereluctanttorecommendnewoffences,but the limited deterrent of the existing measures reduce the limits placed on individualssubjecttoPart1requirements. c. Securityobligations:TheBillrequirespersonsretainingdatasubjecttoPart1toputin place adequate security systems to govern access to the data and to protect against unlawfuldisclosure.Unfortunately,withoutfurtherinformationaboutthetechnicaland proceduralarrangementsimposedbyPart1,andthecorrespondingneedforsecurity,it isextremelydifficulttoassessthelikelycapabilitiesofanysecurityarrangements.Since thesespecificsarelikelytobeconfinedtonoticesservedonpersonsunderPart1,which may not be published, independent and impartial assessment of the effectiveness of securityarrangementsislikelytobeimpossible. Consultationandproceduralguarantees:Clause2oftheBillprovidesthatwhenanotice isimposed,theSecretaryofStatemustcomplywithcertainconsultationandprocedural requirements.Unfortunately,thesemeasuresareentirelygearedtowardstheprotection oftheinterestsofthepersonssubjecttoPart1notices,nottheprivacyrightsofusers.It provides for consultation with the person subject to requirements, with the Technical Advisory Board established under RIPA and OFCOM, none of whom have any specific obligationtoconsiderprivacyorthenecessityandproportionalityoftherequirements beingconsidered.Weconsiderthatwhilethiswouldbeavitalproceduralrequirement for the protection of the commercial and other interests of telecommunications operators, it adds little to the protection for individual users. There is no statutory requirement for public consultation proposed, nor is it proposed that the Information CommissionersOfficewouldbeconsulted. TheroleoftheInformationCommissionersOffice:Part3oftheBillprovidesanewrole for the Information Commissioner in relation to data held under Part 1. The
d.
e.
214Clause5.ExplanatoryNotes,paras3031.
198
Commissioner is required to keep under review the operation of measures relating to data security; the destruction of data and any provision in any Clause 1 Order which relate todata security Clause 22 5 . While we welcomethe recognitionof arole for theInformationCommissioner,wenotethattheproposeddutiesechoandsupplement existing statutory functions which exist under the Data Protection Act 1998. While specific statutory functions here provide a degree of specific scrutiny, these are in themselveslimitedtodatasecurity.TheInformationCommissionerisnotempoweredto consider the necessity or proportionality of any specific requirement or any issues relating to access by a public authority to data. These functions are reserved to the Interception of Communications Commissioner. In any event, the Information Commissionerhashimselfquestionedwhetherwithoutsignificantfurtherresourceshe wouldbecapableofconductingthereviewproposedintheDraftBill. f. The role of the Interception of Communications Commissioner: We consider that the oversight of the Interception of Communications Commissioner ICC under the existing RIPA procedures is inadequate to protect the individual right to privacy. The provisionsintheDraftBillextendtheexistingmeasurestothenewproposalsinParts1 and2withlittleornomodification.WeaddresstheworkoftheICCbelow.
Accesstodata Part2
26. That the provisions in Part 2 broadly replicate the provisions in RIPA for access to communicationsdataisdisappointing.JUSTICEconsidersthatthereareasignificantnumberof flaws within RIPA which are magnified when applied to the proposed expansion of data generation in Part 1. Principally, we are concerned that these powers will continue to be exercisedbyafargreaterrangeofbodiesthanmaybestrictlyjustifiedandforpurposeswhich are not necessarily proportionate in light of the impact of compulsory surveillance powers on individual privacy. As explained above, the bodies which will exercise the right to access data undertheDraftBillhavenotyetbeenfinalised. 27. ThepurposeswhichtriggertherighttoaccessdatagatheredunderPart1broadlyfollowthose outlinedinRIPA.JUSTICEconsidersthatthepurposesoutlinedinRIPAarealreadyoverlybroad. MeasuresdesignedascompulsorypowersforsurveillancebytheStatemaybeessentialforthe investigation of serious crime, but as the purposes in RIPA devolve from the prevention and detectionofseriousoffencestheriskthattheywillbeuseddisproportionatelyincreases.When RIPA was introduced, the only bodies to exercise powers under the Act were the police, intelligence services and HMRC. While the powers under the Act might appropriately be extendedtootherlawenforcementagenciesandtheemergencyservices,itsextensiontoother bodies should be justified by reference to the strict necessity test identified by the Strasbourg Court. When these powers are extended to the investigation of minor criminal or regulatory offences such as flytipping, or for administrative purposes, such as the checking of school catchment,weconsiderthattheiruseishighlylikelytobedisproportionate.Thatisnottosay that such minor offences are not important or deserving of investigation. Rather it is that the harminvolvedisbydefinitioninsufficientlyserioustojustifytheinherentriskthatsurveillance posestotheprivacyofanypersonundersuspicion.Similarly,inconnectionwiththeuseofthese powers for other purposes such as the identification of persons , less intrusive forms of investigation are likely to be an equally effective and therefore more proportionate means of investigatingminorcrimesthantheresorttosurveillancepowers. 215 28. In addition, many of the safeguards relied upon by the Government are also based upon the flawedproceduralarrangementsofRIPA:
215
FreedomfromSuspicion,paras180181.
199
a.
Authorisation: JUSTICE considers that the administrative authorisation procedure provided for in Clauses 9 and 10 provide for inadequate independent scrutiny of the need for access to data. These provisions are largely modelled on RIPA. In Freedom fromSuspicion, weexplainedourviewthatpriorjudicialapprovalshouldbethedefault authorisation mechanism for most surveillance activities, including access to communicationsdata.Whileitisnodoubttruethatseniormembersoforganisationsare typically wellplaced to supervise the operational decisions of their subordinates, and moremindfuloftheirultimateaccountabilitytothepublic,itisalsoclearthatseniorand junior members of the same organisation will inevitably share an interest in achieving the necessary results. The relative seniority of a Police Superintendent would not normallybeenough,forinstance,tomakehersufficientlyobjectivetoauthoriseasearch warrant, unless it was a genuine emergency and there was not sufficient time to approach a judge. Still less is it realistic to expect a Deputy Chief Inspector to be sufficientlyindependentofaninvestigationbeingcarriedoutbyhissubordinatesinthe TradingStandardsService,forexample,toobjectivelyassesswhethersecretlyaccessing someones communications data is a necessary and proportionate interference with theirrighttoprivacy. 216 AlthoughtheCourtshavestoppedshortofexpresslyrequiringpriorjudicial authorisationinallcases,inmanycasesithasbeenconsideredessential.Itisseenasthe paramountmeansofprotectingindividualprivacyininstanceswheretheindividual themselvesmaybeunawarethattheirinformationisbeinghandled.Inthosecases wherenoformofpriorjudicialoversighthasbeenavailabletheothersafeguards imposedbydomesticarrangementsforsurveillancehavebeenrobustandscrutinised extremelycloselyandthemeasuresinquestionhavebeensubjecttorobustreviewafter theevent. 217Forexample,inarecentdecisioninvolvingretentionofinformationabouta student,theCourtsaid:
b.
Theruleoflawimplies,interalia,thatinterferencebytheexecutiveauthoritieswith anindividual'srightsshouldbesubjecttoeffectivesupervision,whichshould normallybecarriedoutbythejudiciary,atleastinthelastresort,sincejudicial controlaffordsthebestguaranteesofindependence,impartialityandaproper procedure. 218
Proportionalityandnecessity:TherequirementintheBillthatonlyauthorisationswhich are proportionate and necessary should be a significant safeguard against abuse. The Billrequiresthatthemeasuresinquestionbeproportionatetothegoaltobeachieved. Since access engages privacy, this requires public authorities to effectively apply the Conventiontestsetoutabovetoeachaccessauthorisation.Unfortunately,inpractice, theapplicationofthisrestrictioninRIPAhasnotprovedasignificantbarriertoaccess. Neither public authorities, individual officers or the Interception of Communications Commissionerappeartohaveappliedarigorousreviewoftheproportionalityofexisting requestsfromahumanrightsperspective. Forexample,inthecontextofrestrictingaccessoflocalauthoritiestocommunication data,theInterceptionofCommunicationsCommissionerconsideredexistingpowers exercisedproportionatelyasrequestsfromlocalauthoritiesmadeupalowproportionof overallrequestsandtherehadbeenveryfewerrorsselfidentifiedbylocalauthorities. HealsoconsideredtheuseofRIPAforthepurposesofpursuingflytippingan appropriateandproportionateuseofcompulsorysurveillancepowers,regardlessof
BriefingontheInterceptionModernisationProgramme June2009 ,p30:nowseemsagoodtimetoquestionwhetheraseniorofficialinanorganisation withaninterestintheoutcomeofaninvestigationisthebestpersontojudgetheapplicationfor accesstocommunicationsdatamadebyajuniorfigureinthesameorganisation. 217Seeforexample,UzunvGermany,AppNo35623/05,2September2010. 218RotaruvRomania 2000 8BHRC43atpara59.

216Seee.g.LSEPolicyEngagementNetwork,
200
othermeansofinvestigation. 219Hefailedtoconsiderwhethertheuseofthepowersin individualcaseshadbeenjustified.Similarly,duringtheJointCommitteesevidenceon theDraftBill,ithasbeensuggestedthatthepoliceusethesepowersfornoncrime purposesandforlowleveltrafficoffences. Thereis,aninherentriskinanycriminalinvestigationinvolvingintrusivesurveillance thattheresultinginvasionofprivacywillinhindsightprovetohavebeenunnecessary becausetheinitialsuspicionturnsouttobefalse:whatLordNeubergerdescribedasone oftheparadoxesofsurveillance. 220Thisinherentriskcanbeminimisedby,forexample, requiringthatlessintrusivemeansbeconsideredfirst,butitcanneverbeeliminated. Whetheritisproportionate,therefore,toruntheriskofinvadingsomeonesprivacyin theknowledgethattheymayturnouttobeinnocentdependsonseveralfactors, includingthereasonablenessofthesuspicionbutalsotheseriousnessoftheoffencein question.Itisthedifference,inotherwords,betweenbreakingdownthedoorto someoneshotelroombecauseyouthinktheyarebeingmurdered,andbreakingdownto doortotheirhotelroombecauseyouthinktheyhavestolenyourtoothbrush.Inboth cases,yoursuspicionmaybeverywellfoundedbutthereisalsoaninevitableriskthat youaremistaken.Andshoulditturnoutthatyouaremistaken,thereasonablenessof yoursuspicionwillbeoflittlecomforttothepersonwhoseprivacyyouhave unnecessarilyinvaded.Butatleastinthecaseofsuspectedmurder,wewouldsaythat theseriousnessofthesuspectedoffence,combinedwiththereasonablenessofyour suspicionhelpedtoexcuseyouractions.Thesamecouldnotbesaidofthetoothbrush. 221 Unfortunately,thereislittleevidencethatthistestisbeingappliedappropriatelyin practiceorthatitoperatesasasignificantsafeguardforpersonalprivacy. c. The role of the Interception of Communications Commissioner and the Investigatory PowersTribunal:TheroleoftheInterceptionofCommunicationsCommissionerandthe Investigatory Powers Tribunal is not capable of providing adequate, independent and transparent review to provide reassurance that individual privacy is respected in the operationofRIPA.Asexplainedabove,expostjudicialreviewmaybeadequateinorder to ensure respect for private life only where that review is accompanied by adequate existing safeguards to ensure that individual rights are afforded appropriate respect. Unfortunately,reviewbytheICCandtheIPTissignificantlylacking.Bothmechanisms arefundamentallyflawed.AsweexplaininFreedomfromsuspicion: i. Review by the ICC is by way of dipsample and the selfreporting of errors. This means that only a handful of the almost 500,000 requests for communications data a year are reviewed for example, there were 895 individual errors selfreported to the Commissioners office during the last reporting period; and he inspected less than 200 individual public authorities exercisingpowersinconnectionwithcommunicationsdata ; ii. Between 2005 and 2010, no reports were made that any public authority decisionhadbeendisproportionateorunnecessary.In2011,theCommissioner reported that in one case it had been reported that powers had been used inappropriately.However,thislattercaseinvolveduseofcommunicationsdata powers in connection with school admissions, an issue which had been consideredbytheIPTinthe Patoncaseandhelddisproportionate andwhich hadbeencoveredsignificantlyinthepressduring2011 .AstheCommissioner
219 220
FreedomfromSuspicion,paras172181. InreMcE 2009 UKHL15atpara111. FreedomfromSuspicion,paras172181.
221Forfurtherinformationabouttheapplicationoftheproportionalitytestinthiscontextsee:
201
highlights in his report, this is the only case in which his inspections have identifiedaninappropriateuseofthesepowers. 222Giventhattherehavebeen probablysomewhere closeto threemillion requestsmade since January 2004, this suggests either a degree of effectiveness in public body decisionmaking thatapproachesinfallibility,ormorelikely,thattheCommissionersoversightis ineffective. iii. The IPT lacks transparency and any of the procedural safeguards associated withaccessibleredressoreffectiveoversightofferedbyordinarytribunals.The likelihood that individuals will become aware of surveillance is low in the Patoncase,thesurveillancecametolightdueanerrormadebyalocalauthority employee , making bringing a case before the IPT extremely unlikely. When cases are brought, they may be argued in secret, and in the absence of the applicantandtheirlegalteam.IfacaseproceedstoadecisionbytheTribunal, the applicant may only be told if he has won or lost and may be significantly deprivedofanyreasonforthedecisioninthecase. 223 d. Filtering: The Government refers to the filtering arrangements in the Draft Bill as minimisingthelikelyinterferencewithArticle8rightsposedbyrequestsforaccess. 224 As explained above, we find this argument extremely difficult to follow. There is very little information available about how the filtering mechanism will operate. However, whathasbeenexplainedisthatthismechanismwillallowtheGovernmenttojoinup datasets held by numerous providers toprovide afuller picture relevant to a request. This mechanism will enable the creation of an extremely full picture about an individualsprivatelifeortheactivitiesofagroupofindividuals.Thisinformationwill be accessed before a request is authorised, albeit within the filtering process. This in itself would appear to create a greater risk to individual privacy, not an additional safeguard. Without significant further details on the technical and procedural arrangements for the operation of the filter, including which public authority will operateit,itisimpossibletoprovideareliableandclearanalysisoftherisksassociated withitsfunctioning. RepealofGeneralPowers:TheECHRMemorandumandthePrivacyImpactAssessment includes the decision to repeal certain general powers to access data within the Governments assessment of the proportionality of these measures. 225 JUSTICE have called for the repeal of these general powers, which would most likely fail any Convention challenge if one were brought, for lack of legal certainty or appropriate safeguards. The Government committed in its counterterror review published in January 2011 to rationalise the bases by which communications data could be acquired. 226 We welcome the decision to repeal these provisions. However, this decisionshouldnotbetreatedasatradeoffora quidproquofortheexpansionofdata collected.
e.
f TimetoripupRIPA? 29. The introduction of the Draft Communications Data Bill provides an ideal opportunity for Parliament to consider the underlying legal framework for the existing broad powers of state surveillanceinRIPA.Theexistingpoolofcommunicationsdataliabletoberetainedshouldnot
2222011AnnualReportoftheInterceptionofCommunicationsCommissionerHC496,page44.
223AfullercritiqueoftheineffectivenessoftheIPTisprovidedin
9. 224ExplantoryMemorandum,para21 225ExplanatoryMemorandum,para21. 226Cm8004,January2011,page5.
FreedomfromSuspicion,atChapter
202
be expanded. Instead, RIPA should be revisited with a view to significant reform. In so far as accesstocommunicationsdataisconcerned: a. Publicauthorities:Thenumberofpublicauthoritiesabletoaccesscommunicationsdata should be significantly reduced; and ideally limited to the police, law enforcement agencies intelligence and emergency services and to any other bodies dealing with seriouscriminaloffences; b. Access: The purposes for which communications data may be accessed should also be revised, with a view to limiting significantly the circumstances when communications datamaybeusedproportionately.Whiletherequirementthatthemeasuresshouldonly beexercisedwhennecessaryandproportionateshouldbeasignificantlimitationonthe circumstances when data requests are made; in practice this has not operated as a particularrestrictiontoadministrativeauthorisation; c. Prior judicial authorisation: The default for the majority of requests should be prior judicialauthorisation.Thiswillsignificantlyincreasetheindependenceoftheoversight mechanisms in play and the likelihood that data will only be accessed when necessary and proportionate. Exemptions may be considered to allow police, law enforcement agencies, intelligence and emergency services access to limited subscriber data including information about account holders name, address and contact details, for example andforaccessinemergencysituationstootherdata subjecttoasubsequent judicial authorisation within a reasonable period, for example, 48 hours . 227 Some objectionhasbeenraisedabouttheuseofpriorjudicialauthorisationinconnectionwith administrative difficulties, the need for speed and costs. We consider that these difficulties should not be overplayed, particularly in light of the breadth of the powers beingexercisedandtheirimplicationsforpersonalprivacy. d. Review and oversight: If prior judicial authorisation is in place as a default, the importanceofsubsequentreviewwillbelesssignificantandlessonerous.However,we have recognised that independent monitoring and review of decisions made and the operationofthelegislationwouldbesensible.Inourview,thisshouldbeconductedby theInformationCommissionerinconnectionwithnonlawenforcementactivitiesandby theSurveillanceCommissionersinsofarasreviewisnecessaryinconnectionwiththe activitiesofthepolice,lawenforcementandintelligenceagencies. 228
h Conclusion 30. These proposals have been presented by Government as an innocuous and technical shift necessitated by degradation in existing investigatory powers. Instead, the Draft Bill creates a platform for the Government to collate information about each of us which would allow an undefinedlistofpublicauthoritiesaccesstoarollingannualdiaryofouronandofflinepersonal lives for an extremely broad range of purposes. This would be a stepchange in the way
227Anexceptionbasedonadhocsupervisioncouldbecarvedoutforlawenforcementbodiesacting
inanemergency asexplainedaboveandinFreedomfromSuspicion .Thebulkofrequestsfor communicationsdatarelatetorequestsfromthepolice,lawenforcementandotheragenciesfor subscriberdata. Between20052011,theproportionofrequestshasbeenbetween54%and 80%.SeeFreedomfromsuspicion,para160.Seealso2011ReportoftheInterceptionof CommunicationsCommissioner. Accesstolimitedsubscriberdata suchasname,addressand contactdetails bythepoliceandotherlawenforcementagenciesoremergencyservicesmight justifiablybeexemptedandsubjecttoadministrativeauthorisation.However,wenotethat althoughthedefinitionofsubscriberdatausedintheBillreflectstheprovisioninRIPA,the applicationofthatdefinitiontothenewproposalstogatherdatainPart1willexpanditseffect forexample,subscriberdatamightincludeaFacebookprofile,informationheldbyauniversity networkaboutitsstudents,includingforexample,transcripts,orbyemployersabouttheir employees .Wewouldconsiderpriorjudicialauthorisationasadefaulttheappropriatetrigger foraccesstothiskindofdata. 228Further,moredetailedinformationaboutJUSTICEsrecommendationsforreformcanbefoundin FreedomfromSuspicion,atpages8586.SeeAnnex2
203
31. WeurgetheJointCommitteetorejecttheGovernmentscaseforreformandtocallforrenewed focusonthefailingsofourexistinglawonsurveillancebeforefurtherlegislativeexpansionofthe collectionofpersonaldataispursued. August2012 AnnexCallforEvidence:TheCommitteesQuestions Inourwrittenevidence,wehavefocusedonourkeyconcernsabouttheBill. WeprovidebelowshortsummaryresponsestoanumberofthequestionsissuedbytheCommittee, foreaseofreference.Thesesummaryresponsesshouldbereadtogetherwithourfullsubmission andparagraphnumbersareprovidedforcrossreference.Thatwehavenotprovidedananswerto oneoftheCommitteesquestionsshouldnotbereadassupportforanypartoftheBill. General: 2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? JUSTICEdoesnotconsiderthattheGovernmenthasmadeaconvincingcaseforreform.The powersprovidedforintheDraftBillareextremelybroadandthejustificationprovidedis entirelylackinginevidentialsupport.Theysupplementanalreadybroadlegalframework forsurveillanceinRIPA,whichinourview,lackstheessentialsubstantiveandprocedural safeguardsnecessaryfortheprotectionofindividualprivacy.
information about ourconduct is stored, being collated just in case it may beuseful forState purposes.
3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? TheproposalsintheDraftBillwouldcreateablanketauthorityforgenerationandcollection ofunprecedentedamountsofinformationabouthowweallcommunicateintheUK,whether onoroffline.Weconsiderthatitsprovisionsposeaseriousrisktoourrighttorespectfor privacy.
4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionofcommunications data? TheseprovisionswilloperateinadditiontotheexistingEUDataRetentionRegulations whichprovideforsomeproviderstoretaincertainuserdataforupto12months.The RegulationsgofarfurtherthanrequiredbytheEUDataRetentionDirective.TheDraftBill wouldgosignificantlyfurtherbycreatingadefaultassumptionthatallinformationaboutour communicationswitheachothermightberetainedjustincase,onarolling12monthbasis, ensuringthatatanyonetimetheStatewillhaveaccesstoanannualhistoryofouronand offlineactivities. AsignificantnumberofEUcountrieshaverefusedtoimplementtheEUDataRetention Directiveanditsprovisions,orassociatedimplementinglegislation,declared unconstitutionalbyjudicialauthoritiesinanumberofcountries,includingIreland,Belgium andGermany.TheEuropeanCourtofJusticeisexpectedtoconsiderthecompatibilityofthe DirectiveanditsimplementationacrossEuropeinmoredetailduringthenextyearwhenit considersacasereferredtoitfromIreland DigitalRightsIreland .ThattheGovernment haschosentopressaheadwiththeexpansionofourframeworkforthecollectionand retentionofcommunicationsdatawhilethisuncertaintycontinuesataEuropeanlevelis surprising.
6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata?
204
Asexplainedabove,thelegalityoftheprovisionsintheEUDataRetentionDirectiveis subjecttoreview.JUSTICEhascommissionedfurtherresearchontherelevanceoftheEU FrameworkforthedebateontheBill.IfthisisavailablewhiletheJointCommitteesinquiry isongoing,wewillprovideittomembers.
7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties? Weconsiderthatthesemeasuresposeasignificantriskthattheywillviolatetheindividual righttorespectforprivacyinpractice.Rightscannotbeswoppedliketradingcards.If interferenceisidentified,theonlywayofaddressingtheviolationconcernedistoremovethe interferenceortoadoptadditionalsafeguardstoreduceitsimpact.Removingunrelatedbut offendingmeasurescannotprovideredress. ThattheGovernmentsMemorandumontheECHRandtheExplanatoryNotesaccompanying theBillpresenttherepealofanumberofgeneralpowersforpublicauthoritiestoobtain informationasaquidquoprofortheprovisionsintheBilloranadditionalsafeguardfor personalprivacyisinappropriate.Eachoftheseilldefinedgeneralpowerswereliableto challengeregardlessoftheintroductionofthenewmeasuresintheBill. Whiletheirrepealiswelcome,thisshouldnotbetreatedasatradeofffortheequallyill definedandcontentiouspowersintheDraftBill. Scope: 11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill? 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Should itbepossiblefortheSecretaryofStatetovarythislistbyOrder? ThenumberofpublicauthoritiescurrentlyabletousesurveillancepowersunderRIPAhas expandedexponentially.Weconsiderthatthenumberofbodiescapableofusing surveillancepowersmoregenerallyisdisproportionate.Equallyweareconcernedthatthe useofsurveillancepowersdisproportionatelyinconnectionwithadministrativeor regulatoryoffencesandminorcrimesisinappropriateandconsiderthatthepurposesfor whichsurveillancepowersmightbeusedshouldberevisited. TheSecretaryofStateseekstheflexibilityofadiscretiontoexpandthescopeofthepowers intheDraftBill,arguingthattherepealofgeneralpowersmayrequiretheexpansionofthe scopeoftheDraftBillasbodiesmakeabusinesscasefortheuseofthepowerstherein.
JUSTICEconsidersthatmanyofthegeneralpowersareripeforrepealandthatalternative meansofpursuingthefunctionstheyweredeterminedtoserveareavailablewithoutresort tosurveillance.Thatthenecessityfortheuseofthesepowershasnotbeenexploredatthis stageisacauseforconcern,notjustificationtoprovidetheSecretaryofStatewitha delegatedpowertorevisitthelistofbodieswhichareabletoaccessourcommunications data. UseofCommunicationsData: 14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? Weconsiderthattheexistingprovisionforaccesstocommunicationsdatashouldbe reviewed,withaviewtorestrictingthenumberofpublicbodieswhocanusethesepowers. Ideallythepowersshouldbeusedprincipallyforthepreventionanddetectionofserious crimesandbybodieswithfunctionsdesignedforthatpurpose. Safeguards: 16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR?
205
17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplyto allpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? 18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformationCommissioner sensible? Weconsiderthattheexistingframeworkforaccesstocommunicationsdatashouldbe amendedtoprovideforpriorjudicialauthorisationasadefaultinmostcases.Weconsider thattheoversightofferedbytheInterceptionofCommunicationsCommissionerdoesnot provideadequatescrutinytoprotecttheindividualrighttorespectforprivacy. ParliamentaryOversight: 32. ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? WeconsiderthatthereisverylimitedprovisionforparliamentaryoversightintheDraftBill. TheDraftBillanditsaccompanyingdocumentsprovidelittledetailonhowthemeasures proposedwillworkinpractice,includinghowsafeguardswillbeformulated.TheCommittee hasnotbeenprovidedwithanyDraftOrderwhichwouldprovideafullerpictureofhowthe Governmentproposestoproceed. TheDraftBillwouldachieveitsgoalbyacombinationofOrder affirmativeresolution and notices governedbytheOrderandnotnecessarilypublished .Weconsiderthatthelackof detailabouttheproposedOrders,andthelackoftransparencywhichwilloperateinthe noticeschemesignificantlylimitstheopportunityforeffectiveparliamentaryscrutinyofthe impactofthesemeasuresontherighttoprivacyinpractice.
Technical: 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapturecommunications datareliably,storeitsafelyandseparateitfromcommunicationscontent? 23.Howsafelycancommunicationsdatabestored? 24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? Thesequestionsarebestaddressedbyotherswithgreatertechnologicalexpertise.However, thereislimitedinformationavailableonthetechnologywhichtheGovernmentintendsto use,anditisclearthatitisexpectedtovaryaccordingtothearrangementsinplacewitheach provideroroperator.Thisinformationwilllikelybeincludedinnoticeswhichmayneverbe publishedandtheopportunityforindependentscrutinyoftheeffectivenessofthe technologyutilisedwillbeextremelylimited Storageofpersonaldatabythepublicandprivatesectorisnotoriouslydifficult.Errorshave occurredinbothhumanandautomatedsystemswhichhaveledtotheinadvertentdisclosure ofinformationunlawfully. Asweexplainabove,weregretthatthefilteringarrangementsprovidedforintheBillarefar fromclearorappropriate. Annex2
FreedomfromSuspicion:Chapter4
August2012
206
Sir Paul Kennedy

Pleaseacceptthisasaresponsetothefivequestionsinyourletterdated17thJuly2012.Inaddition AnnexA attached containsmywrittenevidenceinrelationtothedraftCommunicationsDataBill. Mywrittenevidenceonlyaddressesthequestionsthatarerelevanttomyroleorthoseinrelationto whichIamabletocontributeevidence. 1. Howwouldyouwishtochangeyourcommunicationsdatarequestinspectionregimeinlightof theproposalsinthedraftBillandifcostswerenoobject?Whatnewpowersandresourceswould yourequiretosatisfyyourselfthatyoucouldreallygettothebottomofwhethereverypublic authoritywasusingitspowerscorrectlyandifnotwhynot? Thedraftbilldoesnotchangethecurrentapplicationorauthorisationprocessfortheacquisitionof communicationsdatabypublicauthorities.Thesametestsofnecessityandproportionalitymustbe metandtherequestsmustbeauthorisedbyaseniorofficerfromeachrelevantpublicauthority.The currentinspectionregimeworkswellandIregarditasrobust.Assuch,Idonotanticipatechanging mycurrentoversightregimeinrelationtotheacquisitionofcommunicationsdatabypublic authoritiesasaresultofthebill.Mylatestannualreportoutlinesthecurrentinspectionregime 2011 AnnualReportSection7.2 . Aspartofthecurrentinspectionregimeapplicationsarescrutinisedtoascertainwhetherpublic authoritieshaveusedtheirpowerscorrectly.Duringthelocalauthorityandotherpublicauthority inspections suchasGamblingCommission,InformationCommissionersOfficeetc itisusually feasibleformyInspectorstocheckeveryapplication.AsaresultIamsatisfiedthatthesepublic authoritiesareusingtheirpowerscorrectly,orthatmyInspectorshavereportedoncaseswherethey arenot.Itisobviouslynotfeasibleduringtheinspectionsofthelargerusers,suchaspoliceforces,to examineeveryapplicationandinsteadarandomsampleisselectedfromthepublicauthoritys databaseandfromsomeofthecommunicationserviceproviders CSPs systems.Arguablyitisless likelythatthelargervolumeuserswouldinappropriatelyusetheirpowers,astheSinglePointsof Contact SPoCs intheseorganisationsarefulltimecommunicationsdatastaffwhoaretrainedtoa highlevel.Theyrobustlyperformaguardianandgatekeeperrole.Howeveritwouldbehelpfulifthe recordkeepingrequirements specifiedinparagraph6.5ofthecurrentAcquisitionandDisclosureof CommunicationsDataCodeofPractice wereextendedtocollectstatisticsinrelationtothenumber ofapplications ratherthanjustthenumberofauthorisationsandnotices ,thenecessitypurpose underwhichthedatawasacquired suchasprevent/detectcrimeetc andthespecificoffence/ crimeunderinvestigation.Thiswouldenablemoremeaningfulconclusionstobedrawnandwould provideafurtherindicationastowhetherpublicauthoritiesareusingtheirpowersappropriately. Theproposalsinthedraftbillwouldextendmyoversightintwoareas.First,myrolewouldbe extendedtooverseethecollectionofcommunicationsdatabyCSPs.Second,myrolewouldbe extendedtooverseetheoperationofthefilteringarrangements.Inordertocarryoutthisadditional oversightitislikelythatmoreresourceswillberequiredasmyInspectorateisalreadyworkingatfull capacity.Howeveruntilthetechnicaldetailsofthisoversightaredetermined i.e.numberand frequencyofCSPaudits,formatoffilteringoversight,etc. ,itisnotpossibleformetocommentonthe extentoftheextraresourcesrequired. 2. Your2010annualreportstates atpara7.26 thatwhileagoodlabelofindependenceand objectivityexistsintheDesignatedPersonsapprovalsprocessinmostorganisations,the exceptionisSpecialBranchandProfessionalStandards.Iwouldlikeareportonwhatwasgoing
207
wrongintheseorganisationsandwhatstepsweretakentoaddresstheseissuesduringthelast year. ThisstatementrelatedtotwospecialistdepartmentsProfessionalStandards PSD andSpecial Branch SB whichexistwithinthemajorityofpoliceforcesandlawenforcementagencies LEAs . DuringthepoliceforceandLEAinspections,theapplicationsmadebythesetwospecialist departmentsarealwaysscrutinisedduetothefactthattheremightbeslightlydifferentsystemsand proceduresinplace.In5ofthe40policeandLEAinspectionsthatwereundertakenin2010,my InspectorswereconcernedthattheDesignatedPersons DPs werenotindependentineitheroneor bothofthesespecialistareas. Paragraph3.11oftheCoPoutlinesthatDPsshouldnotberesponsibleforgrantingauthorisationsor
givingnoticesinrelationtoinvestigationsoroperationsinwhichtheyaredirectlyinvolved,although itisrecognisedthatthismaysometimesbeunavoidable,especiallyinthecaseofsmallorganisations orwhereitisnecessarytoacturgentlyorforsecurityreason.WhereaDPisdirectlyinvolved,their involvementandtheirjustificationforundertakingtheroleofDPmustbeexplicitintheirrecorded considerations.DuetothesensitivenatureoftheworkundertakenbySBandPSDitisacceptedthat

onoccasions,forreasonsofsecurity,apersonwhoisdirectlyinvolvedinaninvestigationmayneed toactastheDP.Thisispermissible,butinsuchcasestheDPsmustensurethattheirinvolvementand theirjustificationforundertakingtheroleisexplicitintheirrecordedconsiderations. Essentially,myInspectorsidentifiedthattheDPswhowerescrutinisingtheapplicationsinoneor bothofthesespecialistareasin5policeforcesandLEAsweredirectlyinvolvedintheinvestigations, butwerenotmakingthisexplicitintheirrecordedconsiderations.Thisconductconstitutesnon compliancewiththeCoP.HowevertheapplicationswerelawfulastheywereapprovedbyaDPofthe requiredrank.Icanreportthatrecommendationsweremadeforthese5publicauthoritiestotake correctiveactionandtheyarenowcompliantinthisrespect.MyChiefInspectordisseminatesthe mostfrequentrecommendations ofwhichthiswasone toallpoliceandLEASPoCsonanannual basistoenablethemtoreviewtheirsystemsandprocedures.Inmy2011AnnualReport page34, paragraph3 Icommentedthatthereisnowagoodlevelofcomplianceinthisarea.Icanfurther reportthatthisissuehasnotbeenidentifiedinanyofthepoliceforceorLEAinspectionsconducted todatein2012. 3. Yourreportstates atpara7.27 thatthreepoliceforceprofessionalstandardsdepartments requestedcommunicationsdatafordisciplinaryinvestigationsratherthanforcriminal investigations.Wasthisbreakingthelaworonlythevoluntarycodeofpractice? Myreportstatedthattwopoliceforceprofessionalstandardsdepartmentsrequested communicationsdatainrelationtodisciplinaryinvestigationswheretherewerenocriminaloffences underinvestigation.SuchconductconstitutesabreachofPartIChapterIIofRIPA.The communicationsdatainthesecaseswasnotacquiredinaccordancewiththelawduetothefactthat communicationsdatacanonlybeacquiredifitisnecessaryongroundsfallingunderSection22 2 of RIPA. ItisalsoworthnotingthattheAcquisitionandDisclosureofCommunicationsDataCodeofPracticeis notvoluntary SeeSections71and72ofRIPA .TheCodeofPracticeisissuedbytheSecretaryof Stateandisadmissibleinevidenceincriminalandcivilproceedings. 4. Yourreportnotes atpara7.28 averysignificantincreaseintheuseoftheurgentoralprocess foracquiringcommunicationsdata.Wereyousatisfiedthatthisincreasewasjustified?Younoted
208
thatrecordkeepingwith87%ofthepoliceforcesandlawenforcementagencieswasgoodor satisfactoryinthisarea.Whattypeofmistakeswereseenintheother13%ofagencies?What stepshavebeentakentoimprovetheproblemswithrecordkeepingintheseagenciesandhow havethingschangedsince2010? Essentiallyyesthisprocessisstillpredominantlyusedinlifeatimmediateriskcases.Asyouwill seefrommy2011annualreport,90%ofpublicauthoritiesinspectedin2011areachievingagood standardinthisareaoverall.My2011annualreportoutlinesthatoneseriouscomplianceissue blanketorrollingauthorities wasidentifiedinasmallnumberoftheurgentoralrequestsin3 policeforceinspections Page35Paragraph2 .AsIoutlineinmyreport,Iwassatisfiedthatthese instanceswerenotwilfulorrecklessfailures,howeveritisstillimportanttoensurethatthecorrect processisalwaysappliedandthatthedataisacquiredinaccordancewiththelaw.The3policeforces havetakencorrectiveactioninthisareatopreventrecurrence. Themajorityoftheotherrecommendationsinthispartoftheprocessrelatetothequalityofthe contemporaneousrecordthatismaintainedduringtheurgentoralprocessinsomepoliceforces andLEAsthisrecordwasnotsufficientlycompletedandasaresultthereweregapsintheaudittrail oranincompleterecordoftheactionstakenanddecisionsmade.Insuchcases,myinspectorsdiscuss theindividualinvestigationswithrelevantstaffandexamineotheravailabledocumentation suchas incidentlogsandpolicybooks tosatisfythemselvesthattheprocesswasusedappropriately.The frequentrecommendationsinthisareahavebeendisseminatedtoallSPoCstoenablethemtoreview theirsystemsandprocedures.Goodpracticetemplatesinthisareahavebeensharedbypublic authoritiesandadoptedbythosewhohadfailingsinthisarea. 5. Younote atpara7.34 thattheSecurityServiceswereresponsibleforsomesignificantand recurrentbreachesoftheCodewhendatarequestswereregularlyapprovedbyDesignated Personsofinsufficientrank.Whatpenaltiesdoyouthinkshouldexistwhenanorganisation repeatedlybreakstheCode? TheinstancesdescribedaboverepresentedbreachesofPartIChapterIIoftheActastheDPswere notoftheprescribedrank/level.Thiswasnotawilfulorrecklessfailuretocomplywiththe legislationandtheerrorswerecausedbyanincorrectsystemsettingwhichunfortunatelywent unnoticed.Itisimportanttomakethepointthattheseerrorshadnobearingontheactual justificationsforacquiringthedata i.e.therequestswerenecessaryandproportionate and furthermore,thatnocollateralintrusionoccurredinrelationtotheserequests.Iwassatisfiedwith themeasuresputinplacetopreventrecurrenceoftheerror. ShouldIestablishthatanindividualhasbeenadverselyaffectedbyanywilfulorrecklessfailureby anypersonwithinarelevantpublicauthorityexercisingorcomplyingwiththepowersandduties undertheActinrelationtotheacquisitionordisclosureofcommunicationsdata,Ishall,subjectto safeguardingnationalsecurity,informtheaffectedindividualoftheexistenceoftheInvestigatory PowersTribunalanditsrole. Furthermore,anumberofpiecesoflegislationandoffencesalreadyexisttoaddressinstanceswhere communicationsdataisrequestedinappropriately,i.e.,malfeasanceinpublicoffice,DataProtection Actoffencesetc.Iftheinvestigationresultsinacourtcase,thepublicauthorityriskshavingthe communicationsdataevidenceruledasinadmissibleifithasnotbeenobtainedinaccordancewith thelaw.Theultimatepenaltywouldbeforthepublicauthorityspowerstoberemovedby Parliament.Iseenocurrentneedforfurthersanctions.
209
Iwouldofcoursewelcomeanyfurtherquestionsyouhaveinrelationtomy2011AnnualReportto thePrimeMinisteroncetheCommitteehashadtimetostudyit. AnnexA SubmissionofWrittenEvidencetothe JointCommitteeontheDraftCommunicationsDataBill bySirPaulKennedyInterceptionofCommunicationsCommissioner Question2:HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedin thedraftBill? 1.1Itisclearthattheintentionofthenewpowersistoensurethatcommunicationsdata continuestobeavailabletopublicauthorities.Ibelievethatitisrighttoupdatethelegislative frameworksofarasisnecessarytoensurethatthereisacontinuingcapabilitytoobtain communicationsdata.Astrongcaseismadethatwithoutthenewpowerstherewillbeadeclinein capability. Question3:HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusioninto individualsprivacy? 1.2Thedraftbilldoesnotchangethecurrentapplicationorauthorisationprocessforthe acquisitionofcommunicationsdatabypublicauthoritieswhichishumanrightscompliant.Thesame testsofnecessityandproportionalitymustbemet.Requestswillonlybemadebythepublic authoritiesapprovedbyParliamenttoacquiredataandtherequestswillbeapprovedbyasenior officerwhomustbelievethetestsofnecessityandproportionalityhavebeenmet. 1.3Thenewpowerswillalsoprovideforfilteringarrangements,whichwillreducetheamountof communicationsdatathatisdisclosedtoapublicauthoritywhenmorecomplicateddatarequestsare made,thusreducingtheintrusionintoprivacy. 1.4Inadditionthedraftbillwillclosetheloopholethroughwhichlocalauthoritiesandsome otherpublicauthoritiesareabletouseotherpowers suchastheSocialSecurityandFraudAct2001 toacquirecommunicationsdata.Iwelcomethisandhaveexpressedconcernsinthepastthattwo regimesexistforacquiringcommunicationsdatainsomepublicauthorities.ThecurrentRIPA process tobereplacedbytheCDbill isarobustsystem,underwhichallapplicationsarescrutinised byatrainedandaccreditedSPoCpriortobeingconsideredandapprovedbyaDPwhoholdsasenior positioninthepublicauthority.TheoversightoftheexerciseofRIPApowersismyresponsibilityand themeansofredressforcomplaintsisthroughtheInvestigatoryPowersTribunal.Otherpiecesof legislationthatarecurrentlyusedtoacquirecommunicationsdatadonothaveanysuchoversight. Thedraftbillwillremovetheseotherstatutorypowerswithweakersafeguards. Question12:Whichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraft Bill?ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? 1.5Thepowersshouldnotbelimitedtojustpoliceandintelligenceagencies.Parliamenthas delegatedstatutoryenforcementfunctionstoanumberofotherpublicauthoritiesandasaresult theyhaveaclearstatutorydutytoinvestigateanumberofcriminaloffences,someofwhicharetheir soleresponsibility.Oftenthecriminaloffencesthatthesepublicauthoritiesinvestigateareregarded asveryimportantatalocallevelandprovidethepublicwithreassuranceandprotection.For example,localauthoritiesusecommunicationsdatatoidentifycriminalswhopersistentlyripoff consumers,cheatthetaxpayer,dealincounterfeitgoods,andpreyontheelderlyandvulnerable.The statisticsprovidedtomyofficeshowthatsuchotherpublicauthoritiesaccountedforjustover1%of
210
thetotalrequestssubmittedin2011.Thevolumeofrequestsislow,butthisdoesnotmeanthatsuch publicauthoritiesshouldnotbeabletousethepowerswhentheycandemonstratenecessityand proportionality.Itissensibletotaketheopportunitytoreviewthecurrentlistofpublicauthorities whohaveaccesstoensurethatitisstillrequired,butthepowertovarythelistofauthorised authoritiesbyOrderisvaluableandshouldberetained.ItenablestheSecretaryofStatetorespondto changingcircumstancesandemergingneeds. Question14:Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriate andproportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? 1.6Thedraftbilldoesnotchangethecurrentapplicationorauthorisationprocessforthe acquisitionofcommunicationsdatabypublicauthoritieswhichishumanrightscompliant,apart fromtheadditionofonemorestatutorypurposerelevanttotheFinancialServicesAuthority.The sametestsofnecessityandproportionalitymustbemet.Requestscanonlybemadebythepublic authoritiesapprovedbyParliamenttoacquiredataandanyrequestswillbeapprovedbyasenior officerwhomustbelievethetestsofnecessityandproportionalityhavebeenmet.Themajorityof communicationsdatarequestsaresubmittedforthepurposeofpreventingordetectingcrime,but communicationsdatamayalsoberequiredforotherpurposes,suchasinordertopreventdeathor injuryorintheinterestsofpublichealth. 1.7 Itwouldbedifficulttosetacrimethresholdfortheuseofcommunicationsdatafora numberofreasons,evenbyreferencetothegravityoftheoffence.Previousstatutoryattemptsto defineseriouscrimehavenotproducedsatisfactoryresults e.g.inrelationtominimumsentences andsomelessseriousoffencescanhaveveryseriousimpactsonthevictims.Itisthereforemuch bettertoleaveittotheauthorisingofficertodecide,inrelationtothefactsofeachindividual investigation,whethertheapplicationtousecommunicationsdatatodetectitisnecessaryand proportionate. Question15:Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? 1.8 Onthebasisoftheinformationatpresentavailable12monthsseemstobeanappropriate period,butitshouldbeopentoreviewinthelightofexperience Question16:Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguards includingapprovalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.How shoulddesignatedseniorofficerbedefined?Isthissystemsatisfactory? 1.9Thereisarobustapplicationandauthorisationprocessinplacetoacquirecommunications data.EachapplicationhastobevettedandqualityassuredbyanaccreditedSPoCbeforebeing consideredbyaDP.Ihaveobservedthatpublicauthoritystaffundertakethisinternalscrutinywith dedicationandintegrity.Thereisarobustsysteminplacetopreventanyoneotherthananaccredited SPoCfromacquiringthecommunicationsdatafromtheCSPsandthisisanimportantsafeguard. 1.10ADPmustbeaseniorofficerinthatpublicauthoritywhoserank/levelhasbeenprescribed bylaw.Thissystemissatisfactory.Itisimportanttoensurethatthedesignatedseniorofficersare comparableintermsofrank/grade/levelacrossthevariouspublicauthoritiesthathaveaccess. Question17:Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshould thisapplytoallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbe necessaryinallcircumstances? 1.11Awarrantsystemwouldnotbeappropriateforcommunicationsdatarequestsinthesame waythatitisforinterceptionwarrants.Thevolumeofcommunicationsdatarequestsistoohighin
211
comparisontointerceptionwarrantstomakethisfeasibleandinadditioncommunicationsdata requestsaresignificantlylessintrusivethanacquiringthecontentofcommunications. 1.12IamnotconvincedthattheGovernmentsproposaltorequirealllocalauthoritiestoobtain theapprovalofamagistratebeforetheycanusethesepowerswillhavemuchimpactotherthanto introduceunnecessarybureaucracyintotheprocessandincreasethecostsassociatedwithacquiring thedata. Question18:IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? 1.13Itiscrucialfortheretobeindependentandrobustoversightofthesepowers.Thedivisionof theoversightbetweentheInformationCommissionerandtheInterceptionCommissionerisclearand appropriate.IamsupportedbyaChiefInspectorandfiveinspectorswhoareallhighlytrainedin relationtotheacquisitionanddisclosureofcommunicationsdata.Myteamhasagoodunderstanding inrelationtohowthehumanrightsprinciplesofnecessityandproportionalityapplytothe acquisitionofcommunicationsdataandtheextenttowhichcommunicationsdatamayassistpublic authoritiesincarryingouttheirfunctions.Iwillcontinuetoprovideoversightinrelationtothe acquisitionofcommunicationsdata,andinadditionIandmysuccessorwillalsooverseethe collectionofcommunicationsdatabyCSPsandthefilteringarrangements.Thesetwoadditional functionsrequirealeveloftechnicalknowledgeandexpertisewhichispresentinmystaff.The CommissionerwillcontinuetoreporttothePrimeMinisterannuallywithrespecttothecarryingout ofhisfunctions. Question20:Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailto complywiththerequirementsofthedraftBill? 1.14 Thepresentregimeiseffectivebecausetheparticipantsarecooperative.Itisimportantthat theircooperationismaintained. Question21:Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequest accesstocommunicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedfor thedraftBillamounttoanoffence? 1.15 Myexperienceisthatallpublicauthoritiestryhardtocooperate,andwelcomeassistanceto enablethemtodoso.Theyadmittheirmistakes,andtrytodevisewaystoavoidanyrepetition.Allof thatcouldbejeopardisedbyincreasingpenalties,andIfailtoseewhatwouldbegained. August2012
212
Mr J R S Kistruck
1 Effectiveness Thepurposeoftheproposalistomakecommunicationspatternsvisibletotheauthorities.This dependsontheideathatidentifiablepersonsororganisationsusethesamecommunication endpoints suchasemailaddresses,phonenumbersandIPaddresses oversubstantialperiodsof time. Anyhalfintelligentcriminal,followingthisbill,willusefrequentchangesofaddressandphone number,amongperhapshundredsatanyonetime,inordertofragmentandconfusethepatterns visibletoanyinvestigator.Thetechniquesforthisstyleofevasionarealreadywelldevelopedamong thehackercommunity.Theywillspread,andcauseaslightincreaseincommunicationscostsfor criminalsbecauseoftheinconvenience.Unfortunately,theextracosttothebaddieswillbemuchless thantheextracosttotherestofus,anditwillnotevenslowthemdown. Theproposalwillthereforebeineffectiveforitsprimarypurpose. 2. Wideaccessibility Makingcommunicationsdataaccessibletothepoliceandthesecurityservicesmightbejustifiableif itwereeffective.Makingthesameenormousrangeofdataaccessibletootherpublicbodiesisquitea differentproposition.FewpeoplewouldtrustlocalofficesoftheDWPwiththeirpersonal communicationsdata,letalonetheinterestedofficersoflocalcouncils. Anyassurancethatwewontallowthatintherulesisnotworththepaperitwouldbepublishedon. Oncethedataisonfile,theusesofitwillcreepoutwardsstepbystep,andeachsteplookssmallto thegovernmentthatallowsit.Withintenyearsuseofthatdatawouldbewidespread,andvested interestswouldbetoobigtoletitbegivenup. 3. Safeguards Ifthebillgoesahead,theinformationaboutmostpeoplescommunicationswillbeheldbyamodest numberofwelldefinedprivatecompanies,theISPs.Theyarelarge,bureaucraticinstitutions,runby ordinaryhumanbeingslargelygovernedbyprocedures.Therewillperforcebepeopleand proceduresforrecoveringthedataaboutpastcommunicationpatterns.Thosepeopleandthose procedureswillbevulnerabletoerrorandtocorruption. Wherethereisastrongincentivetoinvestigate,mereprocedureswillnotstandintheway.The historyoftheNewsoftheWorldphonehackingscandalshowsjusthoweasyitisforsafe repositoriesofinformationtobebreachedwhenenoughmoneyorotherinterestisinvolved.Note thatthisisahumanproblem,notatechnicalone! Reviewingthehistoryofknownleaksandlossesofpersonalinformationbothfromtheprivateand thepublicsectoroverthelastfiveyears,noreasonablepersonwouldwillinglytrusttheirdatatosuch ascheme. August2012
213
The Law Society

TheLawSocietyofEnglandandWales TheSociety istheprofessionalbodyforthesolicitors professioninEnglandandWales,representingover150,000registeredlegalpractitioners.The Societyrepresentstheprofessiontoparliament,governmentandtheregulatorybodiesandhasa publicinterestinthereformofthelaw. I. HistoricallyEnglishlawhasprotectedprivacyinparticularcircumstancesbuthasnever acceptedageneralrighttoprivacy.TheHumanRightsAct1998,byincorporatingthe EuropeanConventiononHumanRights ECHR intoEnglishlaw,changedthat.Viathe incorporationofArticle8oftheECHR,Englishlawnowrecognisesaqualifiedrightto respectforprivateandfamilylife.Thisgeneralrightissupplementedbythedataprotection frameworkenshrinedintheEUDataProtectionDirectiveandtheUKsDataProtectionAct 1998. EffectivedataprivacyanddataprotectionrightsareessentialtolifeinanInformation Society.Thevastquantitiesofpersonaldatageneratedbydigitaltechnologiesofallkinds meanthatwithoutconstantvigilance,andsomerestraintbytheState,personaldataprivacy willquicklycollapse.Itisworrying,therefore,thattheGovernmentsplanswillcompel organisationstocollectinformationabouttheirusersthattheywouldnothavepreviously hadareasontocapture,usingtechnologymandatedbyandforthepurposesoftheHome Office. Itisessentialtorecognisethat,rightlyorwrongly,theGovernmentsproposalsarehighly intrusive.TheGovernmenthasemphasisedthatitsproposalsinvolvetheretentionof,and accessto,communicationsdatanotcontent.Theimplicationisthattheyareonlymildly intrusive.However,astheInformationCommissionerpointsout:Youcantellanawfullot aboutsomepeoplespersonalcircumstancesfromthepeopletheyaretalkingtoandthe websitestheyvisit. 229Indeed,itwouldscarcelybeworthwhilefromtheGovernments perspectivetointroducethismeasureifyoucouldnot. TheGovernmenthasalsosoughttodistinguishitsproposalsfromthoseofthe CommunicationsDataBill2008byemphasisingthattherearenoplanstocreateasingle governmentdatabase.Theseearlierproposalswerescrapped,inlightofwidespread condemnationfrompoliticiansofallparties,aswellasnonpoliticians..Itisclearthata single,centraldatabasecapturesthepublicimaginationinawaythathighlightstheprivacy andsecurityissuesatstake;itisnotclear,however,thatnumerousprivatelyowned databasesarelessprivacyintrusive.Masssurveillanceofinnocentpeopleisstillbeing proposed. Acomprehensivereviewofthelegal,institutionalandtechnicalframeworkwithinwhich surveillancepowersareexercisedintheUKislongoverdueand,inthisregard,the ProtectionofFreedomsAct2012 POFA wasamissedopportunity.Inparticular,theLaw SocietyhasrepeatedlycalledforanoverhauloftheRegulationofInvestigatoryPowersActto ensureexplicitprotectionofcommunicationsbetweenlawyersandtheirclients,whichisa commonpositionaccrossthelegalprofession. TheSocietywelcomestheJointCommitteesprelegislativescrutinyofthedraft CommunicationsDataBillandthechallengingquestionsonwhichithasinvitedcomments andonwhichtheSocietyoffersitsviewsbelow.
II.
III.
IV.
V.
VI.
1.
HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill?
229InformationCommissionersstatementontheCommunicationsDataBill,27April2009
214
1.1. ThebroadobjectivesoftheBillareclear.Thatis,toensurethatcommunicationsdatafrom internetbasedcommunications instantmessaging,socialnetworksetc areobtainedand retainedbyCSPsandcanthenbeobtainedbyauthorisedpublicauthoritiesinappropriate circumstances. 2. HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? 2.1. TheGovernmentscaseisthatcommunicationsdatahaveplayedaroleinallmajorSecurity Servicecounterterrorismoperationsandmostseriousorganisedcrimeinvestigations.It nowarguesthatlackofcommunicationsdataisbeginningtohamperinvestigations. 2.2. TheLawSocietysviewofthisargumentmirrorsthatoftheEuropeanDataProtection Supervisor EDPS ,PeterHustinx,inrelationtotheEuropeanDataRetentionDirective. Hustinxhasarguedthatifameasureisalreadyinplaceandpracticalexperiencehasbeen gainedthereshouldbesufficientqualitativeandquantitativeinformationavailablewhich allowsanassessmentofwhetherthemeasureisactuallyworkingandwhethercomparable resultscouldhavebeenachievedwithouttheinstrumentorwithalternative,lessprivacy intrusivemeans.Suchinformationshouldconstitutegenuineproofandshowthe relationshipbetweenuseandresult. 230.Hustinxconcludedthatthequantitativeand qualitativeinformationprovidedbyMemberStateswasinsufficienttoconfirmthenecessity ofdataretentionasrequiredbytheDataRetentionDirective.IntheSocietysviewthe Governmentspublishedevidencebaseforadditionaldataretentionpowersissimilarly weak. 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? 3.1. TheproposalsintheBillreinforceandextendanenablingframeworkintheUKthat underpinswhatmany,includingtheInformationCommissioner,havecalledasurveillance society.ThedriftintoasurveillancesocietyiswhytheSocietyarguesthatPOFAwasa missedopportunity.TheSocietydoes,however,welcometherecognitioninPOFAofthe principleofjudicialapprovalforcertainapplicationstoobtainordisclosecommunications data.Thecaseforextendingthisprincipleshouldformpartofanyfuturereviewof surveillance. 4. Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? 4.1. TheLawSocietyhasnotexploredthisquestioninanydepth.However,theSocietynotes thatPrivacyInternationalhaveclaimedthattheonlyothercountriesintheworldthathave thekindofmasssurveillancesystemsthatareproposedareChina,IranandKazakhstan 231. 5. Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? 5.1. TheSocietyisnotawareofany.TheSocietydoesthinktheHomeOfficeshouldidentify alternatives,publishtheevidenceforandagainst,andconsultbothexpertsandmembersof thepublictoensurethatwecanhaveaninformeddebate.
230OpinionoftheEuropeanDataProtectionSupervisorontheEvaluationreportfromthe
CommissiontotheCouncilandtheEuropeanParliamentontheDataRetentionDirective Directive2006/24/EC .31May2011 231PrivacyInternational,SubmissiontotheJointCommitteeonthedraftCommunicationsDataBill
215
6.
ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? 6.1. TherelationshipbetweentheDataRetention ECDirective Regulations2009andthe proposalsintheBillisnotentirelyclear.TheRegulationsapplytocommunicationsdatato theextentthatsuchdataaregeneratedorprocessedintheUKbyatelecommunications operatorintheprocessofsupplyingaparticularcommunicationsservice.ThedraftBill enablestheSecretaryofStatetomakeanordertoensurethatcommunicationsdataare availabletobeobtainedfromtelecommunicationsoperators.Theimplicationisthatthe datatobeobtainedundertheBillarenotdatathatwouldberetainedbyoperatorsinthe normalcourseoftheirbusiness.However,astheHomeOfficeacknowledges,andthe rationalefortheBill,isthattheUKstelecommunicationsinfrastructureischangingrapidly. Itfollowsthattheboundarybetweendatathatwillberetainedinthecourseofbusinessand datathatwillnotisalsoshifting andnotnecessarilysimplyinthedirectionoflessdata retentionforbusinesspurposes Onthefaceofit,therefore,oneoverarchingpieceof legislationwouldbepreferable.
7.
IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasures thatcouldbescrappedasaquidproquotorebalancecivilliberties? 7.1. Civillibertiesshouldnotbetradedinthisway.IftheprovisionsoftheBillarewrongthey shouldnotbeadopted;ifothermeasuresdeservetobescrappedonhumanrightsgrounds theyshouldbe.
8.
WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKas alessattractivebase.Whatmightbetheeffectonbusiness? 8.1. ThisisaquestionforCSPs.
Costs: 9. Istheestimatedcostof1.8bnover10yearsrealistic? 9.1. TheSocietydoesnottakeaviewonthismatter. 10. TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? 10.1. Nocomment. Scope: 11. Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill? 11.1. Nocomment. 12. WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Should itbepossiblefortheSecretaryofStatetovarythislistbyOrder? 12.1. ThelimitedevidenceprovidedbytheHomeOfficeexplainingtheneedforthisBillconcerns SecurityServiceantiterroristoperationsandseriousandorganisedcrimeinvestigations. LimitingaccesstotheSecurityandIntelligenceServices fortheirstatutorypurposes and tothepolicefortheinvestigationanddetectionofseriouscrimewouldbeappropriate. 12.2. ItshouldnotbepossiblefortheSecretaryofStatetovarythelistbyOrder.Parliamentary debateandapprovalshouldbenecessarybeforeanyextensionofaccessispermitted.
216
13. Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? 13.1. Itseemsentirelyunrealistictopursueoverseasproviders.TheHomeOfficeshouldexplain howitsplanswillworkinpractice. UseofCommunicationsData: 14. Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? 14.1. Asstatedabove Q.12 ,intheabsenceofanyclearerjustification,limitingaccesstothe SecurityandIntelligenceServices fortheirstatutorypurposes andtothepoliceforthe investigationanddetectionofseriouscrimewouldbeappropriate 15. Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? 15.1. Withoutastrongerevidencebaseitisunclearwhetherornotanyretentionisnecessary and,ifitis,whether12monthsistoolongortooshort.TheHomeOfficeshouldexplainthe basisonwhich12monthshasbeenchosen. Safeguards: 16. Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? 16.1. AstheSocietyexplainedinitsintroductorystatement,theSocietyregardstheseproposals ashighlyintrusiveanddoeshaveconcernsaboutcompliancewithArticle8.Independent judicialreviewwouldbebetter.Incasesofurgencysuchreviewmightneedtotakeplace aftercommunicationsdatahadbeenaccessed.Suchcasesshouldbeexceptional. 17. Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplyto allpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? 17.1. Awarrantsystemwouldbeappropriate.Itshouldapplytoallpublicauthorities.Any evaluationoftheresourceimplicationsshouldtakeintoaccounttheprobablereductionin thenumberofapplicationsforcommunicationsdata. 18. IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? 18.1. Yes,iftheOfficeswhichsupportthemareproperlyresourced.Oversightarrangementscan onlybeeffectiveiftheycanbeimplementedinpracticeandtheInformationCommissioner hasalreadyhighlightedtheneedforadditionalresources. August2012
217
George Lawrence
Costs/Technical MyunderstandingisthattheBillseekstoexpandtheexistinginterceptionframeworktocoverpeer peercommunications likeSkype .Thesuggestedcostisaround10annuallyperelectronically connectedperson. Theconcernisthatunlikehistoricalnetworksbasedonhightransmissioncostswhichrequiretobe centrallyswitchedtoconservetransmissionresource,moderncommunicationismostcosteffective whenthenetworkisdistributedbecausetransmissionisrelativelyverycheapincomparisonto centralswitching. Therequirementsofmonitoringreimposethecentral 'hub' controlelementandinvalidatea moderncommunicationsystem'sdistributedarchitecture.Sowhilepurelymonitoringmaybecosted assuggested,thelossofopportunitycostofbeingunabletomakeuseofthemodernarchitecturefor newcommunicationmodesismuchhigher. General Itiswidelyrecognisedthatsecurityagenciesneedtomonitorcommunications.Thishasbeenona targetedbasisnoncommunicationsevidencepointingtoindividualsundersuspicion.The communicationsoftheindividualscanthenbe*selectively*monitored.Howeverwhatisbeing proposedistouseasearchofdataforallcommunicationstofindpeopletowatch.It'sthisblanket proactivetrawling,notasatargetedresponse,thatwillinvalidatethecosteffectivetechnologythat peopleexpect.Itisalsoaconceptualshiftinapproachtoanindividual'srighttoprivacy. August2012
218
Stacey Leigh Ross

1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? MyunderstandingisthatthisBillisdeemednecessarytogivethePolicethetoolstofightterrorism, paedophiliaandothernefariousorganisedcrimes.
Nottomymind.WhileIunderstandtheneedtoprovideourlawenforcerswiththetoolstodotheir jobseffectively,Ifeelthisisnotthewaytodoit.Theconstantmentionofterroristsandpaedophiles almostseemstobeawaytofrightenthepublicintoagreementwiththisProposal.WhenIquestioned theneedforsuchaninvasionofcivillibertieswithmylocalMP,thiswasthestandardresponse. Frankly,Ifeelthatthisiscreatingahaystackwithinwhichtofindaneedle.Collectingthismuch informationwillmakemeanthatmuchmoreinfowillneedtobesiftedtofindthesuspectsyouare after.Surelythereisamoreeffectiveway. Inaddition,thepeoplewhothisBillwantstotargetaremediasavvyenoughtoavoidthe communicationsnetthatanyonemightdesigntocatchthem.Isuspectyouwillonlynabtherank amateursandcarelessyoungpeoplewhouseinflammatorylanguagethatcausesaredalertonyour securitysweepsystems. General:
Iamconcernedabouttheprecedentthatthissets.Afewyearsago,RIPAwaspassedandwegave awaysomeofourfreedoms.Ifeellikethisisaslipperyslope.Ifwesayyestothis,inafewyearstime whentechnologyevolves,willwebebackagain,infringingfurtherandfurtheruntilwetrulyhavea BigBrotherstatewhereeveryoneisundersurveillance. Thisproposalmakesitseemlikeeveryoneisapersonofsuspicion,andifwereallsuspicious individualsthenwhoarewetrulybeingprotectedfrom? Idontknow,Imnotthatversedinthis.Perhapswhatweneedisathinktankcomprisingonthe groundofficerswhoactuallyhavetousethesystemtodotheirjobs,membersofthepublicfroma variedcrosssection,andtechnologicalexperts.Ibelievethismightbeabetterwaytodesignamore effectiveandlessinvasivesolution.
3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy?
4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionofcommunications data?
56Noanswer
7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties?
Isitevenlegalforthegovernmenttosuddenlydecidetoremovethisaspectofmycivilliberties.Is thisproposedinvasionofprivacyevenlegal?
8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKasa lessattractivebase.Whatmightbetheeffectonbusiness?
Iwouldthinktheydfinditmoreattractive,theygetmoneytoholdaveritablemarketinggoldmine thattheycouldusetoboosttheirsales! Costs:
9.Istheestimatedcostof1.8bnover10yearsrealistic?
Isanyestimateeverrealisticingovernment?Budgetsalwaysendupgoingover.Myconcernismore that,herewearebeingbeatenovertheheadaboutthedeficit,thedeficit,thedeficitandinthe midstofcuttingbackonrealessentialslikeschoolrepairs,policing,fireservices,etc.werelookingto
219
findalmost2bntohandovertoprivatecompanies someofwhicharentevenUKcompanies to collectatruckloadofdata,mostofwhichwedontevenneedcauseitwillberandominfolikehow manytimesIcallmymum,shoponAmazonforbabyproductsandlookuparecipeonbbc. Surely,ifweregoingtofindmoneyforsomething,itshouldbeto: buildupoureducationsystem, supportouryoungpeoplesowehavebetteradultsinthefuture, enableourdefenceforcestodotheirjobswiththerightequipmentand lookafterthemwhentheycomehome properly! , buildupourresearchanddevelopmentsectorssowereaheadintheenergygame, pumpmoneyintooursmallbusinessestohelprebuildoureconomy Thelistisendless.AsfarasImconcerned,collectingmountainsofirrelevantdatathatwilleventually fallintothewronghandsandusedforpurposesforwhichitwasnotintended,isNOTapriority.
10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic?
Great!Hasanyoneworkedoutthepossiblecostsofthisgoingwrong?Databeinglost,sold,usedby thewrongpeople?Prosecutionofinnocentpeople?Moreinstancesofwastedcourttimewithpeople likePaulChamberswhothreatenedtoblowupalocalairportinfrustrationandhadtowaitforan appealsjudgetofigureoutitwasajoke!Lawsuitsfromtheseinnocentpeoplewhovehadtheirlives turnedupsidedown?Alltheactualcriminalsthatwewillbeignoringuntilitstoolatebecausewe assumeournewgrandsystemwillcatchall,whentheveryoneswewanttocatchareslipping throughthenet? Scope:
11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill?
12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Should itbepossiblefortheSecretaryofStatetovarythislistbyOrder? 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty?

Wesimplyshouldnotbecollectingthisinfointhismannersoforme,thisquestionisirrelevant.
No.Iamespeciallyconcernedaboutconflictsofinterest.Willitbedeemedinpoortasteforwealthy businessmanfriendsofpoliticiansandseniorofficialstobetheoneswhosecompaniesarecollecting thisinfoandmakingatidysumdoingso?
ThisBillseemstosuggestthattherearenocircumstances.Allcommunicationsproviderswillbe collectingallyourtrafficinforegardlessofwhethertheyhavereasontoornotjustincaseyouturn outtobesuspicious withinthe12monthsretentionperiod,ofcourse .Icanjustpictureitnow. Cameron,Clegg,orwhoeverelsemightendupinpowersayssomethingthatirritatesme.Ina subsequentphonecalltomymum,IgetoverexcitedandsayIwishsomeonewouldbombhis bicycleorsomethingequallysillyandthenextthingIknowMI5isonmydoorstepinterruptingme hangingoutthelaundryorfeedingmychildbecauseImathreattothePMofthehour. Safeguards: 1618WhileIappreciatethattheseseemalogicalsafeguardtoputinplace,Iamsurethatyouwill forgivemylackoffaithinmostpoliticalofficesafterthelastfewyearsofproofthatfew,ifany, positionsofpowerarenotabused.IonlyneedtocitethetopbrassattheMetpolice,thefallofNews oftheWorldetal,theMP'sexpensesscandalandthat'sjustthetopbilledones.Giventhathistory,
14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect?
BasedonourhistorywiththeUSAbendingoverbackwardstohelpusthewaywedotohelpthem? Highlyunrealistic.ChinaandIndiaarealsobecomingtechnologicalsuperpowers,dowereally imaginethatwewouldhaveanycontroloverinformationthattheymightdecidetokeepandhold? UseofCommunicationsData:
15Noanswer
220
whatguaranteedoesanyordinarycitizenhavethatwithaccesstosomuchinformationthatthosein powerwillnotsuccumbtotemptationandfindprofitableusesforwhattheyshouldbesafeguarding. I'drathernotbewatchingcourtproceeding10yearsfromnowwiththevariousCommissioners defendingthe'loss'and'resurfacing'ofdatathattheyshouldneverhavehadtosafeguardinthefirst place.Asmymotherusedtosay,whytemptpeople? ParliamentaryOversight: Enforcement: 2021Abittoolittletoolate.Afterthehorsehasboltedandtheinformationisouttherein circulation,allthefinesintheworldwillnotstopitfrombeingused.Peoplewillalwaysfindaway. Wewontneedtoenforceanythingifwenevercollectsuchamassiveamountofpersonaldatathat wedontneedinthefirstplace. Technical: 2226Myonlycommenthereistoaskhowyouplantodealwithfalsepositivesandfalsenegatives, butImaintainthatIfeelthisdatashouldnotbecollectedinsuchawidereachingmannertherefore eliminatingtheneedforthistechnicalconversation. InConclusion: Fordecadesbigbusinesseshavebeentryingtotrackcustomerseverymoveformarketingsuccess thinkTescoClubCard .AssomeonewhousedtoworkinadvertisingandmarketingresearchIknow thisinformationwouldbeaveritablegoldmineforanybusiness.Icannotseehowanygovernment canensurethatacompanydoesnotusetheinformationthattheyarecollectingandstoringfortheir ownpurposes.Ialsowouldliketoknowhowwecanbesurethattheinformationhasbeendestroyed afterayearhaspassed. Furthermore,Ireiteratethatwehavemorepressingneedsthanthefundingofheavyhandedplan thatcreatesamountaintofindamolehill.Whyarentwefindingmoneytosupportthedevelopment ofourfuture?Ouryoungpeople,ourNHS,ourbusinessdevelopmentandcareeropportunities,our policeservice,ourresearchanddevelopment,ourenergydilemmas,ourdefenceforces?Surelythese aremoreimportantrightnow. Ihonestlydonotcarewhetherthisis/wasaLabour,LibDemorConservativeproposalmyresponse isthesame.Ifeelthereisnorealisticorfeasiblewaytotrulypolicethisinformationorensureits safetyandsoitwouldbesafertoonlycollectwhatisactuallyneededratherthanmorethanis needed.Inpractice,thisistoocostlyanexcess.Theargumentthatweneedthisfornationalsecurity andtobeabletoensureconvictionsincourtisvalidbutthissolutioniswaytooextreme.Iamsure thatthereisahybrid,amiddlegroundthatcanbefoundthatdoesn'tcompromiseeveryindividual's civillibertiesforthesakeofapreciousfew.Itrulybelievethereareenoughintelligentand enlightenedmindsinparliamenttocomeupwithabettersolution.Thisisnotit. August2012
19.Noanswer
221
LGA
Whataccessdocouncilscurrentlyhavetocommunicationsdata? Councilscanaccesscommunicationsdataforthepurposeofpreventingordetectingcrimeor preventingdisorder. CouncilscurrentlyhaveaccessunderRIPAtotelephone/internetsubscriberandbilling informationonly.Councilsdonothavethepowerstoobtainthecontentofanytelephonecall oremail. Councils use communications data to protect residents and businesses from those that are deliberatelyandpurposefullytryingtocauseharm. Communications data is essential to the work carried out by councils to tackle benefits / council tax fraud, rogue traders, loan sharks, doorstep crime, anti social behaviour, serious environmental crime, commercial flytippers, animal welfare issues and counterfeit goods. Thesecrimesareoftentargetedatthemostvulnerableinourcommunities. Losing access to communications data would leave councils without the tools to protect residentsandleaveroguetraderstooperatemorefreelyinourcommunities. Rightstoprivacyforindividuals The LGA recognises that the public are understandably concerned about unnecessary and intrusiveuseofinvestigatorypowersbyGovernmentbodies. We support the use of safeguards that can reassure the public that access to data is used responsiblyandproportionately. While the LGA believes that councils only access data when absolutely necessary and in proportion to the suspected crime, we accepted the introduction of magistrates approval undertheProtectionsofFreedomsAct2012foraccesstodata. Safeguardstoaccessingdata The LGA believes that the current framework through which councils can access communicationsdataprovidesthesafeguardsthatthepublicarelookingfor. UnderRIPA,accesstocommunicationsdatawasalreadysubjecttointernalapprovalata DirectororHeadofServicelevelandbyelectedmembersthroughregularreviewsof requestsmadeunderRIPA. Councilsarealsosubjecttoexternal,independentoversightbytheSurveillance CommissionerandInterceptionCommissionersoffices,whichreportdirectlytothePrime Ministereachyear. The Protection of Freedoms Act requires councils to seek magistrates approval each time councilswanttoaccesscommunicationsdata. Councilsbehavingresponsibly TheintroductiontotheDraftBillitselfstates,Localauthoritiesaccountforlessthan0.5%of totalRIPArequestsforcommunicationsdata.Thisextremelylowfigureshowsthatcouncils areexercisingtheirpowersinaresponsiblewayandonlyrequestingdatawhenabsolutely necessary. In fact, local authority requests only constitute 0.3% of requests for communications data. This figure has remained consistent since 2006 when reporting was introduced. SirPaulKennedy,inhispositionasInterceptionofCommunicationCommissioner,presented evidence to the Freedoms Bill Committee in 2011, which stated, I am aware that some
sectionsofthemediacontinuetobeverycriticaloflocalauthoritiesandthereareallegations thattheyoftenusethepowerswhichareconferreduponthemunderRIPAinappropriately. However, I can categorically state that no evidence has emerged from our inspections that havetakenplacebetween2005and2010,whichindicatesthatcommunicationsdataisbeing usedtoinvestigateoffencesofatrivialnature,suchasdogfoulingorlittering.Onthecontrary itisevidentthatgooduseisbeingmadeofcommunicationsdatatoinvestigatethetypesof offenceswhichcauseharmtothepublic,suchasinvestigatingroguetraders,loansharksand flytippingoffences.SirPaulKennedyadded,Oftenthetelephonenumberorcommunications address is the only information / intelligence the local authority has to progress the investigationandidentifytheallegedoffender.
222
CommunicationsdatasupportingGovernmentpriorities TheGovernmentisrunningacampaignentitled,Targetingbenefitthieveswiththetagline, Itsnotifwecatchyou,itswhen. InApril2012,theGovernmentlaunchedtheNationalTradingStandardsBoardtoprovidea structurethroughwhichcouncilswouldberesponsiblefor combatingpriorityareassuchas loansharksandinternetscams. CouncilshaveacrucialroleindeliveringthesestrategicGovernmentaims,whichcanonlybe achievedwithaccesstocommunicationsdatatotacklepersistentoffenders. TheLGAprovidedextensiveevidenceonthevalueofcouncilaccesstocommunicationsdata duringthedebateontheProtectionofFreedomsAct.ThisActonlyreceivedRoyalAssenton 1stMayandwearedisappointedthatwearerequiredtocommitresourcetorevisitingthis debatesosoon. Clause11ofthedraftCommunicationsDataBillandtherecentProtectionsofFreedomsAct providecouncilswiththepowerstocontinueaccessingcommunicationsdatawithapproval from a magistrate. This shows a clear recognition from Government of the importance of thesepowersforcouncilstoprotectcommunitiesfromcrime. However,sincetheBillwaspublished,theHomeOfficehasadvisedthattheLGAisexpected to make a business case for a specific Order to ensure that councils can retain access to communicationsdata. This change in stance, along with differing legal views about whether an Order is actually required,hascreatedsignificantconfusionandconcernaboutGovernmentintentionsonthis matter. It would be helpful to have a clear message from Government to support the importanceofcouncilsretainingaccesstocommunicationsdatainordertoprotectthemost vulnerable parts of our communities from crime and to acknowledge that councils are makinggooduseofcurrentpowersinawhollyproportionatemanner. Casestudies 1. ShropshireCounciltacklingbenefitfraud AbenefitclaimantconvictedbyShropshireCouncilreceived26weeksimprisonmentforfailingto notifyofthecouncilofherpartnerspresenceinthehousehold,leadingtoanoverpaymentofover 40kincouncilandDWPbenefits.ChecksontelephonenumbersandSKYrequestswerecriticalto establishingthepartnerwasresidentattheproperty. 2. Protectingresponsiblebusinessesandcreatingafaireconomy WolverhamptonCityCouncilacquiredcommunicationsdatatoinvestigatethelargescale manufactureanddistributionofcounterfeitmediaproductsviatheInternetandcomputerfairs.The offenderwasconvictedandsentencedtothreeyearsimprisonment.Theestimatedlosstolegitimate businesseswasintheregionof1millionandthiswasstoppedwhenthefourcounterfeiting factoriesweredismantled. 3. Protectingthepublicfromdangerousgoods NottinghamshireCountyCouncilsuccessfullyputastoptotheimportandsaleofdangerous counterfeitelectricalgoods,whichwereputtingunassumingconsumersatrisk.Dataaboutmobile telephoneuseenabledtheCounciltoobtaindetailsofassociatesofthemainoffenders.Thecase resultedinthemainoffendergettinga41/2yearprisonsentenceforimportingdangerous counterfeitelectricalgoods.Anassociategota10monthsentence. NottinghamshireCountyCounciladvisesthatwithoutthecommunicationsdatatheinvestigation wouldcertainlyhavebeenprolonged andmoreexpensive andisunlikelytohavesucceeded. 4. Protectingvulnerableresidentsfromroguetraders Anelderlycouplehadbeencoldcalledattheirproperty.ThecouplewereadvisedbyDesigner Drivewaysthatvariousworksneededtobecarriedoutincludingpowerwashingthepatio;layinga newblockpavingdriveway;anewgardenwall;supplyinganewgate;removalofconifersfromthe backgardenandlayingapatiooverthearea;treatingthejoistsintheatticforwoodwormandlaying
223
newinsulation.Thepaperworkprovidedforthevariousjobsdidnotcomplywithlegislation; cancellationrightswerenotprovidedandsurveyorsreportsshowedthattheworkhadnotbeen carriedoutproperlyorthattherewasnoneedfortheworkinthefirstplace.Thecouplepaid DesignerDriveways14,500. Thetraderconcernedindicatedthatthecompanythathadcarriedouttheworkwasnothingtodo withhim.AsubscribercheckcarriedoutbyCardiffCityCouncilshowedthatthemobilephonewas registeredtohimandillustratedclearlinkagestothelimitedcompany.Onthe17thApril2012the defendantpleadedguiltytofraudcharges.Hewassentencedto18monthsimprisonmentwhichran concurrentlywithaprisonsentencethathewasalreadyserving. 5. Protectingvulnerableresidentsfromroguetraders TheCentralEnglandTradingStandardsRegionalScambusterTeambasedatSolihullBorough Council,andWestMidlandsPolicejointlyinvestigatedaroguebuilderwhencomplaintswere receivedfromtwomembersofthepublicthattheyhadbeenrippedoff.InitiallytheCrown ProsecutionServiceadvisedagainstgoingtotrialbecausetherewereonlytwovictimsanditwould thereforebedifficulttoprovethefullextentofhiscriminality.Outgoingcallrecordswereobtainedin relationtothesuspectsphoneandthisenabledtheinvestigationteamtoidentifyanumberofother victimswhowerepreparedtogiveevidence,manyofwhomhadbeenunawarethattheyhadactually beenthevictimtoafraud.Theoffenderobtainedapproximately200,000byfraudfromhisvictims overan18monthperiod.ThecasewaseventuallytriedinBirminghamCrownCourtandtheoffender pleadedguiltyandwassentencedto4yearsimprisonment.Itisextremelyunlikelythathewould havebeenbroughttojusticeiftheinvestigatingofficershadnotmadeeffectiveuseofthepowersto acquirecommunicationsdata. 6. Preventingoutbreaksoffoodpoisoning ThecaseconcernedthesupplyofchickentoseveralfoodbusinessesintheCardiffarea.Thebusiness wasnotregisteredasafoodbusinessanditwasnotknownwhetherthemeatwasillegalsourcedand unsafe.Noneoftheinvoicesgivenspecifiedacompanyname,addressorcontacttelephonenumber. However,oneofthefoodbusinessownersconfirmedthatheorderedthechickenfromamobile telephonenumber. Asubscriberonthisnumbergavearesidentialaddressfromwhichthedefendantwassubsequently traced.Onthe21stJuly2011defendantpleadedguiltytooffencesundertheGeneralFoodRegulations 2004andfined.Thiscouldnothavebeentracedwithoutaccesstocommunicationsdata. Theeconomicimpactofanoutbreakoffoodpoisoningwouldhavebeensignificantand,potentially, fataltoelderlyandvulnerablepeople. 7. Policingonlinesales HampshireCCwerecalledtoinvestigateimporterofcounterfeitgolfclubsandaccessorieswhosold themviaeBay.DespitetwoseizuresfromHMRCatportofentry,hecontinued.RecordsfromeBay andPaypalwerecontradictoryintermsofidentificationoflocationofoffender.Aseriesofemail addressesprovidedtoeBay/Paypalwerecheckedbymeansofrequestingsubscriberdetailsandthe offenderlocatedasaresult. Despitepleadingguiltyatfirstopportunity andthereforegettingamandatory30%discountonthe penalty ,theoffenderwassentencedto30monthsimprisonment reducedonappealto21months andwasorderedtopayaconfiscationorderintheregionsof108,000.Thisdemonstratesthe seriousnessofthecrime. 8. Maintainingroadsafety Alargescalepurchaserandsellerofwasfoundtobeselling'clocked'cars.Carswereboughtat auctionwithhighmileagesandthensoldviaeBay/AutoTraderwebsitewithfraudulentdescriptions applied.Thecarsconcernedwerelowvalueones,typicallynomorethan2000.Over50carswere soldinamisdescribedmannerandwithfalsifiedservicehistory.Thevalueofthefraudwasinexcess of60,000.Falsenamesandaddresseswereused,however,itwaspossibletotracethoseconcerned usingsubscriberdetailsinrespectofmobiletelephonenumbersandemailaddressesprovided.
224
Despitepleadingguiltyatfirstavailableopportunity andthereforegettingamandatory30% discountonthepenalty ,theoffenderwassentencedto20monthsimprisonment. 9. WorkingwiththePolicetostopemailscams TheCouncilreceivednotificationofresidentsreceivingChineseinheritancescamletters.Theletters promisedreleaseofaninheritancefromapersoninChinaonpaymentofanadministrationfee. LetterswerepostedwithRoyalMailSmartStampdetailsonthemandtopotentialvictimsalreadyon 'suckerlists'whoarethereforepotentiallyveryvulnerabletosuchactivity.TheCouncilobtained subscriberdetailsfromRoyalMailindicatingthepersonsandaddresseswithintheUnitedKingdom whohadreceivedletters,makingthefraudmucheasiertotackle. TheinvestigationwasreferredtotheMetropolitanPoliceasitinvolvedworkonascalebeyondthe councilboundaries.However,councilinvolvementenabledarapidresponseandenabledthepoliceto targettheirresourcesatdealingwiththeoffenders.Thecouncilwasalsoabletoprovideadviceto residentsonavoidingthescam. 10. Tacklingbenefitfraud NeathPortTalbotCBCsuccessfullyprosecutedamanforillegallyclaiming5000ofhousingbenefits usingcommunicationsdata.Officialtelecomsinformationwasusedtoshowthatthenumberslisted inhisplanningapplicationformandmortgageapplicationwerefalseanddeliberatelymisleading. Theevidencefromthetelecommunicationscompanieswasusedtoproveintenttocommitbenefit fraudandthattheindividualhadprovidedfalseinformationforfinancialgain.Hewasgivena12 monthcommunitypunishmentorderfor240hoursofunpaidworkandtoldtorepaythe overpaymentofbenefitandcourtcosts. July2012
225
Liberty
ExecutiveSummary TheDraftCommunicationsDataBillrelatestotheproposedcollection,retentionandavailabilityof communicationsdataacrosstheUK.Itisnoexaggerationtosaythattheselegislativeproposals signalamajorshiftintherelationshipbetweenthecommunicationsindustry,thestateandthe public.Neverbeforehaveprivatecompaniesbeencalledupontoorchestrateblanketcollectionof personaldatawhichtheyhavenobusinessreasontoretain.Thisbriefingwillinterrogatethecapacity whichcouldbecreatedundertheseproposals,thedepthofthecivillibertiesimplicationsandthe limitationsoftheproposedsysteminlawenforcementterms. Communicationsdataishighlyrevealing.Inanaveragedaywecanexpecttogeneratealargeamount ofcommunicationsdata,includingfromactivityonsocialnetworkingsitessuchasFacebookand LinkedIn,thedetailsofcommunicationsviaTwitter,thehistoryofwebsitesvisited,thetimeatwhich telephonecallsweremade,whotheyweremadetoandhowlongthecalllasted,thelocationofan individualmakingorreceivingamobilephonecallaswellasthedurationandtimingofthephone callandsubscriberinformationrelatingtothesourceorrecipientofcommunicationsandtheirdirect debitdetails. Suchdataisincreasinglydifficulttodistinguishfromcontentandweunderstandthatinorderto facilitatethecollectionofdataunderthisBill,telecommunicationproviderswillberequiredtoinstall technologythathasthecapacitytoroutinelyinterceptallcommunications.Thisnotonlyexacerbates humanrightsconcernsbutalsomakesclearthatthisproposalisaboutextendingratherthan maintainingtheabilityoftheStatetomonitorcommunications. IntheUKarrangementscurrentlyexistfortheretentionofsomecommunicationsdata.Thisisasa resultofanEUDirectivethatwastransposedintoUKlawin2009.However,similarrulesinplacein otherEUcountrieshavebeenrecentlysubjecttosuccessfullegalchallenge.Indeedconstitutional courtsacrossthecontinentincludinginGermany,RomaniaandBulgariahaveruledthattheir respectivearrangementsforretainingsomecommunicationsdataareunconstitutional.Asignificant caseiscurrentlypendingbeforetheEuropeanCourtofJusticewhich,forthefirsttime,willdirectly interrogatethecompatibilityoftheEUDirectivewithhumanrightsobligations.Weareunsurewhy theGovernmenthasnotwaitedfortheoutcomeofthisjudgmentbeforepressingaheadwithmore intrusiveplans. LibertybelievesthatcurrentUKdataretentionarrangementsareadisproportionateinterference withtherighttorespectforprivatelifeandunderminerespectforfreedomofexpression.The proposalssetoutintheDraftBillgosignificantlyfurtherandsufferevengreaterflawsasaresult. Libertyhasneveropposedtargetedsurveillancewithpriorauthorisation,onthebasisofindividual suspicion,butthisDraftBillamountstonothinglessthanblanketsurveillanceofthepopulationat large,turninganationofcitizensintoanationofsuspects. Introduction 1. TheDraftCommunicationsDataBill theDraftBill wasannouncedintheQueensSpeech andpublishedbytheHomeOfficeon14thJune2012.Itiscurrentlyundergoingaperiodofpre legislativescrutinybytheDraftCommunicationsDataBillCommittee theCommittee .Liberty appreciatestheopportunitypresentedbyprelegislativescrutinyoftheDraftBill,butgiventhe privacyimplicationstheseproposalscarryforallUKresidentswearedisappointedthattherehas beennopriorpublicconsultationundertakenbytheresponsibledepartment.Inparticular,we understandthattherehasbeennoformalprocessofconsultationwithcommunicationservice providers.OnthisbasiswefinditverydifficulttounderstandhowtheHomeOfficehasreachedits conclusionsabouttheextentofpotentialcollaboration,norindeedthecostsimplicationsofits proposals. 2. Beforeembarkingonasubstantialanalysisoftheseproposalswemustfurtherexpress concernattheirbroadandvaguenature.OurattemptstocritiquethisDraftBillhavebeenhampered
226
byaseriouslackofdetail.Thebestwaytodescribeitsprovisionsisfutureproof:highlyenabling andlackinginfocusedprescription. ThedetailoftheDraftBill
Part1DataCollection
3. Clause1oftheDraftBillgrantstheSecretaryofStatethepower,byorder,toimposeany requirementorrestrictiononanoperatorwhichisaimedatensuringtheavailabilityof communicationsdatatospecifiedbodies.ArrangementsaroundaccesstodataaredealtwithinPart 2,butClause1 b makesclearthatoperatorsmayberequiredtoretainorotherwisehandledatain ordertofacilitateaccessoutsidethearrangementsprovidedforinPart2oftheDraftBill.Thenon exhaustivelistofrequirementswhichmaybeimposedonoperatorsincludeobtainingorprocessing dataandenteringarrangementswiththirdpartiesinordertofacilitatetheavailabilityofdata. 232The processingofdataincludesthereading,organisation,analysis,copying,correction,adaptationor retrievalofdataanditsintegrationwithotherdata. 233Requirementsmaybeplaceddirectlyonan operatorbyorderorprovisionmaybemadeinanordertoallowforrestrictionsorrequirementsto beimposedbynotice. 234 4. Subclause1 3 providesthatoperatorsmaybemadesubjecttoadditionalregulatory obligationsdesignedtofacilitateswiftaccesstodataandmakeprovisionaboutstandards, equipment,systemsandtechniques. 235Requirementsmaybeplacedonoperatorsinrelationto servicesprovidedbyanotheroperator.Communicationsdataforthepurposesofthepermissive regimesetupbyclause1carriessubstantiallythesamemeaningasprovidedforunderRIPA;the regimeappliestopostaloperators. 236Subclause1 4 statesthatanauthorisationmaynotpermit conductconsistingoftheinterceptionofcommunications;asexploredbelowthisprohibitionis difficulttosquarewithourknowledgeofthetechnologicallimitationsofDPIsoftwareandhardware. 5. Undertheheadingsafeguardsclause2placestheSecretaryofStateunderanobligationto consultwithOFCOM,theTechnicalAdvisoryBoardandoperatorsorpersonsrepresentingoperators orwithstatutoryfunctionsinrelationtooperators. 237TheTechnicalAdvisoryBoardissolely concernedwiththetechnicalorfinancialviabilityandnottheprivacyimpactofproposals. 6. Clause4providesthatdatamustberetainedfor12monthsfromthedateofthe communicationunlessashorterperiodisprovidedforinaspecificnoticeortheoperatorisinformed thatthedataisormayberequiredforlegalproceedings,inwhichcaseoperatorswillberequiredto retaindatauntilinformedotherwise.Ifitbecomesapparentthatcommunicationsdataisnot requiredforlegalproceedings,thepublicauthoritywhichhasrequestedtheinformationshould informtheoperatorofthatfact. 7. Clause5makesclearthatoperatorscannotdisclosedataexceptinaccordancewithPart2of theDraftBilldealingwithaccessandauthorisation,orotherwiseasauthorisedbylaw,thiscould includeadisclosurerequiredbycourtorderassuggestedbytheexplanatorymemorandum,but wouldclearlycoverothersituationsinwhichtheSecretaryofStateauthorisesaccessotherwisethan inaccordancewithPart2undersubclause1 b .Theoperatorisrequiredtoputinplacesecurity
232Clause1 233Clause1
2 . 5 . 234Clause1 2 b . 235Clause1 3 . 236Clauses28and25. 237Clause2.
227
provisiontoprotectagainstunlawfuldisclosurewhichcanincludemanagementchecksandcontrols; nofurtherdetailisprovidedabouttherequirementofadequatesecuritysystems. 238 8. Clause6providesforthedestructionofdataattheendoftheretentionperiod.Destruction cantakeplaceatmonthlyintervals,meaningdatacanberetainedforuptoanadditionalmonth pendingthenextroundofdatadestruction. 9. Clause7setsoutothersafeguards.AlllistedsafeguardssetoutinthissectionoftheBill relatetoprocessandspecificallytheformofrequests.Anoticemadepursuanttoanorderrequiring retentionofdatamustbeinwriting,specifytherecipientandbegiveninamannerappropriateto bringittotheintentionoftherecipient.239Therecipientofthenoticemustbeallowedtoreferthe noticetotheTechnicalAdvisoryBoard,inaccordancewithtimescalesspecifiedintheorderthe boardwillconsidertechnicalandfinancialconcernsraisedbyoperators,reportingbacktothe operatorandtheSecretaryofState.TheSecretaryofStatewillhavetheoptiontowithdrawtheorder afterreceivingareportfromtheBoard:thisisthesecondsafeguard.IftheSecretaryofStatechooses toconfirmherordernofurtherreferralsarepossible. 10. Clause8dealswithenforcement.Requirementsdealingwiththewaydatashouldbeheld,the durationofretention,accessanddestructionoranyotherrequirementorrestrictionimposedby orderareenforceablebytheSecretaryofStatethroughcivilproceedings. 240Whereworkisincidental toorreasonablyundertakeninconnectionwithconductthatisauthorisedunderthisPartoftheBill anditisnotconductforwhichanauthorisationorwarrantcouldandshouldhavebeensought independently,itisnottoleadtocivilliability. 241
Part2Accessingdata
11. Clause9makeslegislativeprovision,viaaprocessofinternalauthorisation,foraccesstoall formsofcommunicationsdatabyanypoliceforce,theSeriousOrganisedCrimeAgency,HMRC,the intelligenceservicesandanyotherpublicauthoritydesignatedinaSecretaryofStateorder. 242Before datacanbeaccessedbyanemployeetheauthorisationofadesignatedseniorofficeroftheauthority concernedmustbesought.Ifgrantedtheemployeewhomadetherequestbecomesanauthorised officerforthepurposesoftherequest.Thedesignatedseniorofficermayonlygrantauthorisations whereheorshebelievesthatitis: i necessarytoacquirethedataforapermitted purpose; ii necessarytoobtainthedata: a forthepurposesofaspecificinvestigationoroperation; or b forthepurposesoftesting,maintainingordevelopingequipment, isnecessaryandproportionatetotheaim. 243 12. ThisprovisionmirrorsRIPAandthepermittedpurposessetoutatsubclause9 6 remainas broadandilldefined.Anadditionalpurposeisaddedatsubclause6 c whichrelatestothe preventionanddetectionofanyconductinrespectofwhichcivilenforcementactionformarket
systemsorothercapabilitiesrelatingtotheavailabilityorobtainingof communications iii theconductauthorised data;and
2 1 240Clause8 3 241Clause8 4 242Clause21. 243Clause9 1
. . . . .
228
abusemaybetakenbytheFinancialServicesAuthority. 244Thesepermittedpurposescanbeaddedto orrestrictedbytheSecretaryofStatebyorder. 245 13. Thedesignatedseniorofficermaygrantauthorisationforhimselforanyotheremployee withinhispublicauthorityandtheauthorisationcanextendtoanyconductinrelationtoa communicationssystemordataderivedfromsuchasysteminordertoobtaincommunications data. 246Clause9 3 containsanonexhaustivelistofthetypeofconductwhichcanbeauthorised includingrequiringanypersonwhomtheauthorisedofficerbelievesholdscommunicationsdatato discloseittoapersonidentifiedintheauthorisation.Clause9 4 statesthatanauthorisationmay grantaccesstocommunicationsdatatoapersonwhoisnotauthorisedintheorderforanyconduct whichhas,asitsaim,theenablingorfacilitatingofobtainingcommunicationsdata.Subclause9 5 b providesthatauthorisationsmadeundersubclause9 3 maynotinvolvethedisclosureofdatato thoseoutsideofthepublicauthorityinquestion. 14. Clause10makesprovisionfortheforminwhichauthorisationsornoticesmadepursuantto authorisationsaretobemadeinparticularthenatureofrequirementsshouldbespecified.Notices mustspecifytheofficeorpositionofthepersongivingit,therequirementsimposedandtheoperator uponwhomtherequirementsareimposed. 15. Clause11setsoutaregimeofjudicialapprovalforlocalauthorityaccesstocommunications datawhichmirrorstheprovisionsofsections23AandBofRIPA. 247Whereanapplicationismadefor aMagistratesorderapprovinganauthorisation,theindividualwhoisthesubjectoftheauthorisation neednotbeinformed;thesameistrueofhislegalrepresentatives.AMagistratemayapprovethe authorisationwheresatisfiedthat,atthetimeofthegrantandatthetimetheapplicationcomes beforetheCourt,therequirementssetoutatsubclause9 1 ,whichdealwithinternalauthorisation, aresatisfied. 16. Localauthoritiescanstillonlyseekaccesstouseandsubscriberdata. 248Asidefromlocal authoritiesandthosepublicauthoritieslistedonthefaceoftheDraftBill,provisionaroundtherange ofpublicauthoritiestowhichaccesswillbegranted,thetypesofdatatowhichaccessisauthorised andauthorisationprocessesarelefttosecondarylegislation:nodraftorderhasyetbeen forthcoming. 249 17. Clause12providesforauthorisationstobeoperationalforrenewableperiodsofamonth.If thegroundsfortheoriginalauthorisationnolongerexist,adesignatedseniorofficermustcancelthe authorisation.Clause13placesoperatorsunderaduty enforceablebycivilproceedingsbroughtby theSecretaryofState toobtainordisclosethecommunicationsdatainawaythatminimisesthe amountofdatathatneedstobeprocessedforthepurposeconcerned. 250Clause13alsoreaffirmsan operatorsdutytoactinaccordancewiththerequirementsofanoticegiveninaccordancewithan authorisation,howevertheyarenotrequiredtodoanythinginpursuanceofthatdutywhichitisnot reasonablypracticabletoexpectthemtodo. 18. Clause14providesforfilteringarrangementstobeputinplacebyGovernment.Theclauseis incrediblybroadlyframedanditsscopeobscure.TheSecretaryofStateisempoweredtoputinplace
244TheDraftBillprovidesfortherepealofothercorrespondingpowersandisthereforeeffectivelya consolidationofexistingprovisioninonepieceoflegislation. 245Clause9 7 . 246Clause9 2 . 247Uncommencedprovisionsinsertedbysection37oftheProtectionofFreedomsAct2012. 248Seeclause17. 249WeunderstandthattheSecretaryofStatehasaskedthosepublicauthoritiesseekingtoretain accesstocommunicationsdatatosetoutthebusinesscaseforongoingaccess. 250Clause13 1 .
229
anyarrangementssheseesfit,forthepurposesofassistingoperatorstodeterminewhether retentioncouldbesecuredinaccordancewiththeprovisionsofclause9,ortofacilitateefficientand effectiveaccesstodata.InparticulartheSecretaryofStatecanobtaindataonbehalfofanauthorised officerandobtainthedatafromwhichthedatamaybederived. 251ItisalsoclearthattheSecretary ofStatecanretaindataforthepurposeofprocessingthatdata,allowingfortemporaryexecutive retention,processinganddistributionofdatabroughttogetherfrommanydifferentsources. 252The Governmentmaintainsthatclause14isdesignedtocreateanautomatedsystemwhichwillensure thatonlythatinformationrelevantandrequiredbyaparticularauthorisationisretained,butthe extenttowhichthiscentralfilterwillbeautomatedisnotclear.Clause16whichsetsoutdutiesin connectionwiththeoperationofthefilterprovidesthatasidefromdisclosuretodesignatedsenior officers,disclosureispermittedforthepurposesofsupport,maintenance,oversight,operationor administrationofthefilteringarrangements.Whatisclearisthatthefilteramountstoatemporary centralisedstoreofpotentiallylargeamountsofcommunicationsdataoperatedandmaintainedby theexecutive,givingtheGovernmentaverysignificantroleatthecentreofthedataretentionand disclosureregime. 19. Throughthefilter,theSecretaryofStatewillseektomakepublicauthoritiesawareofthe extentofcommunicationsdataavailableandprocessdatawithdisclosurebasedonanassessmentof whatisneededbytherequestingauthority.Thecentralfilterwillbringtogetheratomisedpiecesof datatocreatearevealingwhole.Further,accordingtoProfessorPeterSommer,aleadingtechnical expertinthefield,thefilterislikelytousecontentandcommunicationsdatainordertocorrectly identifypatternsofcommunication. 253 20. Clause15makesclearthattheproposedcentralfiltermaybeusedbothforthepurposesof obtaininganddisclosingcommunicationsdata.Subclause15 2 referstothetemporaryretentionof dataandsubclause16 1 c providesforthedestructionofdataobtainedandprocessedthroughthe filterwhenthepurposesoftheauthorisationhavebeenmet:nouppertimelimitforretentionof datainthecentralfilterisprovided.Anauthorisationmadebyadesignatedseniorofficermust recordtheofficersdecisionastowhetherdataistobeobtainedanddisclosedthroughthis centralisedprocessandthedescriptionofdatathatmaybeprocessedinaccordancewithaparticular authorisation.Clause16restatesthepurposesforwhichcommunicationsdataretainedinthecentral storecanbedisclosed.Thereisarequirementtoputinplaceasecuritysystemtogovernaccess,no detailsaregivenabouttheformorextentofsecurityrequired.Retrospectiveannualreportsonthe operationofthefilteringdatabasearetobesuppliedbytheSecretaryofStatetotheInterceptionof CommunicationsCommissionerassoonaspossibleaftertheendofeachcalendaryear. 254Significant processingerrorsmustbereportedtotheCommissioner. 255 21. Clause17providesthatlocalauthoritiesmaynotaccesstrafficdataoranyextradata generatedbyoperatorsinresponsetoarequestbyarelevantpublicauthority.TheSecretaryof Statemayplacerestrictionsonthegrantingofauthorisationsbydesignatedseniorofficersincluding inrelationtodatastoredbyGovernmentaspartoffilteringarrangements. 256TheSecretaryofState maydelegateanyofherfunctionsinrelationtofilteringarrangementstoadesignatedpublic authority.
Part3Scrutinyofretentionofandaccesstocommunicationsdata
2 b . 2 .IntheaccompanyingexplanatorynotestheGovernmentnotesthatdatagenerated bycurrentformsofonlinecommunicationwillrequiregreateraggregationandprocessingfor exampletheyenvisagecasesinwhichfragmentedcommunicationsdatafromanumberof differentsourceswillbecoordinatedthroughthefiltertoprovideafullerpicture. 253SubmissionofProfessorPeterSommertotheJointCommitteeontheDraftCommunicationsBill, para44. 254Clause16 6 . 255Clause16 7 . 256Clause17 4 .
230
22. Part3replicatesprovisionsofRIPAprovidingfortheretrospectiveoversightofdata retentionanddisclosurebytheInterceptionofCommunicationsCommissioner. 257Operatorsmust keepsufficientrecordsofactionstakeninaccordancewiththeprovisionsoftheBilltoallowfor reviewbytheCommissioner. 258 23. Clause23providesforthejurisdictionoftheInvestigatoryPowersTribunaltobeextended tocovernewpowersgrantedunderParts1and2. 24. Clause25extendsthereachofParts1and2tocoverpostaloperatorsinthesamewayas theyapplytotelecommunicationsoperators.Clause26obligestheSecretaryofStatetomake paymentstowardsthecostsincurredorlikelytobeincurredbytelecommunicationsandpostal operators.Paymentmaybemadesubjecttoconditions.ItisfortheSecretaryofStatetodetermine thescopeandextentofarrangementsforpayments,includingspecifyingwhichpaymentsshouldbe madetoparticularoperators. 259Clause27incorporatesSchedule3whichprovidesforamendments toRIPAtoextendCodesofPracticetocovertheprovisionsofthisDraftBill.Schedule3alsoprovides foramendmentstoRIPAallowingforregularrevisionofcodesofpractice.TheSecretaryofStateis requiredtoconsiderrepresentationsmadearounddraftcodesandmaymodifyadraft.Bothcodes andrevisionstocodesmustbelaidbeforeParliamentandaresubjecttotheaffirmativeresolution procedure. Background 25. TheRegulationofInvestigatoryPowersAct2000 RIPA governstheuseoftargeted surveillanceintheUK.BeforeRIPAcameintoforce,ourstatutebookcontainedanumberoftargeted surveillancepowersdevelopedinanadhocwayovertheyears.RIPAwasdesignedtoconsolidatethe lawandtoincorporatehumanrightsprinciplesofnecessityandproportionality.Atitsinception, RIPAwasdesignedtodealwithaccesstocommunicationsdataandaccessiscurrentlygovernedby ChapterI,PartIIofRIPAandtheRegulationofInvestigatoryPowers CommunicationsData Order 2010.Section22 4 ofRIPAprovidesthecurrentdefinitionofcommunicationsdatawhichhasthree components: i Trafficdata:thistellsyou,amongstotherthings,wherethemobilephone,internetconnectionetc waslocatedatthetimeacommunicationtookplacee.g.whereamobilephonewaswhenitreceived ormadeacallaswellasdatagoingtotheidentityofthesourceandrecipientofthecommunication; ii Serviceuse:thistellsyouhowacommunicationoccurred i.e.wasitviaemail,atextoraphone calletc ,thedateandtimeitoccurredandhowlongitlasted; iii Subscriberinformation:thistellsyouanyinformationheldbythepersonwhohassignedupto thecommunicationsservice,forexamplethenameandaddressandanydirectdebitdetailsofthe user.
Part3generalprovisions
Access
26. RIPAprovides,onthefaceoftheAct,forallformsofcommunicationsdatatobeavailableto theintelligenceservices,thepolice,theSeriousOrganisedCrimeAgency SOCA ,HMRCandother specifiedpublicauthoritiesprovidedforbyorder;theseincludetheFinancialServicesAuthority,the
257SavewhereoversightisreservedtotheInformationCommissionerorthejudiciary
22 1 ,thisisaMagistrateforEnglandandWales . 258Clause22 6 . 259Clause26 5 .
underclause
231
GamblingCommissionandtheNationalHealthServiceTrust. 260Thepowertoacquireserviceuse dataandsubscriberinformationisavailabletoover430localauthoritiesandasignificantnumberof otherpublicauthorities,includingtheFoodStandardsAgency,theCharityCommissionandthe EnvironmentAgency. 261Thepermittedpurposesforwhichcommunicationsdatamaybeaccessed arebroadandilldefined,includingintheinterestsoftheeconomicwellbeingoftheUKandtoassess orcollectanytax,dutyorothertypeofgovernmentcharge. 262TheActprovidesforaregimeof internalauthorisationforaccesstocommunicationsdataforalargenumberofpublicbodies.Section 37oftheProtectionofFreedomsAct2012amendedRIPAtorequirepriorjudicialauthorisationfor accesstocommunicationsdatabylocalauthorities 263howeverthissectionisnotyetandevenoncein force,willonlyaffectasmallfractionofcommunicationsdatarequests.
27. Whilecommunicationsserviceproviders BT,Virginetc typicallyretainsomeinformation abouttheircustomerspastuseofcommunicationsfortheirownbusinesspurposes e.g.itemised phonebills theywerenotuntilrelativelyrecentlyobligedtoretainanysuchdataabouttheir customers. 28. Asmallshiftinthisareatookplacein2001whentheAntiTerrorismCrimeandSecurityAct wasrushedthroughParliamentfollowingthetragiceventsof9/11.Amidahostofdraconiananti terrorpowersstoodPart11,providingforthecreationofvoluntaryagreementsbetweenservice providersandtheGovernmentfortheextendedretentionofcommunicationsdataTheinternet initiallyobjectedtothesevoluntaryagreements,withtheSecretaryGeneraloftheInternetProviders AssociationinformingthenHomeSecretary,RtHonDavidBlunkett,thattheindustrywasnot convincedthatextendingthelengthoftimecompaniesholdontocustomerlogswasnecessaryfor thefightagainstterrorismandorganisedcrime. 264InJulythatyeartheInformationCommissioner publicallywarnedtheHomeOfficethatplansforavoluntarycodeofpracticefortheretentionof communicationsdatacouldviolatehumanrightsprotectionsbecauselogssupposedlyretainedfor thepurposesofseriouscriminalinvestigationscouldbeaccessedforsuchpurposesasthelevyingof taxes. 265TheFoundationforInformationPolicyResearchalsocameoutinopposition,warningofthe dangersofapolicyrejectedbycivilsociety,Europesdataprotectioncommissionersandnow internetserviceproviders. 266 29. Notwithstandingwidespreadconcernsabouttheimpactofaproposedvoluntarycode,in 2003theHomeOffice,securedaseriesofagreementswithserviceproviders.Todatewedonotknow thedetailsoftheseagreementsnordowehaveconfirmationofthepartiesinvolved.Theseinitial
Availability
RegulationofInvestigatoryPowers CommunicationsData Order2010, Schedule2,Part1. 261ForthefulllistseetheRegulationofInvestigatoryPowers CommunicationsData Order2010, Schedule2,Part2. 262Seesection22ofRIPA.Communicationsdatacanalsobeaccessedinanemergencytoprevent deathortopreventormitigateinjuryoranydamagetoapersonsmentalorphysicalhealth.For thetypesofsurveillancelocalauthoritieshaveaccessto,theSecretaryofStatecanmakeorders extendingthepurposeforwhichauthorisationscanbemade.Todateordershavebeenmadeto allowcommunicationsdatatobeaccessedtoinvestigateallegedmiscarriagesofjusticeandto assistinidentifyingdeceasedpersonsorpersonsunabletoidentifythemselvesbecauseofa physicalormentalcondition.SeeRegulationofInvestigatoryPowers CommunicationsData Order2010,SI480/2010. 263Section37oftheProtectionofFreedomsActhasnotyetbeenbroughtintoforce. 264TheGuardian,InternetproviderssaynotoBlunkett,22Ocober2002,availableat: http://www.theregister.co.uk/2002/10/22/uk_isps_oppose_data_retention/. 265TheGuardian,InternetproviderssaynotoBlunkett,22Ocober2002,availableat: http://www.theregister.co.uk/2002/10/22/uk_isps_oppose_data_retention/. 266TheGuardian,InternetproviderssaynotoBlunkett,22Ocober2002,availableat: http://www.theregister.co.uk/2002/10/22/uk_isps_oppose_data_retention/.
260Forthefulllistseethe
232
agreementsrelatedtoinformationalreadykeptforcommercialpurposes,establishingaminimum periodforretention. 30. In2002theHomeOfficeattemptedanotherpolicytoextendaccesstocommunicationsdata toawiderangeofpublicauthoritiesauthoritieswithnolawenforcementremitwhatsoever, includingparishcouncils.Inthefaceofhugeopposition,theseplanswerescaledback,howeverthe RIPAregimestillgrantsaccesstoahugerangeofpublicauthoritiesonthebasisofaprocessof internalauthorisation. 31. Stilldissatisfiedwithcapabilitiesinthisarea,in2005theHomeOfficeusedtheUK presidencyoftheEUtopushthroughcompulsoryarrangementsforcommunicationsdataretention whichresultedintheEUDataRetentionDirective2006. 267TheDirectiveprovidesforthemandatory retentionofcommunicationsdata alreadyretainedforbillingorcommercialpurposes forbetween 6and24months.SwedenpostponedtheimplementationoftheDirectivefacinghugefines,whilst acrossEUmemberstatescaseswerebroughtchallengingthedomesticlegislationtransposingthe Directive. 268 32. BackintheUKandbeforethetransposinglegislationhadevencomeintoforce,theHome OfficeInterceptionModernisationProgramme IMP wasalreadyintrain.TheGovernmentdeclared anintentiontobringforwardlegislation,aCommunicationsDataBillin20082009. 269Initial proposalswerepremisedontheconstructionofacentraliseddatabase,buttheseplanswerehastily droppedinfavourofaseriesofindustrycontrolledminidatabases.Oppositiontotheexplosionin statesurveillancefacilitatedbythelastGovernmentwaspronounced,withLiberalDemocratLeader NickCleggobservingofthelastLabourGovernment,inFebruary2008,thatitisthisGovernment thathasturnedtheBritishpublicintothemostspieduponontheplanet. 270 33. InApril2009theUKfullytransposedtheDirectivebywayoftheDataRetention EC Directive Regulations2009 theregulations ,whichprovideforrequirementstobeplacedon serviceproviderstoretaincommunicationsdatakeptordinarilyforcommercialpurposesfora minimumof12months.WestilldonotknowwhichUKbasedcommunicationscompaniesare requiredtoretainourdata;requestsfordisclosurearemetwiththefamiliarrefrainthatinformation cannotberevealedforreasonsofnationalsecurity. 271TwomonthslaterinJune2009,theHome OfficelauncheditsconsultationProtectingthePublicinaChangingCommunications Environment. 272Havingrejectedplansforacentraliseddatabase,theresultingproposalsstrongly resemblethosewhichnowformtheDraftCommunicationsDataBill.ThenHomeOfficeMinisterLord WeststatedthattheobjectiveoftheIMPistomaintaintheUKslawfulinterceptand communicationsdatacapabilitiesinachangingcommunicationsenvironment. 273Initsresponseto theconsultation,theUKslargestcommunicationsserviceprovider,BT,pointedoutthat:
267Directive2006/24/ECoftheEuropeanParliament. 268Exploredfurtheratparagraphs6468below.
'InternetSurveillance,pg2.Availableat: www.parliament.uk/briefingpapers/SN06304.pdf. 270Hansard,6Feb2008:Column951. 271TheDataRetention ECDirective RegulationsrequiretheSecretaryofStatetogivenoticeto thosetelecommunicationprovidersheorshewishestoretaindata.In2009aFreedomof InformationRequestwassubmittedtotheHomeOfficerequestinginformationregardingthe identityofthoseserviceproviderswhichhadreceivednoticesunderregulation10ofthe Regulations.ThisrequestwasrefusedbytheHomeOfficeandtherelatedcorrespondenceis availableat:http://www.whatdotheyknow.com/request/notices_under_regulation_10_of_s 272http://www.officialdocuments.gov.uk/document/cm75/7586/7586.pdf.ReadLibertys Responsehere:http://www.libertyhumanrights.org.uk/pdfs/policy09/libertys communicationsdataconsultationresponse.pdf. 273Hansard,8July2008:ColumnWA76.
269SeeHouseofCommonsBriefingnote,
233
t heproposalswouldoutsourcedatacollection,processingandretentionto CSPs ratherthanbuildingacentralGovernmentdatabaseandcouldresultin significantbrand, reputationandcustomerrelationshipissuesforCSPs retainingdataonthescale proposedwouldraisesignificantissuesof proportionality,especiallyinviewofthe factthatonlyafractionofthedata mightbeused.Moreover,findingthepiecesof informationthatmightproveto beusefultotherelevantauthoritiesamongstthemountainofdata thatwill beavailabletothemwillbenoeasytasktheproverbialneedleina haystack. 274 InJune2009,thesamemonththattheconsultationwaslaunchedtheLeaderoftheConservative Party,DavidCameron,arguedthat t odayweareindangeroflivinginacontrolstate.Everymonth
over1,000surveillanceoperationsarecarriedout.Thetentaclesofthestatecanevenriflethrough yourbinsforjuicyinformation. 275
34. Libertywasamongstthemanygroupsandindividuals,includingserviceprovidersandother industrybodieswhoexpressedconcernsattheseproposalsandinlightofwidespreadopposition, LabourshelvedtheprojectinNovember2009. NotwithstandingtheCoalitionscommitment,inJuly2010thefirstsignsofauturnemergedasthe HomeOffice,inaDraftStructuralReformPlan,statedthatitwouldpublishproposalsforthestorage ofinternetandemailrecords,includingintroducinglegislationifnecessary. 276ByOctober2010,the GovernmentsplanshadapparentlysolidifiedintoanattempttorevivethediscreditedIMP,withthe StrategicDefenceandSecurityReviewoutliningamongstawiderangeofotherproposalsplansto
Keychangesproposedtothecurrentregime 35. TheDraftBillwouldchangecurrentarrangementsfortheretentionofcommunicationsdata inthreesignificantways: i First,undertheDraftBill,unprecedentedrequirementsmaybeplacedonUKbasedoperatorsto collectandprocesscommunicationsdatageneratedbywebbasedservicessuchasGmailand Facebook,providedbyoverseasoperators,whichcrosstheirdomesticnetworks. 278Itiswidely suggestedthattheonlywaytoobtainsuchinformation,intheabsenceofvoluntaryagreementswith thirdpartyproviders,isthroughDeepPacketInspection DPI technology.Accordingtooneleading expert,whilstDPIcanoperateassoftware,whentrafficlevelsarehighspecialisedhardwaremustbe installedwhichcapturesadatastreamasitcrossesanoperatorsnetwork. 279
introduceaprogrammetopreservetheabilityofthesecurity,intelligenceandlawenforcement agenciestoobtaincommunicationdataandtointerceptcommunicationswithintheappropriatelegal framework. 277
274SeeBTResponseto2009HomeOfficeConsultation:ProtectingthePublicinaChanging
CommunicationsEnvironmentavailableat http://www.btplc.com/thegroup/regulatoryandpublicaffairs/ukpublicaffairs/responsestopolicy consultations/commsdatabtresponse200709.pdf,paragraph5. 275SpeechbyRtHonDavidCameron,GivingPowerBacktothePeople,25thJune2009,availableat: http://www.conservatives.com/News/Speeches/2009/06/David_Cameron_Giving_power_back_t o_the_people.aspx 276HomeOfficeDraftStructuralReformPlan July,2010 availableat: http://www.homeoffice.gov.uk/publications/aboutus/corporatepublications/structural reformplan/pdfversion?view Binary. 277SecuringBritaininanAgeofUncertainty:TheStrategicDefenceandSecurityReview,October 2010,availableat: http://www.direct.gov.uk/prod_consum_dg/groups/dg_digitalassets/@dg/@en/documents/digi talasset/dg_191634.pdf?CID PDF&PLA furl&CRE sdsr,page44. 278Clause1 3 c ii . 279SubmissionofProfessorPeterSommertotheJointCommitteeontheDraftCommunicationsBill, para41.
234
ii Second,thedefinitionofthosebodiesrequiredtoretaindataissignificantlywidercoveringall telecommunicationsoperators operators asopposedtothepubliccommunicationsproviders referredtointheretentionregulations.Anoperatorisapersonwhocontrolsorprovidesa telecommunicationssystem,orprovidesatelecommunicationsservice. 280Thisincludesall telecommunicationscompaniesBT,Orange,TalkTalk,Vodafoneandothers,butwouldalsoextendto manufacturersofcommunicationsequipmentwhocouldbecalledupontoadapttheirproductswith theaimoffacilitatingaccesstocommunicationsdata,andtoprivatenetworksforexampleblackberry messengerorinternalintranetoperatorsinprivatecompaniesorotherorganisations.Requirements couldalsobeplacedonanyonewhoownsamobilephoneorothertelecommunicationsequipment includingaprivateindividual. iii Third,theBillmakesprovisionforcentralfilteringarrangementstobeoperatedbytheHome Office.Thecentralfilterwillbringtogetheratomisedpiecesofdatatocreatearevealingwholewhich canbedisclosedtopublicbodiesinresponsetospecificrequests.Whilstnotacomprehensivecentral databaseinitself,thisisacoordinatedGovernmentoperatedfacilitythroughwhichmanyrequests fordatawillbeprocessed.Theprivatelyoperateddatabaseswillbejoineduptocreateanintegrated system.Thisregimeraisesmanyofthesameconcernsasalargeandcentralisedstoreandnodetails aregivenaboutsecurityarrangements,ortheclearlyenvisagedhumaninvolvementinwhatthe Governmentdescribesasanautomatedsystem.Furtherthefilteringarrangementsprovidedforin theBillthrowintosharpfocusthedepthandbreadthoftheinformationwhichcanbegleaned throughacomprehensivesystemofdataretentioncombinedwithsubstantialandsophisticated processingarrangements.TheGovernmenthaslabouredthedistinctionbetweencontentand communicationsdata;itscaseisthattheprivacyimplicationsofthelateraresmallbycomparison. Yetthecentralfilterwillprovideforvastswathsofdata,retainedbydisparatecompanies,tobe scannedforrelevantinformation,connectedupandshapedintoacoherentandacutelyrevealing wholedatacanbematcheduptorevealahugeamountaboutanindividualslifeinordertowork outwhetherarequestmadebyadesignatedseniorofficerisnecessaryandproportionate.TheBill anticipatesthekindofadvancedprocessing,shapingandlinkingofdataprovidedforinthefiltering arrangementstotakeplaceasaprecursortoestablishingthenecessityofaccess.Thiscarrieshuge potentialforindepthprocessingofthedataofinnocentindividualsindividualswhowilllikely neverknowthattheirdatahasbeenhandledinthiswayandareconsequentlydeprivedofany opportunitytomountachallenge. 36. TheDraftBillcontainssubstantiallythesameprovisionsforaccessasprovidedforunder RIPAasamendedbysection37oftheProtectionofFreedomsAct2012.Asidefromthefour enforcementagenciesprovidedforonthefaceoftheDraftBillwhichmirrorprovisioninRIPA,details aboutthepublicauthorities,includinglocalauthoritieswhichwillbepermittedtoaccessdatawillbe providedinsecondarylegislationexpectedtoreflecttheprovisionsoftheRegulationofInvestigatory Powers CommunicationsData Order2010.Asatpresent,localauthoritieswillnothaveaccessto trafficdataandaccesstotrafficdatabyotherpublicauthorities outsideofthoselistedintheBill willbegovernedbySecretaryofStateorder.ScrutinyarrangementsprovidedforundertheBill substantiallymirrorthoseprovidedforinRIPA. 281 Thecivillibertiesimplicationsofblanketdatacollection 37. ThecivillibertiesconcernsaroundthisDraftBillrelatetoallthreeofitscomponentparts: datacollection,accessandscrutinyadditionalconcernsaroundtheprocessingofdatainacentral filterwhichspancollectionandaccessalsocarrysignificantprivacyimplications. 38. Muchattentionhasbeengiventotheproposedaccessarrangementsprovidedforinthe DraftBillwhichlargelymirrorthosealreadyinexistence.Libertyagreesthatpressingconcernsexist inthisareaandtheseconcernsintensifyasthepoolofdataretainedincreases.Howeverwebelieve
280Clause28. 281See,Chapter2ofPart1ofRIPA,inparticularsection57.
235
thatthemorefundamentaldangerofthisDraftBillistheprovisionitmakesforashiftfromlimited dataretentiontoblanketdatacollection. 39. TheGovernmentsattemptedjustificationforrequiringtheblanketcollectionandretention ofcommunicationsdataisbasedonfourhighlyquestionableassumptionswhichwewillexaminein turn,firstthatcommunicationsdataisnotparticularlyrevealing,secondthatcommunicationsdata canalwaysbepracticallyandconceptuallydistinguishedfromcontent,thirdthatblanketretentionof communicationsdatawillleadseamlesslytogainsinlawenforcementandfinallythatrequiring blanketcollectionofthisinformationwilldonomorethanmaintaincapability.
Revealingnatureofcommunicationsdata
40. TheGovernmentarguesthatcommunicationsdataislessrevealingthandatageneratedby, forexample,interceptionorbugging,andthatthisjustifiesaconsiderabledivergenceinapproachto thattakenwithothertargetedsurveillancepowers.Thisassumptionishighlyquestionable. Communicationsdatacanbuildupanincrediblyintimatepictureofourlives.Withtheproliferation ofmobileformsofcommunication,inadditiontotracingthetiming,duration,recipientandsourceof acommunication,specificdetailsaboutanindividualslocationcanalsobecollected.Whencombined withsubstantialsubscriberinformation,therevealingnatureofcommunicationsdataishardto dispute.Compileandcoordinatethisinformationforeverycall,text,email,tweet,blogandFacebook postingandyouhaveamapofourdailyroutines,ourrelationships,ourhabitsandpreferences,the streetswewalk,whereweworkandsocialise,theextentandnatureofourcommunicationswith others.Furthermore,considertherangeofsituationsinwhichjustthefactofasinglecommunication andtheidentityofthepartiesspeaksvolumes:thephonecallfromaseniorcivilservanttoaTimes reporterimmediatelybeforeamajorwhistleblowerscandalfillsthefrontpages,theemailtoacivil libertieswatchdogfromapoliceofficerduringthecourseofaninquestintoadeathinpolicecustody. Therecordofawebsitevisited,whichfallsfirmlywithinthedefinitionofcommunicationsdata,can alsobeincrediblyrevealing.Consider,forexample,thecaseofateenagerviewinganabortion website,acelebrityaccessingthewebsiteofanHIVserviceprovider.Wemustnotunderestimatethe intrusionthattheretentionofcommunicationsdata,withoutmore,represents. 41. InAprilthisyear,inresponsetothedisclosureoffurtherdetailsoftheGovernmentsplansto extendthecollectionofcommunications,SirTimBernersLee,inventoroftheworldwideweb,came outinoppositiontotheproposals.InaninterviewwiththeGuardianhestressedthattheplanned extensionofthestate'ssurveillancepowerswouldmakeahugeamountofhighlyintimate informationvulnerabletotheftorreleasebycorruptofficials,addingthat:
42. TheInternetServiceProvidersAssociationhasalsojoinedthebuildingoppositiontothese proposalspointingtoitsconcernsaboutthenewpowerstorequirenetworkoperatorstocapture andretainthirdpartycommunicationsdatainclud ing thescope,proportionality,privacyanddata protectionimplicationsandthetechnicalfeasibility. 283AccordingtoareportintheIndependent, afterbeinginformallybriefedbyGovernmentearlierthisyear,theAssociationexpressedconcern thatnetworkoperatorsaregoingtobeaskedtoputprobesinthenetworkandtheyareupsetabout
"Theamountofcontrolyouhaveoversomebodyifyoucanmonitorinternet activity isamazing.Yougettoknoweverydetail,yougettoknow,inaway,moreintimatedetailsabouttheir lifethananypersonthattheytalktobecause oftenpeoplewillconfideintheinternetasthey findtheirwaythroughmedical websitesorasanadolescentfindstheirwaythroughawebsite about homosexuality,wonderingwhattheyareandwhethertheyshouldtalkto peopleabout it." 282
TimBernersLeeurgesGovernmenttostopthesnoopingbill,Tuesday17April 2012.Availableat:http://www.guardian.co.uk/technology/2012/apr/17/timbernerslee monitoringinternet. 283DraftCommunicationsDataBillISPAsinitialstatement,June142012.Availableat: http://www.ispa.org.uk/draftcommunicationsdatabillispasinitialstatement/.

282TheGuardian,
236
theidea...it'sexpensive,it'sintrusivetoyourcustomers,it'sdifficulttoseeit'sgoingtoworkandit's goingtobeanightmaretorunlegally. 284 Blurringofrecordandcontentofcommunications

43. Atonetimeafirmdistinctionbetweencommunicationsdataandcontentwouldhavebeen morecredible,forexamplewhenmuchcommunicationwasbyletter:everythinginsidetheenvelope iscontent,everythingontheoutsidecommunicationsdata.Tosaythatthingsarenolongersosimple isasignificantunderstatement.Theproliferationofinnovativenewformsofonlinecommunication andtheresultantfragmentationanddiversificationhascreatedacomplexandmultifaceted communicationslandscape.InsupportofitsargumentthattechnologyismakingtheRIPAdefinitions ofcommunicationsandinterceptionmoreandmoredifficulttosustain,theLSE,inastudyexamining remarkablysimilarproposalsputforwardbythelastGovernment,observed:
44. Communicationsservicesarenowprovidedbyahostofcompaniesbasedallovertheworld. Webbasedservicessuchaswebmailandsocialnetworkingsitesdominatethecommunications landscape.Thedomesticcompanieswhoprovideourinternetaccess,forexampleBT,TalkTalkor Virgin,arenolongerthecompanieswhichprovidethemostwidelyusedemailservicessuchGmail andHotmailorsocialnetworksiteslikeFacebookorTwitter.Detailsofthesecommunicationsarenot routinelyretainedbythosethatbillusbecausewearechargedperiodicallyforaccess,ratherthanfor eachuseofaservice.DespiteHomeOfficeclaimsthatthisDraftBillisaboutworkingcollaboratively withoperators,includingthosebasedoverseas,wehavenoclearpictureoftheextenttowhich,for example,webmailproviderslikeGooglecollectorretaincommunicationsdatageneratedbyservice users,nevermindtheirwillingnesstohandthisinformationover.TheHomeOfficeacknowledgethat wherevoluntaryagreementsarenotforthcoming,otherarrangementswillbeputinplacetoensure datacollectionandretention.Ourunderstandingisthatastraditionalcommunicationsservice providerslikeBTbecomeincreasinglyamerevehicleforaccessingotherwebbasedservicesthe centralityofDeepPacketInspection DPI technologytothesystemasawholebecomesinescapable. 45. DPIisthegenericnamefortheequipmentthatwouldberequiredforthecollectionand analysisofthirdpartydata.TheLSEsstudyintothelastGovernmentsInterceptionModernisation ProgrammemaintainsthateveryuseofDPIisinfactaninterception,evenifitspurposeistogain accesstocommunicationsdata. 286DPIblackboxescapturetheentiredatastream,computer programmesorscriptsarethenwritteninordertoextractthedescriptionofdatarequired. 287By requiringUKbasedoperatorstoinstallDPIblackboxesontheirlinestocaptureeverydatastream whichcrossestheirnetworks,thisDraftBillprovidesforthecreationofthephysicalinfrastructure fortheinterceptionandretentionofallofourcommunications.Ifweacceptthateffective programmesorscriptscanbewrittenwhichdiscardthecontentandcollectthecommunications
Wedonotpretendtobetechnicalexperts.Wedohoweverunderstandthatthereareincreasing practicaldifficultieswithinnewtechnologiesindistinguishingcommunicationsdatafromcontent andperhapsmoredisturbinglyinrecordingcommunicationsdatawithoutcapturingcontent.
Historicallytherehavebeentwoentirelyseparateregimesforauthorisingaccessto communicationsdata andforinterceptingcontent.Westronglydoubtthatthisframework canbemaintainedinthenewICTenvironmentofwebbasedemail,socialnetworking,online gamingandcloudcomputing. 285
284ReportmadeonthebasisofareportintheSundayTimes.SeetheIndependent,
http://www.independent.co.uk/news/uk/homenews/policeandmi5getpowertowatchyou ontheweb7606788.html. 285LSEBriefingontheInterceptionModernisationProgramme,page3. 286Ibid,pg22. 287Ibid,pg37.
powertowatchyouontheweb,Monday2April2012.Availableat:
PoliceandMI5get
237
Lawenforcementgains?
data,wecannotavoidthefactthat,withareformulationoftheseprogrammes,thenatureofthedata retainedcouldbedramaticallyaltered.Whatismore,theLSEalsodescribeshowblackboxeswhich containDPIsoftwarecanbeprogrammedandreprogrammedremotely. 288Ultimatelythereis nothingtostopanotheradministrationfrombringingforwardlegislationwhichmakesfulleruseof thenewcapabilitywhichwillbecreatedbytheproliferationofDPIblackboxes. 46. Libertybelievesthatanumberofobviousunansweredquestionsarisearoundtheuseofthis technology,forexamplewhowillexerciseeffectivecontroloverDPIboxes?Whowillwritethe programsorscriptswhichdictatethoseaspectsofthedatathataretoberetainedandthoseparts whichwillbediscarded?Whatarethetechnologicalandcostimplicationsofensuringthatsoftware installedandprogramswrittenkeeppacewiththetechnologicaladvancementincludingnewforms ofinternetbasedcommunication?Willorganisedcriminalsbeabletoevadedetectionbyusing encryptionoranonymisationtechniques,hijackingthepoorlysecuredinternetconnectionsofothers orchangingtheIPaddressofacomputermomentbymoment?Furthersometechnologyexperts havewarnedthatmoderncommunicationsaresocomplicatedthatitmaybeimpossibletoseparate outthebasiccontactdatafromthecontentintermsofthedataretained. 289
47. Ourabilitytocommentonpotentiallawenforcementgainsofblanketcollectionisrestricted bytheunansweredquestionswhichremainaroundtheroleofcommunicationsdatainlaw enforcementandotherareas.Westilldonothaveafullpicture,acrossallthosepublicbodiesableto accesscommunicationsdata,ofthetypesofinvestigationforwhichdataisaccessed,theextentof accessandthenumberofindividualsaffected.Wearetoldthat,overthepastdecade, communicationsdataplayedarolein95%ofallseriouscriminalinvestigations,butwehavenoidea abouttheextentofthisrole.Wascommunicationsdatacentraltotheoperationoraperipheral detail?Howmanyoftheseinvestigationsledtosuccessfulprosecutions?Couldtheprosecutionhave beensecuredwithoutaccesstothisdata?Furtherinhowmanylowlevel,nonseriousandevennon criminalinvestigationsiscommunicationsdataused?Arecentfreedomofinformationrequest involvingHumbersidepolicerevealedthataresidualcategoryforcommunicationsdataaccess requestsisothernoncrime. 290 48. TheGovernmentsargumentassumesthatfurthercollectionofcommunicationsdatawill leadseamlesslytobetterlawenforcement,howeverthecollectionandstorageofyetmorepersonal informationalsobringsrisks.Inrecentyearsthegovernmenthaslost25millionchildbenefitrecords aswellasthepersonalinformationofthoseservinginthearmedforces,witnessesincriminalcases andprisoners.Furthercommunicationsdatacollectionandretentionnecessarilymeansthatthedata willpassthroughmorehandsandpotentiallybemoresusceptibletobureaucraticerrorandeven fraud.Communicationsdatacanbejustasinterestingandrevealingasinterceptedcontentandinthe aftermathofthephonehackingscandalweshouldbeparticularlywaryofcreatenewtargetsfor abuseandmisuse. 49. Inothercountriesreportsofunlawfulinterceptionshouldservetocautionusagainstthe creationoftheinfrastructurefortheinterceptionofallourcommunications.InGreeceinrecentyears theunlawfuluseofinterceptioncapabilitywaswidelyreported.Thescandalreportedlyinvolved wiretappingofErikssonsoftwareusedbyVodafonewhichhadthecapabilitytointercept communicationsdataalbeitthatwasnottheprimarypurposeforwhichitwasused.Weunderstand thatthehackersoperatedinsuchawaythatitwasntcleartheinterceptcapabilitiesinthesoftware
288Ibid,pg26. 289SeeDailyTelegrapharticle:
2012,availableat:http://www.telegraph.co.uk/news/uknews/lawand order/9330945/SnoopinglawswillstoppaedophileringssaysTheresaMay.html. 290SeeevidencetotheDraftCommunicationsDataBillCommitteeonWednesday11thJuly:
'Snooping'lawswillstoppaedophilerings,saysTheresaMay,14June
Humbersidepoliceconfirmedthattheyhaveusedthisnearly200timesinthreeyearsfortraffic offences,andterrorismisnotlistedasoneofthecrimes,theyevenbeautifullylistthecategory othernoncrime.NickPickles,BigBrotherWatch.
238
werebeingusedandtheiractivitiesreportedlywentundetectedfromAugust2004untilJanuary 2005;theywerefinallyshutdowninMarch2005. 291 50. SimilarlyinItalyamultifacetedwiretappingscandalreportedlyinvolvingTelecomItalia rangedfrom1996untilitwasfinallyuncoveredin2006.Afreshandapparentlyunrelated wiretappingscandalinwhichTelecomItaliawasalsoimplicatedemergedin2007.Bothscandals werereportedlyhuge,complexandhavestillnotbeenfullyuncovered;ithasbeenvariouslyalleged thattheyinvolvedintelligenceservicesandwereboundupinstatesurveillanceandsecurity, terrorismandrendition,aswellascorporateinfighting.Theoriginal,longrunningscandalinvolved theexploitationofaflawinTelecomItaliassecuritysystems,whichallowedapersontosetup wiretapswithoutleavinganytrace.Thephonesofpoliticiansandotherhighprofilepoliticianswere reportedlytappedusingexistinginfrastructure. 292 51. AccordingtotheLSEmultiplevulnerabilitiesintheinfrastructurefortheretentionof communicationsdatahavereportedlybeenuncoveredintheUSthatwouldallowadversariestotake themoverandperformunlawfulinterception. 293Securingtheconfigurationofdevicestoprotect againstunwarrantedinterceptwillbeamatteroftheutmostimportance,buttodatewehavelittle informationaboutthearrangementstobeputinplacetoprotectagainstsecuritybreaches.Thescope oftheseproposalsthrowsthepotentialimplicationsofabreachintosharpfocus. 52. TheInterceptionofCommunicationsCommissionerslatestreportprovidesfurthercausefor concern.During2011publicauthoritiesasawholesubmitted494,078requestsforcommunications data,52%oftheserequestswereforsubscriberdata,25%fortrafficdataand6%forserviceusedata 17%ofrequestswereforacombinationofdifferentsortsofdata. 294During2011,895 communicationsdataerrorswerereported,withapproximately80%ofthoseattributabletopublic authoritiesand20%toCommunicationsServicesProviders. 295Thisincluded99identifiedbythe CommissionersOfficefromthesmallsampleofcasesreviewed.296Inareportagooddealfullerand moredetailedthaninpreviousyears,theCommissioneralsoreferencedtwocasesinwhich individualswerearrested,wronglydetainedandaccusedofcrimesonthebasisofdataerrors, 297 furthercommunicationsdatahadbeenillegitimatelyusedbyalocalauthoritytodeterminewhethera
291ThescandalwasreportintheWallStreetJournalon21June2006:
InearlyMarch2005,George Koronias,VodafoneGroupPLC'stopexecutivehere,contactedtheGreekprimeminister'soffice aboutanurgentsecuritymatter.Vodafone'snetworkinGreecehadbeeninfiltratedbyphone tappingsoftwaretargetinganelitegroupofcellphones:thoseassignedtomanyofthecountry's leaders,includingseniorpoliceanddefenseofficials,cabinetmembersandtheprimeminister himself.Formoresee:http://online.wsj.com/article_email/SB115085571895085969

lMyQjAxMDE2NTIwMTgyNTE1Wj.html.
292Forreportsofthescandalsee:http://news.bbc.co.uk/1/hi/business/5367754.stm;
http://www.reuters.com/article/2010/01/05/usitalyspyidUSTRE60435E20100105; http://www.infoworld.com/t/business/telecomitaliaembroiledinnewespionagescandal999; http://www.theregister.co.uk/2008/04/14/telecom_italia_spying_probe_update/. 293SeeIbid,pg26:StudiesofinterceptionequipmentconformingtotheUS
communicationssurveillancestandards underCALEA wereinthepastfoundtocontain multiplevulnerabilitiesthatwouldallowadversariestotakethemoverandperform unlawfulinterception.

294InterceptionofCommunicationsCommissionersAnnualReporttothePrimeMinister2011,
Chapter7,pg2829.
295Ibid,pg30. 296InterceptionofCommunicationsCommissionerReport2011,pg30and32:
http://www.intelligencecommissioners.com/docs/0496.pdf.
297Ibid,pg31.
239
familylivedintherightschoolcatchmentarea. 2980.4%ofannualrequestsforcommunicationsdata aremadebylocalauthorities. 299 53. DespitereiteratedwarningsaboutthediminishingcapabilitiesoftheStateasregards communicationsdatalittlementionismadeofcurrentloopholesincapabilityortheextenttowhich theywouldbeleftunchangedbytheproposals.Ourunderstandingisthattherehasandwillalways bemethodsofcommunicationthatdonotcomewithintheStatesreachandthesearejustaslikelyto bemethodsofrelativelylittlesophisticationaswellasthoseofgreatersophistication.Oneexampleis theuseofunregisteredpayasyougomobilephones.Inreviewingthefuturecommunications landscapeitisreasonabletosuggestthattrulysophisticatedcriminalnetworkswillcontinuetomake useofreadilyavailableanonymisedmethodsofcommunication.
Extendingratherthanmaintainingcapability
54. InevidencebeforetheCommittee,inadditiontointheexplanatorynotesandimpact assessmentsaccompanyingtheDraftBill,theHomeOfficereiteratesitsclaimthatprojected technologicalchangeswilldecreasetheStatescapabilityasregardstheuseofcommunicationsdata. Whileitisdifficulttoarguewiththesubstanceofthetechnologicalchangesprojected,thedescription givenisnotableforwhatismissing.Technologicalinnovationhas,andwillcontinueto,reaphuge gainsforlawenforcementintheUKbuttheGovernmentmakesnoattempttopresentthecurrent proposalsinhistoricalcontext.Bythiswedonotsuggestthataprotracteddiscussionoftelephonyor othertechnologicalinnovationsisrequiredrathersomereferencetohowtheabilitytoaccess recordsofcommunicationsbetweenindividualsis,initself,arecentboonforlawenforcementwould giveamuchfullerpictureofwherewecurrentlystand.Nottoolongago,beforethewideavailability ofmobilephonesandemail,mostcommunicationsbetweenindividuals,ifnotcarriedoutthrough traditionaltelephonyorletterwriting,wouldhavebeenconductedfacetoface.Thiswouldhave presenteddifferentpotentiallymorechallengingobstaclestolawenforcement.Justbecausein recenttimestheStatehasbenefittedfromaccesstocommunicationsdatathatwasalreadyrecorded andretainedbycommunicationsprovidersdoesnotmeanthattotalaccesstoallcommunications datashouldberequired,foralltime,regardlessofcostandimplications.Further,itdoesnotfollow thatjustbecausecommunicationsdatacanberecordedandhistoricrecordsmadeavailablethatthey should.Forgoodreasonothersupposedlymoreintrusivesurveillancetechniquesavailableunder RIPAsuchasbugging whetherinprivateorinpublic ,theuseofhumancovertsurveillanceorthe interceptionofcommunicationsneedpriorauthorisationonthebasisofindividualsuspicion.Once authorisedtheycanonlybecarriedoutinthefuture.TheGovernmentisnotpresentlyarguingthat weshouldallberoutinelyorrandomlysubjecttobugging,coverttrackingorinterceptionjustin casebut,ifthepresentproposalisallowedtopass,proposalsforothertypesofblanketorrandom surveillanceirrespectiveofsuspicionjustincasearealogicalnextstep.
Impactonfreedomofexpressionandassembly
55. Inadditiontotheveryobviousprivacyimplications,itisimportanttorememberthat proposalsofthisnatureengageotherfundamentalhumanrights,mostnotablytherighttofreedom ofexpressionasprotectedbyArticle10oftheECHRandfreedomofassemblyasprotectedbyArticle 11.Weneedonlylookattheroleofsocialmediainorganisingtheproteststhathaveprecipitatedthe spreadofdemocracyacrosstheMiddleEast,torealisethatfreedomscentraltothepromotionand preservationofdemocracy,freedomofexpressionandfreedomofassemblyinparticular,are engagedbymeasuresprovidingfortheblanketcollectionofinformationaboutthewebhabitsofthe populationatlarge.FreedomHouses2011FreedomontheNetReport,observesthat: InEgyptandTunisia,forexample,democracyadvocateshavereliedheavilyonFacebookto
mobilizesupportersandorganizemassrallies.Similarly, BahrainiactivistshaveusedTwitterand YouTubetoinformtheoutsideworld aboutthegovernmentsviolentresponsetotheirprotests.
298Ibid,pg43. 299Ibid,pg39.
240
EveninCuba,one ofthemostclosedsocietiesintheworld,severalbloggershavebeenableto reportondailylifeandhumanrightsviolations. 300

56. InSaudiArabia,acountrywherefreedomofexpressionisstrictlycircumscribed,online activistshavebeenabletoexposecorruptionandhypocrisyamongsttherulingroyalfamily. 301 SimilarlyinternetusersinThailandhaveplayedasignificantroleinchallengingtherulingelitessince theThaimilitarycoupof2006. 302InRussiaandVenezualawithrestrictionsonbroadcastmedia outletsgrowing,theinternethasbeenseizeduponbythoseseekingtodemonstratetheir dissatisfactionwiththeregimeandmobilizeopposition. 303Thepotentialcreatedbytheinternetfor empoweringordinarycitizensandgivingavoicetothevoicelessisarguablyoneofthemostinspiring developmentsofrecenthistory. 57. Inourdevelopeddemocracytoo,theinternethashadahugeroletoplayintheflourishingof democraticparticipation.Democracyrequiresfreeandfairelections,butitdoesnotstopthere.The internethasgivenordinarypeopleaforumtocontributetodebatesofnationalsignificance,organise peacefulprotestonalargescaleandputrealandimmediatepressureonourpolitical representatives.Grassrootsactivismaside,theinternethasalsogiventhewholepopulationthe abilitytocommunicateininnovativenewwayswithlovedonesnomatterwhereintheworldthey are,ithasallowedpeopletonurturefriendships,developcontacts,shareideasandreachoutto everyoneoranyoneabouttheissuesthatmattertothem.Neverbeforehastherighttospeakyour mindbeensorealasintheinternetage. 58. Repressiveregimesthroughouttheworldhavefeltjustifiablythreatenedbytheempowering impactoftheweb.Techniquesemployedtostifleonlinefreedomincludeblockinghugeareasof contentandfilteringaccesstoeveryareaofthewebwithinajurisdiction. 304Widespreadmonitoring isalsoatechniqueusedbysomeregimestolimitthecapacityoftheinternettoeffectsocialchange. FreedomHousereportsthat: TheIranianauthoritieshavetakenarangeofmeasurestomonitoronline communications,
59. Onewaymanyoppressiveregimeshaveoptedtocontroltheinternetisbyrequiring communicationsservicesproviderstofurtherarepressiveagenda.Aftersocialnetworkingsites facilitatedpivotalprotestsinEgypt,theauthoritiesdirectedinternetserviceproviderstoremove pathwaysforcomputeruserstoconnecttorequestedwebsites, 306whilstinIrantacticsinclude orderingtheremovalofpostsdeemedoffensivefromthesitesofbloggingserviceproviders. 307 Zimbabwes2007InterceptionofCommunicationsActallowstheauthoritiestomonitortelephone andinternettraffic,andrequiresserviceproviderstointerceptcommunicationsonthestatesbehalf. Itisverydifficulttoaccuratelyassessthescopeofinternetcontrolsemployedbysecretive authoritarianregimes,butwhatisclearisthatmonitoringwebactivitiesinvariouswaysisavehicle forcurtailingtheflowofideaswhichmayultimatelyleadtosocialchange.
andanumberofprotesterswhowereputontrialaftertheelectionwereindictedfortheiractivities onFacebookandBalatarin,aPersian sitethatallowsuserstosharelinksandnews. 305
FreedomontheNetReport2011,pg3.Availableat: http://www.freedomhouse.org/sites/default/files/FOTN2011.pdf. 301Ibid,pg289291. 302Ibid,pg9. 303Ibid,pg910. 304Ibid,withChina,CubaandIranamongsttheworstculpritsseepg23,24and26inparticular. 305Ibid,pg26. 306Ibid,pg7. 307Ibid,pg26.

300FreedomHouse,
241
60. IftheschemeenvisagedintheDraftBillisbroughtintoforce,wewilldistinguishourselves amongstEuropeancountriesastheleadersinonlinesurveillanceandearnaplaceonaspectrum includingsomeofthemostoppressiveregimesintheworld.Libertybelievesthattheknowledgethat detailsofwebhabitsarecollectedonmasswiththepossibilityoffutureaccesseverpresent,will createarealshiftinonlinebehaviour.Therearemanydifferentwaystocurtailfreedomofexpression online,masscollectionofinformationwhethercarriedoutbythestateorsimplyorchestratedby Governmentandoperatedbytheprivatesectorisoneofthose. 61. Aswellasanattackoftheplaceoffreeexpressioninourwidersocialfabric,thespectreof onlinesurveillancewillhaveveryrealandspecificimpacts,forexampleonjournalists, whistleblowersandtradeunionists.TheprotectionofferedbyArticle10coversjournalisticsources oneoftheethicalcornerstonesofreporting.Thecentralityofjournalisticsourcestoafreemediawas fullyendorsedinacaseinvolvingtheFinancialTimesin2001.Attemptstoforcethenewspaperto discloseitssourceswereultimatelydefeatedinrecognitionoftherealpotentialchillingeffecton pressfreedom. 308Inanotherstarkexampleoftheroleofdatacollectioninstiflingfreedomof expressionandfreedomofassembly,Libertyrecentlytookupthecauseofthousandsofworkers whosedetailswerestoredonasecretdatabasediscoveredthreeyearsago.Fulldetailsofthe informationcollectedarestillemerging,butamongstthedatastoredwasinformationindicatinga historyoftradeunionism. 309AnofficialfromtheOfficeoftheInformationCommissionerreportedly toldaTribunalthatsomeoftheinformationcouldonlyhavebeensuppliedbypoliceorthesecurity services. 310Asignificantnumberofmajorfirmsallegedlyusedtheinformationinmakingrecruitment decisions.Datacollectiononthescaleproposedcanonlyaddtotheriskthatscandalsofthistypewill berepeated. Unlawfulnessofblanketcommunicationsdatacollection/retention 62. Proposalstocollectandretainrecordsofallelectronicandpostalcommunications necessarilyengagetherighttorespectforprivateandfamilylifeprotectedbyArticle8ofthe EuropeanConventiononHumanRightsasprotectedbyourHumanRightsAct1998 theHRA .As withmostHRArights,therighttoprivatelifecanbelimitedwherethelimitationcanbeshowntobe necessaryandproportionatetosatisfythelegitimateaimofpreventinganddetectingcrimeaswellas othersocialinterests.Whilstcommunicationsdataisundoubtedlyusefulincrimedetectionitdoes notfollowthatcollectingandretainingallcommunicationsdatabetweenallindividualsis proportionate.Stilllessthatprocessingcommunicationsdatajustincasewouldsatisfy requirementsofnecessityandproportionalitywhicharecentraltotheprotectionofpersonalprivacy inthiscountry.Thelawenforcementimplicationsareatbestunclear,thesecurityrisksgreatandthe intrusivenessofcommunicationsdataincontrovertible. 63. AsaresultoftheDataRetentionDirective,thecurrentregimeacrossEuropeallowsforthe retentionofcertaincommunicationsdatabycommunicationsserviceprovidersforafixedperiod. ThedraftCommunicationsDataBillwouldextendthelawbeyondtheDirective.Assuch,casesonthe Directivearehighlyinstructive:IftheDirectiveisdisproportionateunderhumanrightslaws,thenthe CommunicationsDataBillmustbetoo. 64. ConstitutionalcourtsacrosstheContinenthavedeclaredthatthepresentEUregimefor retentionofrecordsviolatesbasicrightsandfreedoms.InOctober2008,theRomanianConstitution CourtbecamethefirsttodeclarelegislationtransposingtheEUDirectiveinbreachofitsConstitution. TheCourtfoundthatthemandatoryretentionofcommunicationsdataschemeengagedanumberof
308
309SeeLibertysblog, 310TheIndependent:
FinancialTimesLtdandOthersvUnitedKingdom Applicationno.821/03 . Blacklistingscandalcontinues,8August2012.Availableat:http://www.liberty

humanrights.org.uk/news/2012/blacklistingscandalcontinues.php.
Thousandsofworkers'blacklisted'overpoliticalviews,Tuesday7thAugust. Availableat:http://www.independent.co.uk/news/uk/homenews/thousandsofworkers blacklistedoverpoliticalviews8010208.html.
242
fundamentalrights,namelytherighttofreedomofmovement,therighttointimate,familyand privatelife,privacyofcorrespondenceandtherighttofreedomofexpression.Infindingits transposinglegislationdisproportionate,theCourtreliedon,amongstotherissues,thereversalofthe ordinarypresumptionofinnocenceandthelackofareasonedbasisfortheretentionperiodrequired, findingalsothatretentiononthescalerequiredwaslikelytoprejudice,toinhibitthefreeusageof therighttocommunicationorexpression. 311TwomonthslatertheBulgarianSupreme AdministrativeCourtfollowedsuit,findingitsownenablinglegislationincompatiblewiththe countrysconstitutionalprotectionofpersonalprivacy.312 65. InMarch2010,GermanysConstitutionalCourtdeclaredtheprovisionsofitslawtransposing theDirectiveunconstitutional.Infindingthecommunicationsdataretentionregimeincompatible withconstitutionalprotectionforpersonalprivacy,theCourtcommentedthattheprotectionof
communicationdoesnotincludeonlythecontentbutalsothesecrecyofthecircumstancesofthe communication,includingif,whenandhowmanytimesdidsomepersoncontactanother. 313The Courtwentontofindthattheevaluationofthisdatamakesitpossibletomakeconclusionsabout hiddendepthsofapersonsprivatelifeandgivesundercertaincircumstancesapictureofdetailed personalityandmovementprofiles;thereforeitcannotbeingeneralconcludedthattheuseofthis datapresentsalessextensiveintrusionthanthecontrolofthecontentofcommunications. 314
66. TheCypriotConstitutionalCourtinFebruary2011ruledordersissuedunderitstransposing lawunconstitutional 315andinMarchthesameyeartheCzechConstitutionalCourtannulled transposinglegislation,expressingdoubtastowhethersuchwidespreadretentionofdatawas necessaryoreveneffective. 316AcaseispendingbeforetheHungarianConstitutionalcourtwhich involvesachallengetotransposinglegislationsurroundingthedepthofdataprocessing. 317 67. 2012hasseenmorequestionsraisedaroundthelegitimacyoftheEUregime,withaleaked EuropeanCommissionpapersettingoutdoubtsastothelegalityandutilityoftheDirective.318Inthis document,theCommissionacknowledgesthelackofsupportfortheDirectivescrimetackling aspirationsandpointstothevagariesofthescheme.ThelegalityoftheDirectiveisnowsettobe challengeddirectlyunderArticle8oftheEuropeanConventiononHumanRightsaswellasparallel
311Decisionno1258oftheRomanianConstitutionalCourt,8October2009.Availableat:
http://www.legiinternet.ro/english/jurisprudentaitromania/deciziiit/romanian constitutionalcourtdecisionregardingdataretention.html.SeealsoEuropeanCommission, ReportfromtheCommissiontotheCouncilandtheEuropeanParliament,Brussels,18.4.2011, COM 2011 225final,para4.9. 312SeeEDRIreport,BulgarianCourtAnnulsAVagueArticleOftheDataRetentionLaw,17December 2008.Availableat:http://www.edri.org/edrigram/number6.24/bulgarianadministrativecase dataretention.SeealsoEuropeanCommission,ReportfromtheCommissiontotheCounciland theEuropeanParliament,Brussels,18.4.2011,COM 2011 225final,para4.9. 313Bundersverfassungsgericht,1BvR256/08.Englishpressreleaseat http://www.bundesverfassungsgericht.de/pressemitteilungen/bvg10011en.html judgment onlyinGerman ,fortranslatedextractsfromthejudgementseeEuropeanAreaofFreedom Security&Justice,OntheBVGrulingonDataRetention:Solangehereitgoesagain,available at:http://afsj.wordpress.com/2010/03/05/solangehereitgoesagain/.SeealsoEuropean Commission,ReportfromtheCommissiontotheCouncilandtheEuropeanParliament,Brussels, 18.4.2011,COM 2011 225final,para4.9. 314Ibid. 315EuropeanCommission,ReportfromtheCommissiontotheCouncilandtheEuropeanParliament, Brussels,18.4.2011,COM 2011 225final,para4.9. 316EuropeanCommission,ReportfromtheCommissiontotheCouncilandtheEuropeanParliament, Brussels,18.4.2011,COM 2011 225final,para4.9. 317EuropeanCommission,ReportfromtheCommissiontotheCouncilandtheEuropeanParliament, Brussels,18.4.2011,COM 2011 225final,para4.9. 318Theleakedreportisavailableat: http://quintessenz.org/doqs/000100011699/2011_12_15,Eu_Commission_data_retention_refor m.pdf.
243
provisionintheEUCharter,inthecaseofDigitalRightsIrelandreferredtotheEuropeanCourtof Justice ECJ bytheHighCourtinIreland. 319Inthispreliminaryreference,theHighCourtspecifically askwhethertheDirectiveiscompatiblewithArticle7oftheEUCharter/Article8ECHR rightsto privacy ;Article8Charter protectionofpersonaldata ;andArt11Charter/Article10ECHR freedomofexpression .TheDigitalRightsIrelandcasewillbehugelysignificantforthefutureofthe presentdataretentionframeworkaswellasfortheDraftBillunderconsideration.Itisstartling thereforethattheUKGovernmentisnotwillingtowaitforthedecisioninthisimportantcasebefore pressingaheadwithevenmoreintrusiverules.AssumingtheECJclearlyanswersallthequestions posedbytheHighCourt,theimplicationsofthecasewillbehighlyimportant.IftheCourttakesthe samelineadoptedbysomanynationalconstitutionalcourts,thentheDirectivemaybeannulledon groundsofproportionalityandbreachofhumanrights.Suchadecisioncouldpavethewayfora successfullegalchallengetothelawfulnessofthepresentregimeintheUKcourtsandwould seriouslyunderminegovernmentargumentsabouttheneedandlegitimacyofgoingfurtherunder thedraftCommunicationsDataBill. 68. Libertybelievesthatthepresentframeworkforcommunicationsdataretentionisinbreach ofArticle8andthattheproposalscontainedinthisDraftBillwhichnecessarilygomuchfurther wouldputtheUKfurtherinbreach.AnanalogycanbemadewiththeretentionofDNA.Itis uncontroversialtosaythatDNAprofilescanbeincrediblyusefulindetectingandpreventingcrime. ThatisnottosaythatauniversalDNAdatabasewouldbedesirable.Indeedthecreationofa universalDNAdatabasewouldbeadisproportionatemeansofachievingthelegitimateaimofcrime detectionandprevention.ThiswasconfirmedinthejudgmentinSandMarpervUKinDecember 2008andreflectedintherevisingprovisionsoftheProtectionofFreedomsAct2012. 320Therenow appearstobeageneralacceptanceofthefactthatthelastgovernmentspolicyofindefinite,blanket retentionoftheDNAofallthosearrestedwasunlawfulandunacceptablydetrimentaltopersonal privacy. ReviewofRIPA 69. WhiletheoriginalintentionofRIPAwastobringtheUKbetterinlinewithuniversally recognisedhumanrightsstandards,thelegislationwhichresultedanddevelopmentssincemeanthat itsreviewandrevisionislongoverdue.LibertyhaslongcalledforanoverhauloftheRIPAframework sothatsafeguardscanbeincorporatedthatbetterprotectthoseintheUKfromunnecessaryand heavyhandedsurveillance.
Accessarrangements
70. LibertysupportstheamendmenttoRIPAcontainedintheProtectionofFreedomAct2012 whichrequirespriorjudicialauthorisationinsomeareasofcommunicationsdataaccess.Thisreform isreplicatedintheDraftBill.Whilsttheinclusionofwarrantyrequirementsforlocalauthorityaccess iswelcome,itdoesnotaddressconcernsabouttheadditionalcapacityauthorisedbythisBillandthe swathesofadditional,revealingdatawhichwillberetained.Furthertheimpactoflimitedprovision forjudicialauthorisationshouldnotbeoverstated,giventhatlocalauthoritiesaccountforonly0.4% ofrequestsforaccesstocommunicationsdata. 321ThelatestReportoftheInterceptionof CommunicationsCommissionerrevealsthat,during2011only141of400localauthoritiesableto accesscommunicationnotifiedtheCommissionerthattheyhadmadeuseoftheirpowers. 32279%of theselocalauthoritiesmadelessthan20requests,58%lessthan10. 323Giventherelativelysmall numbersinvolved,andthelimitednatureofalocalauthoritylawenforcementcapacity,Liberty questionstheneedforanylocalauthorityaccesstocommunicationsdata.
319
320SeePart1ofthe 321Ibid,pg39. 322Ibid,pg38. 323Ibidpg39.
DigitalRightsIreland 2010 IEHC221. ProtectionofFreedomsAct2012.
244
71. Thepurposesforwhichdatacanbeaccessedbylocalauthoritiesorotherrelevantpublic authoritiesremainunnecessarilybroadandilldefined.Nodefinitionisgivenastowhatis,for example,intheinterestsofnationalsecurityortheeconomicwellbeingoftheUK.Wedoknow, however,thatthelastgovernmenttookanalarminglyexpansiveviewofwhatmaybejustifiedinthe nameoftheeconomicwellbeingoftheUKarguingononeoccasionthatrestrictingdrugusers accesstowelfarebenefitsisjustifiedtofurtherthataim. 324InevidencetotheCommittee,Charles Farr,theDirectoroftheOfficeforSecurityandCounterTerrorismattheHomeOffice,refusedtorule outaccesstocommunicationsdataforthepurposeofidentifyingthosecaughtspeakingonthe telephonewhilstdriving. 325Humanrightsstandardsrequirethatintheexerciseofsurveillancethere mustbeadequatesafeguardstoprotectthecitizenagainstexcessiveintrusionorotherabusesof rights.Theuseofbroadandvaguenotionssuchasnationalsecurityandeconomicwellbeinggive risetoarealriskthatthedisproportionateuseofsurveillancewillbeauthorised,goingbeyondwhat isnecessarytoprotectthepublicfromharm.Thiscouldinterfereunacceptablywithpoliticaland otherlawfulactivitythatoughttogounimpededinademocraticsociety.Webelievethatthese groundsshouldbebetterdefined,particularlyasthepreventionordetectionofcrime,orserious crime,isalreadyincludedwhichshouldcapturethemajority,ifnotall,ofthegroundsonwhich surveillanceneedstobeauthorised.TheabilityoftheSecretaryofStatetoexpandthelistbyorder alsocontrastswiththeprescriptivenatureofArticle8.Thisraisesseriousconcernsoverthe compatibilityofRIPApowerswiththerighttorespectforpersonalprivacy. 72. Libertyhasongoingconcernsabouttheprocessofselfauthorisationwhichcurrentlyapplies acrosstheboardandremainsinplaceforallthosepublicauthoritieslistedonthefaceoftheBilland, subjecttoprovisiontothecontraryinsecondarylegislation,allotherpublicauthorities savefor localauthorities towhomaccessisgranted.UndertheDraftBillotherpublicauthoritiesincludedin theaccessregimewillcontinuetooperateasystemofinternalauthorisation.Seniorpoliceofficers andHomeOfficeofficialsclaimthatthedesignatedseniorofficerauthorisingaccessto communicationsdatawillnotbesomebodyinvolvedintheparticularoperationorinvestigationfor whichtheinformationissought.Itshouldbenoted,however,thattheDraftBillmakesexplicit provisionforadesignatedofficertoauthorisehisownaccesstocommunicationsdataandplacesno restrictionsonhisabilitytoauthoriseaccessbyreferencetotheextentofhisinvolvementinthe investigationconcerned. 326TheCodeofPracticewhichcurrentlygovernsaccesstocommunications dataspecificallydealswiththisissueandwhilstmaintainingthatdesignatedpersonsshouldnotbe
responsibleforgrantingauthorisationsorgivingnoticesinrelationtoinvestigationsoroperationsin whichtheyaredirectlyinvolved,thisassertionissubstantiallyunderminedbythecaveatalthoughit isrecognisedthatthismaysometimesbeunavoidable,especiallyinthecaseofsmallorganisationsor whereitisnecessarytoacturgentlyorforsecurityreasons. 327
73. Libertymaintainsthatevenifadesignatedofficerisnotdirectlyinvolvedinaninvestigation itisentirelyunacceptableforpublicauthoritiestobeabletoselfauthoriseaccesstorevealing personaldata,particularlywhentheaccessregimeissobroadlyframed.Considerationsofnecessity andproportionalityshouldbeassessedbyamemberofthejudiciarywhowillbebothindependent andadeptatconductingtheArticle8balancingexercise.Wedonotseektoimpugntheintegrity senioremployeesofourlawenforcementagencies,butratherpointouttherealitythattheirprimary concernwillrelatetotheoperationalcapacityoftheiragency.Thisisamatteroforganisationculture andisperfectlyunderstandable,butitisalsoarealitywhichmitigatesinfavourofindependentthird partyauthorisation.
324SeetheExplanatoryNotestotheWelfareReformBillatparagraph418,availableat: 325SeeEvidencetotheCommitteeonTuesday10thJuly. 326Clause9
http://www.publications.parliament.uk/pa/cm200809/cmbills/008/en/2009008en.pdf. 2 .
327HomeOfficeCodeofPracticefortheAcquisitionandDisclosureofCommunicationsData,
paragraph3.11.
245
74. Inthecasesofthoseorganisationswhichdonotroutinelyaccesscommunicationsdata,our concernsaregreaterstill.Apublicofficialwithinapublicauthoritythatmaynotexercisesuch powersonaregularbasisishardlywellplacedtodeterminewhenconductwillorwillnot unnecessarilyordisproportionatelyinterferewithapersonsprivacy.Wearefurtherconcerned aboutthelackofcertaintyaroundaccessprovisionsforpublicauthorityaccesswhichareleftto secondarylegislation.
Scrutiny
75. UnderthedraftBillretrospectiveoversightofthenewsystemofdataretentionwillcontinue tobeprovidedbytheInterceptionofCommunicationsCommissioner,theCommissionerwill continuetobeappointedbythePrimeMinisterwithhisannualreportsmadetothePrime Minister. 328NotwithstandingtheeffortsofthepresentorfutureCommissioners,asystemoflimited retrospectiveauthorisationcomesnowhereclosetoprovidingeffectivescrutinyofasystemwhich carriessuchhugeconsequencesforpersonalprivacy,particularlywhenwehavesolittledetailabout theresourcesandinparticularthetechnicalexpertiseavailabletotheCommissioner. 76. ItisnotanoffenceunderRIPAtounlawfullyaccesscommunicationsdataandwhilstan offencemaybemadeoutundersection55oftheDataProtectionAct1998,theonlyavailable sanctionisafine. 329WhileLibertydoesnotusuallysupportthecreationofnewcriminaloffences giventheexcessiveamountsofcriminallawthatalreadyexists,unlawfulaccesstocommunications datashouldbeanoffenceunderRIPA,withappropriatepenalties.Whilstmostpeoplewillnever knowwhetherornottheirdatahasbeenimproperlyretainedoraccessed,forthosewhodofindout, themainconsequenceforapublicauthorityofaccessingdatawithouttheappropriateauthorisation, forexample,isthepossibilityofcivilactionbeingtakenagainstthemundertheHRA.However,the majorityofactionstakenundertheHRAinrespectoftheuseofRIPApowersmustbetakenbefore theInvestigatoryPowersTribunal IPT .TheprocedureoperatedbytheIPTisfarfromadequate.It isundernodutytoholdoralhearingsbeforewhichapersonmayberepresentedandevenifitdoes decidetoholdahearing purelyatitsdiscretion alloftheTribunalsproceedings,includingtheoral hearings,mustbeconductedinprivate. 330RIPAitselfprovidesthat,subjecttoanyrulesmadebythe IPT,theIPTcanonlynotifythecomplainantwhethertheyhavewonorlost. 331Rulesmadein2000 providethatiftheIPTfindsinthecomplainantsfavourtheIPTmustprovidehimorherwitha summaryoftheirdetermination,includingfindingsoffact.Note,however,thatthisismerelya summaryofthedeterminationandifacomplainantlosesnoreasonsatallwillbegiven.Most astoundingly,thereisnorightofappealfromtheIPT.Section67 8 ofRIPAprovidesthatrulingsby theIPTarenotsubjecttoappealandcannotbequestionedinanycourt,unlesstheSecretaryofState ordersotherwise.Section67 9 providesthatitisthedutyoftheSecretaryofStatetomakesuch ordersinrelationtomostcategoriesofproceedingsandcomplaints,yetnosuchordershaveyetbeen made.Thisisbecausedespitemostofsection67beingbroughtintoforceinOctober2000,subsection 67 9 hasneverbeenbroughtintoforce.Thiseffectivelymeansthatinmostcasesinwhichaperson seekstoarguethatapublicauthorityhasusedunlawfulsurveillanceagainstthem,theyarerequired tobringproceedingsbeforetheIPT,whichmustholdproceedingsinsecret,maynotholdanoral hearing,willnotgiveproperreasonsforitsfindingsandfromwhichthereisnorightofappeal.This isarguablyabreachofArticle6oftheHRAitselfwhichrequiresafairandpublichearing,andthe rightunderArticle13oftheECHRtoaneffectiveremedy.Theseprovisionsshouldbeoverhauledasa matterofurgencyinordertoprovideanappropriatemechanismfortheindependentdetermination ofanycomplaintsregardingthelawfulnessadisclosure.Howcanthepublichaveanyconfidenceina
328RIPA,ss57and58. 329Offenceofknowinglyorrecklessly,withouttheconsentofthedatacontroller
a obtainingor disclosingpersonaldataortheinformationcontainedinpersonaldata,or b procuringthe disclosuretoanotherpersonoftheinformationcontainedinpersonaldata.Section60provides thatsuccessfulprosecutionswillresultinafine. 330SeeRule9oftheInvestigatoryPowersTribunalsRules2000,SI2665/2000. 331RIPA,s68 4 .
246
processwhichisheldinsecret,giveslittleornoreasonsforitsdecisionsandwhosejudgmentcannot bebroughtintoquestioninanycourtoflaw? Conclusion 77. TheGovernmentclaimstheseproposalswilldonothingmorethanmaintaincapability:in realitytheCoalitionisproposingmuchmore.Forthefirsttimeprivatecompanieswillbeinstructed tocollectinformationonbillionsofcommunicationsmadebytheircustomersfornootherreason thantheauthoritiesfuturedemandsforaccess.Thisamountstomass,blanket,monitoringofthe populationpaidforandfacilitatedbyGovernmentbutoutsourcedtotheprivatesector.Thiswould representafundamentalshiftinthenatureofoursocietyturninganationofcitizensintoanationof suspects. August2012
247
LINX
ExecutiveSummary 1. Having had detailed involvement in the development of communications data policy since before RIPAwas passed, and with a membership that providescrucial operational support for law enforcement needs in this area, LINX has nodoubtofthe value of communications dataforlegitimatelawenforcementpurposes. 2. Equally,wearefullyawareoftheimpactoftheuseofcommunicationsdataontheprivacyof the citizen. As the development of the information society results in the creation of ever largerandricherdatasets,andasanalysistoolsbecomeincreasinglysophisticated,theuse ofcommunicationsdatacanbecomeincreasinglyintrusive. 3. Wedonotthinkitourplacetosuggestanappropriatebalancebetweenthecitizensinterest in privacy and the interests of public authorities. We do, however, consider ourselves well placedtogiveindependentexpertadviceonthenatureofthedatasought,andthenatureof thetechnicalcapabilitiesthatcouldbeauthorisedbythepowerscontainedinthedraftBill. We are also well placed to comment on the potential technical impact for telecommunications operators if they have to change their network design priorities to accommodatedatagatheringrequirementorequipment. The draft Bill contemplates the collection of a large amount of personal communications data. Both the volume and range of data to be collected are unprecedented in the UK, and probablyintheworld. Thecollectionandprocessingofthirdparty communicationsdatabynetworkoperatorsis asubstantialextensionoftheirdutiesthatis,inouropinion,materiallydistinctfromexisting dataretentionrequirements,amountingtoacompletenovelty. In our analysis the filtering arrangements provided for in clauses 1416 are best understoodas a profilingengine which createsdetailed profileson all usersof electronic communicationssystemsandmakesthoseprofilesavailableforsophisticateddatamining. In our opinion this profiling engine amounts to an enormously powerful tool for public authorities. Its mere existence significantly implicates privacy rights, and its extensive use would represent a dramatic shift in the balance between personal privacy and the capabilitiesoftheStatetoinvestigateandanalysethecitizen. In our opinion, whether and to what extent such a shift is justified is a matter for Parliament.Wedonotexpressanopinion. We do believe that Parliament should take responsibility for making the basic value judgementastotheappropriatebalancebetweenpersonalprivacyandthepublicinterests oftheState. In its testimony to this committee the government placed great reliance on the general Human Rights Act requirement that public officials only use communications data in a manner that is proportionate; the draft Bill is itself quite empty of restrictions. We do not believe this lone prescription can bear the weight the government is placing on it without providing those officials more detailed rules and guidance in how it is to be applied.
4.
5.
6.
7.
8.
9. 10.
248
Developmentofandconfidencein,suchrulesandguidanceisinhibitedbythegovernments reticenceaboutdiscussinghowcommunicationsdatamightbeused. 11. Whilewerecognisethatcertaindetailsmustinevitablyremainhiddentoprotecttheefficacy ofinvestigationmethods,thegovernmentsresponsetothisproblemhasbeentopresenta draft Bill which is so broadly written as to amount to a general authorisation of empowerment.InourviewParliamentisbeinginvitedtoabdicateitsresponsibilitytosetthe basicstandardsbywhichwelive.ItwouldconferontheExecutiveaneffectivelyunfettered and wholly inappropriate discretion to determine the appropriate level and circumstances forintrusionintopersonalprivacybymeansofanalysisofcommunicationsdata. In our view any new legislation concerning covert investigation of communications data shouldcontainonitsface a. SufficientdetailconcerningthenatureofthedatatobecollectedforParliamentto make a meaningful and informed valuejudgement as to the fundamental balance betweenprivacyandinvestigativecapabilities,andtobeabletolegislatetoensure thatthisbalanceisapplied; A coherent framework for establishing when it is proportionate to access private information, and what use is made of it, that makes draws relevant distinctions according to the level of intrusion implied by different uses and different kinds of communicationsdata; Transparent, democratically accountable mechanisms for approving detailed rules onuseofdata,withinthebasicframework Credibleoversightmechanismstopreventanddiscovermisuse Effectiveanddissuasivesanctionsformisuse,bothbyindividualsandorganisations A realistic opportunity for remedy for those who have had their privacy infringed withoutjustification
12.
b.
c. d. e. f. 13. 14.
WedonotbelieveanyoftheseexpectationsareadequatelyaddressedinthedraftBill. Webelievethatourmembers,whoarecommercialentities,sharewithcitizensalegitimate expectationthatsuchimportantregulationoftheirbusinessenvironmentanddutiesshould besubjecttofulldemocraticscrutinyandapproval. While we strongly welcome the governments commitment to pay telecommunications operatorsthefinancialcoststheyincurincarryingouttheirobligationsunderthedraftBill, wedonotbelievethisemptiesourmembersofalegitimateinterestinthislegislation. a. Thechallengesimpliedbytheneedfortechnicaldevelopment,businessandsystems reengineering and operational maintenance of the systems contemplated by the draft Bill are enormous, and we anticipate incalculable and hence irrecoverable opportunitycostsaseffortandskillisdivertedfromcommercialendstosatisfying newlegalduties. Moreover, the draft Bill significantly implicates the intangible relationship of trust betweenacommunicationsoperatoranditscustomer.
15.
b. 16.
Wehavesignificantdoubtsaboutthetechnicalfeasibilityofmuchofwhatiscontemplated, butthegovernmenthasbeentooreticentaboutsharingitsactualexpectationsastohowfar itwouldtakethepowersgrantedundertheBillforustocommentindetail.
249
17. 18.
In particular, we question the technical feasibility of constructing the profiling engine, whichrepresentsanenormouslycomplexsystemsintegrationchallenge. We have serious concerns about the challenges involved in protecting the systems establishedunderthedraftBillandthedatatheygenerate.Thisisespeciallytrueinrespect oftheprofilingengine,whichappearsespeciallychallengingtoprotect.Ifthesecurityofthe profilingenginewereevercompromisedwebelieveitwouldconstituteasignificantthreat tonationalsecurity.
AboutLINX 19. LINX,theLondonInternetExchange,isamembershipassociationfornetworkoperatorsand serviceprovidersexchangingInternettraffic.Itispartofourcoremissiontorepresentour membersinterestsinmattersofpublicpolicy. 20. With more than 430 member organisations, including most major UK ISPs and most formerlyincumbentEuropeanoperators,webelievewehavehighlyinformedexpertiseand arewellplacedtoreflecttheviewsoftheISPindustryasawhole. 21. LINX has worked on behalf of its members on the development of policy for covert investigationofcommunications,includingcommunicationsdatasincebeforetheinception oftheRegulationofInvestigatoryPowersAct2000.Wehaveworkedincooperationwiththe Home Office and law enforcement representatives to develop primary and secondary legislation, Codes of Practice, building a partnership between the ISP industry and law enforcementinterests.ALINXemployeealsorepresentstheEuropeanInternetindustryon theEuropeanCommissionsExpertsGroupontheDataRetentionDirective. 22. We are committed to a regime for communications data retention and access that is both effectiveinmeetinglawenforcementneedsandalsorespectfulofthelegitimateinterestsof theInternetindustry,ourmembers,andofthegeneralpublic,thecustomersandendusers ofourmembers. Wehaveconsultedourmembershipbothinformally,duringthedevelopmentofthispolicy, and formally on drafts of this submission. This submission was finally approved by LINXs BoardofDirectors,whichiselectedbythemembership.Althoughwewouldneversaythat any submission by us is endorsed by every one ofour members in every last detail, we do believethatourpositionreflectsabroadconsensusofthenetworkoperatorcommunity.
23.
Introductoryremarks 24. We begin with some observations about the draft Bill, which will give some context to our answerstotheCommitteesspecificquestions. 25. Clause1ofthedraftBillprovidesaverybroadpowertorequiretheacquisition,collection andretentionofcommunicationsdata. a. The power would apply 332 to private networks and services, not only to public telecommunications service providers as is the case under the current Data RetentionRegulations 333.
332Weacknowledgethatthegovernmentislikelytoconcentrateinthefirstinstanceonpublic
telecomsproviders,butifParliamentgrantsadiscretionarypowerthenamuchwiderrangeof organisationscouldultimatelyberequiredtocollectcommunicationsdata.
250
b. c. d.
e.
f. 26.
ThepowerappearstoallowtheSecretaryofStatetorequirethatserviceproviders collectsubscriberdatathattheydonotcurrentlycollect. The government has stated its intention to access communications data under the Billfromtelecommunicationsoperatorsoverseas. Although the government has told us that their preference is to obtain communications data directly from the relevant service provider eg. the web site operator ,italsosaysthatwheretheserviceproviderisunableorunwillingtoco operate forexample,wheretheserviceproviderisaforeignentityandprohibited fromaffordingfullysatisfactorycooperationwithUKauthoritiesbyforeignlaw it intends to use clause 1 to require network operators to monitor the network and extractcommunicationsdatafromthestreamoftrafficbetweentheircustomerand thethirdpartyservice thirdpartycommunicationsdata . Thetypesofcommunicationsdataarenotlimitedandspecified,asundertheData RetentionDirective,butunlimitedandextensible.Itisnotclearwhetherextension would be by Statutory Instrument requiring Parliamentary approval, but the governmentscurrentreticenceaboutdisclosingwhatdatatypesitintendstohave collected indicates that any requirement would be specified in the Order to a telecommunicationsoperator.Ifthisisso,anychangeofextensionwouldbeatthe discretionoftheSecretaryofState,whichcanbeexercisedinsecret 334. TheSecretaryofStateisgrantedthepowertomicromanagethemeansusedbythe telecommunicationsoperator,eventotheextentofspecifyingtheexactequipment andnetworkconfigurationthatmustbeused.
27.
In our opinion, any requirement to collect third party communications data is a material change to current arrangements. In many respects, collecting third party communications data is more similar to the interception of content than to the retention of existing communicationsrecords.Attheleast,itshouldbeconsideredanovel,middlecase,between classiccommunicationsdataandinterceptproduct. Wedonotknowwhichtypesofcommunicationsthegovernmentwishestoseeanalysed.The Bill provides for no limit, and governments comments on the challenges for the future suggestthatcommunicationsserviceswillbeaddedprogressively. Clauses1416createasubstantialnewfacility. a. The government has chosen to characterise this facility as filtering requirements and present it as a means to ensure that the data that is disclosed under Part 2 is limited;bycontrast,somemembersoftheJointCommitteehavedescribedthisasa search engine. While we think the latter characterisation comes closer to describingthepowerofthisnewfacility,inourviewcomparisontowebpagesearch enginessuchasGoogleunderstatesthesignificanceofthisnewcapability. Clauses1416establisharequirementthatcommunicationsdatabeprocessedand assembled by matching related data from different operators, such that the relationshipsbetweendiversedataelementsrelatingtoaparticularuserarecapable of being machineprocessed as such. In other words, the draft Bill requires the
28.
b.

333DataRetention
ECDirective Regulations2009No.859.
334TheSecretaryofStateisrequiredtoconsultOfcom,andthosepersonswhowouldbesubjectto
requirementsundertheOrderthattheSecretaryofStatedeemsappropriate,butthisdoesnot necessarilyrequirepublicationofthenoticetoanoperatororothertransparencyastothe specificintendedrequirements.Onthecontrary,anoticefromtheSecretaryofStatetoan operatorislikelytobecoveredbytheOfficialSecretsAct.
251
29.
c.
functionalequivalentofbuilding communicationsdataprofilesoneveryuser,which willcontaineverythingwithinthedefinitionofcommunicationsdata,includingtime andgeolocationdata. i. Forexample,inprincipleandwithinthetermsandspiritoftheBill,theuser profile 335wouldcontainthegeolocationoftheirsmartphoneeverytimeit checked for the new email, which it might do automatically, every fifteen minutes. ii. Theprofilemightalsocontain,forexample,thenameanddateofaccessof everywebsitetheuserhasviewed. iii. This would give a technical capability to perform profile searches of the followingformat:Listallpersonswhoarethedesignateduserofamobile phone that was in Location e.g. Trafalgar Square at Time e.g. noon last Tuesday ,andwhohavereadanyofthefollowingwebsitesmorethanonce inthepastperiod e.gyear . iv. Wearenotclearwhetheritisalsointendedthatthisfacilityalsoincludea technical feature known as programmed triggers 336. If so, that would enable searches ofthe form Generate a notificationwhen a mobile phone belonging to someone who has read any of the following web sites more thanonceinthepastperiod e.gyear comeswithin500mofLocation e.g. TrafalgarSquare . Analternativedesignationforthisfacilitywouldthereforebetheprofilingengine.
To the best of our knowledge, these twomain features the nationwide collection of third party data and the profiling engine are unprecedented, not only in the EU and UKUSA signatorycountries 337,butalsoinChinaandtheMiddleEast.
335Whetherornotthedataisliterallystoredintheformofuserprofilesisimmaterial;the
capabilitiesanduserinterfacetothefacilityprovidedundercl.1416wouldbethesame.
336Programmedtriggersisatermfromdatabasesystems,referringtotheabilitytoprogramthe
systemtoexecuteacommandwhencertainconditionsaremetinthedatabase.
337UnitedKingdom,USA,Australia,NewZealandandCanada.
252
ResponsestothejointCommitteesspecificquestions Question1:HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? 30. ThedraftBillprovidesextremelybroadpowersandappearstoaffordtheSecretaryofStatea greatdealofdiscretionastohowtheseareexercised. 31. ThegovernmenthassaidabouttheBillOurworkisaboutmaintainingexistingcapabilities. Itisnotaboutdevelopingnew,moreintrusivepowers 338. 32. Inourview,thedraftBill wouldprovidesignificantnewandhighlyintrusivepowers.How intrusivelythesearetobeusedisnotclear,andwoulddependheavilyon a thediscretion of the Secretary of State as to what communications data should be collected, and b internal measures she establishes to guide public authorities interpretation of the Human RightsActrequirementforproportionalityintheuseofcommunicationsdata. Wearenotclearontheextenttowhichthegovernmentintendsthatcommunicationsdata madeavailableunderthedraftBillwouldbeusedasevidenceincourtproceedings. a. b. Inourviewtherearequestionsastowhetherthirdpartydataand especially the productoftheprofilingengineinclauses1416,wouldmeetevidentialstandards. Inthecaseofdatathatistheoutputoftheprofilingengine,producedbycombining datafrom multiple sources, the authority operating the profiling engine would not be able to testify to the accuracy of the input data, nor would the telecommunicationsoperatorsbeabletotestifythatthedatatheysuppliedhadbeen processedcorrectlybytheprofilingengine. Thereforeinmanycasestheremightbenooneentityinapositionthatcouldgive assuranceofendtoendsystemaccuracyandrobustness. Accordingly, we believe there are grounds to suspect that the product of the profiling engine might not be admissible in court. It would remain useful for intelligencepurposes. Analogous concerns apply in respect of third party data acquired by network operators: since the network operator is making mere suppositions as to how the thirdpartyservicewouldusethedatapassingoverthenetworkitcannotbecertain thattheinferencesithasdrawnarereliable.Inpractice,weanticipatethattherewill be some cases where there is considerable confidence for example, processing of what appears to be the use of a standardised and wellknown communications protocolsuchasSMTP butverymanywheretherecanbenoparticularconfidence forexample,processingawebpageinputform .Thus,forasignificantproportion ofthedatacollected,itmightbeeitherinadmissibleincourt,orifadmitteditmight begrantedlimitedweight.
33.
c. d. e.
338HomeOfficewebsite,15thAugust2012http://www.homeoffice.gov.uk/counter
terrorism/communicationsdata/
253
Question2:HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedin thedraftBill? 34. ThegovernmenthasdeniedthatthedraftBillamountstonewpowers.Accordinglyithasnot presentedacaseforestablishingthesignificantchangesweidentifyintheBillandsetoutin ouropeningremarks. 35. Instead,thegovernmentreststhecaseforthedraftBillontheclaimthatexistingcapabilityis receding:
36.
Whyislegislationneeded? Newcommunicationstechnologiesaregeneratingcommunicationsdataindifferent ways and communications data is no longer always retained by communications service providers. This has a direct impact on the investigation of crime in this country and on our ability to prosecute criminals and terrorists. Given the pace of technologicalchange,thisproblemwillgrow. Legislationisneededtoensurethatcommunicationsdatacontinuestobeavailable tothepoliceandothersinthefutureasithasinthepast.Thislegislationwillreplace thecommunicationsdataprovisionsofRIPA. Without action by the government there is a growing risk that crimes enabled by emailandtheinternetwillgoundetectedandunpunished. 339
Certainly,aspeoplemakeevergreateruseofInternetbasedservices,thereisanevergreater quantity of data that either exists, or could be brought into existence by statutory requirement. However to say that this is no longer always retained by communications providers is highly misleading: communications providers are retaining more communications data than ever before and making it available to public authorities under existing law. The mere fact that even more data could be created, collected and made availablehardlyconstitutesaloss. We also note that the government estimates that its proposals will entail direct financial costsof1.8bnovertenyears.Evenontheassumptionthattheycaninfactbedeliveredfor that budget, this is a substantial sum that could otherwise be used to fund substantial additional policing. We do not doubt that communications data is extremely useful for intelligence purposes and as evidence, but note that the additional communications data wouldhavetobeveryimportanttobeworthforgoingsomuchfrontlinepolicing.
37.
339Ibid
254
Question3:HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusioninto individualsprivacy? 38. Asthegovernmentindicatesinthequotationabove,peoplearemakingevergreateruseof Internetbasedservices.Infact,suchservicesarebecomingevermoretightlyintegratedinto peoples everyday lives, and entirely routine behaviour generates a complex trail of communicationsdatafrommomenttomoment. Asaconsequence,theavailability,valuetolawenforcement,andlevelofintrusionimpliedby evenexistingpowerstoaccesscommunicationsdatacontinuestoincrease. Asnotedabove,theproposalsinthedraftBill,specificallytherequirementtocapturethird party data and the creation of a profiling engine, would dramatically increase the level of intrusionintoindividualsprivacy. None of this is to give a view as to whether this level of intrusion is justified; it is for Parliamenttodecidewhetherlawenforcementinterestsshouldoverrideindividualprivacy. We do however believe our industry has a responsibility to ensure Parliament is fully informed about the implications of highly technical measures for the balance between the interestsofprivacyandthoseofpublicauthorities.
39. 40.
41.
Question4:Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? 42. Wemakenosubmissiononthisissue.
Question5:Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? Thereissomeoverlapbetweenthisandquestion7 seebelow . Question6:ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesof legislationinterrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgoverns theretentionofcommunicationsdata? 44. WeanticipatethatthedraftBillwouldsupersedethecurrentDataRetentionRegulations.It wouldbehelpfulifthatwereconfirmed. 45. TheDataRetentionDirective,fromwhichtheRegulationsarederived,isdueforreview,and we anticipate the European Commission bringingforwardproposals fora newDirective in 2013orearly2014.Althoughitistoosoontobesure,earlyindicationsarethatinatleast some respects a new Directive might give greater weight to privacy interests than the existing Directive for example, we consider it likely that the Commission will propose reducingthemaximumretentionperiodundertheDirective.Itisnotclearwhatimpactthis might have on the regime proposed under the draft Bill. The current Directive is not a maximumharmonisationmeasure,butifthedraftBillwentahead,thengiventhatthedraft Bill goes so much further than any comparable measure in any other Member State, we wouldexpecttheCommissiontocomeunderconsiderablepoliticalpressuretorespond. 43.
Question7:IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyother measuresthatcouldbescrappedasaquidproquotorebalancecivilliberties?
255
46. 47. Wedonothaveaviewonthisquestionasstated. That said, if it is concluded that it is essential to provide access to an unlimited range of communications data types, and to provide law enforcement with detailed profiles of communications data on all citizens, there do exist opportunities to introduce other measuresinthisspacethatwouldgivegreaterweighttocivilliberties. a. Prohibit third party data acquisition: Provide that the responsibility to collect communications data lies only with the service provider who generates that data. Clarifythelawrelatingtointerceptiontomakeclearthataccessingcommunications datapassingoveranetworkconstitutesinterceptionofthatdata,andisonlylawful asprovidedfor e.g.asnecessaryforthepurposeofconveyingthedataacrossthe network . Provide greater distinction in law between different types of communications data with different levels of intrusiveness, and apply different checks and safeguards to differenttypes. i. For example, Reverse Directory Enquiry information what is the name andaddressofthesubscribertoaphonenumber,andtheequivalentforan IP address might be consideredthe least intrusive, and socould be made available to a wide range of authorities, with little independent oversight andalighttouchinauditing/reporting. ii. By contrast, information about the geolocation of a mobile device effectively, personal tracking might be considered a newly available techniquethatisjustasintrusiveastheageoldtechniqueofinterceptionof content,andsosubjecttothehighestpossiblelevelofsafeguards. iii. Other data types might have different levels of checks and safeguards. In particular, a distinction might be drawn between data that is intended to discover the identity an individuals correspondents and coconspirators, and data which is intended to establish detailed characteristics about an individual forexample,personalpreferences,incomelevel,politicalviews, shoppinghabits 340 . c. Introduce a greater range of authorisation methods. The Committee has already heard testimony both supporting and opposing a requirement for prior judicial authorisationofaccesstocommunicationsdata,butthereisnoneedforaonesize fitsall approach. For example, prior judicial authorisation could be required for geolocationdatabutnotforothertypesofcommunicationsdata. Prohibituntargetedsearches fishingexpeditions i.e.allsearchesoftheprofiling enginethatarenotlimitedbyreferencetoanidentifiedperson.
b.
d.
340Insomecasesthisinformationwouldconstitutecontentinterception,andsonotbeavailable
undertheBill,butinothercasestheBillwouldprovidesufficientlyrichinformationtoallow reasonableinferencestobedrawn,evenifnotalwaysaccurateones.Forexample,whether someonereadswww.telegraph.co.ukandwww.conservativehome.orgorreads www.guardian.co.ukandwww.unitetheunion.orgiscommunicationsdata.
256
e.
f.
Provide that all data obtained by a public authority under the Bill must be sealed whennolongerrequiredforthepurposeforwhichitwassought.Inessence,atthe conclusionofanenquiry/investigationalldatawouldbedestroyed.However,where information might later become relevant again to the same investigation notably, where it might be required by the Criminal Appeals Board it should still be available for that purpose; this does not mean that all such information once obtained by the police should be freely available for use within the police in other enquiries,withoutseparatejustification,authorisationandaudit. Provideadutytonotifydatasubjectswhentheirdatahasbeenaccessed,assoonas thiswillnolongercompromisethepurposeforwhichitwassought. i. This would make the Tribunal a genuine remedy instead of a cipher, as peoplewouldknowthattheymightwishtomakeacomplaint. ii. Thisdutywouldbelaidonthepublicauthoritythataccessedthedata,not the communications provider, so that the public authority is able to delay notificationbyreasonofariskofcompromisinganongoinginvestigation. iii. Toavoidanundueburdenandcausingneedlessconcern,certaincategories ofdatawithlowintrusivenesswouldneedtobeexempted. iv. It would also be necessary to exempt collateral access: for example, a request Please list all the people from whom X received a phone call last monthwouldresultinXbeingnotified induecourse butnotthepeople who called him. This would be justified by reason of the fact that the intrusion into X was substantial, whereas that into his callers was more minimal. This exemption could also be statutorily disapplied when appropriate forexample,whenXisadoctorssurgery,oranMPssurgery .
g.
Establishacrediblesupervisoryauthority,withadequatepowersanddetailedduties. The Interception Commissioners duties as set out in RIPA are broad but non specific, which may have led to the Commissioner seeing his role as simply to reassure that there is not widespread misuse of the relevant powers. A strong supervisoryauthoritycouldberequiredtodomuchmore: i. To draft, consult the public on, and possibly to issue, guidance on the proportionalityofintrusionintoprivacythroughaccesstocommunications dataincommonscenarios ii. To draft, consult the public on and issue, guidance on application of statutorycategoriestoparticulartypesofcommunicationsdata e.g.whatis trafficdata iii. Tocollect,collate,analyse,commentonandpublishstatisticsontheuseof communications data, perhaps by reference to other countries, and by referencetointernationalstandards iv. To make regulations regarding safeguards and protections established undertheBille.g.notificationofdatasubjects,whatconstitutesaprohibited fishingexpeditionetc.
h. Exempt the Intelligence and Security Services from certain of these safeguards. The particularrequirementsandspecialstatusoftheIntelligenceandSecurityServices
257
48.
Question8:WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceproviderssee theUKasalessattractivebase.Whatmightbetheeffectonbusiness? 49.
mightbethoughtsufficientlyimportanttopreventimplementingcertainsafeguards that might otherwise be justified. That need not be a reason for relieving more quotidianpublicauthoritiesofsuchoversight. Wedonotrecommendtheabovementionedoptions,butsimplyofferthemasacontribution todebate,asexamplesofthingsthatwouldgivegreaterweighttothecivillibertiesinterest, ifthatwerethoughtdesirable.
50.
Yes,theseproposalsareverylikelytomakecommunicationsserviceprovidersseetheUKas alessattractivebase.Theyalsomakeitmorelikelythatcommunicationsserviceproviders basedoutsidetheUKwillpreventtheirservicefrombeingaccessedfromwithintheUK. TheInternetbasedsectorisoneofthemostdynamicandinnovativepartsoftheeconomy. With the whole world teetering on the edge of prolonged recession, lowvalue primary and manufacturing industries already having largely left for cheaper regions, and the financial services sector in which we thought we excelled having turnedouttohaveinflateditsapparentvaluethroughtheassumptionofexcessive risk,theUKsprosperitydependsasneverbeforeonknowledgebasedbusinessesto whichtheInternetprovidesessentialsupport. b. Whetheritisinindustrialresearchsuchasourpharmaceuticalsindustry,industrial design, highend manufacturing, the entertainment, fashion and advertising industries, services such as logistics and business support, or the consumer web services most commonly associated with the Internet, all the UKs best and most brightest prospects for economic growth depend on access to the best and most innovativeInternetservices. c. The Internet sector therefore has an enormous wealth multiplier factor, especially forahighvaluehighskillinternationallytradingeconomylikeours. Accordingly,anyactionthatunderminesthepositiveeffectoftheInternetsectorcouldhave serious economic consequences, with implications well beyond the companies directly affectedthemselves. The government has promised to reimburse those financial costs as can be calculated as directly attributable to the cost of delivering the requirements imposed by the Bill. We stronglywelcomethiscommitment. a.
51.
52.
258
53.
Inourview,despitethegovernmentscommitmenttocostrecoverytherewillinevitablybe unrecoverablecoststotelecommunicationsoperators. ThedraftBillwouldrequirenetworkoperatorstoconstructsubstantialnewsystems thatdonotcurrentlyexist: i. Network probes, to monitor and process traffic over the network, to acquire, extract and store communications data from thirdparty communications; ii. Data storage facilities for data types that the network operator does not currentlyhold iii. Access,searchandretrievalmechanisms iv. In particular since this appears to us especially technically challenging , systems to process communications data into standardised formats and makeitavailableinrealtimetotheprofilingengine. b. Thesesystemswouldincludenotonlyhardware,butalsothecreationofamyriadof businessprocessestosupportthem. c. While these direct costs would be recoverable under the governments proposals, we consider that such an extensive creation of new systems would inevitably also incuranincalculable,andhenceirrecoverable,opportunitycost,asseniorexecutives andthemosttalentedtechnicalstaffaredivertedintodeliveringtheserequirements and away from commercial goals such as the creation of innovative products and services. TheSecretaryofStatespowersundersectionarecapableofbeingdeployedinamannerthat wouldfurtherexacerbatetheirrecoverablecostsincurredbytelecommunicationsoperators. a. Clause 1 3 makes clear that the extensive powers of the Secretary of State under the draft Bill extend to specifying the use of particular techniques, systems and equipmentsandstandardsand,byimplication,avoidingtheuseofothers. b. This power to micromanage the telecommunications network operator could in theory be used by the Secretary of State to order the operator to avoid the deployment of systems or the use of techniques that made it impossible to collect communicationsdata,orthatresultedinsuchcollectionbecomingmorecostly. c. Theconsequenceofthispowerbeingusedinsuchafashionwouldbetoimposeon thetelecommunicationsoperatorcostsotherthandirectfinancialcosts.Examplesof suchcostmightinclude i. Performancedegradations ii. Reductionsinnetworkandserviceresilience iii. Theinabilitytoofferaparticularservicetocustomers whenother,foreign, operatorswerenotsoconstrained d. Although such costs would not be recoverable as direct financial costs under the draftBill,theywouldmakethetelecommunicationsoperatorthatincurredthemless attractivetoitscustomersandusersthanotherforeignoperators. UKbasedoperatorswouldthereforefindthemselvesatacompetitivedisadvantage. Foreignoperatorswillaccordinglyhaveasignificantincentivetoavoidexposingthemselves tothepossibilityofincurringsuchirrecoverablecosts,byavoidingestablishingthemselves intheUK. a.
54.
55. 56.
259
QUESTION9:ISTHEESTIMATEDCOSTOF1.8BNOVER10YEARSREALISTIC? 57. WearenotawareofanygovernmentledITprojectoriginallycostedat1.8bnthatcamein onbudget. 58. Aswehavealreadynoted,thereisawidediscretioninhowthepowersmightbeappliedand thedutiesthatwouldbelaidontelecommunicationsoperators.Asacorollary,thereisawide rangeinthecoststhatmightrealisticallybeexpected. 59. We also expect that if this draft Bill is passed the duties of telecommunications operators would be progressively increased over the years to match increasing ambitions of public authorities,astheylearnthepowerofthefacilityprovidedandincorporateitsuseintheir everydayactivities.Thiswouldimplythecostswouldalsoriseovertime.
Question10:TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthe draftBillcouldbeworthbetween56bn.Isthisfigurerealistic? 60. In relation to the figure of 5bn6.2bn of benefits, the governments impact assessment states
61.
The largest categories of benefits are direct financial benefits arising mainly from preventing revenue loss through tax fraud and facilitating the seizure of criminalassets
We understand that the Home Office has refused to disclose information about how these anticipatedfuturebenefitsaremadeupinresponsetoFreedomofInformationActenquiries, onthegroundsthatdoingsowouldprejudicetheprevention,detectionandinvestigationof crime. Accordingly, we do not know the respective contributions the government expects from recovered proceeds of crime and reduced tax fraud. Given the disappointing results of the Asset Recovery Agency in the former area we assume that majority of the 56bn the government hopes to receive will be new tax revenues, equivalent to around 1214% of corporationtaxreceipts.
62.
Question11:Arethedefinitionsofcommunicationsdataandcommunicationsserviceprovider appropriate?DotheysensiblydefinethescopeofthepowersinthedraftBill? 63.
64.
Thedefinitionsarenotalignedwiththedefinitionsfoundinothersectorspecificlegislation, notably public electronic communications service and public electronic communications serviceprovider,fromtheCommunicationsAct2003,northebroaderinformationsociety serviceproviderfoundinEUlegislation. ThedraftBillinsteadreferstotelecommunicationsoperatorsandweemphasisethisis notlimitedtopublictelecommunicationsoperators. a. Infact,thedefinitionoftelecommunicationsoperatorissobroadthatanybusiness orhouseholdwithtwocomputingdevicesconnectedtogetherwouldqualify.
260
b. 65.
We do not mean to suggest that we think the government intends to impose the requirementsonpracticallyeveryhousehold,butsimplytopointoutthatthereisno limitundertheBilltowhomtheSecretaryofStatecouldchoosetoselect.
Althoughthewordingofthedefinitionofcommunicationsdatahasnotchangedfromthat inRegulationofInvestigatoryPowersAct2000,theapplicationofthedutiestooverthetop Internet services such as search engines, social networking sites and so forth changes the effectsubstantially. This effect is particular pronounced in respect of subscriber data, for which the definition essentially means everything the service provider holds on the data subject. When RIPA was passed, that was loosely translated in most peoples estimation if somewhat inaccurately to reverse directory enquiries, plus your itemised billing data. If this Bill is passed,asimilarlyloosetranslationwillbemade:EverythingonyourFacebookprofile,plus everythingGoogleknowsaboutyou.Atthispointthedistinctionbetweencommunications data and content becomes rather blurred, if it does not disappear entirely; we note that although the definitions for traffic data and use data explicitly exclude content information,nosuchexclusionappliesinrespectofsubscriberdata.
66.
Question12:Whichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraft Bill?ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? 67. Wehavenocommentonthisissue.
Question13:Howrobustaretheplanstoplacerequirementsoncommunicationsserviceproviders basedoverseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? 68. Wedonotknowtheanswertothisquestionandwouldwelcomefurtherclarificationfrom thegovernment. As a matter of principle, we caution against attempting to legislate with extraterritorial effect: even if ineffective it is likely to cause more harm to the UK economy than good, as foreign operators shun the UK. However if it were seen as effective that would give much greatercauseforconcern,asitwouldlikelyleadtoothercountriesseekingtoimposetheir laws extraterritorially too, causing chaos and legal uncertainty in the Internet sector and causingmostharmininternationallytradingeconomiesliketheUK.
69.
Question14:Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriate andproportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? 70. 71. We do not offer an opinion on whether the increased intrusion implied by the draft Bill is justifiedbytheneedsofpublicauthorities. Wedonote,however,thattherearecertaintypesofcrimethatare inherentlyimpossibleto investigatewithoutuseofcommunicationsdata.Attacksoninformationsystemsthemselves, forthesakeofvandalism,mightbeonesuchexample.Bycontrastthereareothertypesof crime for which investigation might be made much more efficient with the use of communications data, but which prior to the availability of communications data was previously investigated using others means. Criminal conspiracies, or anything involving
261
money laundering, might fall into this category. We would be concerned if any attempt to protect civil liberties were to accidentally foreclose the possibility of investigation into certain types of crime. If Parliament were to respond to the governments proposals by taking the opportunity to tighten the grounds of access to existing communications data significantly,wewouldhopeitwouldmakeadequateprovisionforcaseswhereinvestigation wasinherentlyimpossiblewithoutcommunicationsdata. 72. 73. 74. We note that the government is relying very heavily on the general requirement in the HumanRightsActthatpublicauthoritiesactionsthatimplicateprotectedprivacyrightsbe necessaryandproportionate. We acknowledge the importance of this requirement in general, but believe that without appropriatelywrittenrules,guidanceandtraining ofwhichwehaveseennoevidence this generalprescriptioncannotbeartheweightplaceduponit. With the best will in the world, we do not see how officials in a wide range of public authoritieswillbeabletomakeappropriateorevenconsistentdecisionsunlesstheyareable todiscussopenlyarangeofscenarios,someindicatingaccessthatwouldbeproportionate, othersthatwouldbedisproportionate. Werecognisetheneedtoconcealthedetailofinvestigationmethodsinordertoprotecttheir efficacy.Howeverthegovernmentscurrentlevelofreticenceissopronounced,evenwhen testifyingbeforethisJointCommittee,astoprecludeanyreasonablediscussionofguidance onwhatisconsideredproportionate.
75.
Question15:Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? 76. Wedonothaveadefinitivepositiononthecorrectstorageperiod,butnotethatthemajority ofcommunicationsdataaccessedbypublicauthoritiesunderexistingpowersislessthan3 monthsold,andanoverwhelmingmajorityoftheremainderislessthan6monthsold 341.
Question16:Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguards includingapprovalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.How shoulddesignatedseniorofficerbedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? 77. Wemakenosubmissiononthesematters.
341Source:EuropeanCommissionExpertsGroupontheDataRetentionDirective,roomdocument.
262
Question17:Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthis applytoallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? 78. Wemakenosubmissiononthesematters.
Question18:IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? 79. Wemakenosubmissiononthismatter.
Question19:ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBill satisfactory? 80. 81. No,thelevelofParliamentaryoversightiswhollyunsatisfactory. Wedonotsubmitanopinionastothelevelofintrusionthatisjustifiedinthepublicinterest, butconsideritproperthatParliamentshoulddeterminethenecessarybalancebetweenthe public and private interest, rather than delegating that essential responsibility to the Executive. Althoughitisinevitablethatcertainlevelsofdetailmustbeshieldedfromthepublicscrutiny oftheParliamentaryprocess,inouropinionthisdraftBillveerstoofarinfavourofExecutive discretion. a. ThedraftBillfailstoestablishanyframeworkforthebalancetobestruckbetween the public interest in supporting public authorities and the privateinterests of the citizenintheirprivacyandofcommercialentitiesinretainingtheconfidenceoftheir customers. Instead,thedraftBillprovidesforsweepingpowersthatcouldbeexercisedinways thatrangefromsimplyreplicatingthecurrentsystemthroughothermeans 342,tothe creationofasystemofnationalsurveillanceandinvestigationbystatisticalanomaly thatiswithoutprecedentinthefreeworld,quitepossiblyintheentireworld. In our opinion, if such sweeping changes are required in the relationship between thecitizenandtheState,asregardstheirprivateinformation,andintherelationship betweenthetelecommunicationsoperatorandthecustomer,asregardsthelimitsof confidentiality,itshouldbebecauseParliamenthasdeterminedthatthisissoafter duedeliberation,ratherthanbecausetheExecutivehassecretlyshifteditspolicyfor administrativeconvenience.
82.
b.
c.
342Thisbenignextremewouldonlyoccuriftheclause1416powerswereneveractivated,and
Ordersunderclause1onlyspecifiedtheoperatorsowndata,neverthirdpartydatapassingover theoperatorsnetwork.
263
83.
Operators will be subject to substantial but unpredictable new burdens if this draft Bill is carried. a. The extent to which network operators will be required to acquire, process and storethirdpartycommunicationsdataunderclause1iscompletelyunknown. b. The government has stressed that in the first instance it would prefer to obtain communicationsdatafromtherelevantserviceprovider,andwouldonlyrequirethe collection of third party data where the service provider is not able or willing to cooperate. c. However, the government has given no indication at all about the extent to which thisresidualthirdpartydatawouldbedemanded. d. Nor do we have any real indication of the extent to which this demand will grow over time. All the governments remarks concerning the development of the communicationsmarketanditsperceptionofthechallengestolawenforcementare consistentwiththefearthatthegovernmentspolicyonacquisitionofthisresidual thirdpartydatawouldbeOnlyasmuchaswecanmanageinthefirstinstance,and asmuchmoreaswecanmanageasfastaswecanmanageit. e. The nature of the burden is not limited to direct financial costs and the unrecoverableopportunitycostimplicitintheneedtodesignnetworksandservices tomeetpublicobligationsinsteadofpursuingprivateandcommercialends 343.The burden also encompasses duties that impact on the essential relationship of trust andconfidencebetweentheoperatoranditscustomers 344. Inouropinion,telecommunicationsoperatorsaswellascitizenshavealegitimateinterestin the reasonable foreseeability of regulation to which they are subject, and a right to make representations to Parliament when fundamental changes to regulation are contemplated. Thisimpliesthatlegalrulesthatmakecrucialchangestothebusinessenvironmentoughtto originate in clear legislation; legislation ought not to authorise unbounded Executive discretion. ThedraftBilldoescontemplatestatutoryinstrumentswithParliamentaryoversight andin some cases positive approval but we fear it would be rash to expect these to provide the necessaryopportunityfordemocraticscrutiny. a. Unfortunately, nothing in this draft Bill suggests that such Regulations would provideanymoretransparencyorabilityforParliamenttomakeaninformedvalue judgementthantheblankchequethatthisdraftBillresembles. Moreover, the governments demeanour in refusing to discuss application of the proposed powers, including its reticence before this Joint Committee, signals an intentiontoavoidmeaningfuloversight. If our fears were realised, Parliament would have no effective oversight or control over the realeffect of thisBill, the operative partsofwhich wouldbe containedin notices to operators made by the Secretary of State, addressed to individual operators,atherdiscretionandcloakedbytheOfficialSecretsActandcommercial confidentiality.
84.
85.
b. c.
343SeefurtherourreplytoQuestion8 344Someofourmembersreporthavingalreadyreceivedapproachestheyreceivedfromcustomers
who,reactingtothegovernmentsproposalsunderthemistakenbeliefthattheyarealready beingimplemented,expressedconcernonthisissue.
264
86.
Question20:Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailto complywiththerequirementsofthedraftBill? 87.
The government has steadfastly refused to show any meaningful transparency with ourselvesorwiththisCommitteeastowhatdatawouldbesought,fromwhomandinwhat circumstances. It has shown a remarkable lack of candour in seeking to portray this as a minortechnicalupdateofthelawwithnosignificantchangetothepowersavailableorthe overalllevelofintrusionrepresentedthereby.IthasdraftedaBillthatappearstoleavethe SecretaryofStatewithhugediscretioninrelationtotheacquisitionofcommunicationsdata, without any requirement for proportionality except insofar as she is constrained by the Human Rights Act 345. By far the greatest weight in deciding whether to access communications data lies in the unguided, unsupported and effectively unreviewable interpretationofthesubjectivetermproportionalityasappliedbyofficersworkingforthe samepublicauthorityseekingtheinformation.
88.
The draft Bill provides a statutory duty on communications service providers enforceable throughthecourtsintheusualmanner.Failuretoabidebyacourtorderwouldrenderthe serviceproviderliabletopotentiallyunlimitedfinesforcontemptofcourt. There is, however, no specific regime for statutory penalties. In our view, given the hugely complexanduncertainnatureoftheobligations,andinparticulartheconsiderablescopefor error suchas,forexample,theSecretaryofStatespecifyingantechnicalobligationinterms with which it is literally impossible to comply , any more onerous regime for telecommunicationsoperatorswouldbeinappropriate.
Question21:Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequest accesstocommunicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedfor inthedraftBillamounttoanoffence? 89. We do not make a submission on the administrative law question concerning the most appropriate way to regulate the public authorities under this draft Bill, except to say that effectiveanddissuasivesanctionsforcorporatemisuseshouldbefound. We believe it should be an offence for an officer of a public authority to request or obtain access to communications data under cloak of pretended authority but without authorisation. It should also be an offence for such an officer to obtain such authorisation fraudulently.
90.
Question22:Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? 91. Inrespectofnetworkoperatorscapturingthirdpartydata,theanswertothisquestionisNo. To the extent that anyone thinks the answer is yes, they can only be referring to experimentalorprototypesystems,orsmallscaleanalogues e.g.organisationwide,rather
345AlthoughwebelievetheSecretaryofStateistechnicallyboundbytheHumanRightsActto
considertheproportionalityofherdecisions,giventhattheywouldbejustifiedinpartbyreason oftheinterestsofnationalsecuritywehavedoubtsastowhethertheproportionalitytestis effectivelyjusticiable.
265
than ISPwide : systems offering the functionality envisaged in clause 1 and clauses 1416 haveneverbeendeployedandtestedonanationalscalebefore,anywhereintheworld.
266
Question23:Howsafelycancommunicationsdatabestored? 92. Networkoperatorshaveagoodtrackrecordinsecuringdatasuchthatitisneveraccessed exceptbyauthorisedsystems. That said, once the data is outside the direct control of a single network operator it is becomesmuchhardertosecure. The profiling engine would be an incredibly valuable target for attack by sophisticated criminals,terrorists,andStateactorsengagedinespionage. a. Examplesofcommunicationsdatathatmightbeofinteresttocriminalsincludes i. Contactbetweentheircriminalcoconspiratorsandthepolice; ii. Marketsensitive information of all forms, e.g. the contacts of members of investment banks and law firms Mergers and Acquisitions advisory departments. iii. Information supporting blackmail, e.g. regular late night phone and text messages might be evidence of an extramaterial affair celebrities and politicians would be especially vulnerable to blackmail in these circumstances. Examplesofinformationthatmightbeofinteresttoterroristsincludes i. Geolocationinformationonprominentpersonse.g.thePrimeMinister. ii. Contacts e.g.family ofsecurity/bodyguardsforprominentpeople,leading togeolocationofthosecontacts. Examplesofinformationthatmightbeofinterestforespionageincludes: i. Contacts between business and government during sensitive, highvalue negotiationse.g.highvaluedefenceprocurement,tradeagreementsetc ii. Contacts between government leadersand leaders of foreign governments orbetweenthecloseadvisorsofsuchleaders iii. Intelligenceonthedomesticpoliticalsituatione.g.fullaccessmonitoringof the phones of MPs might be able to predict the date of collapse of the Coalition.
93.
94.
b.
c.
95.
Furthermore,asevenprominentpeopletransitionfromrelyingmainlyonthephonetousing newcommunicationstechnologies,existingprotectivemeasures suchasex.Directory will become less effective. With sufficient access, security through obscurity wont work either: thesystemwillbeabletodiscoveratargetscommunicationsdevices. Were the profiling engine to be compromised by external technical attack hacked the impactwouldnotnecessarilyevenbelimitedtoprovidingtheattackerwiththecapabilities inusebypublicauthorities:asuccessfulattackerwouldnotbelimitedbytheselfrestraint applied by legitimate public authorities in the interests of proportionality, but only by his technicalcapabilities. Itwillthereforebevitallyimportanttoprotecttheprofilingenginefromattack,asifitwere compromiseditcouldconstituteaseriousthreattonationalsecurity. The profiling engine would be accessible, as far as can be told from the Bill, to a large numberofindividualsfromawiderangeofdifferentorganisations.Thisindicatesthatitwill bechallengingtoprotecttheprofilingenginenotonlyfromtechnicalattacks,butalsofrom
96.
97. 98.
267
human attacks social engineering, infiltration of personnel, suborning of authorised users throughbribery,blackmailetc,andsoforth . 99. Thiscombinationofsupremelyhighvaluetotherightpeople,anenormouslysophisticated but poorly understood capability, and broad accessibility, gives considerable cause for concernaboutthesecurityoftheaccessinterface.
Question24:Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnically feasible? 100. Thesystemsintegrationchallengeimpliedbytheneedtoconnectthecommunicationsdata of all public communications systems used in the UK including systems outside the UK accessed from within it in a manner that all the data can be crosslinked as envisaged in clauses1416,canonlybedescribedasimmense. Itshouldbenotedthatnotonlyarethereahugenumberofsystemstobelinked,butthatin mostcasesthepeopledoingthelinking,thenetworkoperatorssupportedbyCESG,wontbe thepeoplewhoownandcontrolthesystemsbeinglinked foreigncommunicationsservice operators and in many cases the system controller will be actively trying to thwart the effortsofthesystemsintegrator.
101.
Question25:Howeasywillitbeforindividualsororganisationstocircumventthemeasuresinthe draftBill? 102. We anticipate it will be relatively straightforward for a moderately sophisticated and surveillanceaware criminal to conduct occasional covert communications despite the measuresinthedraftbill. Maintainingacovertpresenceonanongoingbasiswillrequiredisciplineanddetermination, aswellasskilloralternatively,itcouldbedonewithverylittleskilloreffortinascenario where the use of encryption for online communications becomes commonplace. Unfortunately for the governments aims, the latter is, in our opinion, quite a likely occurrence,andevenmorelikelyshouldthedraftBillbecomelaw. Aswesaybelow,encryptionenablesindividualstocircumventtheprovisionsinthedraftBill that envisage the collection of third party communications data by network operators. Indeed,thewidespreaduseofencryptionincommonlyusedsoftwareasanessentialpartof maintaining a secure communications environment 346 means that individuals will circumventthesemeasureswithoutevenrealisingthattheyaredoingso.
103.
104.
346Theoptionofprohibitingtheuseofencryptionisnotrealisticallyavailableasthesecurityof
Internetbasedcommunicationsrestsheavilyontheuseofstrongencryption.Forthisreason, proposedlegislationtograntthegovernmentabackdoorintoallencryptionsoftwarewas abandonedbyboththeUKandUSAinthemid1990s,whenitwasrealisedthattheeconomic harmthatwouldbedoneoutweighedeventheinterestsoftheintelligencecommunity.IntheUK, theRegulationofInvestigatoryPowersAct2000wasthelegislationbroughtforwardinplaceof theabandonedproposals,toprovideanalternativemeansofaddressingtheneedsofthelaw enforcementandintelligencecommunities.
268
105.
There is also a disquieting possibility that some individuals, in an effort to circumvent the measuresinthedraftBill,willemploynonstandardtechnicalcountermeasuresthatcould causeharmtothesecurity,performanceandreliabilityofnetworksandservices.
Question26:Arethereconcernsabouttheconsequencesofdecryption? 106. In the presence of widespread encryption, the intention to coopt network operators to conduct mass surveillance of third party communications data is in our view doomed to failure. a. Thereareonlythreetechnicalpossibilitiesfordefeatingwidespreadencryption i. Performingamaninthemiddleattack; ii. Covertlysubvertingtheencryptionsoftware; iii. Afundamentalbreakthroughinmathematics Wedonotbelievethatanyofthesecouldbedeployedonanationwidescaleandstill remainsecretforlong Theconsequenceofbeingdiscoveredusinganyofthesetechniqueswouldbevery serious for public confidence in the security of online communications, including businesscommunicationsnotjustconfidentiality,butalsoauthentication.
b. c.
August2012
269
Alastair Macmillan
Itisveryeasytodriftdownthepathoftotalitarianismintheinterestsofsecuritybyonly consideringthetechnicalaspectsofthisdraftbill.InGreatBritainwehavealonghistoryof Freedom,HabeasCorpus,andInnocenceuntilProvedGuiltyetc.Theserightsandfreedomsare fragileandonewouldhopethatourlegislatorswouldworkhardtoprotectthem.However,in recentyears,thishasnotbeenthecaseandonceagainweareseeinglegislationbeingproposedthat limitsthefreedomoftheoverwhelmingmajorityinthenameofsecurity. Acontinuingratchetingupofthelegislativeframeworkwillnotcatchthosethatwanttoundermine ourwayoflifebutwillsimplyprovideyetmorewaysforthestatetocriminalisetheinnocentand provideyetmorepowertopettyofficialdom. Wheneverlegislationofthissortisproposeditissaidthatthoseenforcingitwillbeaccountableto Parliament,thisasalwaysandfromthepointofviewoftheBritishSubjectisnavebunkum.In realityshouldIforexamplebesnoopeduponbyanagentofthestate,itwillbeoneormorepetty officialthatyouorIwillhavetodealwithtoclearmyname.Thelawputspowerintothehandsof thesepeopleattheexpenseofyouorI,whowillbedeemedguiltyuntilweproveourselvesinnocent. InsummaryitisessentialthatyouraiseyoureyesfromthepurelytechnicalaspectsofthisBilland lookattheoverallpictureofthebalancebetweenBritonsandtheBritishState.Thelast GovernmentwasprobablyoneofthemostTotalitarianGovernmentsthattheUKhaseverhadoutof wartimeandtheextrapowersitgavetothepoliceandsecurityservicesdidlittletoboostrespectfor thesebodieswithinSocietyasawhole.Thelegislationenactedalsoencouragedsloppypolicingby providingcatchallclauses,allowingantiterrorlegislationtobeusedtolimitfreedomof expressionandtherighttodemonstrateandquestion. InsteadofthetreadmillofcreepingtotalitarianismIwouldsuggestthatthePoliceandSecurity servicesaremadeofworkwiththePublicsothatweareallencouragedtoberesponsibleforourown andtherebyeveryonessecurity.Thisisthewaywehaveprotectedourselvesinthepastandisthe wayofChurchillssmallplatoons. HavingrecentlyreturnedfromPortugalwhereonealmostneedsalicencetobreath,Ivalueeven moretheFreedomsweenjoyintheUnitedKingdomandIlooktoyouasoneofourlegislatorsto worktoprotectthem. August2012
270
Professor Robin Mansell

General:
1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill?
1.1TheHomeOfficeisseekingtoprotectthepublicbyensuringthatcommunicationsdatanecessary toachievethisaimareavailabletopublicauthoritiesuponrequest.Thisambitionisclear.The evidencebasesupportingthedraftBillisunfortunatelyveryweak. 1.2ThissubmissionisdirectedprincipallytomajoromissionsinthedraftBillanddebateaboutthis legislation.Theseare:a theabsenceofevidenceofconsiderationofthecostsandrisksassociated withmandatingcompaniestoinvestinabigdatainfrastructureforthepurposesofthedraftBill withoutadequatetransparency;andb insufficientdetailastothemeansofachievingtransparency andadequatescrutinyofthetechnicalmeanstobeemployed.
2.1No.TheGovernmentscaserestsontheobservationthattechnicalchangemeansthatsubscriber, useandtrafficdatathatmightbeofusetoauthoritiesareeithernotcollectedbycommunication serviceproviders,ortheyare,butlegislationdoesnotpermitauthoritiestoobtainthem.Therefore, withoutaction,theauthoritieswillfallincreasinglyfurtherbehindintheirabilitytoaccessthedata theyneedtoprotectthepublic.Whateverthevalidityofthisclaim,itfocusesdisproportionatelyon accessingdatawithoutgivingadequateattentiontotherisksassociatedwiththedevelopmentofa newbigdatainfrastructureorthetransparencyofthetechnicalmethodsusedtoacquireand processthesedata.
2.2Anewbigdatainfrastructure:Creatinganewdatainfrastructureforcollectingandretaininghuge amountsofdata,filteringitandprocessingit,willcreatenewrisksthatneedtobeconsideredbefore theseproceduresareputinplace.

2.3BycreatingtheincentiveforallcommunicationsservicecompaniesintheUKtobuildan infrastructuretocollectandretaindatathattheywouldnotnormallyretain,theGovernmentis legitimizingsuchpracticesforallcompanies,extendingthepotentialforharmfulusesofthis infrastructurebythesecompanies purposivelyorinadvertently ,andcreatingthepossibilitythat thesedatastoreswillbebreachedinwaysthatmaycreatehazardorharm. 2.4Thepotentialfordatamisuseissubstantial.Inadditiontotheproblemoftheuseofthe infrastructuretointrudeintocitizenslives,theexistenceofsuchaninfrastructurewillenlargethe scopefornewformsofcybercrimeorinadvertentdataloss. 2.5Estimatesaboutthecostsandbenefitsoftheobligationsto2018areprovided,butthereisno clearindicationofwhatassumptionshavebeenmadeabouttherisksofillegalusesofthenewdata infrastructureonceitisinplace. 2.6Itseemstobeassumedthatonlyalimitednumberofcompanieswillbuildthenecessary infrastructureforcollectingandretainingdata.Yet,thislegislationappearstomakeitlegalforany companytodevelopthedatainfrastructureinreadinessforpotentialrequestsfordata,raisingthe risksofdatabreachesandillegaluses. 2.7Therearelikelytobemanynewrisksandcosts.Thereisnobasisforreachingajudgmentasto thebalancebetweentheserisksandcostsandthebenefitsclaimedasaresultofthislegislation.No stepshouldbetakentowardmandatinginvestmentinthisnewdatainfrastructureuntilsuchtimeas thereisbetterevidenceabouttherisksofhazardorharm.
3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals
271
privacy?
3.1ItisclaimedthattheuseofDPIandRequestFilteralgorithmswillensurethatauthoritiesdonot capturecontent.Itisnotfeasibletomakeadistinctionbetweencommunicationsdataandcontent becauseallelectroniccommunicationscanbeinterpretedfortheirmeaning. 3.2Thisappliestotheinterpretationofpatternsemergingfromtheanalysisofcommunicationsdata suchasuseandtransactiondata,e.g.thetitleofaURLlink,asmuchasitdoestotheanalysisof conventionallyunderstooddigitalcontent,e.g.thecontentofawebpageorthecontentofanemail. 3.3Evenifconventionalcontentisseparatedfromotherformsofinformationwhichhavemeaning, theexpansionofopportunitiesforauthoritiestodrawinferencesaboutcitizensintentionsor behaviorfrompatternsemergingfromelectronictracesoftheiractivitiesisgrowingexponentially withincreasesinthevolumeofthedatathatcitizensgeneratethroughtheiractiveandpassive e.g. mobilephonesbeingcarriedfromoneplacetoanother useofdigitaltechnologiesandnetworks. 3.4ThereisnodetailinthedraftBillastowhattechnicalalgorithmswillbeusedtoextractmeaning fromcommunicationsdataorwhatstandardofreliabilityisacceptable.Legislationshouldseta standardasanacceptabletargetforperformancesubjecttoreviewinthesamewaythatstandards aresetforotherpublicservices.Thereneedtobeagreedtargetbenchmarksagainstwhichthe proportionoferrorscanbejudged.
8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKas alessattractivebase.Whatmightbetheeffectonbusiness?
8.1TheUKcommunicationsmarketisgrowing.Communicationserviceprovidersareunlikelyto withdrawfromthemarket.Theywillevaluatethecostsandbenefitsofcompliancebasedonthe likelyimpactontheirrevenuebase. 8.2Itisnotonlycommunicationserviceprovidersthatshouldbeconsidered,however.Customers whoareknowledgeableabouttheincreasingscopeofcommunicationsdatamonitoringmaychoose servicesthatappeartoofferthemgreaterprotectionfromintrusionssuchasencryptedservice offerings. 8.3Whentheconstructionofamandatedbigdatainfrastructurepaidforinpartbythestateis availabletothem,somecompaniesarelikelytoavailthemselvesoftheopportunity. Scope:
13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty?
13.1Theoverseascommunicationserviceprovidersthatareoftendiscussedarehighlyvisible companies.ItisrealistictoenvisagetheircomplianceinlightoftheirinterestintheUKmarketif theirhomegovernmentsaligntheirlegislationwithUKlegislation.Thisneglectslessvisible companieslocatedincountriesthatalreadyallowStatesponsoredmonitoringofcommunications data.FailedstatesandStatesthatareunlikelytocooperatewiththeUKforpoliticaloreconomic reasonswillnotbepursuedeffectively.Atpresentafewhighlyvisibleglobalcompaniesgeneratea substantialportionofrelevantdata.Infuture,thoseseekingtoengageinseriouscrimeorterrorism arelikelytoshifttocompaniesthatarelessprominentand,wherefeasible,tocompaniesbasedin uncooperativeStates. Safeguards:
16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR?
272
16.1Theintegrationofmanydistributeddatabasesishappeningextensivelyinthebigdataera. ThereisnobasisatpresentforbelievingthattheGovernmentorthirdpartieswillbeabletoachieve anacceptablestandardfordataintegrityandsecurity. 16.2Thehistoryofelectronicdataprocessingsystemsshowsthaterror accidentalorwithmal intent isthemainreasonfordatainsecurity.Italsoshowsthateffortstoimprovetherecordinthis areaarenotkeepingpacewithcapacitiestocollectandprocessdata.Noevidencehasbeenprovided tosupportaclaimthatthissituationhaschanged.Theextentofpotentialintrusionsintocitizens privatelivesisunknowable,notwithstandingclaimsbytechnicalexpertswhohave,historically,been gravelymistakenaboutsuchissues. 16.3Authorisationofdatarequestsmustbegivenbyjudicialauthoritytoensurecitizenrightsare protected.Inthebigdataeraitisnotsufficienttorelyondesignatedseniorofficerswithin organisationsforsuchauthorizationwhentheyhaveaninterestinsecuringaccessanduseofsuch dataoronretrospectiveauditoftheoutcomes.Judicialauthorityshouldapplyinallcases,andnotbe limitedtolocalauthorities. 16.4RelyinguponadesignatedseniorofficerisinconsistentwithArticle8oftheECHRtotheextent thatiteffectivelygrantsjudicialauthorityonissuesofnationalsecurity,publicsafety,orthe economicwellbeingofthecountry,forthepreventionofdisorderorcrime,fortheprotectionof healthormorals,orfortheprotectionoftherightsandfreedomsofothers.Withoutthis authorisation,thereisnosatisfactorysystemforpreservingtherightsofminoritiesinamajoritarian democracy. 16.5Transparentmeansofassessmentofthelikelyrisksassociatedwithaubiquitousbigdata infrastructureforcollectingandretainingdatabycommercialfirmsisneeded. 16.6Transparentinformationisneededaboutthewaythematchbetweentheplaintextrequestsfor dataandtheprogrammingofsoftwarealgorithmswillbeauditedwithpresettargetsandstandards forperformance. Technical:
23Howsafelycancommunicationsdatabestored?
23.1See2.12.7regardingtherisksofcreatingthisnewinfrastructurefordatastorage.Animportant additionalissueistheretransmissionofthesedatatopermitprocessingofdatafromdifferent decentralisedlocations.Thisraisesadditionalsecurityissuesbecausealargenumberofrequesting agencieswillbeinvolved.
24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? 24.1Achievingtransparencyandscrutinyoftechnicalmeans:Filteringalgorithmsaretobe employed.Itisunclearwhowillbeheldaccountableforthedesignofthesealgorithms.The algorithms theinstructionsprogrammedintotherequestfilters throughwhichtheauthorities obtaindataandtheinstructionsprogrammedintothesoftwaretoaggregateandanalysethedata mustbeavailableforindependentscrutiny.

24.2Thoseresponsibleforpublicprotectionmayarguethatplacingthisinformationinthepublic domainmakesitavailabletothosewhoseektoengageinseriouscrimeorterrorism.Theresponseis thattransparencyrequiresindependentauditoftheinputswithrespecttomorethanwhetherthe RequestFilterisfunctioningproperly Clause16 .Itneedstobeclearthatscrutinyrelatestothe matchbetweentheplaintextinstructionsthatareauthorizedandtheactualprogrammingofthe technicaltools.Independenttechnicalexperts subjecttoconfidentialityrestrictions mustbeableto verifythattheprogrammedinstructionsachievelegalends.Intheabsenceofclarityaboutthisissue, authoritiesrequestingandprocessingdatawillbecontinuouslyopentochargesofbias,i.e.data collectioninconsistentwithauthorizedactivity.
273
24.3Algorithmsusedtoprocessrequesteddatatypicallyarebasedonjudgmentsaboutthe relevanceofdata,justasinthecaseofcommercialsearchengines.Asaconsequence,inferencesmay bemadeandpatternsdiscoveredthatarespuriousormisleading.Thereisnodetailastothespecific standardstobemetthroughtheapplicationofthesealgorithms.
25HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill?
25.1Aswithalltechnicalmeasures,theeaseofcircumventiondependsuponthetechnological sophisticationofindividualsandorganisations.ThedraftBillcreatesincentivesforimprovingthis sophistication. August2012
274
Lorna Mitchell
General: 1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? Notatall,Ithinkwe'restillchasingterrorists? 2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? No. 3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? Theyfitinwiththegenerallossofprivacy.Theydon'tfitinwiththebeliefsaboutpersonalprivacy thatIbelievethisgovernmenttohold,orthelawsthatareineffectinmycountry i.e.theUK 4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? 5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? Arethereanyproposalswhichoutlinewhythegovernmentwouldneedthisdata?Iamunclearwhat we'retryingtoachieveorwhatthebenefitwouldbe. 6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? Mostotherlegislationsallowcontrolledaccesstodatawhenthereseemslikethereisgroundsfor requestingsuchaccess.I'mnotsurehowblanketaccesstoanycommunicationswithoutneeding anyonetoknowaboutitorgrantpermissioncouldpossiblyfitunderthesamelegislation. 7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasures thatcouldbescrappedasaquidproquotorebalancecivilliberties? Notinmyopinion.Currently,Ihavesomefreedomasacitizen.ThisdatacollectionproducesWAY toomuchinformationwhichcouldbeanalyzedatanoverallpopulationlevelandbeveryvaluableto commercialorganisations. 8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKas alessattractivebase. Whatmightbetheeffectonbusiness? DigitalindustrieswillleavetheUKimmediately.Therewillbealargemarketinselling communicationarrangementswhichbypasstheUKforbothbusinessandpersonalcommunications. Costs: 9.Istheestimatedcostof1.8bnover10yearsrealistic? 10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? I'mnotsurethatthismeasurecouldeverproduceamonetaryreturnoninvestment Scope: 11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate? DotheysensiblydefinethescopeofthepowersinthedraftBill? Theyarewonderfullyvagueandthebillprovidesforthemtoberedefinedatwillandwithoutnotice. SoI'msuretheycanbeadaptedtoanyscopethatthisoranyfuturegovernmentdesires
275
12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? securityagenciesonly.Andno.PleaseleteitherthejudgesortheLordsrepresentthe"manonthe street"ifchangesareneeded.Theyaretheonlyrepresentationhehasinthiscountry. 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty?entirely unrealistictothinkthatanycountrycanlegislateforanythingoverseas,thisisimpractical UseofCommunicationsData: 14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? Thecircumstancesunderwhichcommunicationsdatacanbeaccessedarewildlydisproportional. Wehavesurveillancelawssothat,asacountry,wecanaccessdataandmovementsofindividuals whoaresuspectedofcrime.Surveillanceofallcitizenstoidentifyanyatypicalbehavioursimplyisn't inlinewithbritishvalues. 15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? Safeguards: 16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory? ArethereconcernsaboutcompliancewithArticle8ECHR? 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapply toallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? Yes,awarrantsystemwouldbemoreappropriate.Anonpoliticalpersonshouldhavefinalsay.And thatwillbeterriblyexpensiveIshouldthink. 18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? Theinformationcommissionerishorriblyunderresourced.Inprinciple,it'sagreatthing.In practice,notsomuch. ParliamentaryOversight: 19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? Enforcement: 20.Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywith therequirementsofthedraftBill? 21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthe draftBillamounttoanoffence? Technical: 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? This"communicationsdata"ofwhichyouspeaktellsatleastasmuchofthestoryasthecontent.In fact,IthinkI'dpreferyoutoreadthecontentofmypersonalandbusinessemailratherthanhaveall themetadatathatthisschemewouldgiveaccesstothepotentialforpatternevaluationandmaking ofassumptionsonwhatconstitutes"normal"behaviourisquitefrightening IworkinIT
276
23.Howsafelycancommunicationsdatabestored? Verysafely.Thefactthatthedataexistsistheproblem. 24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Ahassle,butdoableforanyonewithreasontodoso. 26.Arethereconcernsabouttheconsequencesofdecryption? August2012
277
Glynn Moody
1. TheUKgovernment'sDraftCommunicationsbillisbasedontwoflawedpremises.Thefirst isthatcommunicationsinformationcanbeseparatedfromcontent.Thatismanifestlynot truewhendealingwithWebsites,sincetheaddressisalmostinvariablydescriptive,and providesagreatdealofinformation andthat'sassumingthattheUKgovernmentwillnot requireindividualWebpageaddressestobestored,whichwouldgiveevenmoredetails. Forexample,supposesomebodyvisitedseveralsitesaboutmentalhealthproblems:the merefactofvisitingthemwouldofcoursegiverisetothesuspicionthatheorshewas experiencingsomeproblemsinthisarea.Nowimaginethatpersonhadarolein government,orsomerolethatrequiredthemtomakelifeordeathdecisions:clearly,thefact thattheyhadvisitedmentalhealthsitescouldplacetheircareersinjeopardy. Theotherassumptionisevenmoreseriouslyerroneous:thataseriesofdistributed databasesholdinglocalstoresofinformationaboutindividualsisfarlessproblematicthana centralisedsystem.Thereasonforthisisthatcomputinghasmovedontosuchanextent thatitisnowrelativelyeasytocarryoutsearchesacrosshugenumbersofdatabases;this meansthatthereisnopracticaldifferencebetweenthetwo. Itisthesecrossdatabasesearchesthataretherealproblemwiththeproposedsurveillance schemethe"filters"astheyarecalledintheBill.Computingpowerissogreatnowthatitis relativelyeasytocarryoutcomplexcrossdatabasesearchesthatlinktogetherapparently disparateinformation:callittheGooglisationofsurveillance.Justaswecanfindlinks betweenareasthatmightseemquiteunrelated,thankstothepowerofGoogle'sdatabases, soallkindsofconnectionswillbefoundthroughtheuseoffilters.Inparticular,itwillbe possibletomapoutpracticallyanyaspectofanyone'slifebyframingtherightfilters.Far fromofferingaverylimitedviewofwhatpeoplearedoingonline,theproposeddatabases willeffectivelyknoweverythingabouteveryone. Thisbringsmetoperhapsthemostproblematicissueforthecurrentproposals.Inher introduction,theHomeSecretarywrites:"Communicationstechnologiesandservicesare changingfast.Morecommunicationsaretakingplaceontheinternetusingawiderrangeof services.Ascriminalsmakeincreasinguseofinternetbasedcommunications,weneedto ensurethatthepoliceandintelligenceagenciescontinuetohavethetoolstheyneedtodothe jobweaskofthem:investigatingcrimeandterrorism,protectingthevulnerableandbringing criminalstojustice."Thebasicpremiseisthatthecurrentproposalsaresimplybringing policeandintelligencepowers"uptodate".Thisisnotthecase. Instead,theabilitytocarryoutcrossdatabasesearchesusingfiltersrepresentsamassive andunprecedentedextensionofpowers.Itwillallowthemostintimatecornersofpeople's livestobeinterrogatedbypiecingtogethertinyscrapsofapparentlytrivialinformationto formacompleteportraitoftheirdailylives.Oncelocaldatabasesareinplace,andcanbe searchedinaunifiedway,itisinevitablethatlevelsofinformationwillbeobtainedfar beyondtheverysimpleoptionsavailabletoday. Thatisclearlyproblematicforademocraticsociety.Itpotentiallygivesgovernments unprecedentedinformationandhencecontrolabouteverycitizenatalltimes,andinnear realtime.Butthereareotherdangers. AsweknowfromtherecentNewsInternationalscandals,wheneverconfidentialinformation isavailable,eventoalimitedrangeofvettedpersonnel,therewillalwaysbecorruptionthat allowsunauthorisedaccesstothatinformation.Evenassumingthedatabasescouldbemade secureandinfactthat'snotpossible,asanysecurityexpertwilltellyoutheweakestlink remainsthehumanone.Evenwhenpeoplearenotcorrupt,theymaybeopentoblackmail orthreats.Creatingthesedatabasesinevitablymeansthattheinformationtheyholdwill leakoutandbeabused.Theonlywaytopreventthisisnottocreatethedatabasesinthe firstplace.
2.
3.
4.
5.
6.
7.
8.
278
9.
Thecaseforthishugeandunprecedentedextensionofsurveillancetolevelswaybeyond whatisavailableeventooppressiveregimesaroundtheworldhasnotbeenmade.Instead, thereisavague,handwavingargumentthatitisasimplyupgradeofcurrentpowersfor moderntimes.AsI'venotedabove,thisissimplynottrue.Theonus,therefore,mustbeon thepoliceandsecurityservicestocomeupwithtrulycompellingreasonsforthis unprecedentedsurveillanceofanation'smostintimatedetailsmereconvenienceisnot goodenough.
August2012
10. Itisworthbearinginmindthatdeterminedcriminalsandterroristswillinanycasebeable tocircumventtheproposals,usingstronglocalencryptionandnonInternetbased communications.Sotheonlypeopleadverselyaffectedbytheproposalsarelawabiding citizens.Why,then,bringinanextremelycostlysystem costoverrunsareinevitable,as historyshows thatwilladdmajornewvulnerabilitiestotheUK'scomputinginfrastructure, forwhatseemsverylittlebenefit?Untilthatisfullyanswered,thereshouldbenoquestion aboutbringingintheproposedsystem.
279
Barbara Moore
ThereareonlyafewquestionswhichIwouldliketoconsiderinmyresponseandInumberthe paragraphsaccordingly. 2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? 2.1No.AstheLondonriotsrevealedthereisalreadysufficientlegislationinplacetoenablethepolice tooperateefficientlywhentheirinvestigationsrequirethecollectionofcommunicationtrafficdata. 4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? 4.1IfbythatquestionyouarereferringtovariousAfricanandMiddleEasternnationswherethere havebeenrecentbloodyrevolutionsanddisappearancesofthegeneralpopulationorthemore historicmonitoringinGermanyandbehindtheIronCurtainthentheonlylessonthattheUKshould belearningisthatthecollectionofcommunicationdatashouldbediscouragedinademocraticand freesociety.Thereshouldneverbeanymonitoringwithoutpriorjudicialoversight.Anythingelsewill resultinhistoryrepeatingitselfinthisfairland. 6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? 6.1Datashouldnotberetainedotherthanduringaninvestigation.Accessshouldbelimitedtothose makingtheinvestigationandneverretainedbyacommercialentity. 8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKas alessattractivebase.Whatmightbetheeffectonbusiness? 8.1IamnottoosurethatIunderstandthefirstpartofthisquestion.Forthesecondpart,encryption isalreadytheonlywaythatanybusinesscansafelyoperateintheUK.AlreadytheISPsare monitoringandsellingtrafficdatabetweenbusinessesandtheircustomers.EventheUKGovernment arepurchasersofthistrafficdata.IfthedraftBillhastheeffectofdeprivingtheISPsofthistradein datathenitwillbeverygoodforUKbusinesses.However,theprobabilityisthatthedraftBillwill makeitcostefficientforISPstocollectandsellevenmoredatathaniscurrentlythecasewhichwill beadisasterforUKbusinessandinnovation. 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? 12.1Thegeneralpublicwouldnotexpectanysuchaccesstoextendbeyondsecurityservicesand policeinvestigations.Withallsuchaccessundercourtorderonlyandsubjecttojudicialreviewasto theappropriateuseofthepowers.Itisessentialthatthepeopleareprotectedfromabuseofpowers byGovernment. 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? 13.1Thisisalaughableproposal.Or,perhaps,veryfrightening.Woulditsuggestthatoverseas governmentswouldhavesimilar'rights'overthedataofUKbusinesses?Anyclausereferringtodata heldoutsidetheUKshouldberemovedfromthelegislation. 14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect?
280
14.1Ablanketcollectionofandaccesstodataisnotappropriateinanysocietywhichisbasedon democracyandindependentjudiciary.Itshouldbeuptoajudgetodeterminewhetherornota particularcrimewarrantsthecollectionofcommunicationdatatofacilitateaconviction.There shouldneverbealistof'approved'crimes. 15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? 15.1Thisquestionsbecomesmeaninglesswhentheblanketcollectionandretentionofdatais removed.Datashouldonlybeheldforaslongasisrequiredtoprocessaspecificcrime. 16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? 16.1Anotherplaceboquestion.Ifthedataishelddigitallyitshouldbetakenasreadthatitisnot secureandwillbecompromised.Puttingtickboxestorestrictwhohasaccesswilldonothingto ensurethesecurityofthedata. 16.2IknowfrommyownexperiencethatequipmentattachedtoIPaddressesunderthecontrolof NASAandTheWhiteHousehasbeencompromisedandusedinanattempttohackintomyown equipment.IliketothinkthatmyabusereporttoNASAhelpedthemtodiscoverthebreachwhich hasrecentlybeenreportedinthepublicmedia.Iassumethattherewillneverbeapublic announcementofthebreachinthesecurityofTheWhiteHousenetwork. 16.3Anyonewhooffersa'secure'solutiontodatacollectedunderthedraftBillisdoingsowithout explainingthatdigitaldataisnotsecureifthereisaccessbetweenLANandWAN.Thecollectionof datadoesrequiretheuseofWAN. 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapply toallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? 17.1Anythingotherthanawarrantsystemforalleventsshouldnotbeconsidered.Astoresources, thereseemslittlepointinproposinglegislationwhichwillnotincludefundingtoprovideadequate resources. 18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? 18.1IhavenoknowledgeofICCcapabilitiesbuthaveexperienceoftheICObeingunderresourced, understaffedandtechnicallywithoutthenecessaryknowledgetoperformanyrolewithanydegree ofreliability.Lawyersarerarelyliteratewithregardtodigitalmethodologies. 19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? 19.1Itisunlikelythatparliamentwillcontainsufficientindividualswithtechnicalcompetenceto carryouttheroleofoversight. 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? 22.1No 23.Howsafelycancommunicationsdatabestored? 23.1Thereisnosafestoragemethod.
281
24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? 24.1Technicallytheproposalsarenotfeasible. 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? 25.1Exceedinglyeasy.Suchcircumventionmethodsarealreadywidelyknownandusedbypeople aroundtheworld. 26.Arethereconcernsabouttheconsequencesofdecryption? 26.1Encryptionisalreadyanessentialtoanycommunicationduetotheamountofcommercial exploitationofcommunicationdata.Whenthepublicbecomemoreawareoftheirdatabeing interceptedforinnocentactivitiestheywillaskformoresecuremethodsofencryption.Orfind alternatemethodsofcommunication. 26.2Itissadtothinkthatitisbecomingimpossiblefortwopeopletocommunicateinprivateusing anymethodotherthanspeakingfacetoface. August2012
282
Alec Muffett
Note IhavereadthesubmissionmadebyGlynMoody,whichhehasreprintedinComputerworld 1 andI seenovalueinaddressingthepointsthathavealreadybeencoveredinthatsubmission,otherthanto recommendthemmosthighlyascorrectandworthyofconsideration. OnTerminology Followingacuefromotherdiscussionofthebill,IshallusethetermContentServiceProviders CSPs broadly,includingfirmsthatwouldmoretypicallybereferredtoasInternetServiceProviders ISPs aswellasincludingthelikesofGoogle,Yahoo,Microsoft,etc,underthatumbrella. KeywordSummary anticompetitivebusinesslandscape negativeimpactsofregulation small/mediumenterprisecommunicationsproviders inhibitingbusinessagilityandgrowth conflictofstrategicinterest cybersecurityrisk
Evidence Iwouldliketosubmitthefollowingevidence: OntheRisksofCCDPArchitecture 1.ThatinabandoningtheformerarchitecturesuggestedbytheInterceptionModernisation Programme IMP thatofbuildinganOrwellian"centralised"databaseinfavourofamoremedia friendlybutequallyOrwellian"distributed"database,theCommunicationsCapabilitiesDevelopment Programme CCDP greatlymagnifiestheinformationsecuritymanagementrisksinherentinthat system. 2.Thereforethecostsareatleastequallymagnified;whereoncetherewasanominally"single" databasewithcentralisedinformationsecuritymanagementtheremaynowbeahundredwith independentmanagementandaccesscontrols;thereforetherisksaremultipliedbyatleasta hundred,andthecostofmanagingthoseriskswillincreasebyaproportionalfactor. 3.ThereforeitseemshighlyimplausiblethattheHomeOfficequoted2bntoimplementIMPandyet nowquotesalesserfigureof1.8bntoimplementCCDP. 4.Somyanswertoquestion9 Istheestimatedcostof1.8bnover10yearsrealistic? is"No,most definitelynot,evenallowingforMoore'sLawbecausethatwillsimultaneouslybeworkingtoaid communicatorsandinterceptorsboth". OntheEqualityofCCDPtoitsforebear 5.OfcourseitisfaciletosketchtheIMPimplementationashavingeverbeendesignedaroundatruly centraliseddatabase;todosowouldrequirethatforeveryNgigabitsofnetworkbandwidthbetween twoarbitrarypointsinBritain GlasgowandEdinburgh,say therewouldhavetobeasecond, equallysized,dedicatedNgigabitsofnetworkbandwidthjusttocarryacopyofthatdatato Cheltenham 6.SoforIMPacopyoftheentireBritishInternetwouldalsohavetoflowtoCheltenham,an architecturewhichwouldnotbetenable. 7.ThereforeIMPmustalwayshavebeenbasedupondeployingdistributedsensorsperformingdata reductionandfilteringbeforepassingthedatabacktoacontroller,asystemstructurallyidenticalto CCDP,puttingthelietothesuggestionthattheyareinanywaysignificantlydifferentproposals. 8.Somyanswertoquestion3 HowdotheproposalsinthedraftBillfitwithinthewiderlandscape onintrusionintoindividuals'privacy? isthat"CCDPisthesameasIMP,andshouldbeentirely
thrownoutinthesamewayandforthesamereasons."
283
OnCCDP'simpactuponCSPtechnicalimplementationandprofitmargin 9.SotheproposalsarenowfordistributeddatabasesateachCommunicationServiceProvider CSP , somehowatareducedcost;theonlywaytoachievethisistograduallypasscostsofthehardware ontotheCSPs.Thiswillleadtothreeobviousscenarios: 10.Large,wellfundedCSPswillabsorbthecostsandmanagetheirresponsibilitiestowardsathe interceptiondeviceswithreasonablecare,includinglockedhardwarecages,restrictedaccessto interceptionequipmenthardware,securityclearedstaff,etc. 11.VirtualCSPs forinstance,Tesco'sISPservice reselltheservicesoflargeCSPsandthereforewill be"covered"forcompliantinterceptioncapabilitysomewhatautomaticallysolongaswecan assumethatmechanismsexistthatcantieaTescouser'sinformationtotheidentityoftraffic travelingupontheunderlyingCSPnetwork. 12.SmalltoMediumCSPswillbefacedwithachallenge:thecostofobtainingandinstalling interceptionhardwareandofsettingupspecialcontrolshardwarecages,restrictedaccess,security clearanceswillbeaburdenoncapitalandoperationalexpenditure,makingsignificantimpactupon businessmargins. 13.Thisisbecausesecuritycostsmoneytoimplementproperly. 14.ButonceinstalledattheSmall/MediumCSP,theinterceptionhardwarewillalsoimpactupon creativenetworkarchitecture;inamicrocosmofthe"Edinburgh/Glasgow"pointabove,acopyofall oftheCSP'strafficwillhavetoflowtotheinterceptiondevices. 15.Toanenterprisenetworkarchitectthisisakintoenteringaboxingringwithaballandchain securedtooneankle;itimpactsyourabilitytomakeoptimaluseofthehardwarethatyouhave budgetedforandpurchasedbecauseyouarehandicappedbygovernmentmandatealwayshavingto bearinmindthatonemustnottithebutinfactwhollyduplicatetrafficflowssothattheinterception boxmayhaveitsdue;andthatyoumustintegrateyourshinynewhitechnetworkwithinherently "legacy" ie:somewhatarchaic approvedinterceptionhardware. 16.Also:Moore'sLawdoesnot yet standstill,sotechnologydeployedtopermitsufficient interceptiontodaywillbeoverwhelmedinayear,perhapsthree;sotheballandchainwillhavetobe regularlyreplacedevenifwequitboxingandinsteadtakeupthe4x400mMen'sRelayinwhichcase multipleballswithchainwillbesuddenlyrequired,andpossiblydisposedofifthearchitectureis backedoutduetofailure. 17.Somyanswertoquestion24 Aretheproposalsforthefilteringarrangementsclear,appropriate andtechnicallyfeasible? isthatirrespectiveoftheirfeasibilitytheproposalsarenotappropriateand willnegativelyimpactinnovationatsomeoftheplaceswhereBritainneedsitmost,viz:theSME CommunicationsSector. 18.ThelargeCSPsunderstandthisandaresomewhatproofagainstitbyvirtueoftheirmaturityand size,andthusaremorethanhappyfortheGovernmenttodeploythisinherentlyanticompetitive measureagainstthosewhomightreplacethembyvirtueoftechnicalinnovationinserviceprovision. OntheCosttotheConsumer 19.SoitshouldbeclearthatthecostsofCCDPareeventuallybornefourfoldbytheconsumer:inextra servicecharges,inextrataxuponthesame,inlostinnovationandinlostcompetition. OnInterceptDataRemanenceandLeakage 20.Toreturntothemanyinterceptiondevices;eveniftheybecome"virtual"devicesthatare somehow"inthecloud"theymuststillstoretheirdatasomewhere,andthroughthisdiversityand frequentupgradingandreplacementofinterceptiondevicesitisinevitablethatthedatawill eventuallyfallintothehandsofthegeneralpubliceitherbyerror sellingoldharddisksonEbay or malice payingoffasupposedlytrustedemployee . 21.Itgoeswithoutsayingthatsuchdataisvaluable;thefactthataparticularIPaddress correspondingtoafamousfootballerrepeatedlyvisitsaparticularpornographicwebsiteiseasilya tabloidheadlineandthereforeofvalue. 22.Itispossibleofcoursetomitigatesomeoftheserisksthroughencryption,butthenthequestion becomesoneofwherearetheencryptionkeyskept?ifonthesameharddisksthenthedecryptionof thefootballer'spornographyhabitisopentoanyjournalist.
284
23.Oralternately"HardwareSecurityModules"andother"Trusted"devicescouldbedeployedto keepthekeys,butthispushesupthecostofeachinterceptiondevice,andthecomplexityofmanaging italsosoonceagainwelookaskanceatthat1.8bnfigureandwonderwherethecostofdoing security"properly"ishidden? 24.Somyanswertoquestion22 Doesthetechnologyexisttoenablecommunicationsservice
distributedarchitectureandownership",andfurtherrepeatthatitisnotnecessarytoseetheactual contentinordertowrite,blogortweetastorythatFootballerXisvisitingPornSiteYeveryFriday Night"
providerstocapturecommunicationsdatareliably,storeitsafelyandseparateitfrom communicationscontent? is"Perhaps,butmysuspicionis'notatthatpricepoint',and"notwiththis
25.Andmyanswertoquestion23 Howsafelycancommunicationsdatabestored? is"Verysafely, butyou'llhavetopayrathermorethan1.8bntodoitproperly,andyouwouldhavetoinhibitany change,progressorinnovationwithintheCSPindustrybecausethechurnoftechnologywillthrowup thechaffofdisposedinterceptionequipment,ripeforamateuranalysis." OnTechnicalMeasurestoCrackEncryptiononbehalfofSnooping 26.Myanswertoquestion26 Arethereconcernsabouttheconsequencesofdecryption? would include"WouldParliamentassenttothesecurityservicesdecryptingandtakingacopyofall HTTPS/SSLencryptedwebtrafficleavingtheHousesofParliament?",butthatmightbeconsidered flip,soI'lljustsay"yes"andnotethatothersthanmembersofParliamentmightfeelsimilarly;see alsotheSelectCommitteereportreferencedbelow. OnthecapabilitytocircumventInterception 27.Myanswertoquestion25 Howeasywillitbeforindividualsororganisationstocircumventthe measuresinthedraftBill? is"Triviallyeasy;thetechnologiesalreadyexist,arewidelydeployed, essentialtoolsforthelibertyofcitizensofrepressiveregimes,andwillonlygetbetterandmore numerouswithtime." 28.Tobanthesetoolswouldbehighlyretrogressive,technicallyinfeasible, 2 3 setabadprecedent globally,andbedisastrousforliberty. OnNewPrivacyTechnology 29.Thus:becauseofthetwoscenariosoutlinedbelowIappealtothecommitteetopleaserevolt againstthenotionthatthereiseverasituationwheresecuritymeasurestakenbyindividualsand organisationscaneverbe"toogood". 31.Itisofcourseveryeasytohave"toomuch"securityasuffocatingproblemthatonemight encounterat say anAmericanairport;butthatisnotthesameassecuritywhichis"toogood". 32.Securitycanneverbetoogood. 33.UnderscoringCCDP anditsbrethren istheassumptionthattheGovernmentneedsto,indeed musthavevisibilitynotonlyofthefactofcommunicationbetweentwocomputers,butalsothatit needsto/musthavevisibilityof some contentofthatcommunication,howeversoprotected. 34.Thisassumptionisevidencedbytheveryfactthatquestion26 re:decryption wasaskedinthis callforevidence. 35.Thisassumptionismisconceived,andinfactunwise. 36.TheInternetcyberspaceisadigital,onoroff,oneorzero,doornotdoplace,whereone's abilitytoattackanother'ssystemislargelyafunctionofknowledge,understanding,competenceand luckratherthanlogistics,andwherenaturaldefencessuchastheEnglishChanneldonotexist.In Westminster'scyberspaceoneisasfarfromTobermoryasMoscow,andindividualactorsmayappear aslargeandrelevantasnationstates. 37.ThusIamconcernedthatbeyondtheGovernment'shelpingitselftoanydatathatisnowopenly availableontheInternet,and/oranydatawhichitmightcoercefromregulationofInternetbusiness, itsnextlogicalstepwouldbetoprohibitadoptionoftechnologieswhichrestoreabsoluteprivacyto individualsandorganisations. 38.Wehaveseensuchattemptsbefore,with"MandatoryKeyEscrow"inthelate1990s,demanding
285
thateveryonesurrendercopiesoftheirSSLkeyssothatthesecurityservicescouldpeepinto everyone'sencryptedtransactions. 4 39.Soitstrikesmethatthefuturewillcontainaneither/orscenario: 40.Eitherthesecurityserviceslearntoadapttoaworldwheretheresimplyaresomeformsofdata whichtheyarenotinapositiontoknow,learnordemand,andtherebyevolvealternativestrategiesto workaroundthisjustastheydidpreviouslywiththefailureofMandatoryKeyEscrow,andcoulddo withtheabandonmentofCCDP. 41.OrelsetheGovernmenttosomeextentbansitscitizensfromhavingstrongsecurityandprivacy fromhavingsecuritythatistoogoodtherebyundesirablyreducingtheresistanceoftheBritish populaceasawholetocyberattackfromtherestoftheworld,withtheinevitablesideeffectthatthe securityservicesneverevolvetheirskillsetbeyond"howtodemanddatafromthirdparties". 42.Thethirdoption,ofcourse,istomuddlealongsomewhereinthemiddle,tryingtoignorethe inevitableriseofinternetprivacytoolsthatareeffectivelyinterceptionproofbyvirtueofbeingtoo good. 43.Butthat'swhatwe'recurrentlydoing,isn'tit? 1 See:TheGooglisationofSurveillanceblogs.computerworlduk.com/open enterprise/2012/08/submissiononukgovernmentssnoopingbill/index.htm 2 See:HowtheGreatFirewallofChinaisBlockingTorwww.cs.kau.se/philwint/pdf/foci2012.pdf 3 See:HowgovernmentshavetriedtoblockTorwww.youtube.com/watch?v GwMr8Xl7JMQ video ofpubliclecture 4 See:SelectCommitteeonTradeandIndustrySeventhReportwww.parliament.thestationery office.co.uk/pa/cm199899/cmselect/cmtrdind/187/18713.htmwhichfrom1998stronglyreflects muchdiscussionthatnowsurroundsIMP/CCDP August2012
286
Giles Murchiston
I,GilesMurchiston,respectfullysubmittheseobservationsinaprivatecapacity.Iamnota lawyer.Thissubmissionhadprobablybestberegardedas"othercommentsrelatedtothe draftBill"ratherthanrelatingdirectlytothecommittee's26questions. NodoubttheCommitteewillhavereceivedmanysubmissionsthattheDraftBillisan outrageousviolationofprivacy,thatthecostiseitherunderestimatedand/or disproportionate,andthatdatacollectionasrequiredistechnicallyororganisationally infeasible.Thissubmissionconcentratesratherofwhatappeartometobedeficienciesinthe proposedlegalframework.Isispresentedasaseriesofdesiderata:itemswhichitwouldbe desirabletoclarifyofamend. OnEnsuringAvailability. QuotationfromDraftBill:1 1 a TheSecretaryofStatemaybyorder ensurethat Verily,howmightyistheSecretaryofState,whocan"ensure"anythingintheeverchanging worldoftheinternet:howmighty,rather,istheQueeninParliamenttobeabletobestow thispower.IventuretosuggestthismaybemoredifficulttoachievethantheDraftBill suggests. Oneevidentobstacleisthatthetelecommunicationsoperatormayoutrightsaythatitis impossibleforthemtoobtaintherequireddata.Perhapstheydonothandlethedataatall, ortheymayhandleitbutnothavetheexpertisenecessarytocaptureit,ortheymaysaythat eveniftheSecretaryofStateorotherpersonsengageinactivitiestofacilitatetheobtaining, itwouldinvolvemodifyingproprietarysoftwareinamannerprohibitedbylicence provisions. Thestatementthat"Conductislawfulforallpurposes"ifrequiredbytheAct doesn'tnecessarilyhelphere:conductcancontravenealicenceevenifitislawful 347. SomeofthesepointsmaybeexploredbyareferencetotheTechnicalAdvisoryBoard,ifthey canbedefinedas"technical" orfinancial .HoweveritappearsthattheSecretaryofStateis notboundbytheBoard'sviewsandcaninsistonrequiringtheimpossible.Whethershe couldpersuadeacourttograntaninjunctiontoordertheimpossibleis,perhaps,more doubtful Iamnotalawyer .Inanycase,evenwiththeaidofthecourts,shecannotensure theimpossible.Ultimatelytheoperator,trappedbetweentherockofimpossibilityandthe hardplaceofcourtsanctions,couldbeleftwithnoalternativebuttoceasehis telecommunicationsactivities. DESIDERATUM:iftheSecretaryofStateenvisagesforcingoutofbusinesssuchoperators whofindthemselvesunabletocomplywithnotices,sheshouldsaysoduringthe consultationperiod. AmoredangerouspossibilityisthatoperatorsmayindulgeinwhatImightcall"covertnon compliance",thatis,acceptthenoticebuttakeno,orinadequate,actiontoimplementit.As thebillstands,theywouldnotappeartobeatriskofanypenaltyfordoingthis unlessthe noticeisbackedbyaninjunction,whichwillpresumablyonlybesoughtinexceptional circumstances .TheymightreasonthatthechanceofbeingservedwitharequestforPart2 dataisprobablyfairlylow,andiftheydoreceiveonetheycan"minimisetheamountofdata thatneedstobeprocessed"andreplythattheyholdnodatamatchingtherequirement.The requiringauthoritymayfindthisresponseimplausible,butwhatcantheydoaboutit? therearenocriminaloffencesinvolved,sotheycan'tgetthepolicetoinvestigate or investigateitthemselvesiftheyarethepolice .
communicationsdataisavailabletobeobtainedfromtelecommunicationsoperatorsby relevantpublicauthorities.
347That'ssortofwhylicenceconditionsexist.
287
Well,Isaynopenalties,butitmightbepossibletoconstructivelyinvokesome.Ifthe operatorclaimedacontributiontowardscostsofactivitieswhichtheyarenotactually carryingout,thatwouldpresumablybefraud.Thiswouldmeanthatdecliningtoclaima contributionwouldbeinherentlysuspicious,perhapstothepointwheretheSecretaryof Statemightseektobuttressthenoticewithaninjunction.Whetherthecourtswouldaccept thiscontortedlogicIcannotguess Iamnotalawyer .Again,ifthedatawassoughtin supportofacriminalinvestigation,itmightbearguedthatfailingtohavecollecteditis tantamounttopervertingthecourseofjustice.Thenagain,onquiteadifferenttack,ifthe operatorisprovingaserviceforwhichalicenceisrequired,perceivedmalpracticemight provokewithdrawalorrestrictionoflicencewithconsequentlossofrevenue. DESIDERATUM:iftheSecretaryofStateenvisagesthatmalpracticecouldleadtocriminalor administrativepenalties,sheshouldsaysoduringtheconsultationperiod. OnEnablement. QuotationfromDraftBill:1 2 a iii Anorderunderthissectionmay,inparticularprovide for theenteringintobysuchoperatorsofarrangementswiththeSecretaryofStateorother personsunderorbyvirtueofwhichtheSecretaryofStateorotherpersonsengagein activitiesonbehalfoftheoperatorsonacommercialorotherbasisforthepurposeof enablingtheoperatorstocomplywithrequirementsimposedbyvirtueofthissection. Itseemstomethat"Activitiesforthepurposeofenablingtheoperatorstocomplywith requirements"maybetakenwithtworatherdifferentmeanings.Itcouldmeansettingupthe operatorhimselftoretainanddisclose inaccordancewithPart2 thedata,oralternatively tocontracttoprovideacompleteserviceofretentionanddisclosure andevenobtainment onhisbehalf.Botharesomewhatproblematical. Ifitisthefirst,whyisitnecessarytostateit?itwouldseemtobenormalbusinesspractice, andtheredoesnotseemtobeanyprohibitionofiteveniftheorder not,Inote,thenotice failstosoprovide.Ithinkitisunlikelytobethesecond,onthegroundsthatitisunthinkable thattheSecretaryofStatewouldengageinsuchanactivity I'malreadyabitworriedabout theapparentsuggestionthattheSecretaryofStatecanengageinanyactivityona commercialbasis .ThereisapotentialnicheindustryhereofProvidentialDataRetainer,and itseemsashamethattheGovernmentshouldfailtoleveragetheneedtospyonitsown citizensintoastimulusforprivatesectorgrowth. IsthedistinctionIhavedrawnbetweenthetwolevelsofinvolvementevenaclear difference?Thefirstlevelcouldextendtosupplyinghardware,andsoftware,andeven contractstafftooperatethese.Justwhatcouldthesecondlevelprovidewhichwouldtruly setitapart? DESIDERATUM:toclarifythemeaningof"enabling". OnDisclosure. QuotationfromDraftBill:5 1 Atelecommunicationsoperatorwhoholdscommunications
databyvirtueofthisPartmustnotdisclosethedataexcept a inaccordancewiththe provisionsofPart2,or b otherwiseasauthorisedbylaw.
Nowwaitacottonpickingminute,what'swiththis"otherwise"?Section1said"availableto ...relevantpublicauthoritiesinaccordancewithPart2".Part2providesthatonlyspecified authoritiescanaccessdata,andonlyforspecifiedpurposes 348.Buthereisawideopenback doorinPart1!
348althoughIwouldquiteliketoknowwhichbodyinvestigatesmatters"intheinterestsofthe
economicwellbeingoftheUnitedKingdom"andwhatsuccesstheyhaveachieved
288
OnNotices.
Ithoughtthismighthavebeenparliamentarydraughtsman'sforceofhabittoavoidone statuteforbiddingactionswhichanother whichonecan'timmediatelycalltomind demands.Howeverthisclauseissupportedbyanexplanatorynote"These sic mayinclude arequestundersection7oftheDataProtectionAct1998 whichprovidesanindividualwith therightofaccesstopersonaldata orinpursuanceofacourtorder." IwillleaveittotheInformationCommissionertoprovideguidelinesastowhich CommunicationsDatacanbeviewedasPersonalDataundertheDPA,whichraisesanumber offascinatingquestions. The"inpursuanceofacourtorder"bitisaltogethermoreconcerning.Itappears,for instance,toadmitthepossibilitythataplaintiffinacivilsuitcouldseekacourtorderfor disclosureofcommunicationsdata.Forexample,intheongoingwarbetweencopyright ownersandpiraticalfiresharers,anordermightbesoughtfordisclosureoftheidentityof personswhohadaccessedaknowndelinquentwebsite.Itwouldnottakeaparticularly enterprisinglegalteamtospotanopeningwhichhasbeenflaggedupinnotestotheDraft Bill.Theseareareasaltogethernotcoveredbytheusual"terroristsandpaedophiles" 349 justificationforthisBill. DESIDERATA:theInformationCommissionershouldbeaskedtoprovidedraftguidelinesas towhenCommunicationsDatacanbeviewedasPersonalData,andifnecessarythisshould beexplicitlycitedintheBill.Otherthanforthiscase,subclause b shouldbedeleted.
QuotationfromDraftBill:7 1 b AnoticeoftheSecretaryofStateprovidedforbyan orderundersection1must specifythepersontowhomitisgiven. Irespectfullysuggestthatthisisnotgoodenough.Apersoncouldbeinvolvedinthe operationofmorethanonesystemorservice.Infairness,then,hemustbeleftinnodoubt whatisrequiredofhim,sothenoticemustalsospecifythetelecommunicationsystemor telecommunicationsservicetowhichitapplies.Thisneedrequiresthespecificationtobe precise,yetitmustalsobeflexibleenoughthatitwillnotbevoidedbyatrivialchange,such asupgradingoneoftheserversinasystem,orrebrandingaservicefrom"SplootMail"to "SplootMailExpress".Ialsonotethatspecifyingasystem includingtheapparatus comprisedinit ,evenatasinglepointoftime,isgoingtobeatediousanddifficultprocess, notleastbecausetheexactconfigurationmaybecommerciallyconfidential. OnEnforcement. QuotationfromDraftBill:8 2 ThatdutyisenforceablebycivilproceedingsbytheSecretary Iamnotwhollysurethataremedygroundedin15thcenturynotionsofEquitywouldbemy choiceoffoundationforbuildingthe21stcenturysurveillancestate.Specifically Ireferonly toEnglandandWales ,asregardsthebasicrequirementtoobtain&retaindata,thiswould requirewhatIunderstandistermeda"mandatoryinjunction"aninjunctionrequiring ratherthanforbidding theperformanceofsomespecificact.Whichisallverywellifitisa clearlydefinedact,suchasdeliveringupadocumentor theoldfavourite makingsafean unsounddam,forwhichadeadlinecanbeset orthe"F"word 350deployed and performanceprovedtothesatisfactionoftheCourt.Itislikelytoproveunworkableifthe actionorderedissomethingascomplicatedas"developandimplementadataretention
ofStateforaninjunction,orforspecificperformanceofastatutorydutyundersection45of theCourtofSessionAct1988,orforanyotherappropriaterelief.
349thethreatsthatkeepgiving 350"
forthwith"
289
system",whoseadequacytheCourtisunlikelytobeabletoassess,andforwhichasfaras operationgoesthereisnodeadlinebutratherarequirementforperpetualcontinuance. Conversely,asregardsthedutiestoavoidunauthorisedprocessingordisclosurewewould bethinkingofthemorecommonprohibitoryinjunction.Howeveritispresumablynotthe intentiontotakeoutinjunctionsforeverynotice,butonlyafteraninfringementhasbeen reported.Inotherwords,thereisnosanctioninplaceagainstafirstinfringement. DESIDERATUM:Ihatetosaythis,butinordertohavesanctionsagainstafirstinfringement, considermakingunauthoriseddisclosure,etc.,criminaloffences;alternativelyenablethe InformationCommissioner,orsomeotherindependentauthority,toimposepenaltiesasfor breachesoftheDataProtectionAct. OnPersons,andonDataasProperty. QuotationfromDraftBill:28"person"includesanorganisationandanyassociationor combinationofpersons. Now,whenParliamentusesaword,itmeansjustwhattheychooseittomeanneithermore norless. However,thissortofHumptyDumptyismrunsrisksofforgettingthesubtletiesoftheword's newmeaninginanumberofways:Parliamentmayforget i thattheextendeddefinition includesthenaturalmeaning; ii thattheextendeddefinitionisgreaterthanthenatural meaning;or iii thatthisextendeddefinitionconflictswithextensionsinotherstatutes,or legalprecedent.IbelievetheDraftBillfallsintoallofthesetraps. Thisextensionofmeaninginteractswithafailuretodealwiththenatureofcommunications dataasproperty.Astrangesortofproperty,perhaps,morealiabilitythananasset,butitis stuffandsomebodymustownit.Logicallytheownerwould,initially,bethe telecommunicationsoperator,whogeneratesandretainsit.Howeveritisthenatureof propertytopassfromoneownertoanother,sometimesincircumstanceswhichthecurrent ownercannotcontrol. Thisisnotthesameastheownershipofanyequipmentormediaon whichthedataisstored,althoughitmaycauseconfusioniftherightsofthemediaownerto repossesstheirpropertycomeintoconflictwiththeobligationsoftheownerofthedatato preserveit . telecommunicationsoperatorcanbeanaturalperson.UnderSection4,theoperatormust retainthedatauntiltheendoftheperiodof12months,protectingitagainstdestructionand disclosure.Iftheoperatorwereunfortunatelytodie,hewouldbeunabletoretainthedata andcarryouttherelatedobligations.ItthereforeappearsthattheBillcreatesastatutory dutyofnotdying. ItisnotclearwhatremedytheSecretaryofStatemightseekagainstanoperatorwhodoes, unfortunately,die.Itseemsinherentlyunlikely althoughIamnotalawyer thataCourt wouldordertheexecutorstohavethebodybroughtbacktolife.ACourtmight,perhaps, preemptivelyorderanoperatortoadoptahealthylifestyleandavoiddangeroussports,butI digress.Companies,too,candie,bygoingintoreceivership,ortheycanbetakenoveror merged. DESIDERATUM:provisionshouldbemade,perhapsinthenotices,forthedispositionofdata incaseswheretheoriginaloperatorisnolongercapableofretainingorprocessingit.This mayhavetoinvolvearrangingforitsdeletion,asitmaybetechnicallydifficulttomake arrangementsforanyotherpersontoprocessit.ItwouldofcoursethenescapetheSecretary ofState'spowerto"ensure".
Forgettingthattheextendeddefinitionincludesthenatural,thatis,thata
290
Forgettingthattheextendeddefinitionisgreaterthanthenaturalmeaning;forexamplethat acompanyisadistinctlegalentityfromanyofitsemployees orshareholders,forthat matter .Legalpersonsaregoodatowningstuff,andmakingcontracts 351,butarereally rubbishatwritingSQLqueriesandmountingbackuptapes.Theyemploynaturalpersons forthingslikethat.TherearesomesectionsoftheDraftBillwhichhintatthedistinction,but donotfullyaddressit.Thismay,forinstance,underlietheapparentredundancyoftwo subtlydifferentduties:underClause3 b "Atelecommunicationsoperatormustprotectthe dataagainst...unauthorisedorunlawful 352retention,processing,accessordisclosure" presumablythisincludesemployeesactingontheirownvolition;whileinClause5 1 "A telecommunicationsoperatormustnotdisclosethedataexceptinaccordancewiththe provisionsofPart2" etc. presumablymeansthecompanyactingcorporatelyorthe employeesactingunderproperinstruction.Howeveritwouldseemthatanoticeor injunctionto"protect"couldonlyrequirebestefforts,notbeanabsoluteprotectionagainst theactionofunrulyemployees.Employeesthemselveswouldnotseemtobeunderanylegal sanctionsforunauthoriseddisclosure,althoughnodoubtthecompanycoulddiscipline,orin severecasesevendismiss,them,asprovidedbyemploymentlegislation. Couldaninjunctiononacompanyalsobetakenoutonallsuchofitspresentandfuture employeeswhohavephysicalaccesstothedata?Wouldthisbefair,astheycanneitherbe explicitlynamednorconsulted?Alternativelycananinjunctiononacompanymakeit absolutelyliableformisdeedsofitsemployees?Thathardlyseemsfaireither. DESIDERATUM:clarificationonhowdutiesofcompaniestranslateintodutiesofemployees, andhowitisenvisagedthiswouldbeenforced. ThisalsorelatestothesectionOn Enforcementabove. Forgettingthatthisextendeddefinitionconflictswithotherextendedsenses.Specifically, thatitdivergesfromtheconceptofalegalpersonalitywhocouldbeenjoinedinlegalactions, suchastheinjunctionsenvisagedin8 2 .Naturalpersonswouldbefine,aswould "organisations"sofarasthismeanscompaniesandsimilarbodieswithacorporate personality.Beyondthatitgoesabitpearshaped.Evenifyourassociationisthesortthat hasmembersandofficers,youcannotusefullytakeoutapermanentinjunctiononofficers protem,andtakingoutaninjunctiononthemembersatlarge,withoutevenknowingtheir names,willatbestleaveyouwithanunenforceablepieceofpaper. Ifyoutrytogoevenbeyondformalunincorporatedassociationsintothevagariesofwhat mightconstitutea"combination"ofpersons,suchasthosebehindpeertopeernetworks likeBitTorrentorGnutella,itprettymuchfallsapartcompletely.These"combinations"only existinthesensethatthepersonsoffertheuseofapparatustothesystem,themembership ofthecombinationisshiftingandundisclosed.Thecombinationscannotbeenjoinedatlaw astheyhavenocorporatepersonality.Thepersonscombinedmaywellbeshadowyand anonymous,possiblybydesignassuchsystemstendtobeinvolvedincommunicationsonor beyondtheedgeoflawfulness. DESIDERATA:thatthedefinitionof"person"belimitedtoacceptednotionsoflegal personality.ThattheSecretaryofStatedesistfromtryingtonailfogtothewall. August2012
351that'ssortofwhytheyexist 352surelythisistautologous:ifit'sauthoriseditcannotbeunlawful,byClause8
3 .
291
NAFN
1. IamrespondingtothecallforevidenceonbehalfofNAFNData&IntelligenceServices NAFN . MyresponsesupportsthecasefortheinclusionoflocalauthoritiesintheCommunicationsData Bill and explains the guardian and gatekeeper role provided by NAFN for local authorities applyingforcommunicationsdata. IhavecopiedthisresponsetotheHomeOffice whichhassupportedthecreationoftheNAFN SPoC service , the Interception of Communications Commissioner who has reported to Parliament on the performance of NAFN in providing the SPoC role , the Local Government Association LGA andtheConventionofScottishLocalAuthorities.Keystakeholdersincluding the Association of Chief Trading Standards Officers England & Wales andthe Society of Chief OfficersofTradingStandardsinScotlandhasbeenconsultedinthepreparationofthisresponse andlocalauthoritieshavesuppliedtheexamplesused.
2.
ThecaseforincludinglocalauthoritiesintheCommunicationsDataBill 3. The National Fraud Authority NFA has estimated that the cost of fraud to local authorities is 2.2billionperyear.Theystatethat improvedpreventionanddetectionoffraudwillassistin
reducingthefinancialpressuresonlocalauthorities,protectfrontlineservicesandinstilpublic confidence.
Localauthorities acquire communications data lawfully for relevantstatutory enforcement and use it effectively in the investigation and prosecution of a broad range of criminal offences includingseriouscrime.
4.
5.
6.
Localauthoritiesmakeeffectiveuseofcommunicationsdatatoenforcenumerousstatutesandto identify criminals who persistently rip off consumers, cheat the taxpayer, deal in counterfeit goods,andpreyontheelderlyandvulnerable.Inadditiontowelfarefraudinvestigations,trading standards teams make increasing use of communications data. Environmental health departmentsprincipallyusethisdatatoidentifyflytippers. Itisimportanttonotethatinmanycasesthepoliceareunableorunwillingtoinvestigatelocal authoritycases.Failuretoinvestigatethesecaseswillunderminepublicconfidenceandsendthe wrongmessagetoperpetratorsandtheirvictims.Thepowertoacquirecommunicationsdataisa cornerstoneoflocalauthorityinvestigations.Theimpactofnothavingaccesstocommunications datawouldbethatmanyseriouscrimesandcriminalswouldbehardertodetectandconvict.
NAFNsCurrentRoleandPerformance 7. NAFNisanunincorporated,notforprofitorganisationcreatedandmanagedbylocalauthorities toprovidespecialistdataandintelligenceservicesincludingtheRIPATelecommunicationsSingle PointofContact SPoC service.NAFNishostedbyTamesideMetropolitanBoroughCounciland Brighton&HoveCityCouncil. 8. Communications data is a key source of intelligence which can be obtained quickly. As the governmentlookstoextendintelligencesharingbetweengovernmentagencieslocally,regionally and nationally NAFNs communications data service will be instrumental as part of the local authorityintelligencehubenvisionedbytheNFA. 9. Assurance that local authorities acquisition and use of communications data is compliant with thelawisprovidedbytherequirementtoseparatetheroleswithinthelocalauthority.Tothat assurance NAFN adds independence, expertise, effectiveness and adherence to national processeswithfullaudittrailsandchecksbyexperiencedteamleadersandanadditionalSenior ResponsibleOfficer. 10. NAFN provides a robust guardian and gatekeeper role which is independently verified by the Interception of Communications Commissioner. The assurance arrangements are stronger for
292
localauthoritiesthanforotheragencies.Localauthoritiesaccessingcommunicationsdatausing theNAFNalsohavetheassuranceofourindependenceandexpertise. 11. TheFreedomAct2012requiresthatlocalauthoritiespresentrequestsforcommunicationsdata toamagistrateorSheriff.Theirdecisionwillbebasedonthewrittenevidencealone.TheNAFN system ensures that the documentation is of the highest standard. Additionally, NAFN has proposed for England & Wales that the presentation of applications might be enhanced by centralisation. Her Majestys Courts and Tribunals Service are considering the proposal which would, in our view, quickly build a high level of expertise which could be made available to magistratesconsideringapplicationsnotmadeviaNAFN. 12. The Interception of Communications Commissioners inspection team has inspected the NAFN service every six months and has reported to Parliament that the service is of an excellent standard*. Sir Paul Kennedy and his inspectors have encouraged local authorities to use the NAFN service and have commented positively on the support given to investigators. NAFN has found that local authorities quickly gain confidence in the service and extend the use of communicationsdatatoenforcestatutesandregulations. * seeIOCCOReport2011;pages3845relatetolocalauthorities http://www.intelligencecommissioners.com/docs/0496.pdf . SupportingInformation 13. Ihaveincludedadditionalinformationasfollows: Appendix1:StatisticalanalysisoflocalauthoritiesuseofcommunicationsdatasinceJanuary 2009. Appendix2:Examplesprovidedbylocalauthoritiesshowinghowcommunicationsdatahas beenusedsuccessfullytoassistinthedetection,investigationandprosecutionofcriminals engagedinorganisedcrime.
293
APPENDIX1:LocalAuthorityuseofRIPApowerstoacquirecommunicationsdata ThetablebelowshowsthenumberofrequestsmadebylocalauthoritiesunderboththeRegulationofInvestigatoryPowersAct2000andSocialSecurity FraudAct2001powers*. * SSFAfiguresdonotincludelocalauthorityuseofSSFApowerswhichwerenotdealtwithbyNAFN ** The2009RIPAviaNAFNfigureexcludestheJanuarytoMayperiodastheNAFNservicewasnotavailableuntilJune *** ThesefiguresaretakenfromtheannualIoCCOreports
Period Jan2009 Dec2009 Jan2010 Dec2010 Jan2011 Dec2011 Jan2012 19thJuly
RIPAtotal*** 1756 1809 2130 Notavailable
ViaNAFN 91** 615 1491 1241
PercentageviaNAFN 5% 34% 70% N/A
SSFAviaNAFN* 1625* 1686* 1445* 911*
Total 3381 3494 3575 N/A
295
APPENDIX2: ExamplesofLocalAuthorityUseofCommunicationsData Theexamplesbelowrepresentjustasmallselectionofthetypeofoffenceswherecommunicationsdata hasbeenusedbylocalauthorities.Theyshowhowaccesstothisdataisvitaltosupporttheinvestigation andsuccessfulprosecutionofawiderangeofcriminalactivity.Severalexamplesdemonstratethathad thelocalauthoritynothadaccesstocommunicationsdatathecriminalwouldnothavebeenbroughtto account. 1.MoneyLaundering Oneexampleinvolvesseriousandorganisedcrimecommittedagainstelderlyandvulnerablepeople involvingmoneylaunderingtoavalueof700,000.Telephoneanalysiswasvitalinidentifyingthemoney launderersconnectionstotheconspirators.Theperpetratorshavebeenprosecutedandgivenprison sentencesvaryingfrom913months. AnotherexampleinvolvesalargescaleinvestigationintothetheftoffundsfromtheRentDeposits Schemeatonememberlocalauthority.Anemployeeoftheauthorityandseveralothersuspectswere responsibleforsettingupalargenumberoffictitiouslandlordsandstealing150,000fromthelocal authority.Communicationsdataidentifiedsuspectswhousedmobilephonestocoordinatethe withdrawaloffundsfromtenbankaccounts. 2.LandSalesScam ThescaleofthisfraudisestimatedbytheFSAtobearound15million.Theorganisationunder investigationattemptedtocovertheirtracksbyregisteringtheircompanyinPanamawithbankaccounts inGermanyandtheIsleofManandoutsourcingtheirsalesteamtoSpain. Thecompanypurchasedaparceloflandwhichtheysubdividedintosmallerdevelopmentsitessellingto membersofthepublicforupto20,000perplot.Intheirliteratureandwebsiteitwasclaimedthatthe landhasbeenearmarkedfordevelopmentandassuchwouldriseinvaluebutthisisnotthecase.Owing tothearrangement,locationandsizeoftheplotsownerswereunlikelytosecureplanningpermissionfor developmentpurposes.Thecompanyweremakingfalseclaimsastotheexpectedorguaranteedprofit andthetimeframeinwhichpurchaserswouldseetheirinvestmentmature. CommunicationsdataobtainedusingRIPAprovidedevidenceidentifyingcompanypremisesand connectionstosuspectscorroboratinginformationalreadyheldbythelocalauthority. 3.RogueTraders Thefirstexamplerelatestoabusinesswhichhadstolenalargesumofmoneyfromavulnerableperson. Communicationsdatasupportedfurtherinvestigationsinordertosuccessfullyidentifytheoffenderand othervictimsandwitnessestosupportaprosecution. Furtherexampleswheretheuseofcommunicationsdataassistedinsuccessfulprosecutionsincludestwo casesinvolvingvulnerableconsumerswhohadbeendefrauded.Inonecasetheoffenderreceivedan18 monthsconcurrentcustodialsentenceforthetwofraudcountsandintheothercasetheoffenderwas convictedontwocountsoffraudandreceivedatenweekprisonsentence suspendedfor12months , 100hourscommunityorderandwasrequiredtopaycompensationtothevictim. 4.TradeMarksActandCopyright,DesignsandPatentsAct. ThiscaseinvolvedoffencesinrelationtotheTradeMarksActandactsofconspiracy.Communications datalinkedthedefendantsandconfirmedthefraudleadingtocustodialsentencesof8and12months custodialsuspendedfortwoyearswith1500costs. 5.TenancyFraud Thisinvestigationrelatedtoaformeragencyworkerbasedwithinalocalauthorityhousingdepartment. Theindividualacquired13councilpropertiesfollowingcallsfromcarehomesandrelativeswhoadvised
296
thattheformertenantwasnolongeratthepropertyorhadpassedaway.Subsequentlydetailswere alteredonthecouncilssystemandthepropertiesrentedprivatelyforpersonalgain. Communicationsdataassistedinlinkingtheoffendertolandlinephonesatallofthecouncilproperties, providedaresidentialaddress,bankrecordsandidentifiedwitnessesandotherpartiesaffectedbythe fraud. 6.CarClockingScam Thiscaseinvolvedthepurchaseofhighmileagecarsatvehicleauctionsandthesubsequentreductionof theirodometerreadingsusingbespokemileagecorrectionequipment.Thesevehiclesweresoldto unsuspectingprivatebuyerstogetherwithalteredMOTcertificatesandfalsifiedservicehistories. Anarrayofnames,addressesandtelephonenumberswereprovidedbythedefendantsin advertisements,auctionrecordsandsalesinvoices.Communicationsdataenabledinvestigatorstolink bothdefendantstothepurchaseandsaleofaround40vehicles.Thecoconspiratorsreceived12and18 monthprisonsentenceswiththeconfiscationofassetstocompensatefraudvictims InasimilarcaseusingcommunicationsdataadefendantwasprosecutedforoffencesundertheTrade DescriptionsAct1968andtheFraudAct2006forclocking,advertising,andsupplyingvehicles.The offenderpleadedguiltytoallchargesandwasgivena12monthCommunityOrderandorderedtopay costsof1500. 7.BenefitFraud Therearenumerousexampleswherecommunicationsdataisusedroutinelytodetectfraudulentclaims. Theseinclude: Emailsubscriberchecksidentifyingundeclaredpartnerslinkedtoabenefitclaimaddress Subscriberanditemisedbillingidentifyingundeclaredpartners,relationshipsbetweenlandlords andtenantsandundeclaredemployment Identifyingalternativeresidentialaddressesfortheclaimant Establishingthatabenefitclaimanthasundeclaredproperty RedirectionofmailorPOBoxownership IdentificationofbankaccountstoassistinProceedsofCrimeActfinancialinvestigations. August2012
297
the Newspaper Society

The Newspaper Society represents regional media companies which publish around 1100 local and regionalnewspapertitles,1600associatedwebsitesandhundredsofnicheandultralocalpublications. ThelocalpressistheUKsmostpopularprintmedium,readby33millionpeopleaweekand42million uniqueusersamonthrelyingupontheirlocalnewspaperwebsites. At the time of the passage of RIPA, the NS and other media organisations expressed concern about the breadthofthelegislation,thepotentialthreattoconfidentialjournalisticsourceswhichcanberevealed by communications data and the lack of adequate safeguards against any potential misuse. We understandthatattemptsmightwellhavebeenmadebylocalauthoritiestotracethesourceofleaksand theconfidentialsourcesoflocalnewspaperjournalists. The Draft Communications Data Bill poses the same concerns. We question whether adequate justificationhasbeengivenforthenewpowersortheirbreadthandconsiderthesafeguardsinadequate. Inrespectofspecificmediaconcerns,thedraftBillswidedefinitionsandscopewouldgivefarreaching powerstotherelevantpublicauthoritiestograntthemselvesaccess inmanycases tocommunications data,onaverywiderangeofgroundseachcapableverybroadinterpretation. Such data could reveal confidential sources, including whistleblowers. The Home Office memorandum does not consider whether the draft bill conforms with Article 10 ECHR freedom of expression rights, including the protection of confidential sources. Nor is any explanation given for the absence of longstandingmedia/freedomofexpressionsafeguards,suchascourtordersandhearingsatwhichsuch applications can be contested and orders granted appealed, which are explicitly intended to protect confidentialjournalisticsourcesandmaterialagainstunjustifiedaccessbythelawenforcementagencies. Theminimumsafeguardsinallcasesshouldbepriorindependentjudicialscrutinyandapproval,subject tofasttrackreview.Incaseswhereconfidentialjournalisticmaterialsuchassourcesmightrevealed, irrespectiveofwhetherthiswasthepurposeoftheinvestigationornot,acourtordergrantedbyaCrown Court Judge should be required for access to such communications data, with the provisions and procedures at the very least mirroring the production order provisions applicable to confidential journalistic material, including advance notification and contested hearings, plus appeals , under the PoliceandCriminalEvidenceAct1984. August2012
298
No2ID
1.ThissubmissionhasbeenpreparedbyforNO2ID,acampaigngroup.NO2IDwasfoundedin2004in responsetothethengovernment'sattempttointroducethecompulsoryregistrationandlifelongtracking ofUKcitizensbymeansofacentralisedbiometricdatabaseheldbytheHomeOffice.Ithascontinuedin existencebecauseitquicklybecameapparentduringourcampaignthattheNationalIdentityRegister wasonlyoneofamultiplicityofofficialschemestomonitorandmanagethecitizenusingthenewpower ofnetworkedcomputingmanyofwhicharethreatstoindividualprivacyandliberty,Wecoinedthe termthedatabasestatetodescribethatfashioninadministration. 2.NO2IDisanonpartisanorganisationsupportedbypeoplefromallpartsofthepoliticalspectrum. Morethan30,000individualshaveregisteredtheirsupport.Wearecurrentlyentirelyfundedby individualandcollectivedonationsandmembershipsubscriptions. 3.Weareneutralonmostpoliticalquestions.Ourconcernisthethreattoprivacyandlibertyposedby masssurveillance,thecollection,retentionandcollationofinformationthatcanbetiedtoindividuals, whatevertheostensibleorintendedpurpose.Informationsharingormatchingusedtogeneratefileson individualswithoutspecificandreasonablecauseandindependentoversightisaspecialcaseofthe broaderproblem. 4.Weopposedthepreviousadministrationsplansforsurveillanceofcommunicationsdata,which thoughmorevague itishardtodistinguishfromthoseintheDraftBill.WeopposetheDraftBillinits entirety. 5.Oursubmissionisintwoparts.PartIdealswiththebroadercontextandtheproposalsasawhole.Part IIbrieflyaddressesthequestionswhichtheJointCommitteehasaskedinitspubliccallforevidence. TherearetwonumberingsequencestoavoidconfusioninPart2.Part1usessequentialparagraph numbers.Part2presentsanswerstoCommitteequestionsnumberedQ1Q25 6.DefinitionsInwhatfollows: DraftBillreferstotheDraftCommunicationsDataBill Cm8359 ofJune2012. RIPAreferstotheRegulationofInvestigatoryPowersAct2000andordersmadeunderit. PartI:Generalconsiderations 7.Oursubmissionisthatthenarrowcontextoftheostensiblepurposeofthelegislationisinsufficient. Broadereffectsshouldalsobeconsidered.Whatdoesitenable,howdoesitchangethepracticalcapacity tousesurveillancepowers?Whatlegalandstructuralfoundationsarelaid? ExistingproblemswithoverbroadRIPApowersexacerbated 8.Cl.9 6 whichseekstodefinenecessityintothefactofexercisegivesanextraordinarilybroad rangeofpurposesforwhichthepowersmaybeexercised.Itishardtothinkofanofficialpurpose, anythingagovernmentmightwanttodotoitspeople,thatisleftout. Thoughtracinglostchildren appearstohavebeen. Ifthatwerenotenoughtheycanbearbitrarilyextendedbyordercl.9 7 .This carriesforwardthepresumptionofRIPAthatofficialsshouldalwayshavealegalbasisavailable. 9.ItisacurrentobjectiontoRIPAthatpowersareselfauthorisedbythebodiesusingthem,intheirown interests,withnoexternalcheck.ThisisnotchangedbytheDraftBill.Itismadeworsebecauseabroad baseddefaultnecessityisvestedinthesystemratherthanlimitedtospecifiedbodiesintheexerciseof theirspecificpowers.Andthereisstillnoexternalcheck. 10.Thisproblemshouldbeaddressedbylimitingthelistofgroundsforusetothosewherethereisbroad agreementthepowersarejustified,ratherthandrawingupacatchalllist. Easiersurveillancemeansmoresurveillance 11.Itisnotnecessarilyagoodthingtomakeinvestigativepowerscheaperandsimplertouse.Thatjust ensuresthattheywillbeusedmore.Wesuggesttherealconstraintontheuseofofficialpowersisthe
299
convenienceofuserswithinabureaucraticsystem,notmoralorlegalconstraintsnoractualutility.That theyareuseddoesnotmeantheyarealwaysnecessary. 12.TheschemeoftheDraftBillistomakesurveillanceeasierandcheapertouse.Thatmeansitwillbe usedmore.Itisnotclearwhetheritisusedtoomuchalready.Giventhatthecurrentauthorisation processisnotindependent,itmaywellbe. 13.Itisourcontentionthatsurveillancepowersassignificantasthecaptureofcommunicationsdata oughttocausetheinvestigatingauthoritiessometimeandtroubletouse,andthatisastrongbarrierto theirbeingoverused.Anindependentcheckonusebywayofasystemofjudicialwarrantswouldcreate thefurtherbarrierofhavingtomakeasubstantivecase. Centralisation,automation 14.Theschemeintendsonecentralsystem,onemeansofaccesstoallthemultifariousinformationthatit proposestocollect.Thisvestsvastpowerinasingleorganisation.whichwouldbethegatekeeperforall thenumerouspublicauthoritiesthatmayhaveuseforthescheme. CompareunderRIPA:forallitsfaults, adispersionofpowertoindividualbodieswhomayonlylookatsomethingsandareexposedtoquestion iftheyattempttolookatothers. Italsopresentsasinglepointoffailure. 15.Byautomatingaccesstothedataconcerned,theschemeremovesakeypracticalcheckontheabuseof powervisibility.Currently,infrequentlybutsignificantly,ISPsandtelcoscananddoquestionRIPA requests,iftheyseemunreasonableorillposed.Thatcheckisremoved.As wecanguess,thoughthe detailsareobscure thesanitychecksinvolvedindetailedhumanauthorisationandhumandata processing. 16.Theschemepromiseseasierfaster,lesssupervisedaccesstocommunicationsdata,reliantonasingle powerfulbutlargelyhiddenorganisationtoextractitandvastlymoreofit Scopeofsurveillancegreatlywidened 17.ThenewpowertodefineaCommunicationsServiceProvideranddemandaccesstodataontheir serviceusersisextremelybroad,andpotentiallybringsunderdirectmasssurveillancewholeareasoflife thathavehithertonotbeenwatched.Anyoneprovidingacommunicationsservicecouldbesubjectto rulesthatwouldnotonlymakethemopencustomerinformationtoauthorities,butcollectcustomer informationtheyveneverbeforekept. 18.UnliketelcosandISPs,hotels,companiesandeducationalinstitutionswithmailservers,intranets,and telephonesystemsfortheirownuse,travelandcourierservicesdonotnecessarilyneeddetailed informationonusersprovidedtheygetpaid.Operatorsofforums,mailinglistsandbulletinboardsoften avoidkeepinglogsordontknowwheretheyare.Thisisahugeextensionfrompublic telecommunicationssystemstoallcommunicationssystems,onthefaceoftheDraftBill. Misleadingpresentation 19.ThedraftBillstatesCommunicationsdataisverydifferentfromcommunicationscontent.This contrivestobebothuntrueandmisleading. 20.Untrue:Thedistinctionisnotobvious.Itisveryhardphilosophicallyortechnicallytodistinguishthe wrappingofinformationfromtheinformationcontainedinit.Anobviousexampleisinwebbrowsing: howmuchofaurlismerelycommunicationsdata?IfyouknowIlookedataparticularpage,thenyou dontneedacopyofwhatIsawtoreconstructwhatIdidsee. 21.Misleading:Promotersoftheschemehavemademuchoftheideathatonlycommunicationsdatawill beopentosuchroutineinspection,notcontenttheimplicationbeingthatsomehowcontentismore intimate.Thatisnottrue.Atimelineofallyourcontactsandinterests,phonecalls,readingandbrowsing, purchases,financialworries,patternsofmovement,ofwakingandsleeping,buildamorecomplete pictureofyouthanyoueverexplicitlywritedownforanyone,perhapsmorecompletethanyouhave yourselfandopensthattointerpretationinawaythatthecontextualisedstatementsinanemail exchangewouldnot.IhavenoideawhatIwasreadingonlinelastThursdaylunchtime,orwhatathird partymightbelieveitsaysaboutme.
300
Findingmoreuses 22.Theschemecreatesaninfrastructurebothlegalandtechnicalthatlendsitselftotheextensionof surveillanceandtootherapproachestosurveillance.Thefilterconceptofsearchingfordatawithina massofcollecteddetailsfromthegeneralpopulationlendsitselfnotjusttofindingdataonidentified targets,buttofishingexpeditions,tomappingnetworksofassociation andthereforeattributingguiltby association ,andtoideasofpatternrecognitionthathavebeenpopularinintelligencecirclesforsome time. 23.Therearepersistentideasthatdataminingcandeliverintelligencethroughsearchingforrepeated constellationsofcharacteristicstowhichmeaningcanbeattributed.Thisdataastrologyconceptionwas behindtheUSTotal laterTerrorist AwarenessSystemofadecadeago,andhasenjoyedavogueinthe attempttopredictyoungoffendersinthiscountry.Givenafullycomprehensivedatasetandtheready meansofaccesstoit,theseideasarelikelytoreturn,perhapswiththesuggestiontheyareafree additionalbenefitofasystemthatisalreadypaidfor. 24.Weshouldnotbuildasystemthatbyitsstructurepassesgreatpowertooneclusteroforganisations. Norshouldwecreateonethatoffersincentivesandopportunitiestoexpandsurveillancefurther. Surveillancesystemsshouldbedesignedinsteadtobeselflimiting. PartIIResponsetoCommitteesquestions Q1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? No.andithasgivengroundsforbeliefthattheostensibleaimsandactualpurposesmaydiffer.TheHome SecretaryintroducestheDraftBillsayingThepurposeofthisBill,therefore,istoprotectthepublicand bringoffenderstojusticebyensuringthatcommunicationsdataisavailabletothepoliceandsecurityand intelligenceagenciesinfutureasithasbeeninthepast. Ouremphasis Previousversionshavealsobeen soldonthebasisthattheyaremaintainingcapacity. Itishardtodescribethisasanythingbutabarefacedlie,inthefaceoftheradicalalterationsinscopeand procedurecontainedintheDraftBill.Datawouldnotbeavailableasithasbeeninthepast.Muchmore dataincludingnewsortsandnewsources,willbeavailable,moreeasily,underdifferentterms,andnew surveillancecapacitieswillbecreated.ItisnotunreasonabletosupposethatwhattheHomeOfficehopes toachieveisnotwhatitsaysitwantsbutwhatisprovidedintheDraftBill:greatersurveillancepower, centralisedintheHomeOfficeandassociatedintelligenceagencies,withscopeforexpansion. Q2HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraftBill? Thecaseofferedisntreallyacaseatall.Weareinvitedtotrusttheauthoritiesthatwhattheywantis whatsneeded.Onedoesnotwiselybuyinsuranceonthebasisoftrustingthesalesman.Oneneedsto knowwhatoneisinsuringagainstandevaluationofanynewthreatsisabsent.Nonewthreatshave beenidentified,letaloneadequatelyquantified.Adversiontocasesthathavealreadybeendealtwith underexistingpowerscertainlydoesntconvince. Ahugeinstitutionalchangeandabigsacrificeinlibertiesandprivacyrequiresmorethanthat.Whats beingofferedisasolutiontoaproblemthatweonlyhavevagueassurancesevenexists,butwhichhas significantrisksinitself. Q3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? SeePartIforpartialdiscussion Q4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionofcommunications data? Therearemanydifferencesincountriesapproaches,anddiscussioncouldfillabook.Theclearestlesson tobedrawnisthatthereareadvancedcountriesthatlimitsurveillance,andonesthatpermititeasily,and thisproducesnoobviouscausaldifferenceintheirabilitytodealwithcrime.Thatinturnsuggeststhe schemeislessessentialthanitsproponentsinsist.
301
Q5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtainingcommunications datathattheGovernmentcouldconsider? Yes.Thereisnoreasonwhyacourtorderissuedtoacommunicationsserviceprovider,withsuitable compensationforitscosts,shouldnotservethesamepurposesasthoseclaimedforthescheme.Ifthat wontdo,thenaclearexplanationwhynotshouldbepresented.Itwouldbeinconvenient, orwordsto thateffect wontdo.Itshouldbeinconvenienttoinvadetheprivacyofmembersofthepublic. Q6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernstheretentionof communicationsdata? TheBillisessentiallyanoverlayontheDataRetentionRegulations DRR andaimstobethat overarchingregulation andtoprovidemorebyorder .Thatisnotdesirable,preciselybecauseofthe functioncreepandinfrastructuraleffects.TheDRRexistprimarilybecausetheHomeOfficedemanded theDataRetentionDirective see,e.g.UKurgingemaildataretentionBBCNewsMonday,11July, 2005 .ThedirectivewasopposedbyseveralEUmemberstates,andiscurrentlybeingreviewed.Ifthe directiveisreducedinscope,whichremainsapossibility,theBillenablesHMGtokeepthefulleffectsof theDirectiveindomesticlaw. Q7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties? Thequestioncontainspetitioprincipii.Itsuggestsitiscommongroundthatcivillibertiesarealimited quantitativeentitlementandthatthereare anditisfinefortheretobe unnecessaryrestrictionson themthattheauthoritiesmaylegitimatelyuseasbargainingchips.Wedonotacceptthat.Ifanyofthe provisionsinthedraftBillaregenuinelyessential thoughwearguethatNONEofthemare thenthey clearlyoughttobeenactedregardlessofotheressentialrestrictionsonlibertyandprivacy.IFthereare othermeasuresthatinterferewithprivacyorlibertyunnecessarily,thenthatisaprobleminitself. Q8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKasa lessattractivebase.Whatmightbetheeffectonbusiness? Itisamistaketolimitsuchdiscussiontocommunicationsserviceproviders.ManyofBritainskey exportbusinessesareinknowledgesectorsfinancialservicesandmarkets,law,andtechnologybeing preeminentwherecommunicationsconfidentialityandtheprivacy/anonymityofactivitiesare paramountconcerns.Quantityofcommunicationsdataitselfispotentiallymarketsensitiveinformation, withoutthepossibilitythatindividualfirmsortheirclientsmightbetargeted.AnylossoftrustinBritish ecommerce,wouldnotonlyaffectourleadingprovidersofthoseservicesdirectly,butwouldretardthe developmentofthewebeconomy.Ifcustomersarelesssureofprivacyitmayaffectallinternet businesses. Q9.Istheestimatedcostof1.8bnover10yearsrealistic? Intheabsenceofanytechnicaldetail,itisquiteimpossibletotell.Itisevenunclearwhetherthiswouldbe thecostbornebytheexchequerdirectlyorwhetheritincludesanyuncompensatedcoststobusinessthat wouldreduceeconomicgrowthand/ortaxreceipts. Forecastinginternetcostsisdifficult.TherateofchangeofITandcommunicationsissuchthattopurport tohavea10yearplanseemsodd.CiscoSystemsVisualNetworkingIndexattemptstoforecastinternet traffic5yearsinadvanceandreckonsonanannualcompoundtrafficincreaseof27%inWesternEurope upto2016.Thesameindexshowsinternetgrowthoverthelast10years sincethedotcombust of 13,950% YettheHomeOfficesrecordinmorestraightforwardareasoffinancialmanagement,andforecasting doesnotinspireconfidence.ThebudgetfortheNationalIDschemealsoshieldedfromcritical examination,beganforentitlementcardsin2002at1.3Bn,became3.1Bnforthedraftbillandwas5bn duringthefinalpassageoflegislation.Itremainedmysteriouslystableataround5bnuntilabandonment 3yearslater,eventhoughtheschemeunderwentfundamentalrestructuring. IsthereanypointtotheHomeOfficegivingcostsestimatethatcannotbechallenged,andthatbecauseof thesecretnatureofthescheme,cannotbecheckedagainstactualperformance?
302
Q10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBillcould beworthbetween56bn.Isthisfigurerealistic? Likewiseitisimpossibletotell.TheHomeOfficeneedstoexplainthebenefitscoherentlyandwithreal figuresbeforetheycanbeevaluated.Onehopesthattheyarenotsecrettoo. Q11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill? SeePartI Q12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Shouldit bepossiblefortheSecretaryofStatetovarythislistbyOrder? Theissueislesswhichpublicauthorities,buttowhatpurposes.Wewouldwanttoseeitlimitedto criminalinvestigationandemergencyservices,withseparateprovisionforintelligence,andno administrativebodieshavinganysuchpowers.Providedthepurposesareradicallylimitedthenthe publicauthoritiesconcernedcanbetoo.ThereiscertainlynoneedfortheSecretaryofStatetohavesuch ordermakingpowers.Ifanewbodyneedsthepowers,provisioncanbedebatedandexpresslymadeby parliamentinprimarylegislationcreatingthatbody. Q13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbasedoverseas? Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? Wehavenoopinion. Q14.Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? WeregardthewholeframeworkcreatedbytheDraftBill,andthatofRIPAbeforeitasbeingoverbroad, uncheckedandarbitrary.Wehavenoobjectiontocommunicationsdatabeingusedfornationalsecurity intelligence,orfortheinvestigationofactualcrime,orinemergenciesfortheprotectionofpeopleand propertyfromimmediateharm.Butwiththeexceptionofemergencyusewewouldexpectaprocess requiringawarrantonreasonablesuspicionofcrimeputbeforeajudicialauthority,orfornational securitypurposesissuedbyaSecretaryofState. Q15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? Wehavenoopinion.Underawarrantbasedselectivesystem,specifieddatamightbecapturedandheld forthedurationoftheinvestigation. Q16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould "designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsaboutcompliance withArticle8ECHR? Weregarditasnonsensicaltodescribetheseassafeguards,sinceallactorsinthesystemnecessarilyhave parallelincentivesandacommonculture.AproperlydesignedsystemwouldleavenodoubtastoArticle 8rights.Thereisagreatdangerofdesigningasystemmerelyforformalhumanrightscompliancehow muchcantheHomeOfficegetawaywith?Wehopethattheparliamentseekstomaximiselibertyand privacy,andthatourstandardswouldbesomewhathigherthanthesafetyvalveoftheECHR, Q17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplytoall publicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinallcircumstances? Andwhatwouldtheresourceimplicationsbe? Aswehavearguedthroughout.Yes.Awarrantshouldalwaysberequiredexceptinanemergencyto preventimmediateharmtopeopleorproperty. Q18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformationCommissioner sensible? Theirremitislimitedsothattheyeffectivelysuperviseonlyprocess,orinlimitedcircumstances commentonit.Theirpowersdonotthereforemitigatetheproblemswiththeproposedsystem.Itshould benotedthatreportsoftheInterceptionofCommunicationsCommissioneraresubjecttocensorship beforebeinglaidbeforeparliament.
303
Q19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? No.TheDraftBillcontainsavastscopeforordermakingpowers.ItisatraditionalWhitehalltropethat theaffirmativeresolutionprocedureisaparliamentarysafeguardagainstuntowardextensionby secondarylegislation.Membersofthecommitteewillknowhowrarelysecondarylegislationis withdrawn.Wesubmitthatnothingshouldbeinsecondarylegislationthatcouldpracticablybeonthe faceoftheBill,andsubjecttodebateandamendmentinparliament. Q20.Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywiththe requirementsofthedraftBill? Wehavenoopinion.WewouldratherCSPsresistallrequirements,saveapropercourtorderfor specifieddata. Q21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthedraftBill amounttoanoffence? Thepenaltiesaremeaninglesswithoutarealisticchanceofbeingcaught.Andtheoffencesthemselvesare inevitablyratherdifficulttoprove.Thebetterapproachistosetupasysteminwhichtherearethird partygatekeeperswhohaveincentivesnottoprovidedataunlesstheycanverifythevalidityofthe request. Q22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapturecommunications datareliably,storeitsafelyandseparateitfromcommunicationscontent? Wehavenoopinion. Q23.Howsafelycancommunicationsdatabestored? Ifsafelyreferstosecurityagainstunauthorisedaccess,itisatfirstsightcompletelycontradictoryto supposeitcanbestoredsafelyANDmadeavailableinastandardisedformatforadhocdirectaccess. Q24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? No.Whattheyaresupposedtodoisfarfromclear,andthetechnicalfeasibilitydependsonwhatexactly theyaresupposedtodo. Thetermfilteringismisleading,andcalculatedtosuggestreductionofaccesstodata,whereasinfactit isplainlyconceivedasdescribedasameansoffacilitatingit.Thereareobjectionsofprincipleconcerning theuseofarulebasedsystemtodecidewhomayaccesswhatdata,andfurtheronesconcerningthe conceptionoffilteringwhichtermappearstorepresentsomethingmorelikeasearchenginewhat wouldmorecommonlybecalleddatamining. Itisextremelydubiousthattheyareappropriateorevenrational.Theschemeimpliesthatan algorithmicsystem thatcannotbelegallyquestionedandgivesnoreasonsforitsdecisions canmake judgementsaboutarbitrarydatainaccordancewiththeHumanRightsAct,andimplicitlysanctionthe actionsofaninterestedhumaninvestigator.Suchinvestigatorswillinevitablylearntotunetheir responsestomaximisetheyieldofwhattheywantfromthesystem,evenwhenactingproperlyandin goodfaith. Q25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Itwillclearlybeextremelyeasyforthosewithactualdiscretion:fortheHomeOffice,policeand intelligenceservicestoexceedtheirpowers,andforauthorisingofficerstousethemimproperly.Abuse bystaffatlowerlevels whetherforpersonal,criminalorespionagepurposes willdependentirelyon theorganisationalproceduresandcontrolsthatpreventordetectsuchtechniquesas say issuingafalse request,or say deliberatelymisstatingarequestinprocess.Opportunitiesforabusealsoliewithinthe providersofsoftwareorhardwareforthescheme,andwithdatamanagementstaffatindividualCSPs. Theremayontheotherhandbeverysimpletechniquesavailableforthosewhowishtocommunicate clandestinelythatwouldbedifficulttoblockortrace.Codedunencryptedmessagesexchangedbyposting onopenforumsandcommentsystemsisoneobviousmethod.Therewillbedozensofothers. Q26.Arethereconcernsabouttheconsequencesofdecryption?
304
Ifthereisanyintentionbythepromotersofthisschemegenerallytocrackorfalsifybasicwebservices routedthroughBritain whichseemstobehintedat,butnotclearlycommunicated thenthatcouldhave significanteffectsontheconfidenceinthewebeconomyandprovidenewopportunitiesforcyber attackers. August2012
305
Zoe OConnell
Qualifications 1. IhaveworkedintheserviceproviderindustrycontinuouslysincegraduatingfromBrunel UniversitywithadegreeinComputerSciencein2000andhavemaintainedaninterestindigital policysincethattime,startingwiththepassageoftheRegulationofInvestigatoryPowersAct.I amalsoqualifiedasCiscoCertifiedInternetworkExpert #8174 ,atoplevelqualificationinthe networkingindustry. IcurrentlyworkforamediumsizedAIMlistedmanagedserviceproviderinSouthEastEngland, wheremyroleastheseniornetworkingprofessionalincludesdealingwithrequestsunderthe existingRegulationofPowersAct.Inthatcapacity,IwasalsoinvolvedasawitnessinwhatI believetobethefirstconvictionfor"incitingterroristmurderviatheinternet". RvTsouli, Mughal&AlDaour,2007 Iamalsoauthoroftheblog"Complicity".Allanswersinthissubmissionaremypersonalopinion.
2.
3.
QUESTION1:HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? 4. Consideringthedraftbillitself,thereisnoapparentrestrictiononthepowersthataregrantedby it,whichdoesnotgiveanywayofassessingexactlywhattheintentionsare.Thepowerscouldbe usedfordeploymentof"blackboxes"enmassthroughouttheUK,couldbeusedtojusttotarget knownhotspots,orcouldjustbeusedtoattempttointerceptinformationtoandfromnon cooperativewebsiteowners.Theymayevenbenodeploymentofinterception,withthebilljust beingusedtoretain.additionalinformation. Init'spublicitysurroundingthebill,theHomeOffice HO statedlegislationwasneededbecause "Newcommunicationstechnologiesaregeneratingcommunicationsdataindifferentwaysand communicationsdataisnolongeralwaysretainedbycommunicationsserviceproviders." Emphasisadded Inoralevidencetothecommittee,CharlesFarrandRichardAlcockalso concentratedonthe"dataretention"aspectofthebillasbeingprimary,ratherthanobtaining dataviainterception. Thisisdiscussedfurtherinanswertoquestion2 ItwouldthereforeseemthattheHOarepubliclytryingtostatethatthebillisaboutretention. However,thepowersbeingaskedforincludeobtainingdataviainterception,andtheuseofthese powershasnotbeenmadeclearorpubliclydiscussedinanydetailbytheHO. TheHomeOffice HO hasalsostatedthatithasspokentoanumberofserviceproviderswhodo understandtheiraimshere.However,itiscertainlynotcleartomyselfortoanyoneelseIhave spokentointheindustrywhattheaimsare.Itmaybethatthosewhohavebeenspokentoarenot themselvestechnical,butinsteadmanagersineffectbiddingforasliceofthe1.8bnonoffer.Asa result,withoutknowingwhotheHOhavebeencommunicatingwith,oneshouldbewaryof acceptingassurancethattheconcernedserviceprovidersarehappy technicallyorotherwise withtheHOproposals.EveniftheHOgenuinelybelievestheassurancesgiventoitbyservice providers,theassurancesithasreceivedmaynotbeentirelyhavebeenmadeingoodfaithand fromadisinterestedposition. MultipleFreedomofInformationrequestshavebeenmadetotheHomeOfficeonthetopicofwho theyhavespokento,bothforthedraftbillandexistingdataretentionregimes,andalsoenquiring ashowtheyarrivedatthecostsstated.Allhavebeenentirelyormostlyrefused 353,sothereisno clarificationavailableviathatrouteastoeitherthevalueofanyassurancesapparentlygivenby serviceprovidersortheaspirationsofthebillingeneral.
5.
6.
7.
8.
353 http://www.whatdotheyknow.com/request/external_organisations_consulted ,http://www.whatdotheyknow.com/request/data_retention_ec_directive_regu_3 http://www.whatdotheyknow.com/request/reimbursements_to_csps_for_data ,http://www.whatdotheyknow.com/request/payments_under_regulation_of_inv http://www.whatdotheyknow.com/request/internet_monitoring_systems
306
9.
OtherpotentiallyusefulinformationonthebillhasalsobeensuppressedbytheHO.Forexample, theyattendedaconferencerunbytheLondonInternetExchange LINX andpresentedahalf hourslottoInternetServiceProviders ISPs onthebill.Theconferenceattendeeswerenot securityclearedandincludeforeignnationals,butdespitethistheHOrefusedpermissionto allowLINXtoreleasethevideofordownloadtomemberswhowerenotpresentatthemeeting andadditionallystatedthattheywouldneverdisclosewhointheindustrytheyhadtalkedtopin ordertostoppeoplesimplyswitchingISPs.
10. Theabovefactscombinedoverlybroadcontentinthebill,concentrationon"dataretention"in evidencetothecommittee,refusaltoanswerFreedomofInformationrequestsandlimiting circulationofinformationwouldsuggestthattheHOsimplydoesnotwantmorethanvague detailsofit'saimstobepublicknowledgeforsecurityreasons.Thatapproachmakesanyuseful, democraticassessmentoftheirrequestapracticalimpossibilityandalsoseriouslydamagesany prospectofmeaningfuloversight. QUESTION2:HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthe draftBill? 11. InevidencegivenorallytothecommitteebyCharlesFarr,DirectorGeneraloftheOfficefor SecurityandCounterTerrorism,statesthatmuchofthecurrentproblemisdownto"ambiguity" intheDataRetentionDirective Q7 andalsogoeson Q9 tostatethathebelievesthedraftbill willincreasetheproportionofsuccessfulrequestsfordatafrom75%to85%.Thisconcentration ondataretention Versusdataacquisition isfurtherreiterated,includinginaresponseto Question74byRichardAlcock DirectorofCommunicationsCapabilityDirectorate inhis answertoQ74,whostatesthatthecostsarearounddataretention. 12. WhatisnotaddressediswhysimplyupdatingtheUKimplementationofthedataretention directivewouldnotbesufficienttoachievethestated10%upliftifthisissimplyadataretention issue. 13. ThereismentioninthesamesessionofcooperatingwithEuropean,notUK,providersin retainingthisdataandthatdifferencesintheimplementationoftheDataRetentionDirective DRD acrossEuropewerepartoftheproblem.ItisnotexplainedhowabillpassedintheUnited KingdomcouldbeusedtorequireEuropeanproviderstoretaindata:Eithertheproviders somehowfallunderUKlawbyvirtueofdoingbusinesshere Inwhichcasetheywouldbesubject toaUK"clarification"orupdateoftheDataRetentionRegulations2009 ortheyarenotsubject toUKlaw,inwhichcaseanyagreementwiththemwouldnotbeinfluencedbynewlegislation. 14. Althoughefforthasbeenmadetojustifyretentionofadditionaldata,noseriousattemptappears tohavebeenmadebytheHomeOfficeforadditionalpowersofinterceptionandobtaining additionaldata. QUESTION3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusioninto individualsprivacy? And: QUESTION4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? 15. BasedonananalysisofdatareleasedbyGoogle 354,theUKhaspercapitathepopulationmost investigatedviadatacommunicationsintheworld.Othercountriesmayengageinsnooping directlyontheircitizens,ratherthanrequestingdatafromcountriessuchasGoogle,buttheUK wouldbeuniqueamongstwesterndemocraciesshoulditengageinsuchpracticesandthiswould largelybeunchartedterritory.
354 http://www.complicity.co.uk/blog/2012/06/googledatashowsukbackasmostsnoopedon population/
307
QUESTION5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? 16. Asdiscussedpreviously,updatingtheDataRetention ECDirective Regulations2009tocover moredatashouldbeconsidered.However,theHOhavebeenreluctanttoreleaseenough informationonwhattheyhopetoachievewhichmakesproperconsiderationofanyalternatives difficult. QUESTION6.ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesof legislationinterrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? 17. Itwouldappearthat,aswritten,thebillwouldsupersedetheDataRetentionRegulationsinall respects.Therewouldappeartobenocircumstancesunderwhichitwouldbeworthwhileforthe SecretaryofStatetoissuefurthernoticestoserviceprovidersundersection10oftheregulations shouldthebillbepassed.Asaresult,theregulationswouldceasetohaveanyrealworldeffect onceallcurrentprovidersarenotifiedoftheirnewobligationsundertheproposedbill. QUESTION7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyother measuresthatcouldbescrappedasaquidproquotorebalancecivilliberties? 18. Thedraftbillgivesthepotentialforneartotalomnisciencetothestatewithinthe communicationsworld.Giventhatpeople'slivesareincreasinglyintegratedwithelectronic devicesandtheInternet,thescaleofanyscrappingofexistingpowersoutsideofthebillitselfto rebalancelibertieswouldhavetobestaggeringinit'sscope. QUESTION9.Istheestimatedcostof1.8bnover10yearsrealistic? 19. DespitemultipleFreedomofInformationrequests,asnotedintheanswertoQuestion1,theHO hasyettoproduceanybreakdownofit'scostsbeyondsimplystatingaroundhalfthecostis retention.Asithasalsonotbeenmadeclearwhattheaimsandobjectivesofthebillis,itisnot possibletodetermineifthisisrealistic. QUESTION10.TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraft Billcouldbeworthbetween5 6bn.Isthisfigurerealistic? 20. TheHOhavenotreleasedanybreakdownofthisbenefit,soitishardtoanalyse.Itwouldappear someofthesebenefits,basedonevidencegivenorallybyCharlesFarr,isbasedonnotionalvalues ofhumanlifeetc,forwhichwedonothavenumbers. 21. However,abasicsanitycheckcanbeperformed.Therewere414,400successfulrequestsin2010 75%of552,550 andtheHOhavestatedinoralevidencetothecommitteethattheyhopefora 10%increaseinsuccessfulrequestsasaresultofthebill,meaninganadditional55,255requests. ThiswouldmeanthatthecurrentDataRetentionregimeisdeliveringavalueof3.75bnperyear, or9kperrequest.ThatnumberseemslargeandIwouldhaveexpectedtoseemorepublicity surroundingthebenefitsoftheexistingsystem,butisafeasiblefiguregiventhattheHOaimsto "preventrevenuelossthroughtaxfraudandfacilitatingtheseizureofcriminalassets". QUESTION13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? 22. TheUKwouldappeartohavenolegalrecourseagainstforeignserviceproviderswhodonot, entirelyvoluntarily,complywiththeproposedbill.IftheHOdidattempttofindawaytopursue foreignserviceproviderswithnoUKbase,thiswouldsetaveryunwelcomeprecedent.UK serviceprovidersmaythenhavetheburdenofcomplyingwithlawsandregulationsinevery othercountryconnectedtotheInternet,incaseauserfromthatcountryvisitstheirsite. QUESTION16.Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguards includingapprovalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.How should"designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? And
308
QUESTION17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthis applytoallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? 23. Independentoversightofrequestsiscertainlydesirable,buta"warrant"couldbegrantedbythe SecretaryofStateortheirnominatedrepresentative,whichlackssufficientindependence.It wouldbemoreappropriatetospecifythatajudicialwarrantisrequired. 24. ThemainobjectiontorequiringwarrantsbytheHOhasbeentime,incriticalcases,andcost.On thetopicoftime,thereisnoreasonwhythevastmajorityofnontimecritical PriorityGrade3, underthecurrentRIPAsystem shouldnotrequirewarrants.Suchasystemmustmandate retrospectivejudicialapprovalofanyhighpriority Grade1 requeststopreventabuse,with automaticreportingofanyfailedretrospectiverequestsandinvestigationbythecommissioner. Thecommissionerhasalreadyidentified"seriousnoncompliance "byanumberpoliceforcesunderthecurrentoralapprovalsystem 355whichisamajorcausefor concernifnotaddressed. 25. Forcost,theoverallcostoftheproposedsystemamountsto3,257persuccessfulrequest 356. Thecostofapplyingforawarrantdoesnotappeartoconstituteamajoradditionalburdenin lightofthis. QUESTION18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? 26. Therolesintheoryarewelcome,butthecommissionershaveproventhemselvestoberelatively toothlessanddonotproperlyinvestigateproblems.Amuchstrongersystemofoversightis required. QUESTION19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBill satisfactory? 27. AsnotedpreviouslytheHOhavebeenextremelyreluctanttoprovideanyinformationtothe committeeinevidencetosupportthebill.Thereisnoreasonatthisstagetobelievetheywould beanymorecooperativewhenitcomestofutureoversight.Thedraftbillshouldenforcetough, thoroughandpublicreportingbytheHOandallorganisationsgrantedpowersorobligations underthebill. 28. Itisnotablethattheproposedsystemofinterceptioninvolvesthesecretaryofstatemandating theequipmentandconfigurationtobeusedbyserviceproviders,meaningitisunlikelythat serviceproviderswillhaveanymeaningfulinsightintotheoperationofthesystem.Thiswill meanthattheonlyorganisationswhoreallyknowwhatisgoingonaretheHOandthe Sofar unidentified suppliersoftheequipment.Thispotentiallymeansthatnoindependentoversight ofthetechnicalimplementationofthebillwillexistatanylevel. QUESTION21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccess tocommunicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthedraft Billamounttoanoffence? 29. Itshouldbeacriminaloffencetowilfullydisregardanycommunicationsdataprovisions,to preventmanagersandstaffrefusingtotakeresponsibilityforthesignificantpowersgrantedto them,inasimilarwaytothedriverofavehicleandnothisemployerbeingliableforoffences committedbehindthewheel.However,historyhasshownthatprosecutionsforsuchoffences rarelytakeplaceastheyaredeemednottointhepublicinterestandthisisascriticalaproblem asthepenaltiesthemselves.Mandatinginvestigationbythecommissionerwithastrong presumptionofprosecutiononbehalfoftheCPSwouldgosomewaytosolvingthisissue.
355 2011AnnualReportoftheInterceptionofCommunicationsCommissioner ,Page35 356 http://www.complicity.co.uk/blog/2012/07/comparativecostsofccdprequests/
309
QUESTION22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? 30. OnthescalerequiredbytheHO,no.NoevidencehasbeenpresentedbytheHOtosuggest otherwise,orhowtheywouldhandlenonstandardandeverevolvingprotocolsusedbymany sites. 31. Asanexample,inthe2010film"FourLions",thejihadistsconverseoverawebsitethatappears tobebasedonDisney's"ClubPenguin",anonlinegameforchildren.Theprotocolusedfor communicationbetweensuchsitesandtheclientsoftwarerunningontheuserscomputerwillbe completelyproprietaryandchangeentirelyatthewhimofthedevelopers. QUESTION23.Howsafelycancommunicationsdatabestored? 32. Securityisatradeoffbetweenusabilityandaccessibilityofthedataversusit'svalueandthe impactifitiscompromised.ThevalueofthedataheldbyServiceProviderswillbehuge, representingavaluableassetincorporateespionagepotentiallyfundedbyforeigngovernments. 33. Suchahighvalueassetneedstobeprotectedveryrobustlyandalthoughserviceproviders generallyhaveagoodtrackrecordinkeepingcriticaldatasecure,breachesdohappen.Thisisa significantrisk,theimpactofwhichshouldbeproperlyandfullyinvestigatedandreportedonby theHOandacceptedasbeingnecessarypriortothebillbeingpassed. QUESTION25.Howeasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraft Bill? 34. Itwouldseemtobetrivialtocircumvent,unlesstheHOhassomemechanismofdecryptingall trafficthatisnotknowntotherestoftheworld. SeediscussioninanswertoQ26formoreon this 35. ThegovernmentofChina,whichhasthrownsignificantresourcesatit's"GreatFirewallofChina" project,hasbeentryingtosimplyblocknoteveninterceptunapprovedinternetsites.Despite this,itremainsthecasetodaythatpeopleareabletobypassthissystemusingtechnologiessuch as"tor".ThereisnoreasontobelievetheHOwouldbesignificantlymoresuccessfulat interceptionthanothergovernmentswouldbeatthesimplertaskofblocking. QUESTION26.Arethereconcernsabouttheconsequencesofdecryption? 36. Potentially,yes,aswedonotknowhowtheHOintendstobreakdecryptionotherthanasimple statementthattheycan.Thereisarealdangerthat"maninthemiddle"attacksonencryption mightexposeUKuserstoadditionalsecurityrisksorgenerallydestabilisetheinternetin unwelcomeways 357.Toavoidsecurityandstabilityproblemscreatedbyinterception,itshouldbe arequirementofthebillthatinterceptionmayonlybepassiveandnotalterthecontentsofthe communicationintransit. 37. Worse,inanightmarescenario,whatevertechnologyisdeployedattheserviceproviderlevelby theHOtodecrypttrafficisstolenfromadatacentrebycriminalsormembersofforeign intelligenceagencies,potentiallyexposingverylargenumberofuserstosecurityrisksandhuge financialimplications. August2012
357
http://www.complicity.co.uk/blog/2012/06/spooksinthemiddle/
310
Open Rights Group

Introduction 1.WebelievethepowerscontainedinthedraftCommunicationsDataBillaretoobroadandwillresultin ageneralisedsurveillanceofthepopulation.Lawenforcementaccesstocommunicationsdataforspecific purposesisnotwronginprinciple.Butwedonotbelievethegeneralisedcollectionofcommunications dataaboutthepopulationbythegovernmentandlawenforcementbodiesisacceptableinaliberal democracy. 2.Whereincursionsintothepublic'sprivatelivesareproposed,andjustifiedwithreferencetocompeting rightssuchassecurity,thebenefitscasemustbemadeopenlyandtradeoffsmustbeestablishedviaa clearandrobustdemocraticprocess.WeareconcernedtheJointCommitteeisbeingaskedtomake recommendationsbasedonincompleteorinaccurateinformation. 3.Inthissubmissionwearguethattherehasnotbeensufficientopportunityforthepublicor Parliamentarianstoproperlyscrutinisetheproposals.Wesetoutconcernsaboutthescopeofthe informationlikelytobecollectedandthesafeguardsgoverningaccesstoit.QuiteclearlythisBillamounts tomorethanaproposaltomaintainexistingpowers.Toomuchinformationwillbecollectedabouttoo manypeople. 4.Wearguethat'new'kindsofcommunicationsdata,fromsocialmediaforexample,aresimplynot comparabletophonerecorddata.Theycanbefarmoreintrusiveandrevealingand,ofcourse,farmore useful.Thisisespeciallysowhendataiscombinedtocreateabroaderpictureofanindividual's movements,personalityandsocialcircles.Sowerefutethesuggestionthatcommunicationsdatadoesnot somehowconveysubstantivecontentaboutaperson'slife.Webelievethattheterm'communications data'isbeingstretchedtobreakingpoint,andcannotadequatelycontainthevariouslyintrusiveand revealingtypesofdatanowpotentiallyavailabletolawenforcement.Ithasreacheditslimitastheuseful basisforasingleregimeofinformationstorageandaccess. 5.Wesetoutwhywebelievetheproposedsafeguardsaroundaccesstocommunicationsdataaretoo weak,whichwillresultinboththeaccidentalanddeliberatemisuseofthedataleadingtosignificant privacyharms.Thatwilllikelyincluderiskstojournalistsandtheirsources,theunderminingoflegal privilegeandachillingeffectonwhistleblowers.Wealsonotehowinformationprovidedbythe InterceptionofCommunicationsCommissionerabouttheerrorrateinRIPArequestsseemstobebased onaflawedreportingprocess,andthereisinsufficientdatatomakeinformed,independentanalysisof theregime. 6.WerecommendthecurrentdraftBillisrejected.Wesuggesttherearealternativestotheseproposals thatwouldinvolvelessintrusiveandharmfulpowersbutwhichhaveseeminglynotbeenconsidered,for exampleaformofproperlymanageddirected ratherthangeneral collection,withcourtapprovalfor access,incaseswheresuspicionexists.Wesuggestamoredetailed,andpublic,considerationofthe varioustypesofinformationpotentiallyavailabletolawenforcement,howusefulandintrusivethat informationmaybe,andwhatcollection,storageandaccessregimesareappropriate. 7.WeincludeinoursubmissionalegalopinionfromEricMetcalfeofMoncktonChambers,former directorofJUSTICE,inwhichheconsiderstheconsistencyofthedraftCommunicationsBillwithhuman rightslaw.HeconcludesthattheBillisincompatiblewiththeUK'sobligationsunderArticle8ofthe EuropeanConventiononHumanRights.Thefullopinionisattachedtothissubmission.Wealsoincludein AnnexBevidencefromPublicConcernatWork,detailingcasestudiesofrecentthreatstowhistleblowers.
Summaryofkeypoints

WerecommendthatthedraftBillasitiswrittenisrejected.Thepowerstoorderthecollection andstorageofinformationaretoobroad,andthesafeguardsoveraccessaretooweak. TheGovernmenthasnotrunanadequatepolicymakingprocess.Theproposalsseembuiltto withstandpublicscrutinyanddebateratherthanbesubjecttoandimprovedbyit.Therehas
311
Issueswiththepolicymakingprocess
beennoconsultationandtheyhavenotprovidedsufficientdetailregardinghowthepowerswill workinpractice,northeassociatedcostsandbenefits.Werecommendafullreviewof,and consultationon,communicationsdatacollectionandaccess. Thepowersamounttoageneralsurveillanceofthepopulation.Werecommendananalysisof howaproperlyregulatedregimeoftargetedcollectionwouldbemoreappropriate. Drawingontheattachedlegalopinion,weconsidertheproposalstobeincompatiblewiththe UK'sobligationsunderArticle8oftheEuropeanConventiononHumanRights. Werecommendcourtapprovalforallaccesstocommunicationsdata. Werecommendasystemofnotificationforpeoplewhosedataisaccessed.
8.WewelcomethescrutinythattheJointCommitteehasgiventhedraftBillthusfar.Wealsobelievethat thelackofafullpublicconsultationandthepaucityofdetailavailabletothepublicandtheCommittee haveunderminedthepolicymakingprocessandledtoaninadequatepublicdebate. 9.Thegovernmenthavenot'builtin'tothisprocessanopportunityforademocraticdebateabouta broaderrangeofoptionsforaddressingthe'capabilitiesgap'identifiedbytheHomeOffice. 10.Theproposalsandtheprocessthatledtotheircreationappeartohavebeenbuilttoavoidand withstandpublicscrutiny,ratherthantobesubjectedtoandimprovedbyit. 11.Part1oftheBillsetsoutextremelybroadpowers.Asaresult,ithasbeendifficulttoestablishwith anyclarityhowcollectionandstorageofinformationwillworkinpractice. 12.Forexample,thereisnodetailonwhattheordersmaylooklike.On9thJulybothRtHonSimon HughesMPandDrJulianHuppertMPaskedformoredetailontheordersthatmaybewrittenunderthe powersoftheBill358.Itisfairtosaytheanswerswerenotcomprehensive: SimonHughes:IamgratefultotheMinisterforhisanswer.HewillknowthatthedraftBill, particularlyinclause1,givesverywidepowerstotheSecretaryofStatebyorder.Willhetellus whethertheSecretaryofStatehasyetwrittenthoseorders?Inanyevent,willhegivethe undertakingthattheywillbepublishedattheearliestavailabledate? JamesBrokenshire:Itisworthunderliningthatcommunicationsdataareanessentialtoolin solvingandprosecutingcrime.Itisimportantthatthatisnoterodedbychangingtechnologies, whichiswhyweneedtheflexibilitytorespondtochange.WeareworkingcloselywiththeJoint Committee.Weareabsolutelycommittedtotheprelegislativescrutinyandtoensuringthatthe CommitteecanconductrobustscrutinyoftheBill. DrJulianHuppert Cambridge LD :TheMinistersaidthathewasworkingwiththeJoint CommitteeonwhichIserve.HewillbeawarethattheJointCommitteehasnotbeengivensight oftheorder.Willhepromisethatwewillhaveachancetoseeitwhilewearecarryingoutthe prelegislativescrutiny? JamesBrokenshire:Asmyhon.Friendwillknow,scrutinyofthedraftlegislationisonlyjust starting.IunderstandthatthefirstsittingoftheJointCommitteeisduetotakeplacethisweek. OfficialsfromtheDepartmentwillconsiderthismatterandgiveevidencetotheCommittee.Iwill committokeepingtheissueunderreviewasthelegislativeprocessdevelops,becausewe recognisetheneedtoensurethattheBillandthescrutinythatwewillrespondtoareeffective.
Thelackofdetail
358 http://www.publications.parliament.uk/pa/cm201213/cmhansrd/cm120709/debtext/120709 0001.htm#1207099000621
312
Weneedtorecognisethatthisisanimportantmatterinensuringthatcrimescontinuetobe prosecuted. 13.WearenotawareoftheJointCommitteereceivingfurtherdetailalongtheselines,norareweaware oftheHomeOfficereleasingsuchdetailspublicly.Asaresult,itisdifficulttoexamineingreatdetail exactlywhattheHomeOfficehaveinmind. 14.OneconsequenceofthisisthattheHomeOfficehasfocusedsimplyonwhethercommunicationsdata isusefulinprinciple,orwhetherusingcommunicationsdatatosolvecrimeisagoodidea. Communicationsdataisobviouslyextremelypowerfulandusefuldata.Theimportantdebateisaboutthe typesofinformationpotentiallyavailable,themeansofcollectingandstoringit,therelativelevelsof intrusivenessandusefulnessandthesuitableregimesforaccesstoit.Thedecisionmakingprocess focusedonthatshouldtakeplacethroughdemocraticforainvolvingapublicconsultation. 15.Theseproposalshavebeenpresentedas*the*possibleoptionforaddressingtheissueofaccessto newtypesof'communicationsdata'.InherintroductiontothedraftBill,theHomeSecretarybeginsby tellingastoryofthecapabilitygapandwhyclosingitisvitaltomaintainingtheabilityoflawenforcement todealwithseriouscrime.However,absentfromtheintroductionisaconsiderationofwhatinformation isandisnotavailable,towhom,thepowerofthatinformationandanypossibleharmsthatmaycome aboutfromthemisuseofit.Focusingontheinprinciple,toplevelbenefitsofcommunicationsdata withoutaconsiderationofthesefurtherissuescanonlyleadtoaonesideddebate. 16.TheoptionspresentedintheImpactAssessmentofferafurtherexampleofthisissue,presentinga simplebinarychoicebetween'doingnothing'andtheBillaswritten.Thissuggestseitherthatthereis onlyonewaytoaddressthecapabilitygap,orthattheHomeOfficehasnotconsideredalternatives. 17.ThePrivacyImpactAssessmentdoesnotoffermuchmoredetail,nordoesitgiveafullconsideration oftheprivacyissues.Itislargelyadescriptionofsomeoftheprivacyrisksandastatementthatthe safeguardsareadequate,withnorealanalysisorexplanation. 18.WeregretthattherehasbeennopublicconsultationforthisdraftBill.WhilsttheJointCommittee havekindlycalledforwrittenevidence,wearenowsignificantly'downstream'inthepolicymaking process. 19.TherewasaconsultationrunbythepreviousGovernmentonwhatisinitspracticaleffectsand implicationsthesameproposal.Followingthis,andsignificantoppositiontotheideas,theproposalswere droppedbeforeadraftBillwaspublished. 20.Thecurrentproposalsmaybearguedtobesubstantiallydifferentfromthosedevelopedbyprevious government,inwhichcasetheyshouldbesubjecttoaconsultation.Ortheproposalsmaybeverysimilar, inwhichcasethereshouldbeanexplanationaboutwhytheHomeOfficehasnowdrawnadifferent conclusionfromtheresponsestothepreviousconsultation.TheGovernmentappearstoseethisasa differentproposalfromtheoneputforwardbythepreviousgovernment.Forexample,ForeignSecretary HaguestatedinParliament: 21.First,thisistodownplaythefunctionalityofadistributeddatabaseacrossservicesprovidersdoneto adesignspecifiedbyGCHQ,whichwillinpracticebenolessinsecureorintrusivethanacentralisedstore.
Lackofapublicconsultation
Itdiffersenormously,becausethepreviousGovernmentsproposalwastoholdalldataina centraldatabase.Ourproposalwouldrequireproviderstoholdontotheirdata. 359
359 http://www.theyworkforyou.com/debate/?id 20120620a.863.1
313
Second,asPrivacyinternationalandothershavenoted360,thepreviousGovernmentdroppedproposals foracentraldatabase.Furthermore,Section20appearstoallowforthecreationofcentralisedservices. Sothisisnotapointofdifferentiation. 22.IntherecentDemosreport#Intelligence,theauthors formerdirectorofGCHQSirDavidOmand, JamieBartlettandCarlMiller makeasimilarpointthattheregulationoftheuseofsocialmedia information whichtheyterm'SOCMINT' requiresamorefundamentaldebateaboutwhatis appropriate:
23.Thepaperdiscussesthedifferencesbetweenprivateandpublicsocialmediainformation.Itcanbe seenasabroadargumentthatanychangesinthetypesofdatagatheredandusedforintelligence purposesmustbeaccompaniedbyawidepublicconsultation,becauseofthedifferentlevelsofintrusion thatnewtypesofcommunicationsdatabring.InskippingtoadraftBillthatfocusesonthehighly intrusivematterofcommunicationsdatainsuchlimiteddetail,albeitwiththescrutinyoftheJoint Committee,thegovernmentisshortcircuitingthatbroaderpublicdebate.Wearealsoconcernedthatthis placestheJointCommitteeinanextremelydifficultposition. 24.WebelievethataheadofadraftBill,theHomeOfficeshouldhaveproducedaGreenPapertoallowfor afullpublicdebate,aboutacceptablesurveillanceinthecontemporaryinformationsociety,througha moreopendemocraticprocess. 25.AnumberofquestionsremainunansweredduetothelackofdetailpublishedaboutthedraftBill.For example: Towhatextentwillany"blackboxesbeusedtocollectinformation?Eventhoughthelaw specifiesonlycommunicationsdata,willtheblackboxesnotbeabletoroutinelygathercontent aswell?Ifnot,howwilltheywork? 24. Howmanyservicesgenuinelywillnotcooperate?Wherearetheylocated?Thegovernmentmay attempttoimposecollectionoraccessdutiesoncompanieslocatedoverseas.Therearelegal arrangementsforsuchaccess,sothegovernmentshouldconsiderwhatsortofchangesmight resolvethisissue.Furthermore,itisuncleartowhatextentsuchdutiescanbeimposedbytheUK orinwhatcircumstances. Thisisawiderlegalquestionthanjustthoserelatingtocommunicationsdata.Isthereevidence thatinternationallegalagreementsarenotfunctioning?Hassuchananalysisbeenundertaken? TwitterisanexamplethatdoesnotseemtosupporttheHomeOffice'scase.Twitteralready handsoverdatafollowinganappropriatelegalrequest,includingtoUKpolice362.11user
TheGovernmentshouldpublishagreenpaperassoonaspossibleonhowitplanstomanage overthenextfewyearstheopportunitiesofferedbysocialmediaanalysisandthemoraland legalhazardsthatthegenerationanduseofSOCMINTraises.Thisneedstoincludedefinitionof thepotentialharmsthatSOCMINTpose,howharmcanbejudgedandmeasured,andhowthese riskscanbebalancedandmanaged.ItisimportantthattheGovernmentprovidesapositionon thepracticalitiesandspecificsinvolved,includinginformationontherelationshipbetweenthe Government,ISPsandsocialnetworkproviders,thescopeofinformationcollected,thebodies authorisedtocollectit,whowillhaveaccesstocertaincapabilitiesandwithwhatsafeguards. 361
Unansweredquestions
360 https://www.privacyinternational.org/blog/thedraftcommunicationsbillisawastedopportunity 361 Page69,http://demos.co.uk/files/_Intelligence__web.pdf?1335197327
362
314
informationrequestswereissuedbetween1stJanuary2012and30thJune2012.Only18%of thesewerecompliedwith363.Rejectionsmayarisefromtherequestingauthorityfailingto identifyaTwitteraccount,requeststhatareoverlybroad,orwhereuserschallengerequests afterbeingnotified.UScourtorderscanbeobtainedbyUKpolice,atwhichpointthedatais handedover.Itwouldbeusefultoexaminewhythesuccessratefortheserequestsis18%. Googleoperatesviaadifferentmodel.Theydonotrequirecourtordersbutlargelycomplywith localstandards,publishingatransparencyreportoftheirhandlingofrequest.Thetransparency reportrevealstheycompliedwith64%ofrequestsforuserdatafromtheUKGovernment.Would thediscretionthatsaw36%ofrequestsrefuseddisappearundertheseproposals?Thecurrent model,whichlacksalegalprocessinthehandingoverofuserdata,isnotideal.Butweare concernedthatthedraftBillproposestoreplacethisnotwithacourtprocessbutamodelofself certificationbyrequestinglawenforcementbodieswithnomeaningfuljudicialoversight.364 25. Frequently,dataisretainedondevicesaswellascompanies,andcanalsobeaccessedthatway. Towhatextentwouldthisaddressthecapabilityshortfall? 26. Howwillencrypteddatabetreated?Doestheeffectivenessoftheproposalsdependonbreaking theencryptiononwhichweroutinelydependforonlinetransactions,includingbankingande commerce?IfsoisthatanetgainoranetlosstobusinessconfidenceandtosecurityintheUK?
Costsandbenefits
26.Hardlyanyinformationonthecostsorbenefitshasbeenpublished.Wehavebeenprovidedwithball parkfigureswithnojustificationmadepublic.IntheImpactAssessmentaccompanyingtheBill,the detailsofthecostsandbenefitsarelistedas'optional'.TheHomeOffice'sOfficeforSecurityandCounter TerrorismhasrejectedourrequestsundertheFreedomofInformationActforanyusefullevelofdata aboutthecostsandbenefitsanalysis.On23rdJulyweaskedthemtosupplyuswiththesummaryof workingsmadetocreatethatestimate,asusedtocreatethefigureusedintheImpactAssessment,giving breakdownsforthesavingscategoriesmentionedabove.Inreply,theOSCTturneddowntherequest.In theirexplanationofthepublicinteresttest,theysetoutthefollowingjustification:
SensitiveoperationalbenefitsexpectedasaresultofthedraftCommunicationsDataBillwould preventthepublicationoftheinformationrequested.Weconsiderthatreleaseofthis informationwouldaidindividualsand/orgroupsseekingtoplanorcarryoutanattackor commitacrime. Theinformationwithheldincludeswhowehaveworkedwithwhichwouldhighlightoperational capabilityissues.Disclosureofthesedetailswouldlimittheeffectivenessofthelawenforcement agenciestopreventanddetectcrime. TheinformationwhichrelatestoUKcapabilitiesisconsideredtoposeanunacceptablerisktothe abilityoftheUKtosafeguardnationalsecurity;thedisclosureofthisinformationcouldbeused toavoiddetection.
TreatybetweentheGovernmentofBermudaandtheGovernmentoftheUnitedStatesofAmerica relatingtoMutualLegalAssistanceinCriminalMatters http://www.official

documents.gov.uk/document/cm76/7613/7613.pdf 363 https://support.twitter.com/articles/20170002# 364 Seehttp://www.google.com/transparencyreport/userdatarequests/GB/?p 201112
315
27.Wehaverequestedaninternalreviewofthisdecision.OnJune21st,weaskedtheHomeOfficethe following,againundertheFreedomofInformationActforthelikelycostsorestimatesofcostsforthe programmesofcollectionandstorageofcommunicationsdataexpectedtobecreatedunderthe CommunicationsDataBill,andanalysismadebyorfortheHomeOfficeoftheavailabletechnologiesto fulfilthenewprogrammesofcollectionandstorageofcommunicationsdataunderthesameBill.In reply,weweretoldthattherequestwasbeingrejectedoncostsgrounds.Weareworkingtonarrowthe request.
Wehavedeterminedthatsafeguardingnationalsecurityinterestsandlawenforcementisof paramountimportanceandthatinallcircumstancesofthecaseitisouropinionthatthepublic interestclearlyfavoursthenondisclosureofinformationcoveredbysection31 1 a .
Privacyandconsent
28.Weareparticularlyconcernedthatthewithholdingofinformationonthebasisofnationalsecurityis inhibitingalegitimatedebate,bythepublicorParliamentariansaboutthedetailofthisdraftBill.While thisapproachmaybereasonableforcertainspecificdetailsandissues,itisnotappropriateforgeneral obligationsimposedoncompaniesthatinvolvedatacollectionpotentiallyaffectingeverycitizen,innocent ornot.Itagainmakesunderstandingtheproportionalityoftheproposalverydifficult. 29.Therearetwokeyissuestoconsiderwhenjudgingwhetherthecurrentprocessisasufficient mechanismforscrutinisingtheproposals.First,havethepublicbeenprovidedwithenoughinformation anddetailtoenableaproperpublicdebateabouttheproposals?Second,istheJointCommitteebeing suppliedwiththerequiredinformationbytheHomeOfficeandrelevantbodiestomakeaproperand informedjudgement? 30.Takentogether,theanswertothesequestionsdeterminewhetherthescrutinyprocessconstitutesthe requisitelevelofpublicdeliberationabouttheuseoftheBill'sproposedpowersandassociated technologies. 31.TheJointCommitteesfindingsarelikelytobetakenbytheGovernmentasaconclusivejudgementon theacceptabilityoftheproposals.Itisonethingtowithholdpotentiallysensitiveinformationfromthe public.ItisanothertowithholditfromtheCommitteesetuptoscrutinisetheproposalsinParliament. 32.Withreferenceinparticulartothelackofafullconsultation,thepaucityofinformationconcerningthe detailsoftheBillandtherejectionofFreedomofInformationrequests,wewouldarguethatthishasbeen aninsufficientprocessofscrutinyandpublicdebate.
33.Ithasbeenarguedthatpeoplecarelessaboutprivacynow,evidencedbytheproliferationofsocial networksonwhichpeopleshareallmannerofpersonaldetails.Buildingonthis,somemayargueeither thattheGovernmentshouldbeabletobenefitfromthisinformationtothesameextentthatTescoor Facebookcan,orthatpeoplewillnotmindiftheGovernmentsharesintheusefulnessofthistroveof data.InhisevidencetotheJointCommittee,forexample,ProfessorAnthonyGleesmadeasimilarpoint:
...thereisaphilosophicalpointhere,whereyouhavepeopleputtingallsortsofintimatedetails aboutthemselvesquitefreelyontotheinternet.Whatisprivateandwhatispublicnolonger meanswhatitmeantwhenIwasastudent40yearsago.Onedoeshavetohavethatdebate. 365
34.Ithardlyneedspointingoutthatpeoplenowsharemoreoftheireverydaylifethaneverbefore,both voluntarilyandinvoluntarily.Thisinterestinsharingoftenpersonaldetailsisenabledbytechnologies thatgivepeoplenewwaystoconnectwitheachother,carryouteverydaytasksandorganisetheirlives. Muchofthischangeinbehaviourisdrivenbyacombinationofoursocialinstincts,consumerhabitsand thebusinessmodelsofmanydigitalbusinesses.Inreturnforsharingmoreinformationaboutourselves,
365 Uncorrectedevidence,page25http://www.parliament.uk/documents/joint committees/communicationsdata/uc170712ev4HC479iv.pdf
316
weoftengetsomethinginreturnwhetheritischeapergoods,apparently'free'onlineservicesormore fulfillingsociallives. 35.Thefactthatpeoplehavetakentosharingmoreaboutthemselvesdoesnotmeanthatthegovernment canfeelempoweredtoappropriatethatinformation.Itdoesnotimplyanautomaticrightorneedforthat information.Nordoesitsuggestafundamentalshiftinattitudestowardsamoregeneralrecklessor relaxedattitudetowardsprivacycertainlynottotheextentthatitwouldpermitinstitutionstoassume rightstoaccessoruseinformation.Theuseofinformationisbasedonanindividual'scontextspecific consent.Peopleoftenlackknowledgeorclarityofhowinformationwillbeusedorthetermsofan agreement,withresearchdemonstratingthatpeopleoftenmake'imperfect'decisionsthatdonotfitwith aperceptionofperfectlyrationalprivacydecisions.366 36.Thegeneraldirectionofdataprotectionlegislationhasbeentoaddresssuchissuesthrough emphasisingminimisationofdatacollectionandrequiringconsenttobeasclearandinformedas possible.TheproposalsinthedraftCommunicationsDataBillareheadingintheexactoppositedirection. 37.Sometimespeoplewillnotbeabletomakeindividualdirectdecisionsaboutuseofpersonal information.Accesstocommunicationsdatabypublicbodieswouldbeoneexample.Inthosesituations, lawenforcementbodiesexercisetheirauthoritythroughtheuseofpersonalinformation.Totheextent thatthisisanintrusionintotheprivatesphere,therulesgoverningthisuseneedtobecreatedthrough democratic,publicdebate.
Thescopeofinformationcollectionandaccess
38.TheHomeOfficearguesthatthedraftBillisneededtomaintainexistingpowers.Thisisnotcredible. Thescopeandnatureofinformationcollectedmaketheproposalsfarmorethanasimplemaintenanceof existingcapability. 39.TheHomeOfficearguethattheywanttoclosethecapabilitygapfrom75%to85%dataavailability. Wearguethatthismustbeplacedinthecontextofthegeneralordersofmagnitudeproliferationofdata, personalandotherwise.Intheirreporton'bigdata'in2011,McKinseypredicteda40%growthinglobal datageneratedperyear,arguingthatwearegeneratingsomuchdatatodayitisphysicallyimpossibleto storeitall367.TheHomeOfficeimpactassessmentforthedraftBillassumesthatthe'totalvolumeof internettrafficincreasesbyafactoroftenoverthe10yearperiod. 40.Nodoubtthisposeschallengestolawenforcement.Butitisnotaccuratetosaythattheinsightslaw enforcementmaygainfromavailablecommunicationsdatahasreduced,evenifthepercentageofthe amountofdataavailablehasreduced.Wequestionthenotionofacapabilitygapcouchedinpercentage terms,andseethisasmuchaqualitativeissue. 41.Datageneratednowisofamarkedlydifferenttypetophonerecordsandothertraditionaltypesof communicationsdata.Arecordofaphonecalltellsaninvestigatorwhocalledwhom,when,andwhere. Eventhis'traditional'communicationsdataisintrusive.TheArticle29WorkingPartyofEuropeandata protectioncommissionersarguedthattheDataRetentionDirective Directive2006/24/EC involvedan inherentlyhighrisklevelthatrequiresappropriatetechnicalandorganisationalsecuritymeasures.This
366 SeeforexampleDoesithelporhinder?PromotionofInnovationontheInternetandCitizens'Right ToPrivacy,DirectorateGeneralforInternalPolicies,PolicyDevelopment:Economicandscientific policy,2011 http://www.europarl.europa.eu/committees/fr/studiesdownload.html?languageDocument EN&file 65871andIanBrown,PrivacyAttitudes,IncentivesandBehaviours,2011at: http://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID1866299_code892424.pdf?abstractid 1866299 367 McKinseyGlobalInstitute,Bigdata:Thenextfrontierforinnovation,competition,andproductivity, 2011availableat http://www.mckinsey.com/insights/mgi/research/technology_and_innovation/big_data_the_next_fr ontier_for_innovation
317
isduetothecircumstancethatavailabilityoftrafficdataallowsdisclosingpreferences,opinions,and attitudesandmayinterfereaccordinglywiththeusersprivatelivesandimpactsignificantlyonthe confidentialityofcommunicationsandfundamentalrightssuchasfreedomofexpression.368 42.Thenewkindsof'communicationsdata'theBillisaimedatcollectingcanpaintamoreintimate pictureofourlives.Detailsofsocialmediacommunicationsrevealslikelypoliticalopinions,lifestyle preferences,socialcircles,habitsandpatternsofbehaviour.Althoughonlythefactthataparticular websitewasaccessed,andnotthespecificpage,istoberecorded,suchinformationcanstillspeak volumes.ThefactthatsomeonerepeatedlycontactedNarcoticsAnonymous,orGaydar,orapolitical websitegoessomewaytoindicatesignificantaspectsoftheiridentityorpersonality. 43.Bycombiningemail,telephoneandwebaccessdata,andmobilephonelocationhistory,onecan deduceadetailedpictureofanindividualsmovements,habitsandthoughtstoagreaterdegreethan phonerecordsalonecouldoffer. 44.Additionally,thesame"heuristic"techniquesusedtoidentifyspamemailcouldpotentiallybeapplied tolargeenoughbodiesofcommunicationsmetadatatoidentifycommonpatterns.Heuristicsforspam say,forexample:"these100messagesarespam.Isthisnewmessagelikethemstatistically".Considera similarscenario:"these100messagesrelatedtoagivenpoliticalparty.Isthismessagelikethem statistically"? 45.Thedistinctionbetween'content'and'communicationsdata'doesnot,inpractice,easilyhold.Thisis partiallybecauseofthedifficultyofseparatingoutcontentfrom'communicationsdata.'369,butalso becausethecategory'communicationsdata'doesnotadequatelyaccountforthevarietyoftypesofdata, andthepossibleintrusivenessofitwhichrangesfromOystercarduserdatatoFacebooklikesand comments,LinkedIngroups,TwitterDirectMessagesandsoon.Separatingoutcontentdoesnot necessarilyreducetheintrusivenessofdatatothedegreethatblanketcollectionandweakersafeguards areacceptableorproportionate. 46.Thegovernmentisgivingitselfextremelybroadpowerstoorderanycommunicationsproviderto collectanddisclosecommunicationsdata.Thegovernmenthasn'tsaidhowcollectionmightwork,even thoughthewaythedataiscollectediscritical. 47.TheCommitteehasheardthatthisismostlikelytoinvolvecollectiondutiesonCommunications ServiceProvidersand'blackboxes'beinginstalledonISPsnetworks,whichwillharvestcommunications datathatcanthenbeaccessbyrelevantgovernmentbodies.Thiswillinvolveorganisationscollecting informationthattheyotherwisewouldnotbecauseitgoesbeyondtheirnormalbusinessneeds.The proposalsrepresentafundamentalshifttogeneral,masssurveillanceofthepopulation. 48.Thecollectionandstorageofdataisoutsourcedtotheprivacysector,makingCSPstheservantsofthe stateratherthenoftheircustomers.ItcreatestheliabilityforsubstantialpaymentsbyGovernmentto serviceproviders,introducingcoststhatmayescalateandprovehardtocontrol.Thishappensjustatthe timewhereelsewhereGovernmentismakinghugeandtosomeextentsuccessfuleffortstobringHMG's outofcontrolspendingonITandservicesbackundercontrol.
Themovetogeneralsurveillanceofthepopulation
368 http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp172_en.pdfpage1 369 ForadiscussionofthisissueseeBriefingontheInterceptionModernisationProgramme,LSE,2009, http://www.lse.ac.uk/collections/informationSystems/research/policyEngagement/IMP_Briefing.pd f
318
49.Theresultwillbethecreationofadistributed370databaseofawiderangeofinformationabout everybody'scommunication. 50.Theclauseson"filtering" clauses1416 appearfromthedraftingnotestorelatetoidentifyingdata associatedwithanindividualfromaqueryacrossdatasetsordatabases.However,thetechnicalabilityto searchandidentifypeoplewillgomuchfurther,andwillbehardtoregulate. 51.Filteringarrangements,describedasa'searchengine'371forthecollectedcommunicationsdata, wouldallowcomplexquestionstobeaskedofthedatabaserelatingtosuspects'socialnetworks. 52.Combinedwithlargescaledatacollectionitcouldcompletelychangetheeconomicsofmass surveillance.Forinstance,thedatacouldidentifyaprotesterwhopoststoaradicalpoliticssite,andtheir locationatanygiventime.Theirfavouredcontacts,thoselikelytobepoliticisedandtheirlocationscould beidentified.Thedatacouldineffectbeusedtomonitorpoliticalactivity,oranyactivitydeemedunusual ordeviant,toafinelygrainedlevel. 53.Atpresent,thepolicemakesparinguseofmobilephonelocationdatabecausetheygetchargedbythe phonecompaniestypicallyseveralhundredpoundspersubject.Oncethedataareallcollectedinto connecteddatabases,theperusecostwillapproachzero.Investigativemethodsthatareatpresentonly usedforseriouscrimeslikerapeandmurderwillbeavailabletoinvestigateminorissuestoo. 54.Giventhenatureofthecommunicationsdatainvolvedandthevolumeofdataavailable,thescaleof thelikelycollectionandtheprovisionsforfiltering,wedonotbelievethatitiscreditabletoclaimthisis simplyacaseofmaintainingofexistingpowerstocollectcommunicationsdata.Thisisasignificant extensionofcapabilitytocreatesomethingqualitativelydifferent.
Filtersanddatamining
Missioncreep
55. We are concerned about the inevitability of 'mission creep', and the risk that this new cache of communicationsdatawillbeusedforanincreasinglybroadrangeofpurposes.HomeOfficeofficialswere pressedbytheCommitteeaboutwhetherthedatawouldbeusedtoinvestigatespeedingordogfouling. They were reluctant to rule anything out. Dr Julian Huppert asked in the Joint Committee evidence session372:
56.Inreply,CharlesFarrdidnotrulethisuseofthedataout,saying:Ithinkyouwouldhaveto demonstratenecessityandproportionality;letmeputitlikethat. 57.Wedonotbelievethattheprimarycheckonthepurposesforwhichcommunicationsdatacanbeused should be the judgement of the law enforcement bodies themselves of what is 'proportionate and necessary'.Thebroadquestionsabouttheproportionalityandnecessityofthecollectionanduseofthis data for different purposes are better discussed in a forum that can make democratically legitimate
TheChiefConstableofDerbyshire,MrCreedon,whoistheACPOleadinthearea,saidlastmonth that he would consider it perfectly appropriate if he saw somebody texting or using a mobile phonewhiledrivingtousethecommunicationsdataforthat.
370 Meaningsimply'it'snotallinoneplace' 371 http://www.parliament.uk/documents/jointcommittees/communications data/uc170712ev4HC479iv.pdfpage35 372 Seepage5http://www.parliament.uk/documents/jointcommittees/communications data/ucJCDCD100712Ev1.pdf
319
judgements about the tradeoffs between public interest, security and privacy. This is a job for Parliament. 58. We note the recommendation in the Demos report #Intelligence, which suggests that use of 'SOCMINT'theirbroadtermforinformationgeneratedthroughsocialmediabelimited: AsUKlegislationatpresentlimitstheworkoftheintelligenceagenciestonationalsecurity,the detectionandpreventionofseriouscrime,andtheeconomicwellbeingofthenation,webelieve thisnarrowersufficientandsustainablecauserestrictionshouldapplytotheiruseofSOCMINT aswell.373 59.ThepurposesforwhichthedraftBillsuggestscommunicationsdatacanbeusedarefartoobroadand vague.ThisisanotherreasonthedraftBillshouldbeaxed. 60.Inadditiontooverlybroadaccessunderthelaw,throughmissioncreepforexample,thereisariskof unlawfulaccessthroughtheinsecurityofthedata. 61.Sensitiveprivateinformationhas,inthepast,fallenvictimtoblagging.FromobtainingNHS records374toaccessingthePoliceNationalComputer375,itisclearthatnostoreofinformationis completelysafe.Givenenoughtime,privatedatacanand,likely,willbeaccessedunlawfullyby someonewhoissufficientlydeterminedorunscrupulous.Itisworthreflectingonthefactthatforsome twentyyears,everyoneknewthatjournalistsworkingforNewsInternational andsomeotherfirms wereunlawfullyobtaininginformationbybribingpoliceofficers,blagginginformationfromofficial databases,andconductingunlawfulinterception. 62.Weareconcernedaboutthesecurityofthedatathatwillbecapturedandstoredunderthesepowers. Theextenttowhichthesecurityofthedatacanbemaintainedisanimportantfactorinconsiderationsof how proportionate and necessary these powers are. As such, we would expect an analysis of the likely securityissuesshouldbepartofthepublicdebateabouttheBill. 63.However,wehavenotseenanysuchpublicfacinganalysis.Weareconcernedthattherehasnotbeen a full independent analysis of the technology involved and the security of the collection and storage of data. 64. Whenever data is stored by a company there will be a risk that it will be lost, stolen, or damaged. Normally, that risk of loss or theft is offset by the importance of the business purpose for which the companyisretainingthedata.Themorevaluablethedata,themorelikelyitwillbethatindividualsor groups will attempt to obtain it. Lawful points of access to information provide an attractive target for unlawfulactivity.In2005,morethan100mobilephonesbelongingtomembersoftheGreekgovernment wereunlawfullytapped,throughanexploitationoflawfullyplacedbackdoorsinthedevices376.In2009 itemergedthatformerUSPresidentBillClintonspersonalemailslawfullycollectedwereunlawfully accessedbyanintelligenceanalyst377.
Wrongfulaccessandthesecurityofthedata
373 http://demos.co.uk/files/_Intelligence__web.pdf?1335197327page43 374 375 376 7 377 LevesonInquiry,StatementofMattDriscoll,NewsoftheWorld21stMarch2012 LevesonInquiry,StatementofAssistantChiefConstableJerryKirkby21stMarch2012pp.2223. http://www.guardian.co.uk/business/2006/feb/07/newmedia.media?INTCMP ILCNETTXT348 http://www.wired.com/threatlevel/2009/06/pinwale
320
65.ThephonehackingscandalandtherevelationsfromtheLevesonInquiryhelptodemonstratethatthe abilitytoaccesspersonalinformationwillbeexploitedforavarietyofreasons.Therearemanywaysthat thedatainvolvedcouldbemisusedinamannerthatwouldaffectwhistleblowers,journalistsandtheir sources,legalprivilegeandactivists. 66.Forexample,theBillwouldfacilitaterelativelyeasyaccesstothecontacthistoriesofpossible suspectedleaksorsourcesthatmatchedwiththoseofaparticularjournalist.TheBillattemptstomake searcheseasier,andautomated.Thesearchescouldalsoextendtolocationhistories. 67.Agovernmentwishingtoknowwhichoftwelvecivilservantshadleakedevidenceofserious wrongdoingtoajournalistmightaskeachCSPforalistofeveryonethesethirteenpeoplehad communicatedwithlastweek,andwhen.Thedatawouldbetakentoacentralpoint assumedtobe NTACatGCHQ andstudied,fromwhichitmightemergethatcivilservantnumber3hadcalledthe mobilephoneofProfessorXat7onTuesdayevening,andProfessorXhadthenmadeaSkypecalltothe journalist. 68.Inshort,thedatamatchingandsortingprovisionswithintheBillwouldmakeanonymity extraordinarilydifficulttomaintain,whilstplacingsurveillancetoolsintothehandsofanextremelylarge numberofpolice,intelligenceandotheroperativeswhoworkunderinsufficientscrutiny. 69.SeeAnnexBforabriefingfromPublicConcernatWork PCaW regardingthesepowersandthe possibledangersforwhistleblowers.Thishelpsdemonstratethataccesstoinformationcanbeusedfor thepurposesofmaliciousorpersonalvendettasorcertainlyreactionsthatarenotinthepublicinterest. PCaWdetailcasesofwhistleblowersandleaksthathaveinvolvedanoverzealousreactionfrom authoritiesincludingthecaseofHMRCtaxlawyerOsitaMba378,whohadraisedconcernsaboutspecial dealsbetweenHMRCandthosewithlargeoutstandingtaxbills:
Risksofmisuse
70.Trustinpublicinstitutionsandthoseinthemisimportant.Mostpublicservantsandofficialsand thoseinvolvedinlawenforcementarelikelytrustworthy.However,adesiretotrustinstitutionsdoesnot meanignoringthepossiblemotivations,incentivesandvulnerabilitiesofthepeopleworkinginthem. Problemswithsafeguardsgoverningaccess 71.TheImpactAssessmentasserts page5 that'RIPAplacestrictrulesonwhen,andbywhom,access canbeobtainedtocommunicationsdataretainedandstoredbyindustry,whichisdesignedtoprevent unauthorisedaccess.However,RIPAdoesnotplacestrictenoughrulesonaccess. 72.TheBillpromisesthesamesafeguardsasprovidedinRIPA.Thismeansthat withtheexceptionof localauthorities,whomustnowseekjudicialapproval organisationssuchasthepolicewillcontinueto nominateaninternaldesignatedpersontoauthoriseaccesstothecollecteddataofmillionsofpeople.
InearlypartofJunethisyeartheGuardianreportedthattheInformationCommissionersOffice ICO haslaunchedaninquiryintothewayHMRCinvestigatorsobtainedthepersonal informationofMbaandhiswife. TheICOreceiveddocumentsthatshowinOctober2011HMRCmanagerssentpersonal information,includingClaudiaMbasaddressandfourphones'numberstotheDepartments CriminalInvestigationsUnit.
378 http://www.guardian.co.uk/politics/2012/jun/07/informationcommissionerhmrc whistleblower
321
73. For law enforcement purposes, access to the data will simply require designated senior officers at those bodies to believe that it's "necessary to obtain the data" and that it is "proportionate to what is soughttobeachieved." 74. We are concerned that this effectively means that there will be no external, meaningful and direct oversightofaccessrequests.Webelievethiswillberipeforabuseandexploitation379.Thesafeguards overaccessneedtobetightenedupratherthanusedasamodelforaccesstoamuchbroaderstoreof information.
TheInterceptionofCommunicationsCommissioner
75. The oversight of such internal authorisation is performed through the retrospective analysis of a sampleofauthorisedrequests.EachyeartheInterceptionofCommunicationsCommissioner IoCC and his inspectors review a subset of the applications to ensure that policy is being applied correctly. We welcometheincreasingamountsofinformationthattheinspectorhaspublishedyearonyear. 76.However,weareconcernedaboutthefigurespurportedlyidentifyingtheerrorrateofRIPArequests. TheIoCCreportstatesthattheerrorpercentageis0.18%in2011380.Thislookstoustobeincorrect, andthereportlacksimportantbasicdetailsaboutwhen,whereandhowoftenerrorshappen.Asaresult theIoCCreportdoesnotfacilitateaproperindependentanalysisofhowtheoversightandsignoffregime isworking.381 77. In 2011, the IoCC identified 895 authorisation errors. On page 30, the report states that this is the numberreportedtotheCommissioner'soffice.Page32clarifiesthat99ofthe895errorswere'identified bymyinspectorsduringtheinspections',ratherthanhavingbeenreportedtothem. 78.Seventysevenofthosediscoverederrorsappeartohavebeen discoveredinlocalauthorities.Local authorities account for .5% of the total number of RIPA requests in 2011 the total being 494,078 requests . 79.Onpage30ofhisreporttheInspectorstatesthatthe'errorpercentage'is0.18%.Thisappearstohave beencalculatedbydividingthenumberofreportedanddiscoverederrorsbythetotalnumberofRIPA requests. 80.However,thetotalnumberofinspectionsundertakenthesamplesizeisnotpublished.Wedonot know what percentage of the 494,078 requests the IoCC team inspected. That means that the reported errorfigureof0.18%meansverylittle,ifanything. 81.Thecitedfigureof0.18%wouldonlyidentifytheerrorpercentagerateforthetotalnumberofRIPA requestsiftheIoCCteaminspectedeverysinglerequestortheyareconfidentthattherearezerofurther errorsintheuninspectedrequests. 82.Todeterminethenecessityandproportionalityofpowerstocollectandaccesscommunicationsdata, it is critical to have a clear picture of the error percentage. First, because it facilitates a proper understanding of the likely 'collateral intrusion'. Second, because it helps us to understand the likely frequencyoffalsepositives.
The'errorpercentage'
379Formoreinformationonweaknessesinthecurrentregime,wenotetheBigBrotherWatchreport'A legacyofsuspicion',availableat http://www.bigbrotherwatch.org.uk//files/ripa/RIPA_Aug12_final.pdf 380 Page30,IoCCreport2011 381 ThisissuewasinitiallynotedbyCasparBowden
322
83.Theerrorpercentagehasbeenusedasevidenceofhowrobustthecurrentoversightregimeis.For example,thefigurefrom2010 0.3% iscitedonpage11oftheHomeOffice'sPrivacyImpactAssessment forthedraftBill.TheIoCChimselfstatesonpage30ofhisreportthatheis'satisfiedthattheoverallerror rate is still low when compared to the number of requests that were made during the course of the reportingyear'. 84. Errors can have serious consequences. We know that two members of the public were wrongfully detainedin2011asaresultofRIPArelatederrors382.Acertainnumberofmistakesareinevitable,butit is clear that the police occasionally use retained data to conduct invasive operations without sufficient verification. 85. In his evidence to the Joint Committee, Charles Farr makes the point that understanding the effectivenessoftheauthorisationregimeiscriticaltoexamininghowappropriatethepowersare:
Incompatibilitywithhumanrightslaw
86.Itiscrucialthattheissueofsamplesizeanderrorpercentageisclarified.Itisonlypossibletoexamine howappropriatesuchpowersarewhenthereistransparentoversightthatinspiresthefullconfidenceof stakeholders. 87. We have written to the Commissioner to ask them to publish the sample size ie the number of requests inspected , and to clarify the error percentage calculation. So far, their response has been to confirm that the number of requests inspected cannot be published. We have written a further open letter,whichwillbepublishedonourwebsite,highlightingtheapparentcalculationerrorandrequesting anexplanation.WewillsupplydetailsofanyreplytotheCommittee. 88. We recommend a review of the oversight of the access regime, for example looking at whether the IoCChastherequiredtechnicalandlegalstaff,andtheextenttowhichitreliesonthepoliceandagencies foradvice. We also recommend an analysis of what information the IoCC should disclose to ensure full and transparent oversight of the access regime. This should be designed from the 'outside in', starting fromtheperspectiveoftryingtoensureproperdemocraticoversight. 89. We recommend that, in addition to increased transparency of the workings of the oversight and inspectionregime,thosewhosedataisaccessedareinformed.Thiscouldbelimitedincaseswherethere arepotentialoperationalproblemswithinformingthedatasubject. 90. As it stands, the safeguards are not transparent, and they do not command our confidence or the confidenceofotherknowledgeableobservers.WeareconcernedthereforethattheHomeOfficeplansto stepuptoblanketdatacollectionandretentionwiththesameunsatisfactoryoversight.
the trivialisation of the use of communications data is therefore better tackled through an examinationoftheapplicationprocessandtheextenttowhichnecessityandproportionalityare, indeed, ingrained in thesystem. Thatfeels, tome, amore likely routeto avoidingtrivialisation than defining or redefining serious crime, which, as you rightly say, is fraught with hazard. I personallybelievethatthenecessityandproportionalitytestsaremetbytheuserswhousemost ofthisdatathepolicebutyouwillcometoaviewonthat.383
382 http://www.guardian.co.uk/uk/2012/jul/13/snoopingerrorswrongfuldetentionwatchdog 383 http://www.parliament.uk/documents/jointcommittees/communications data/ucJCDCD100712Ev1.pdfpage5
323
91.AnnexAcontainsalegalopinionfromEricMetcalfeofMoncktonChambersregardingthe compatibilityofthedraftCommunicationsDataBill.MetcalfeconcludesthattheBillisincompatiblewith theUK'sobligationsunderArticle8ECHRonthebasisthatitfailstoimproveontheauthorisationand oversightregimeunderRIPAandimposesa'furtherrequirementonCSPsandotherstoretain,make availableandfiltercommunicationsdataforthepurposesoflawfulsurveillance.Intheabsenceof sufficientsafeguards,thisconstitutesafurther,disproportionateinterferencewiththerighttoprivacy. 92.Explainingthepositionontheinsufficiencyofthecurrentsafeguards,MetcalfesetsoutthatArticle8 requiresaccesstocommunicationsdatabegovernedbylegislationtheprovidesadequateandeffective safeguardsagainstabuse para15 .Hearguesthattheseniorfigureresponsibleforauthorisingaccess underRIPA'cannotbecrediblydescribedassufficientlyindependentorobjectivetoprovideaneffective safeguardagainstarbitrarinessorabuse para16 . 93.Onthenewpowerstoordercollectionandaccesstomorecommunicationsdata,Metcalfearguesthat theBill'spowertorequireCSPstostore,makeavailableandfiltertheircustomers'private communicationsdatainaparticularmannerforthesakeofmakingcovertsurveillanceeasierisplainly disproportionate para29 . 94.ThefullopinioncanbefoundatAnnexA. 95.TheDataRetentionDirectiveanditsimplementationaresubjecttolegalchallengesacrossEurope.In Januaryofthisyear,DigitalRightsIrelandaskedtheEuropeanCourtofJusticetoconsiderwhetherthe DataRetentionDirectiveisconsistentwithEUlaw384.TheimplementationoftheDataRetention DirectiveisalsobeingchallengedinvariousformsinGermany385,Bulgaria386,Romania387,Cyprus388 andCzechRepublic389.Weconsideritunwisetoproposefurthercollectionandretentionmeasures whenthescopeandimplementationofthecurrentDirectivearebeingchallengedacrossEurope. 96.TheArticle29WorkingGrouppublishedareportin2010ontheimplementationoftheData RetentionDirectiveandwerecriticaloftheimplementationoftheDirectiveacrossMemberStates.They recommendedthatthecategoriesofdataretainableundertheDirectivebeconsideredexhaustive,and thatthelistofseriouscrimesjustifyingretentionunderthedirectiveshouldbelaiddownatdomestic levelbasedonnationallaw,takingintoaccounttheconsiderations...asfortheneedtoclearlydefineand delineatewhatismeantbyseriouscrime. 97.TheWorkingPartywerealsoverycriticalofthelackofstatisticsfromMemberStatesonthe implementationoftheDataRetentionDirective,whichmeantafullreviewoftheimplementationofthe directivewasimpossible.Itseemsunwisetoproposeanextensionofthetypesandamountof informationcollectedandstoredwhilsttheimpactofthecurrentDirectiveisunclear. August2012
Retentionisbeingchallengedinmanyjurisdictions
384Seehttp://www.thejournal.ie/ecjaskedtoruleonmandatoryretentionofphoneandinternet data339434Jan2012/andforthedocumentsubmittedtotheCourt,see http://www.scribd.com/doc/97936957/DigitalRightsIrelanddataretentionchallenge PreliminaryReferenceQuestions 385http://www.totaltele.com/view.aspx?ID 473999 386http://www.edri.org/edrigram/number6.24/bulgarianadministrativecasedataretention 387http://www.edri.org/edrigram/number10.1/romaniansenaterejectsdataretention 388http://www.pcadvisor.co.uk/news/mobilephone/3362812/czechsconsiderreintroducingeudata retentionrules/ 389http://jurist.org/paperchase/2011/03/czechconstitutionalcourtoverturnspartsofdata retentionlaw.php
324
Anne Palmer
General: 1 HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill?Iunderstandthat theHomeOfficehastoimplementEULegislationandthatithastomonitorallitsownBritishCitizensand thentoforwardtheinformationithasgathered,totheEuropeanUnion. 2 HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill?ThereisnowayanyBRITISHGovernmentcanmakeaConvincingCasefortheneedoftheseEU NEWPOWERSfortheproposedDraftBill.Forthepeoplethatwerenotaroundinthelastwar, legislationsuchasthiswasnoteventhoughtabout.Letterswereopenedandcertainwordsblockedout butthatwasinwartimeandmanymighthavebeenkilledbyathoughtlessremarkinprint.Althoughthis legislationisbeingbroughtaboutallegedlybecauseofTerrorismandTerrorists,andsadly,theUSAand theUKarewellawarethatthousandsofpeoplecanbekilledthroughsuchdespicableterroristsacts.But manymillionswerekilledinthelastWorldWartopreventsuchasthiskindoflegislationbeingthought ofandbroughtaboutbyforeigners.Thatwarwaswontopreventthiskindoflegislationandtobring FREEDOMforALL.Therewillalwaysbeterrorisminthisworldoftoday,withorwithoutthis legislation,yetifourGovernmentallowsthisBilltogothrough,theterroristswillhavewon.Nothingwill begainedbythisproposedLegislationexcepttoalienatethepeopleevenfurtherawayfromthispresent CoalitionGovernmentaswellastheEuropeanUnion.ExactlyWHOwillbethenextEULeaderandwhat willthatleaderrequire?IneverwouldhavethoughttheEUwouldhavebroughtthislegislationout,and nevertheslightestthoughtthataBritishGovernmentwouldeventhinkofpassingit. 3 HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy?ThisBillcanneverfitinand,withthegreatestrespecttoyouall,Idoubtanyoneofyouwill everbeforgivenforthedespicableintrusionintothepeoplesindividualprivacy.Theywillhaveno privacyifthisBillgoesthrough,andneverwillanyonethatwentthroughthelastwar.Peopleandfriends werebeingbombedtobits,withhousesgoneandpeoplecoweringinBombShelters.Menfolkwereaway atwargivingtheirlivesforyourFREEDOMtoday;betweenyou,youarealllettingthissacrificeslipandit appearsallyoucandoisobeythedirectives orders offoreigners,forthatiswhatthislegislationisall about.YetwevoteandcontributetoyourpayforGoverningthisCountryaccordingtoitsverylong standingCommonLawConstitution. 4 Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionofcommunications data?Theymaylearn,alltoolatethatthisEUDirectiveshouldhavebeentornup. 5 .Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider?WhatthispieceofEULegislationcoststhis Countryifthisisacceptedwillbebeyondprice. 6 .ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernstheretention ofcommunicationsdata?ItisalreadyjustoneEUDirective,theintrusiveDirective2006/24/EC, NomatterhowthisoncesovereignNationalGovernmenttrystodressitup. 7 .IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties?CanyoureallyrebalanceCivilLiberties? Tomakethemwhattheyonceusedtobe? 8 .WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKasa lessattractivebase?Whatmightbetheeffectonbusiness?AsmostEUCountriestheUKdealswithwill haveexactlythesamelegislation,theywillbeinexactlythesameposition.Ontheotherhand,ifthis Countryliberatesitselffromforeignrule,perhapsagreatdealofbusinesswillcomeourway.Allwill knowweareFREEforourpeoplewillthrowofftheirsenseofdefeatanddepressionandbellswillring outacrosstheland.IthashappenedbeforeforitisthegoldenthreadofBritishhistory.
325
Costs: 9 Istheestimatedcostof1.8bnover10yearsrealistic?That1.8bnisnothingcomparedtothelossof freedomthepeoplewillfeelifthislegislationgoesahead.AllthroughaBritishGovernmentwantingto snoopandsnitchonaonceFREEpeopleandthensendingtheinformationgatheredtostrangersonthe Continent.Apeoplethatfoughtandyesmanygavetheirlivessothattherewouldalwaysbeafreely electedBritishGovernmentinthatwonderfulHouseofCommonsthatwouldalwaysbeguidedbyitsown longstandingCommonLawConstitution.YetinanotetoGermanyrethisDataRetention,whichhad takenacriticalstanceagainstthisBillandwantedanoptoutfromit,wastoldinwriting,Inthis context,itmustberecalledthatUnionLawprevailsovernationallaw,includingnationalconstitutional law.YetIrememberonePrimeMinisterofGREATBRITAINstatingquiteclearlyThereisnoquestionof erodinganynationalsovereigntyinjoiningtheEuropeanCommunity.Yetwehavepermanentlawson treasonprotectingourConstitution,sohowcanthatstatementberight?HowcanEULawoverrideour NationalConstitutionthathaslastedhundredsofyearsandhasbeensavedbyfightingandwinningtwo WorldWars?ItisundoubtedlyhightimeforthisCountrytoremoveitselffromthefederalistEuropean Unionwithhaste.Therehasbeenagrowingstenchofbetrayalintheairforalongwhilenowandpeople knowit. 10 .TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBillcould beworthbetween56bn.Isthisfigurerealistic?Benefits?Absolutenonsense. Scope: 11.Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill?ThisBillshouldbescrappedanddeepdown, Ibelievewithallmyheart,youallknowittoo. 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Shouldit bepossiblefortheSecretaryofStatetovarythislistbyOrder?Nooneshould.ThisisonepieceofEU legislationthatshouldbeconsignedtothebinpermanently. 13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty?Ihopethereare nosuchplans.Isthelatterworthtrying? 14.UseofCommunicationsData:14.Arethecircumstancesunderwhichcommunicationsdatacanbe accessedappropriateandproportional?Whatkindofcrimesshouldcommunicationsdatabeusedto detect? a Therearenocircumstancesatall. b IfthisEUDirectiveisputintoaction,whichcountries willnotaccessanyorallcommunicationsintheUK? 15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort?ThewholeEU Proposalsforthislegislationshouldbescrapped.Iwouldliketobelievethatmostofthosethathavebeen freelyelected,knowthattoo. Safeguards: 16. a Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.a Noonecan guaranteeanykindofsafeguardwhenanyinformationgatheredistogototheEuropeanUnion.The informationwillalsobesharedwiththeUSA. b Howshould"designatedseniorofficer"bedefined? b TherewillbenoneedofsuchanOfficerifcommonsensereigns. c Isthissystemsatisfactory? c ObviouslytheanswerisNO. d ArethereconcernsaboutcompliancewithArticle8ECHR? d 1. Everyonehastherighttorespectforhisprivateandfamilylife,hishomeandhiscorrespondence. d 2. Thereshallbenointerferencebyapublicauthoritywiththeexerciseofthisrightexceptsuchasisin accordancewiththelawandisnecessaryinademocraticsocietyintheinterestsofnationalsecurity, publicsafetyortheeconomicwellbeingofthecountry,forthepreventionofdisorderorcrime,forthe protectionofhealthormorals,orfortheprotectionoftherightsandfreedomsofothers.Youcan remakethelawtofitparttwobutitwillnotandneverbeademocraticsocietyagain.Thelastwarwas foughtforFREEDOManditisthatyouwillallloseforever.Evennowyouareobeyingforeignlawsrather
326
thanlookingtoyourownCommonlawConstitutionandallthatmygenerationfoughtandgavetheirlives for. 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplytoall publicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe?Inviewofmypreviousanswers,thereis noneedforananswertothis. 18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformationCommissioner sensible?ThisEUProposalshouldberejected. ParliamentaryOversight:19.Arethearrangementsforparliamentaryoversightofthepowerswithinthe draftBillsatisfactory?TheDraftBillshouldberejected. Enforcement: 20.Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywiththe requirementsofthedraftBill?IftheGovernmentdecidestoimplementthisBill,itwillbethegreatest mistakeanyBritishGovernmenthasmadethusfar.Itshouldberememberedthatthepeoplecontribute towhatthisGovernmentdoes.WhyshouldtheycontributetoanyEUFinewhenallthepeoplecandois obeytheirownCommonlawConstitutionfortheyhadnohandinallowingforeignerstomakethelaws eventheirownGovernmentshavetoobey. 21.Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthedraft Billamounttoanoffence?Answerasat20. Technical: 22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapturecommunications datareliably,storeitsafelyandseparateitfromcommunicationscontent?NoneoftheCommunications aremeanttobestoredsafely,theyaremeanttobesharedwithothersthatthisGovernmentcannot possiblyvouchfor.TheEUandtheUSAandpossibleothers. 23.Howsafelycancommunicationsdatabestored?Asabove,theycannot.Howcanemailscapturednot beread?ItwasinfactEdwardHeathwhomadeitveryclearthatinjoiningthethenEEC,thatthere wouldbenolossofessentialSovereigntyandpeoplevotedtoremainintheEECin1975becausethey believedwhathesaid.HeliedandadmittedthatlieonTelevision.Admissionofthatliedidnotputthe matterright.ThepeoplehaveneverbeenaskedsincethatdatewhethertheywanttoremainintheEU, yetthisGovernmentisaskingthepeoplenow thatknowaboutthis EU legislation ,ifweshouldallow thisDraftCommunicationsBill,knownbysuchasmyselfas,TheSnoopersBilliftheywanttobespied onfortherestoftheirlives,whichisexactlywhatthisBillwillallow.Thevastmajorityofpeoples freedomsandprivacywillbegoneforeverincludingyourown. 24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible?No.A wiseGovernmentwouldrejectthisEUDirective. 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill?It maynotcometothisatthistime,becausepeopleinothercountries namelyGermany areawareofthis proposaldonotlikeiteither,but,aswehavefoundouttoourcostbefore,whattheEUdecidesitwants, itwillhave,onewayoranother.ItreallyistimetoputthisCountryoutofitsreach. 26.Arethereconcernsabouttheconsequencesofdecryption?Idoubtanyonecouldprevent Governmentsfromtrackingemailsbuttherearewaysofcoursewherenothingiskeptonorinthe Computer.TheFifthAmendmenttotheUnitedStatesConstitutionprotectssomepeopleundercriminal investigationfromhavingtorevealpasswordsprovidedaccesstotheencryptedcontentofstorage devices.Perhapsweshouldhavesomekindofthatprotectionhere. August2012
327
Public Concern at Work

INTRODUCTION 1. WeareprovidingthisresponsetotheJointCommitteeontheDraftCommunicationsDataBillas partofthecallforwrittenevidence.Ourresponsefocussesonissueswherethedraftbillmay affectwhistleblowingandthelegalprotectionforwhistleblowers,setoutinthePublicInterest DisclosureAct PIDA .WebeginbysettingoutabriefintroductiontoPublicConcernatWorkto providecontextforoursubmission.Wesuggestfunctioncreepwithintheproposedpowers couldmeanthebillisusedbyinvestigatingauthoritiestotrackcommunicationsbetweena whistleblowerandthirdparties,suchasregulators,MPsorjournalistsresultinginachilling effectonthelikelihoodthatregulatoryorwiderdisclosureswhicharealreadyprotectedbylaw wilberaised.Asweexplainbelow,webelievethereisarealriskthatthesepowerssetoutinthe billwillbeabused,bythoseundertakingleakinquiriesundertheoffenceofmisconductinpublic office.Wealsoraiseconcernsovertheeffectthismayhaveonthelegalprotectionfor whistleblowersunderPIDA.Werecommendthatinvestigationsconcerningmisconductinpublic officebeexcludedfromthecommunicationdatathatinvestigatingauthoritiescanobtainforthe purposesofdetectingcrimeorpreventingdisorder,orthatthereisanadditionalarmslength oversightmechanismwhensuchinvestigationsarebeingundertakenorcontemplated. 390We alsosuggestthatwherethecommunicationdataofawhistleblowerisaccessedbutno prosecutionispursuedthattheindividualisinformedthatthisaccessrequestwasmadeand obtained. 2. Wehavelimitedthissubmissiontoourparticularareaofexpertisenamelytheprotectionof whistleblowersbutwewouldalsoendorsetheconcernsraisedbyothercivilsociety organisationsparticularlyBigBrotherWatch,OpenRightsGroup,LibertyandJusticeaboutthe verybroadpowerscontainedwithinthedraftbill.Weagreethatthenatureandbreadthof communicationsdatabeingcollected,storedandminedmeansthatthedistinctionbetween communicationsdataandcommunicationscontentwillnecessarilybecomeblurredsothatthere arerealriskstoindividualsprivacyrightsasaresultoftheseprovisions. 391 3. AsstatedinevidencebyAngelaPatrickofJustice:Itisparticularlyimportantfor parliamentarianstobeawareoftheneedforeffectivecontrolsandsafeguardstoensurethat surveillanceisonlyusedinthosecircumstanceswhereitisstrictlynecessaryandjustifiable. Individualsinmostcases,ifsurveillanceiseffective,willneverknowthatithashappenedandso willneverhaveaccesstoaneffectivechallengeoraremedy. 392Wewouldwhollyendorsethis statementandurgethecommitteetoconsiderthequestionofappropriatechecksandbalances verycarefully. 4. Wewouldalsourgethecommitteetoconsidertheimplicationsforcommunicationsinvolving lawyerclientprivilege,theprotectionofjounalistssourcesandtheconfidentialityof communicationsbetweenconstituentsandtheirMPs,aspartofthisconsultationandsuggest thateithersuchcommunicationsshouldbeexcludedfromthereachofthisbill,oradditional armslengthsafeguardsareintroducedwheresuchcommunicationsaregoingtobemonitored. BackgroundtoPublicConcernatWork 5. PublicConcernatWork PCaW isanindependentcharityandlegaladvicecentre.Launchedin 1993,wehavehelpedleaddevelopmentsonwhistleblowingasagoodgovernanceandrisk managementtoolintheUKandabroad.Weprovideaconfidentialadvicelineforindividualswith whistleblowingdilemmas;professionalsupporttoorganisations,policyadvicetoGovernments
390Part2,Subsection
6 b oftheDraftCommunicationsBill
data/uc170712ev4HC479iv.pdf 2012
392Q222UncorrectedTranscriptofOralEvidence,JointCommittee,DraftCommunicationsBill17July
328
andinternationalorganisationsandpubliceducationprogramme,thatpromotewhistleblowing andgoodworkplacecultures. 6. Bywayofbriefbackground,PCaWwassetupinresponsetoaseriesofscandalsandtragediesin thelate1980sandearly1990swhichincludedthesinkingoftheHeraldofFreeEnterprisein 1987,thePiperAlphaoilrigexplosionandthecollapseoftheBCCIamidstwidespreadfraudin 1990.ThevariousofficialInquiriesafterthesedisastersrevealedthatalltoooftenstaffhad knownofthedangerbutweretooscaredtospeakupor,iftheydid,thattheydidsointhewrong wayortothewrongperson,onlytobeignoredand/ordismissed. Ourworktoaddresswhistleblowingeffectivelyasamatterofaccountabilityandgood governancemeansthatwehaveunrivalledpracticalexperienceinthefieldbothinoperatingan advicelineserviceforindividualsandinprovidingprofessionalsupportfororganisationson whistleblowing.
7.
ThePublicInterestDisclosureAct 8. Whenenacted,PIDAwaspraisedforsoskilfullyachievingtheessentialbutdelicate balancebetweenthepublicinterestandtheinterestsofemployers. 393TheActmostreadily protectsconcernsraisedwithanemployer,butalsogivesprotectiontoindividualswhogo outsidetheiremployersuchastoaregulator,orMP/journalistincertaincircumstanceswhen theconcernhasbeencoveredupornotaddressed.PIDAisultimatelyaboutaccountabilityandit followsthatforthistoworkitmustbepossibleforthoseresponsibletobeheldtoaccountfor theirconduct.Thisprovidesanincentivefororganisationstodealopenlyandwellwithany potentialwrongdoingwhenfirstraisedbyaworker.Asstatedbelow,webelievethatoneofthe potentialunintendedconsequencesofthisbillwillbethatlegitimatewhistleblowersworkingin publicauthoritieswillbediscouragedfromraisingconcernsopenlyorconfidentiallyandwilluse anonymousleakingasanalternativeiftheybelievethattheircommunicationsarebeingorcould betracked. ResponsetotheConsultation 9. WenotethattheCommitteehasdiscussedfunctioncreepwiththebillappearingtocovermore areasofinvestigationthanoriginallyindicatedwhenproposedbytheHomeSecretary.394We areconcernedthenewpowerscouldbeusedtopursueleakersandwhistleblowersviathe offenceofmisconductinpublicoffice. 10. WhistleblowingisnowseenintheUKasapositiveandnecessaryfunctionofourdemocracy. DisclosuresunderPIDAtoanylevelofinternalmanagementwithinanorginisationcanbe protectedascandisclosurestoaregulator,MPandtothemedia.Thereisoftengoingtobea tensionbetweenwiderdisclosures ieoutsidetheregulatoryframeworktothemedia and leakingconfidentialinformationaboutthepoliticalmovementsandpolicydiscussionswithin Government.Leakshavelongbeendescribedasdamagingforeffectivegovernmentastheycan erodethetrustbetweenaMinisterandtheircivilservants. 395Thelinebetweenwhether someoneisleakinginformationorwhistleblowinginthepublicinterestisnotalwaysaclearone forsomeoneattheheartofthisdilemma,andcontroversyhasfollowedwherethegovernment hastriedtopursuepeopletheybelievetohaveleakedinformationwithcriminalsanctions.Our concernisthatpowersproposedinthisBillmaypushwhistleblowersintousinganonymous onlineleakingplatformsorotheranonymousmeansofcommunicationratherthantheopenand confidentialoptionsencouragedbybestpracticeandprotectedunderPIDA.
393HansardHL,5June1998Col.614 394Q183UncorrectedTranscriptofOralEvidence,JointCommittee,DraftCommunicationsBill12July
2012
395P.g.7LeaksandWhistleblowing,10thReportofthe200809SessionofThePublicAdministration
SelectCommittee
329
11. Leakinginformationcanbeacriminaloffenceifitbreachestheofficialsecretsactwhichoutlaws disclosuresofinformationrelatedtonationalsecurity,nationaldefenceorrelationswitha foreignpower. 396Howtodealwithasituationwhereinformationleakedfallsbelowthis thresholdhasprovencontroversial,inrecentyearsthepolicehaveunsuccessfullypursued individualsusingtheoffenceofmisconductinpublicoffice. 12. TheCrownProsecutionService CPS describesmisconductinpublicofficeasfollows apublicofficeractingassuch; wilfullyneglectstoperformhisdutyand/orwilfullymisconductshimself; tosuchadegreeastoamounttoanabuseofthepublic'strustintheofficeholder; withoutreasonableexcuseorjustification. 397 13. Therearetworecentcasesthatdemonstratethistensionandprovideaninsightintohow functioncreeptowardstheoffenceofmisconductinpublicofficecouldoccur.Thefirstisthe abortedinvestigationintoDamianGreenMPandChristopherGalleyin2008andthesecondis thecollapsedprosecutionofjournalistSallyMurrerin2007.Bothcasesrevolvedaroundthe investigationofmisconductinpublicofficeastheinformationdiscloseddidnotfallwithinthe scopeoftheofficialsecretsact.Questionswereaskedinbothcasesastowhetheritwasinthe publicinteresttopursuethecases.Wehavesummmarisedthecircumstancesineachofthese casesbelowandprovidedamorethoroughcasestudyofbothcasesatAnnexAattachedtothis submission. 14. InGalleyandGreenscase,therehadbeenpresscoverageaboutanumberofproblemswithinthe HomeOfficeandaleakinvestigationensuedresultinginaraidofDamianGreenMPs WestminsterOfficeandthearrestofajuniorhomeofficecivilservant ChrisGalley andMr Green.IntheendtheCPSdroppedthecaseagainstbothmenonthebasisthatthecasehadno reasonableprospectofsuccess. 15. IntheMurrercaseajournalistandapolicesergeantwereprosecutedforthesameoffenceovera numberofstoriesthatappearedinalocalpaperwhichincludedthearrestofthelocalfootball teamsstarstriker.Thecasewasthrownoutwhenthetrialjudgeruledatapedconversation betweenMurrerandthesergeantwasinadmissibleasevidenceduetolegalprotection forjournalisticsourcesunderEuropeanlaw.Bothcasesdemonstrateaconcernwesharewith oralevidenceputbeforethecommitteethatundertheproposedsystemadisclosureofthe confidentialinformationonlyrequiresaseniorofficertoapproveitsuse.398Theproposed powerswouldmakeitpossibleforanMPorajournalistwhohasreceivedinformationfroma whistleblowertohavetheiremailandelectroniccorrespondencetrackedwithouthavingany knowledgethatthisishappening.ThepotentialforabusecanbeseenintheHomeAffairsSelect CommitteereportintotheGreenandGalleyinvestigationwherethecommitteecriticisedthe HomeOfficeandtheCabinetOfficeforexaggeratingtheactualandpotentialdamagetheleaks woulddotonationalsecuritywhentheyapproachedthePoliceaskingthemtoinvestigate. 16. AcautionarytalecanalsobeseenintheUSwheretwocaseshavebeenbroughtagainsttheUS governmentcenteringonasecretpresidentialordersignedbyPresidentBushinOctober2001, whichwasthenexposedin2005viawhistleblowersandmediareports. 399Theorderallowed theUSlawenforcementagenciestosecretlystoreemailandtelephonedatavia thetelecommunicationscompaniesundertheguiseofnationalsecurityinthewakeof9/11. Securityserviceswereallowedaccesstothisdatawithoutpriorapprovalfromanoutsidecourt,
396OfficialSecretsAct1989 397MisconductinPublicOfficeCPS
http://www.cps.gov.uk/legal/l_to_o/misconduct_in_public_office/#a04
398Q117JointCommitteeontheDraftCommunicationsBill,UncorrectedTranscriptofWrittenEvidence,
TheDraftCommunicationsBill11July2012
399http://www.nytimes.com/2012/08/23/opinion/thenationalsecurityagencysdomesticspying
program.html?_r 1&ref opinion
330
thissituationcontinuestoday.Whenthiswasuncoveredandquestionswereaskedasto whetherthepresidentialorderswereconstitutional,aclassactionsuitwasbroughtagainstthe telecommunicationcompaniesbytheElectronicFrontierFoundationandtheUSGovernmentin response,passedlawsexoneratingtherelevantcompaniesfromliability.Thisinturnledtoa furtherclassactionsuitthistimeagainsttheUSGovernmentandthepoliticiansresponsiblefor creatingthecurrentsystem,namelyformerPresidentGeorgeW.Bush,thenVicePresidentDick CheneyandtheadministrationsAttorneyGeneral.Thoughthecaseisstilltobedecided,the decisionbytheUSGovernmenttocreateasystemofelectronicsurveillancewithoutanywarrant orjudicialoversighthascausedconsiderablecontroversyandalengthylegalbattle.The Committeeshouldlookatthissituationasanexampleoftheunintendedconsequencesofsuchan initiativeandaskthegovernmenttoensurethatpropersafeguardsareinplacesothatsimilar legalactionsintheUKarenotnecessary. 17. Werecommendthatmorethoughtisgiventowhatcriminaloffencesareincludedunder provisionsthatallowcommunicationsdatatobeobtainedinthepursuitofdetectingcrimeor preventingdisorder.Wesuggestthatthebilleitherexcludesmisconductinpublicofficefrom Part2section6 b ,orthatadditionalarmslengthoversightisrequiredoutsideofthe investigatingauthoritywheresuchachargeisbeingcontemplated.Wealsorecommendthata warrantorjudicialoversightsystemisbroughtintomonitortheuseofthenewpowersto ensurerequestsarenecessaryandusedinanappropriateandproportionateway. 400 18. Wearealsoconcernedabouttheuseoftheproposedpowersasfishingexpeditionagainstan individualwhoisknowntohaveraisedconcernswithabodyexternaltotheorgnisationwithin whichtheywork,underthepretencethattheindividualmightcommitacriminaloffencebutin realityitisanattempttointimidatetheindividual. 19. WedrawtheCommitteesattentiontothetreatmentofHMRCwhistleblowerOsitaMbawho raisedconcernsabouttheinappropriatetaxdealthathadbeenstruckbetweenthetax authoritiesandlargecorporations. 401MrMbaraisedhisconcernswiththePublicAccounts Committee,theTreasurySelectCommitteeandwiththeNationalAuditOffice,eachofthese avenuesofdisclosureisprotectedunderPIDA.TheGuardianreportedinJunethatacomplaint hadbeenissuedinrelationMrMbaandthathiswifespersonaldetailshadbeenpassedbyHMRC managerstotheDepartmentscriminalinvestigationdepartment. 402MrMbahasnotbeen chargedwithanycriminaloffence,infacthisconcernsledtocriticalreportsonthegovernance arrangementsattheHMRCandpraisefromthechairofthePublicAccountsSelectCommittee anditsmembers. 20. Ourconcernisthatwithoutadequatesafeguardsthereisaveryrealriskthatthepowers providedbythispieceoflegislationwillbemisusedbythosechargedwithundertakingaleak investigationwhichwillonlyservetointimidatepeoplelikeMrMba,whichinturnwillmeanthat itisverymuchlesslikelythatgovernmentwhistleblowers likeMrMba willevercomeforward. Alternativelythelikelihoodisthatsuchwhistleblowerswillanonymouslyleaktheinformation forfearofcommunicationdatatracking.Leadingtoaweakeningofpublictrustandconfidence, makingitharderforwrongdoingtobeaddressedandmoredifficulttoprotectanindividualor eventothankthem. 21. Wearealsoconcernedthatthishasthepotentialtounderminethelegalprotectionfor whistleblowers.PIDArequirestheclaimanttodemonstratethatthereisalinkbetweenthe protecteddisclosure thewhistleblowing andthedetrimentsuffered thevictimsationor dismissalsuffered butundertheproposedpowersthereisnowayanindividualwouldbeaware theyweresubjecttosuchaninvestigation.ThisrequestcouldwellbeakeypartofanyPIDAcase 6 b oftheDraftCommunicationsBill
400Part2,Subsection
401SeeAnnexAforthefullcasestudy. 402AuditOfficeAttacksTaxDealsforCorporations,RajeevSyalandShivMalik,TheGuardian,Thursday
14June2012
331
thisindividualmaywanttotakeforwardasitcoulddemonstratealineofcausationfromthe concernsraisedtoanydetrimentorvictimisationsufferedasaresult. 22. Ourrecommendationwouldbethatwherearequestforcommunicationdataisgrantedin relationtoaninvestigationintoawhistleblower,butnoprosecutionhasbeenbroughtforward, therequestingauthoritynotifiesthetargetofthisrequest. 23. Wetrustthatthisshortresponseishelpfultothecommittee.Wewouldbepleasedtoprovide anyfurtherassistancedeemednecessarybytheCommitteeortoexpanduponoursubmissionif thiswouldbeofhelp.
August2012
332
Privacy International
ThecurrentDraftCommunicationsDataBillisavagueframeworkthatgrantstheSecretaryofState significantpowersforfuture,asyetunspecified,actions.Thepurposeofthisbriefingistomatchcurrently availabletechnologyagainstthedraftbillinordertobetterunderstandwhatthisbillasdraftedcould enable. 403 Summary InthisbriefingweaddresstheCommittee'sQuestions3,4,22,23,24,25,26. Q3.HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy?TheyfundamentallyreversethisGovernment'sstatedpositiononrestoringcivilliberties. Q4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata?Thetechnologyfortheproposedschemeisprimarilyusedindictatorships.The detailsofsuchapproachesandabusestendsonlytoemergeoncethesedictatorshipsareoverthrown, forexample,intheaftermathoftheArabSpring.Detailedevidenceisnowemergingrevealingthe technologiesandtechniquesusedbythepreviousLibyangovernmentagainstitscitizens, 404andsome informationaboutsurveillanceandcensorshipsystemsinTunisia whichalsoeditsemailin transmission 405 andEgypthasalsocometolight. 406 Q22.Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent?Any communicationsserviceprovider CSP thatdidthiswouldbeatafundamentaldisadvantagewithin theinternationalmarketoftheinternet. Q23.Howsafelycancommunicationsdatabestored?Storedcommunicationsdatacanneverbe perfectlysecure. Q24.Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible?The proposalsforthefilteringarrangementsareneitherclear,norappropriate,nortechnicallyfeasible. Evenminimaldiscussionwitharepresentativecrosssectionofindustrywouldhavedemonstrated this,butsuchdiscussionhasnottakenplace. Q25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Itwillbeanextremelysimplematter,evenformostschoolchildren,toevadethemeasuresinthisbill. Q26.Arethereconcernsabouttheconsequencesofdecryption?ThisGovernment andtheprevious one haspushedthedevelopmentofa"digitaleconomy"intheUK.Forsuchdevelopmenttobe successful,securecommunicationsforpaymentsetcareabsolutelycrucial.Themeasuresinthisbill wouldfundamentallyunderminethedigitaleconomyinBritain. Overview
403Foradetaileddiscussionofthepolicyaspectsofthistechnology,westronglyrecommendSusan
Landau'sbook"SurveillanceorSecurityTheRisksPosedbyNewWiretappingTechnologies".ISBN: 9780262015301,MITPress,2011;andherblogposton https://www.privacyinternational.org/opinionpieces/surveillanceandsecuritysecuringwhom andatwhatcost 404http://owni.eu/2011/12/01/exclusivehowgaddafispiedonthefathersofthenewlibya/ 405http://www.bloomberg.com/news/20111212/tunisiaafterrevoltcanalteremailswithbig brothersoftware.html 406http://online.wsj.com/article/SB10001424052702304520804576345970862420038.html
333
PrivacyInternationalhasbeeninvestigatingtheglobalsurveillanceindustryforseveralyears. Surveillancecompaniesareinnovatingatarapidpace,andexpandingtheirmarketsinundemocratic regimes.ManyofthesecompaniesareBritish,andsomeselltheirtechnologiesandservicesinBritain aswell. In2008,Deticagaveapresentation 407attheISSWorldtradeshowforsurveillanceequipment, commonlynicknamedtheWiretappers'Ball, 408discussingthepotentialfornationalsurveillance systemssimilartowhatisnowbeingproposedbytheHomeOffice. Thepresentationhighlightedthecontemporaryobstacles,toachievingsuchasurveillancesystem.The issueswerenotjusttechnical,theywerealsosocialandlegal;suchasystemwouldnotbelawfulin democraticsocieties,andwouldnotbeacceptedbythepublic.TheHomeOfficeisnowattemptingto changethelegalsituation,butisignoringthesocialandtechnicalissues. Q3&Q4:Intrusionandcollection ThepolicealreadyhaveaccesstodatainawaythatwasunforeseeablewhentheRegulationof InvestigatoryPowersAct2000 RIPA wasdrafted.Forexample,atthetimeneithertheTransportfor LondonOystercardnortheCongestionChargeexisted. Thepolicehave"routineaccesstodatafromthecamerasusedforCongestionCharging", 409and requestaccesstoOysterdataundertheDataProtectionAct.ForOysterdata,510%ofrequestsare rejectedbyTransportforLondon TfL astherequestsdonothaveacceptablelevelsofdetailorare excessive. 410WhileTfLreviewrequestsforOysterdatawithadedicatedteam,andcantherefore determinewhetherrequestsareexcessiveorunacceptable,thenatureoftheaccesstoCongestion ChargedataissuchthatTfLcannotrevieweachrequest,andthuscannotrejectexcessiverequests. The"technicaldetail" 411ofimplementationthereforemattersagreatdeal.IfwetaketheOystercase asrepresentative,upto10%ofpolicerequestscouldbeillegalbutaccesswouldneverthelessbe grantedbecausethefilteringcomponentofthedraftbillwouldcreateasystemofautomatedaccess. Automatedaccessalmostalwaysresultsinmorerequeststhanmanualreview;thereisamoderation effectthatcomesfromknowingrequestswillbereviewedbeforefulfillment. "Ireadilyacknowledgethatcommunicationdatarecordsarehighlyintrusiveastheymaygivean insightintotheeverydayactivitiesoftheuserofacommunicationsdevice." 412 Whilethe2009ACPOsubmissiononcommunicationsdatareferredonlytophonecalls,textmessages andcellsites,othersubmissionstothiscommitteehavestatedthat 413thedraftbilladditionally requiresthecollectionandretentionofsocialmediatrafficdata,emailandothertraffic. 414
407Source:Dealingwiththeretainedcommunicationsdataexplosion:
https://www.documentcloud.org/documents/40913823200810issprgdetica.html
408http://www.washingtonpost.com/world/nationalsecurity/tradeinsurveillancetechnologyraises
worries/2011/11/22/gIQAFFZOGO_story.html?tid pm_pop
409WhatdoIneedtoknowaboutthecentralLondonCongestionChargecamerasystem?p1
http://www.tfl.gov.uk/assets/downloads/CCCameras.pdf 410http://www.tfl.gov.uk/termsandconditions/12321.aspx#pagelinkdoestflreceiverequestsfrom thepolicefordisclosureofinformationabouttheuseofindividualoystercards 411HomeAffairsCommitteeMinutesofEvidence,HC1939i,Q79,TheresaMaytoJulianHuppert: http://www.publications.parliament.uk/pa/cm201213/cmselect/cmhaff/1939/120424.htm 412ACPODataCommunicationsGroup2009responseto"ProtectingthePublicinaChanging CommunicationsEnvironmentAPublicConsultationGovernmentProposalsto EnsureCommunicationsDataRemainsAvailableforFutureElectronicCommunicationServices": http://www.scribd.com/doc/34921616/ACPODataCommunicationsGroupSubmission 413HC479ivTranscriptofOralEvidencetakenbeforetheJointCommitteeontheDraftCommunications BIll,Tuesday17July2012.Q221 http://www.parliament.uk/documents/jointcommittees/communications data/uc170712ev4HC479iv.pdf
334
ThisBillproposesanextensionofcurrentcapabilitytocoverallinternetservicesbyalldevices,with theSecretaryofStateabletodirectservicestocollectandretainparticulardata.Bringingtogether datafromsuchawidevarietyofsources,includingFacebooksessionsandemailinboxes,providesan intimatemapping,allowinglawenforcementtoidentifyapersonsassociates,friends,familyanddaily habits,evenwhenandwherethatpersonsleeps. HomeOfficestatementsclaimingthatthepolicehaveaccesstolessdatanowadaysthantheyoncedid aremisleading.Facebook,forexample,makespublicatleastthenameandprofilephotographofeach user.TodiscovertheidentityoftheownerofFacebookaccountnumber347071695348056,police needonlyvisithttp://facebook.com/profile.php?id 347071695348056.WhenPrivacyInternational submittedFreedomofInformationActrequeststotheMetropolitanPolice 415andotherpolice forces 416abouttheiruseofsocialmediaininvestigations,ourrequestswererefused. AnothersourceofinformationreadilyavailabletothepoliceisOpenSourceIntelligence OSInt informationthatisfreelyavailableontheinternet.ThegrowthofOSIntmonitoringisnotsomething theHomeOfficehasbeenwillingtocommentupon,perhapsbecauseitgivesthelietotheclaimthat thepoliceareincreasinglydeprivedofdata,butisoftenhighlightedbycompaniesthatprovide relevantservicestothepolice. 417 Inonesalesbrochure,thepowerofopensourceintelligenceanalysisisillustratedwithadiagramof thesocialnetworkofLondontechnologyworkers youmayspotsomenamesreferencedintestimony tothecommittee,fromtelevision,orfromtheHouseStaffList . 418 Thebillprovidesfortheamalgamationofallthesetechniquestomonitorsmallandlargepopulations, basedonordersissuedbytheSecretaryofState.Nootherfunctioningdemocracymonitorsitscitizens inthisway. Q22Captureandstorage ThebillrequiresthecollectionofthedataofallUKcommunicationsusers.AnyoneintheUKwhouses atelephone,mobilephoneordomesticemailserviceisalreadysubjecttothesurveillanceregime requiringtheretentionofdataforuptoayear.Thebillnotonlyproposestoextendcollectionand storagetootherformsofinformation,butisunprecedentedinorderingthecollectionofadditional informationnotrequiredforcommercialpurposes. Inpractice,theequipmentmaycollectacompletecopyofallinternetstreams,allemailandall webpages,andwillthendeterminewhichpartstoretain.Asfaraswecansee,thisisanecessary processifthetechnologyistofunction.PrivacyInternationalhaspublishedaworkedexampleonthis topic, 419lookingattheanatomyofaFacebookmessageanddemonstratingthatthetechnical gymnasticsthedraftlawwouldrequirewouldactuallybeprimafacieillegal. Technologycapableofcapturingcommunicationsdatareliably,separatingitfromcontentandstoring itsafelydoesnotexist.Thereareanumberofapproaches,allofwhichhavedrawbacksandbenefits,

414http://www.libertyhumanrights.org.uk/campaigns/nosnooperscharter/nosnooperscharter.php 415http://www.whatdotheyknow.com/request/social_media_monitoring_policies#incoming250931 416http://www.whatdotheyknow.com/request/social_media_monitoring_policies_2#incoming257392 417ntpreidsalespresentation,GatheringOpenSourceIntelligenceAnonymously.
https://www.documentcloud.org/documents/40918576201110issiadt6ntrepid.html
418ntpreidsalespresentation,p8and9:https://www.documentcloud.org/documents/40917970
201110issiadt5ntrepid.html
419https://www.privacyinternational.org/blog/facebookmessageanatomy
335
Thedefinitionof"collection"isessentialtounderstandingtheimplicationsofthebill.IntheUnited States,collectiononlyoccurswhenanindividualviewsinformationforexample,when whistleblowersreportedthattheNSAwascollectingallemailsinsidetheUS, 420theNSAdeniedthat thiswasthecase,astheemailswerenotnecessarilyread. 421However,intheUKthemerecollection inthenormalsenseoftheword ofinformationisinitselfaninterferencewiththerighttoprivacy enshrinedinArticle8oftheHumanRightsAct1998,andthereforemustbedoneinproportionate manner.TheHomeOfficewronglybelievesthattheUSmilitarydefinitionisapplicableintheUK. Q24TheFilter TheFilterappearstobedesignedtooperateasasingleunifiedsearchinterfaceacrossmultipleCSPs datasets.Withinevidence,itwasstatedthatthisisakintoa"searchengineforthepolice". 422 ThepolicemayalsoobtaintoolsthatthatofferanenhancedviewofFacebookactivity, 423showingthe networkofpeopleanindividualisconnectedwithandwhoheorsheexchangesmessageswith and howoften .Innowaycanthisbeconsideredtargetedsurveillance.Theinformationofapersonwho happenstohavesomeconnectiontosomeoneundersuspicionwouldbecomevisibletothepolice. TheFiltermaybeabletopredictthefuture.Amobilephonecompanyholdsenoughinformationto guesswhereanindividualwillbetomorrowatacertaintimetowithina20metreradius. 424TheFilter wouldbeabletomatchtimeandlocationsacrossnetworksandservices,correlatewhowaswhereat thesametime,andthen,bydesign,stepbackwardsandforwardsintimetoseewhowas communicatingbeforehandorafterwards.Thepowerofthiscapabilityissignificantandintrusive. 425 TheFiltermayknowwhoyoucalled,whatyousearchedfor,andwithwhomyoucommunicated.Even withoutcontent,knowingwhichGooglesearchesarerunduringaphonecallgivesastrongindication ofthecontentofthecall,withoutthecontentofthecallitselfbeingrecorded. Q25&Q26:Circumventionanddecryption CircumventingthispolicyissimplehowsimpledependsonhowfartheHomeSecretaryiswillingto extendhis/herpowersasenabledbythedraftbill.Inordertoimproveinformationsecurity, businesseshavebeguntousesecurenetworkingtechniquesandoutsourcedtheirservicesinways thatwillrendertheblackboxesineffective.Increasingly,individualsarealsoseekingoutsuch solutions. OnetimelycircumventionexampleisthegeographiclimitingofonlinecoverageoftheOlympicGames. DuetothelowqualityofcoveragebyUSnetworkNBC,therehavebeenaproliferationofarticles, adviceandcommentintheUSmainstreammediaexplaininghowtoaccesstheBBC'sinternet
andallrequiretradeoffsbetweencoverage,speedandretention.Thestatedplansseemimpractical, inefficientandcomplex,andthefactthattheHomeOfficehasrefusedtodivulgeanytechnicaldetails doesnotinspireconfidence.
420https://www.eff.org/issues/nsaspying/
warrantlesslywiretapdespiteevidenceandtheRegulationC2.2.1: http://www.fas.org/irp/doddir/dod/d5240_1_r.pdf 422Q307ofOralEvidencetakenbeforetheJointCommitteeontheDraftCommunicationsBill http://www.parliament.uk/documents/jointcommittees/communications data/uc170712ev4HC479iv.pdf 423Glimmerglass:pg10https://www.documentcloud.org/documents/40916555201110issiadt1 glimmerglass.html 424http://www.thestar.com/business/article/1224211wherewillyoubethistimetomorrow smartphonedatacanguesswithin20metres 425GeorgeDanezisandRichardClayton,IntroductiontoTrafficAnalysis: http://research.microsoft.com/enus/um/people/gdane/papers/TAIntrobook.pdf
421Seetheanalysishere:https://www.eff.org/deeplinks/2012/03/nsachiefdeniesability
336
Thesuggestionof"spoofing"SSLimpliedinsomelanguageintheBillwillsimplygivecriminalsan easilydetectablesignofactivemonitoring,beingroutinelycheckedbywebbrowsers.Thismaynotbe theBill'sintent. Thebillalsofailstocopewithtechnologiesthatallowforanonymousroutingoftraffic,i.e.Tor. 428 DevelopedbytheUSNavytoprotectGovernmentcommunications,Torwouldcertainlyevadethe measuresinthedraftBill. 429WeunderstandthatTorhavebeenaskedtogiveevidencetothe committee,andsowereferyoutotheirsubmission. Oncebackdoorcapabilitiesaredesignedintocommunicationsnetworks,theycanbeusedby criminalsaswellaslawenforcement.In2004,thecapabilitiesbuiltintotheVodafonenetworkin Greecewereaccessedillegitimately,permittinganunknownentitytomonitorthecommunicationsof theGreekCabinet,USembassyofficialsandjournalists.Vodafonewaseventuallyfined76million euros. 430 DoesthecommitteeandthisParliament,byyouractions,endorserequiringCSPstoonlypurchase equipment,whereitiscapableofhandling100,000simultaneousconnections,itmustalsobecapable oftappingeveryindividualconnection 431,eachto6agencies, 432andwithouttheCSPknowing?In effect,thatisthepositionoftheBill. MuchoftheprepublicationrhetoricofthebillfocusedonobtainingaccesstoSkypecalls.However, SkypeisnowownedbyMicrosoft,whichrebuilttheinternalstructureoftheSkypenetworkinaway thatallowslawfulaccessafewmonthsafterpurchase. 433 However,theHomeOfficemaintainsthatitwantstheabilitytonotonlyorderaforeignproviderto respondtoinformationrequests,butalsotorequirestructuralchangestotheirpracticesandservices, e.g.toorderaprovidertocollectnewcategoriesofinformation.IfanationalGovernmentcan mandatetechnicalinterferenceonprivateservices,itmaylimittheeconomysabilitytoadapttoa changingmarketandputthecountryatacompetitivedisadvantage. Lessinvasivetechnologies Thisbillproposesavastexpansionofcommunicationssurveillanceandwouldcreateasituationin whicheveryonecommunicatingintheUKwouldeffectivelybetreatedasapotentialcriminalsuspect. Therearenumerousexamplesofothertechnologiesfortargetingmobilephones,broadband connections 434andothercommunicationsthataremoreeffectivethanthesemeasureswouldbe. NewsreportsonundercoverpoliceofficerMarkKennedysinfiltrationofnetworksofenvironmental activists 435demonstratethatsurveillancetechnologiesarealreadyinuse.Whetherthepoliceare 426http://articles.latimes.com/2012/aug/01/business/lafitechsavvyolympics20120801 427formoredetails,seetheSpamHaus.orgprojectwhichhasbeenworkingonthissince1998. 428https://www.torproject.org 429https://www.torproject.org/about/overview.html.en#inception 430http://www.ft.com/cms/4791e25e8be111dba61f0000779e2340.html 431http://www.telesofttechnologies.com/products/networkmonitoringsecuritycontrol/abisprobe 432https://www.documentcloud.org/documents/409319182vastech201110brochures.html 433http://www.skype.com/intl/enus/legal/privacy/general/ 434TraceSpanADSLinterceptsolutiontapsasingleADSLline 435http://www.guardian.co.uk/environment/markkennedy
services. 426Anotherexampleisthehistoryofspamemailontheinternetacircumventionarmsrace hasbeenunderwayforalmost20years,yetaglanceatanyonesemailinboxshowsthereisstillno effectivepreventionmechanism. 427
337
usingmodifiedmobilephonesandwatches, 436orthemoreesotericmodifiedlightbulbsorchildrens carseats 437isunknown. Thoughthesetoolsareunfortunatelyusedwithoutoversight,theyarenotonlycheaperbutalsomore targetedandthusmoreproportionatethantheproposedlaw. Whiletheprecisedetailsoftheequipmentusedinsurveillance,underthisBillandunderRIPA,maybe amere"technicaldetail"accordingtotheHomeSecretary 438,weinviteParliamenttotakeagreater interestinhowthemasssurveillanceofcitizenswilloperateinpractice. August2012
436GriffCommunicationshttps://www.documentcloud.org/documents/409250127griffcomm
flex8f.html
437Elamanhttps://www.documentcloud.org/documents/409323186201106iss
elaman1.html#document/p21/a69092
438HomeAffairsCommitteeMinutesofEvidence,HC1939i,Q79,TheresaMaytoJulianHuppert:
http://www.publications.parliament.uk/pa/cm201213/cmselect/cmhaff/1939/120424.htm
338
Supplementary Privacy International

Q1.HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? 1. To some extent, the Home Office has been clear about what it hopes to achieve: futureproof legislation that ensures easy access to communications data and is applicable to any form of communication infrastructure that may come to be. It is ostensibly for this reason that the Home Office has proposed the most ambitious communications surveillance legislation we have seen to date, anywhere in the world. PI has been researching communications surveillance policies internationallysince1990,soweareinarelativelyuniquesituationtomakesuchastatement. However,insomerespectstheHomeOfficehasbeenextremelyunclear.Forexample,whilePart1of theBillwouldallowtheHomeSecretarytoissueorderstotelecommunicationsoperators,wedonot haveanyclarityaboutwhattheseorderswilllooklike,whotheywillbeissuedagainst,howtheywill beenforced,howthiswillaffectthetechnologiesandservicestheordersareappliedagainst,andhow thismightaffecttherightsofindividualsintheUKandabroad. Weagreethatthereisaneedtoreconsiderthepowersofgovernmentagenciestogainaccesstodata storedbyserviceproviders.Wealsoagreethat,astechnologychanges,itisimportanttocontinually reengageinthisdiscussion.Wealsoagreethatthefactthatcommunicationsserviceprovidersare not always based within the United Kingdom poses challenges to government agencies wishing to obtainthedatatheyhold. WedisagreewiththeHomeOffice'schoiceofpolicy.WedonotbelievethattheHomeOfficehasmade a convincing case for this specific policy. We do not believe that the Home Office has carefully consideredtheramificationsofthispolicyfromatechnological,legaloreconomicperspective.
2.
Q2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraftBill? 3.
4.
Q3. How do the proposals in the draft Bill fit within the wider landscape on intrusion into individuals privacy? 5. TheHomeOfficehasarichhistoryofproposingtechnologicallyadvancedsurveillancemeasuresthat are poorly regulated and technically problematic. In the mid1990s, the Home Office promoted a policy of restricting the use of encryption something that is now considered essential to the emergingdigitaleconomyintheUK.TheHomeOfficefundedthewidespreaddeploymentofpoorly regulated visual surveillance techniques in that period as well, despite Home Office research revealingthattheuseofCCTVwasfailingtoreducecrime. 439 The Home Office ensured that Britain was one of the first countries to require the deployment of intercept capability at CSPs, and one of the only countries to do so under a regime of ministerial warrants. The Home Office promoted the policy of communications data retention as a voluntary option in Parliament, only to then pursue a mandatory data retention policy at the European Parliamentinthemid2000s laterbroughtbacktoParliamentasanEUDirective .TheHomeOffice also pursued the world's most ambitious identity card programme, ignoring all international and technologicalexpertise,whileaccusingitscriticsofbeing"technicallyinept". 440 When it comes to surveillance, the Home Office does not have a good track record of pursuing technologicallyefficientorproportionatepolicies.Wehadhopedthat,withtheshiftsinGovernment rhetoriconcivilliberties,thedirectionoftheHomeOfficewouldchange.However,weseenochange in Home Office discourse since this policy was last promoted in 2009 as the 'Interception ModernisationProgramme'.Nothinginthedraftbillwouldpreventtheimplementationofanexact replicaofthe2009policy,withtheassistanceofafewordersfromtheHomeSecretary.TheHome Officehadpreviouslyproposedacentraliseddatabaseofinformation,thoughthiswasabandonedin 2009onprivacygrounds.Yetthefilteringarrangementswithinthedraftbillappeartocreateasingle
6.
7.
439HomeOfficeResearchStudy292,'AssessingtheimpactofCCTV',MartinGillandAngelaSpriggs,
February2005;alsosee'CCTVanditseffectivenessintacklingcrime',HouseofCommonsLibrary, July1,2010. 440'DefenceexpertunderminesBlaironsafetyofIDcards',DavidHenckeandVikramDodd,Feruary13, 2006,http://www.guardian.co.uk/politics/2006/feb/13/idcards.immigrationpolicy
339
interfaceforwidespreadaccessacrossdistributeddatabasesthefundamentalnatureofthestorage modelisthesame,whetheritiscentralisedordistributed. 8. This proposal comes at a time when increasing amounts of information is potentially accessible through traditional means. Mobile phone usage has expanded dramatically, and now mobile phone providersholdintimateinformationontheentirepopulation.WhenRIPAwasstillbeingdebatedin Parliament, we never imagined a day when the police would be able to identify everyone who has been in a specific geographic area by accessing data held by mobile phone service providers. Open sourceinformationisnowmuchmorewidelyaccessiblebecausetherearegreaterstoresofpersonal information,gatheredbothwithandwithouttheconsentofindividuals. It is particularly distressing that while new techniques of surveillance are being devised and deployed in this country, the Home Office is not only failing to properly regulate the use of these techniques, but in fact refuses to discuss them at all. Despite this draft bill being characterized as essential for improving responses to security threats, there is no mention or discussion of the surveillance techniques that are being developed and potentially used domestically without any Parliamentary or judicial oversight. All the Freedom of Information requests we have made to the policeabouttheiruseofthesetechniqueshavebeenrejected.Suchtechniquesinclude: The ability of police to remotely access your computing and phone devices. Techniques and productsexistthatpermitthepolicetoinfectacomputeroramobilephonewithatrojanthat allowsthemicrophoneandcameratoberemotelyandcovertlyswitchedon,andallactivityon thedevicetoberecorded.Inessence,thispermitsthepolicetomaliciouslyhackadevice.Weare uncertainastothelegalbasisforanysuchconduct,asprimafaciethiswouldlikelybreachthe ComputerMisuseAct.In2008,theGermanConstitutionalCourtruledagainsttheuseoftrojans by the state of North RhineWestphalia, asserting that not only was it a breach of the right to privacy, but a breach of "a guarantee of confidentiality and integrity in informationtechnology systems." 441 Theabilityoftheauthoritiestoaccessinformationonallmobiledevicesinagivenarea.Usinga devicecalledan'IMSIcatcher',thepolicecancreateafakecelltowertowhichallnearbymobile phones will connect. The device would then be able to access the unique identifiers of all the devices, and cross reference them against databases of accountholders. This technique is advertisedbythecompanieswhodevelopthetechnologiesasbeingparticularlyhelpfulforuseat large public events and protests. Our request for information regarding the legal status and policesaroundtheirusefromtheMetropolitanPoliceServicewasrejected. 442 TheabilityofauthoritiestotrackindividualsbyGPS.TheuseofGPSbypoliceintheUSledtothe USSupremeCourttorule UnitedStatesv.Jones,decidedJanuary232012 thatthedeployment ofthistechniqueonanindividual'scarrequiredajudicialwarrant.Ourrequestforinformation fromtheMetropolitanPoliceServiceregardingsimplythenumberofGPSdevicesandtheuseof thistechnique,wasrejected. 443 The ability of authorities to infiltrate and monitor online social media. A number of police organisationsoutsidetheUKhavebeenprocuringsocialmediaanalysissoftwareandthishasled to policy responses requiring clear articulation of how this type of surveillance is undertaken, and the necessary levels of oversight. 444 Our request to the Metropolitan Police Service again askingquestionsregardingthelegalstatusandpolicesaroundtheuseofsocialmediamonitoring wasrejected. 445
9.
441Quotationtakenfrom'Germany'sNewRighttoOnlinePrivacy',DerSpiegel,February28,2008,
availableathttp://www.spiegel.de/international/germany/theworldfromberlingermanysnew righttoonlineprivacya538378.html 442http://www.whatdotheyknow.com/request/imsi_catcher_guidance#incoming246590 443http://www.whatdotheyknow.com/request/gps_tracker_statistics#incoming270219 444TheFederalBureauofInvestigationdecidedthatitsuseofsocialmediamonitoringwillinfuturebe vettedbytheagency'sPrivacyandCivilLibertiesUnit.See'FBIsayssocialmediamonitoringwon't infringeprivacyrights',Computerworld,February14,2012. 445http://www.whatdotheyknow.com/request/social_media_monitoring_policies#incoming259481
340
10. TherearemanyothertechniquesforwhichtheHomeOfficehasstillnotprovidedanyguidance.We await,forinstance,theresultsofourrequestforinformationfrompoliceagenciesabouttheiruseof unmannedaerialdrones. 446 Q4.Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionofcommunications data? 11. Many governments are struggling with updating their laws for the current telecommunications environment,butnodemocraticcountryhasopenlypursuedthepolicycurrentlybeingpromotedby theHomeOffice.Thiscouldbeforanumberofreasons: thispolicywouldbeagainstthelawinmanycountriesbecauseitallowsthemonitoringofnon targetedindividuals; othercountrieshavenotyethelddiscussionsaboutthemodernisationofsurveillancetechniques forthecontemporaryandfuturetechnologicalenvironments; governmentshavebeenquietlypursuingthepolicywithoutopendiscussionanddebate; somegovernmentsalreadyhavejurisdictionovertherelevantinternetservicesandthusdonot requireadditionalsurveillancecapabilities.
12. Anyattempttocompareandcontrastpoliciesaroundtheworldisfraughtwithchallenges.Onecould arguethatajudicialwarrantinonecountrydoesnotqualifyasajudicialwarrantinanothercountry. However,itshouldbenotedthatsomegovernmentshavealreadybeenrebukedbytheircourtsfor notapplyingthehigheststandardsofprotectionoverthetypesofdatabeingdiscussedhere,andthat nodemocraticgovernmenthaspursuedthe'blackbox'DPIpolicyatISPsforconstantmonitoringof datastreamsinordertoidentifyspecificformsofinteractionswithoutsuspicion.Theseblackboxes were andstillare usedacrosstheMiddleEastandNorthernAfrica,morespecificallyinChina,Iran, Kazakhstan,SyriaandTunisia. 13. Withrespecttothebestpracticesandstandardssetforrigorous,fairandeffectivecommunications policiesaroundtheworld,suchpoliciesgenerallyinclude: Nopolicyofdataretentioninfact,mostdemocracieshaverejectedorfailedtoimplementdata retention policies e.g. United States has repeatedly debated but not implemented the policy; Australia and Canada have introduced laws to update surveillance techniques but all have excludedtheoptionofdataretention;thecourtsofBulgaria,theCzechRepublic,Germany,and Romania have ruled against data retention laws and there is a case pending at the European Court of Justice, while a number of countries have failed to implement the Directive on Data Retentionandthereisincreasinguncertaintysurroundingitsvalueandfuture. 447 . Due process involving judicial authorities who are competent to review and capable to reject accessrequests. Aclearandtransparentregimeofcostandliabilitydistributionthatdoesnotinsulateinstitutions fromindividualsseekingredress. Provisions for the service provider to contest requests before a court; this is particularly importantwhentherequestscomefromothercountries. Transparency and democratic oversightwith annual reports disclosing meaningful information abouttheextenttowhichapowerisusedandunderwhatconditions. Notificationofindividualswhentheirdatahasbeenaccessed.
446SeeourrequesttotheGreaterManchesterPolice,availableat
http://www.whatdotheyknow.com/request/drone_documenation#incoming304248 Directive:emergingthemesandnextsteps',December152011,availableat http://quintessenz.org/doqs/000100011699/2011_12_15,Eu_Commission_data_retention_reform.pd f
447SeeareportfromtheCounciloftheEuropeanUnion,'ConsultationonreformofDataRetention
341
14. This is why other countries have court warrants, judicial authorisations, and notification of surveillance after the fact. The UK remains one of the only democratic countries with ministerial interceptionwarrants.TheUK'sselfauthorisingaccessregimeforcommunicationsdatacontinuesto surpriseexpertsaroundtheworld. 15. All this data should lead us to conclude that we must improve our regime for communications surveillance. The situation has never been more urgent: we are seeing many developing countries directly replicating UK surveillance laws. It is essential that the UK not act as an enabler of poorly regulated surveillance and technologically ambitious schemes. We have already seen indications of abusesofsuchpowersbothintheUKandinternationally,including: in 2008, Liverpool Council was investigated after officials went through the mobile phone recordsoftheoppositionleader monitoringlinksbetweenpoliceandjournalistsforleaks 448 in2006SuffolkPoliceaccessedthemobilephonerecordsofajournalisttofindouthowhehad obtainedinformationregardingahistoricinquiry 449
16. However,becausethereisagenerallackoftransparencyandnotification,weareunabletoproperly identify all the cases of abuse. The international experience indicates that the frequency of abuses maybesignificantlyhigher.Asexamples: anAlbertanregulatoryboardwascaughtspyingonopponents 450 Azerbaijan used communications data to identify everyone who had voted for Armenia in the Eurovisionsongcontest 451 DeutscheBahnexecutivesresignedafterbeingcaughtmonitoringemployees'communicationsto seewhowasspeakingwithjournalistsandmembersofParliament; 452 Deutsche Telecom was also caught spying on journalists' communications with senior executives 453 Vodafonewascaughtmonitoringitsdirectors'communications 454 theGermanforeignintelligenceservicespiedonreporters'communications 455
17. Most telling are cases in which the data was accessed without adequate oversight. When the US decided to exceptionally grant the FBI powers of selfauthorised access to communications data solely for the purpose of national security investigations, many problems ensued. According to the FBI's Inspector General, these included failing to report accurate numbers to Congress, 456 single
448'Phonerecordssearchinvestigated',BBCNews,June18,2008,availableat
http://news.bbc.co.uk/1/hi/england/merseyside/7461819.stm http://news.bbc.co.uk/1/hi/england/norfolk/6200410.stm
449'Reporter'stelephonecallsprobed',BBCNews,December12006,availableat 450MontanainvestigatingAlbertaenergyboardspyingallegations,CBCNews,August232007,available
athttp://www.cbc.ca/news/canada/edmonton/story/2007/08/23/montanaspying.html?ref rss
451'AzerbaijanauthoritiesinterrogatemusicfansinEurovisionprobe',18August,2009, 452'Germanrailbossquitsoverspyingclaims',DailyTelegraph,March312009,
http://www.guardian.co.uk/music/2009/aug/18/azerbaijanauthoritiesinterrogatemusicfans
http://www.telegraph.co.uk/news/worldnews/europe/germany/5079165/Germanrailbossquits overspyingclaims.html 453'TelekomAccusedofTrackingJournalists'MobilePhoneSignals',DerSpeiegel,May30,2008, http://www.spiegel.de/international/business/spyscandalgrowstelekomaccusedoftracking journalistsmobilephonesignalsa556741.html 454'Vodafonespiedonitstopbosses',ThisisMoney,June1,2008,availableat http://www.thisismoney.co.uk/money/markets/article1632040/Vodafonespiedonitstop bosses.html 455'BNDAgents'Knewwhattheyweredoing'',DerSpiegel,March25,2008 http://www.spiegel.de/international/germany/theworldfromberlinbndagentsknewwhatthey weredoinga549765.html 456Asmanyas4600requestswerenotreportedaccordingtotheOfficeoftheInspectorGeneralReport, March9,2007.
342
'letters' actually requesting information on large numbers of people 9 such requests accessed the subscriber information of 11,100 different telephone numbers , 457 and significant and numerous abusesanderrors,evenmorethanreportedbytheFBI. 458 18. ThisUSsurveillanceregimewasrepeatedlyrevisitedanddebatedinCongress,andhasbeencurtailed to some extent. Most distressing is that the National Security Letter regime still has stronger oversight than the general policing approach to communicationsdata retention in the UK; the NSL regimeisnowrestrictedtonationalsecuritycasesandhassomeprocessesforinternalreview,which ledtoextensivedebatesinCongress.DespitesignificantlylowerstandardsintheUKandtheuseof similar powers for all forms of surveillance, RIPA has not seen similar legislative review and oversight. Q5.Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtainingcommunications datathattheGovernmentcouldconsider? 19. Directrequeststotheserviceprovidersfortheircustomers'dataisalwaysapreferredapproach.We acceptthat many of thesemay be based outside ofthe UK. A legal process mustbe developed that matchestheneedsofinternationalserviceproviders.Theyrequirethatrequestsarecompliantboth withUKandtheirowndomesticlaws.ThestandardsforrequestsintheUnitedStates,forinstance, are significantly higher ingeneral andserious crimepolicing,andwe should,at aminimum,match thesestandards. 20. Weareworkingcloselywithinternationalindustryleaders,technology,legalandsecurityexpertsto devise best practices on the processes for cooperating with government requests. It is a long and thoroughconsultationprocess.Meanwhile,thisdraftbillisevidenceofwhathappenswhenthereisa lackofconsultationinourdiscussionswithvarioussectorsofindustryintheUKandabroad,they allcontendthattheyhadnotbeencontactedbytheHomeOfficeatanypointaboutthispolicyprior tothisdraftbill. 21. Not getting this process right will stunt our communications abilities for the future. When informationexiststhatisdirectlyrelevanttoanongoinginvestigationjustmeasuresmustbeapplied toallowforaccess,andthisaccessmayindeedbeacrossbordersusingfastermutuallegalassistance processesthatareabletoensurecompliancewiththelawsinbothjurisdictions.Thesearenotnew problemsfromlexmercatoriatoantiterrorismpolicy,wehaveallbeenstrugglingtofindnewand equitable solutions across jurisdictions. The Home Office is currently proposing to railroad these conventionsandredesigncommunicationsinfrastructureintheirowninterests. Q6. The draft Bill sits alongside the Data Retention Regulations. How will these two pieces of legislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernstheretentionof communicationsdata? 22. Anoverarchingpieceoflegislationhasdrawbacks.TheDataRetentionRegulationsrelatetotheEU Directivewhichwillbereviewedimminently.Oncethatreviewiscomplete,changingtheregulations wouldbefareasierthanrevisitingthelegalframeworkinitstotality. 23. But the advantage of a single framework is that it will combat political uncertainty. One of the challenges that arose withthe AntiTerrorismCrimeandSecurityAct,andlatertheDataRetention Directive,wasthatthepurposeofcommunicationsdataretentionwastocombatseriouscrimeand terrorism,butaccesstothedatawasgovernedbyRIPA,whichallowsgeneralisedaccesstodataheld by communications service providers. This created an uncertain regime of law in which a pool of informationintendedforthepurposesofcombattingterrorism,wasaccessedunderalawdraftedfor more general purposes, one subject to less stringent constraints. Policy deliberation for data retentionwasfocusedonseriouscrimeandantiterrorism,and ignoredtheuseofthisinformation forbroaderpurposes.
457'ReportDetailsMisstepsinDataCollection',R.JeffreySmith,WashingtonPost,March10,2007,
http://www.washingtonpost.com/wpdyn/content/article/2007/03/09/AR2007030902353.html
458Seep95oftheDepartmentofJustice,OfficeofInspectorGeneral,AreviewoftheFBI'suseofNational
SecurityLettersin2006,March2008.Forahelpfulanalysisoftheproblems,pleasesee http://www.aclu.org/files/images/nationalsecurityletters/asset_upload_file41_34805.pdf
343
Q7.IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties? 24. No. Considering the evidence given to the committee to date, there has already been so much discussion about the existing problems within RIPA that only a rootandbranch review of RIPA would fix the problems with the vast data stores that the authorities already access, so any considerationofnewinformationsourcesisimmediatelyproblematic. 25. Ofcourse,onecouldarguethatifRIPAisredraftedtorequirejudicialauthorisationforrequestsfor trafficdata,thenthiswouldgosomewaytofixingtheproblemswithcommunicationssurveillancein thiscountry. Q8.WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKasa lessattractivebase.Whatmightbetheeffectonbusiness? 26. We strongly recommend that the Committee reviews the responses from organisations such as COADEC the Coalition for A Digital Economy. If a new service provider based in this country developsanewformofcommunication,itfacesasignificantriskofbeingplacedunderanorderfrom theHomeSecretarytochangekeycomponentsofthatservice.Failuretodosowillmeanthatalltheir customers' communications will be interfered with by UK ISPs. This is not a reasonable choice for smallorganisationswithlimitedcapacitytomeetthelegalandtechnicalrequirementsoftheHome Secretary. 27. However,thislegislationwouldnotonlyhaveimplicationswithintheUnitedKingdom.IftheHome Secretarywishedtoplaceanorderonaforeignproviderofcommunicationsservices,thatprovider wouldhavetoperformthesamecalculationsregardingtheirUKuserbase. Q12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Shouldit bepossiblefortheSecretaryofStatetovarythislistbyOrder? 28. Thefocusshouldnotbeonwhichagencies,butratheronwhichpurposesandwhichauthorisation andoversightregimeapplies.Anygovernmentagencycouldhaveareasontoaccesscommunications data,perhapsevenbetterreasonsthanthepolice.Thefocusshouldbeonthelocusofthedecision makingonwhethertherequestisproportionateandnecessaryinademocraticsociety.Ourcurrent regime is wholly inadequate for making thesedecisions, andthis is in largepartdue to Parliament failingadequatelytoaddressthesequestions,leavingittotheauthoritiestoselfauthorise. Q13.Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbasedoverseas? Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? 29. Theproblemisn'tjustthatitisunrealistic;italsoplacesUKusersatadisadvantageoverusersfrom othercountries.Asitis,manyoftheseforeignserviceprovidersarenotnecessarilyawarethattheir usersarebasedintheUK.Underthisdraftbill,theywouldhavetoidentifyalltheirUKusersandthen place additional surveillance measures against them, e.g. collect and retain additional information just on UK users. If they failed to do so, the service providers would risk their users' information beingcollectedandprocessedinwaysthatarebeyondtheircontrol. Q14. Are the circumstances under which communications data can be accessed appropriate and proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? 30. Thenatureoftheaccesssanctionedbythislegislationisneitherappropriatenorproportionate. 31. Inourreviewofthesurveillancetechnologyindustry, 459wehavefoundmany'blackboxes'thatare capable of conducting directed surveillance of large numbers of people simultaneously. Some companies are selling black boxes designed to conduct illegal mass surveillance. What the Home Office envisions is in the same vein: technologythat is capable ofmonitoring all streams of data in ordertoidentifyspecifictypesofcommunicationsthatmustthenbepickedaparttoidentifyspecific communicationsdata. 32. Asanexample,considerFacebook oranyothertypeofsocialmediaservice .Thestructureofusers' interactionswithFacebook'sserversissuchthattheblackboxeswillnecessarilyhavetointerceptall
459SeeourseparatesubmissiontotheJointCommitteeentitled'ImplementationBriefing',August23,
2012.
344
communicationsdatainordertogainaccesstotrafficdata.RIPAcurrentlystatesthatwhenauseris surfing to //www.facebook.com/ajax/messaging/send.php, the 'communications data' is 'http://www.facebook.com', but for the police to gain access to anything after the first '/' would require an interception warrant. What the Home Office is proposing would involve selfauthorised accessextendingwellbeyondthatfirst'/'. 33. Moreover,theblackboxeswouldhavetomonitoralltraffictoFacebook.comandgointodetailabout thecontentofthecommunicationsbetweentheuser'sbrowserandtheFacebookserversinorderto identifywhenthatuserismessagingsomeoneelse.Inordertoidentifytherelevantinformationof whoismessagingwho,theblackboxeswouldhavetoreadacrossvariousinteractionswithFacebook servers because they are not always easily accessible within a single set of communications. The Home Office does not believe that this would amount to interception of communications, as it maintains that the authorities are capable of ignoring anything that looks like the content of the direct message while the technology delves into the details of the interactions with the server. In effect,wehavetoacceptapromisethat,whilelawenforcementiscollectingandreconstructingthe totalityofourinteractionswithFacebook,theywillscrupulouslyignorethecontentofthemessage, and that no change to Facebook, operating independently without knowledge of what the UK Governmentisdoing,willbreakthisassumptionandcauseillegalmonitoring. 460 34. Again,theissueisnotabout'whatkindofcrimes',nor'whichkindofagencies'.Thequestionis:who makesthedecisionaboutwhatisproportionateandnecessary?Atthemomenttheverypeoplewho wanttogainaccesstothisinformationaretheonesdoingso.Wecannotbelievethatinthe12years since RIPA was approved, and even under previous legal regimes, this situation has been deemed acceptable by Parliament. Even the introduction of independent authorisation is only a first step magistrates and judges need to be provided with sufficient training, information and a clear legal regimeuponwhichtobasetheiradjudicationofwhatisnecessaryandproportionate.Transparency inreportingandreviewmustalsobemorethorough,andincludenotificationtotheindividualwhen theinvestigationiscomplete.Thefactthatwecan'tevenidentifyhowmanypeoplehavehadtheir informationaccessedbyvariousagenciesunderRIPAovertheyearsisunacceptableinademocratic society. Q15.Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? 35. The indiscriminate retention of any information on innocent individuals beyond the time period requiredfordeliveringacommunicationsserviceistoolong. 16. Applications for accessing communications data will be subject to a series of safeguards including approval by a designated senior officer within the public authority making the request. How should "designated senior officer" be defined? Is this system satisfactory? Are there concerns about compliance withArticle8ECHR? 36. Asdiscussedabove,thisisnotsatisfactory.Theassentofasinglepoliceofficerdoesnotclassifyasa safeguard.Independentauthorisationbyaninformed,empoweredandaccountablebodyisnecessary to ensure that the request is necessary in a democratic society and proportionate. We are not as concernedaboutcompliancewithArticle8asweareconcernedthattheUKParliamenthasthusfar failedtoimplementsafeguardsthathavebeencalledforsincethe1930s.Accordingtothehistoryof surveillanceintheUKprovidedbytheBirkettCommitteereport aPrivyCouncilCommitteereport writtenin1957 ,theHomeSecretaryin1937decidedthatministerialwarrantsshouldberequired forcommunicationsdata.IntheMalonecasein1979,thejudgeaskedthatParliamentcomeupwitha bettersystemforcommunicationssurveillanceregulation,stating:"Iwouldhavethoughtthatinany civilised system of law the claims of liberty and justice would require that telephone users should have effective and independent safeguards against possible abuses." When Malone arrived the European Court of Human Rights, the court ruled that "the exercise of such powers, because of its inherentsecrecy,carrieswithitadangerofabuseofakindthatispotentiallyeasyinindividualcases andcouldhaveharmfulconsequencesfordemocraticsocietyasawhole.Thisbeingso,theresultant interferencecanonlyberegardedasnecessaryinademocraticsocietyiftheparticularsystemof
460Seehttps://www.privacyinternational.org/blog/facebookmessageanatomyforalongerdiscussionof
thispoint.
345
secretsurveillanceadoptedcontainsadequateguaranteesagainstabuse."Wedonotbelievethatour currentframework,northeoneproposedbytheHomeOffice,achievestheseobjectives. Q17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplytoall publicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinallcircumstances? Andwhatwouldtheresourceimplicationsbe? 37. YesawarrantsystemappliedtoRIPAwouldbemoreappropriate.Yesitshouldapplytoallagencies, andnecessaryinallcircumstances.Wedonotunderstandwhyithastakensolongtoevenaskthis question. Q18.IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformationCommissioner sensible? 38. The two Commissionersshould be thought ofasafinal set ofsafeguards once wehave aclearand opencommunicationssurveillanceregimeandacleardelineationofwhichservicesitappliesto,in which companies can contest the orders and requests, orders are deliberated upon openly and requestsforaccessauthorisedbyindependentandknowledgeablebodies. Q19.ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? 39. No. We do not understand how Parliament can meaningfully review this draft Bill without understandingwhatanorderfromtheHomeSecretarymayactuallylooklike,particularlyaswehave noideawhichnewcommunicationstechnologieswewillbeusinginthenearfuture. 40. Whetherthepoliceshouldbeabletoroutinelyaccesscompanydatabasesisaquestionthatshouldbe debatedanddiscussedinpublicandinParliament.Itshouldnotbedonebehindthescenesinclause 2 of a bill without public consultation. The Home Office is proposing a system that would allow a policeconstabletogeneratealistofeveryownerofamobiletelephoneinGlasgow,Manchesterand Londonatparticulartimes.Therecordsofanyonewhohappenedtofallintothiscategorywouldbe accessed.Parliamentshouldnotdeceiveitselfthatitwillhaveanyoversightoversuchprocesses. Q25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? 41. It'snotamatterofcircumventionalone.Theinternetisnotbeingbuiltforthesolepurposesofthe HomeOffice;itisbeingbuiltuponeverydaytocreateamoresecureenvironmentwhereindividuals andorganisationscanfindthevariouslevelsofprotection,assuranceandconfidencetheyrequirefor particulartransactions.Businessesareroutinelyusingencryptionservicesbecauseofduediligence requirements, and these same services that frustrate malicious entities seeking unlawful access to sensitive information may also frustrate the Home Office. Similarly, individuals are increasingly using security techniques, sometimes unknowingly, to protect their information. The Home Office either wants to undo all these security and privacy developments, create backdoors into them, or stripthemoutinwaysthatwillreduceeveryone'sconfidenceintheseservices.Atthemoment,when anindividualtransactsoveraservicewithaspecificprovider,thatindividualbelievesthatheorshe istransactingonlywiththatprovider.TheHomeOfficewantstointroduceapanoplyofotherentities intothatcommunicationsprocess,therebyensuringthatnoonecaneverbecertainastowheretheir personal information resides. Put more simply, if someone communicates with a friend and then deletes that communication the next day, not only will the socialnetworking service retain this information,butanynumberofUKserviceprovidersmayalsocollectandstoreitandprovideaccess to a myriad of government agencies far beyond the control of any of the entities involved in the originalcommunicationstransaction. Q26.Arethereconcernsabouttheconsequencesofdecryption? 42. Even after consultation with leading security experts from around the world, we continue to be perplexed by the Home Office's belief that they can circumvent encryption in a way that is computationallyfeasibleandthatwouldn'tdestroythenation'sconfidenceininternetsecurity. August2012
346
Brian Rae
CommentonDraftCommunicationsDataBill Asaprivatecitizenofthiscountry,IsharewithmanyoftheBillsproponentsadesireforasafeand securecommunityinwhichtolive.HoweverthisBillwouldnotonlydriveacartandhorsesthroughmy personalprivacy,butwouldalsofailtodelivertheaimsitseekstoachieve. GeneralComment Withmorepeoplelivingmoreoftheirlivesonline,thefootprintsinthesandtheircommunicationsleaves havebecomefarmoreanalogoustothecontentsoftheirprivatestudydrawers,thantoanypublicspace.I donotreferheretowhatgoesvoluntarilyontotwitterorfacebook,buttotheenquiriesmadethrough emailandwebsurfingaboutotherpeople,organisations,eventsandhappenings.AndIdonotbelievethat authoritiesshouldhaveanymorerighttotracktheseenquiries,whichwebsitesandarticlesIreadonline, thantheydotoriflethroughmyhouseinsearchofwhichnewspapersandmagazinesIhaveread.Just becauseitispossibletobuildadatabaseofcitizensbehavioursdoesnotmakeitrighttodoso. 2.HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? No.Currentlegislationprovidessufficientscopefortheprosecutionofcomplexcasesinvolvingmuch digitaldata,andhasprovensoduringrecenthighprofilesuccessfulprosecutions.Therehasnotbeena singleconvincingargumentmadethatthesepowerswouldfurthertheabilitiesofthepoliceand prosecutionauthoritiestobringseriousperpetratorstojustice.Theargumentsforprovidingsuchpowers tootherbodiesarespecious. 12.WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Shouldit bepossiblefortheSecretaryofStatetovarythislistbyOrder? Suchsweepingpowers,eveniftheyweretobemadeavailabletopolice,shouldcertainlynotbemade availabletootherbodiessuchaslocalauthoritieswhohaveatrackrecordofabusinglegislativepowers broughtintocounterseriouscrime. 17.Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplytoall publicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? Awarrantsystemoverseenbyajudgewouldindeedbefarmoreappropriate.Accesstothedatabases shouldalsobelimitedtoasfewpeopleaspossible.Levesonhasdemonstratedextremelywellhowthose seekingpersonalinformationcangenerallyaccessitbyfairmeansorfoul.Limitingthosewithaccessto trustedandvettedindividualsinanorganisationcapableofmaintainingsecrecy suchasPolice wouldat leastlimitaccessandprovideagreaterchanceoftracinganybreaches. August2012
347
Marisha Ray
Contextofthisevidence During2005IchairedacouncilscrutinycommitteewhichinvestigatedtheuseofCCTVinEnglandand tookevidencenotonlyfromorganisationswhichpromotecivillibertiesinoursocietyfromwhichyou haveheardorwillbehearing,butalsofromthreeCCTVcontrolcentresoutsideLondon,inEngland,anda greaternumberwithinLondon.Whilethedatagatheredinthosecasesmaynotcorrespondexactlywith thedatawhichisyourprimaryinterest,Iandthatcommitteedidgainaninsightintotheattitudesof police,councilandotherstaffupanddownthecountrytoprivacy,civilliberties,requestsfordatabythe policeanddataprotectionissuesingeneral.Inparticularwehadclosecontactwithrelativelyjuniorstaff andwereabletoquizthemgently,askabouttheirtrainingandjudgetheirattitudestotheirwork.Ihave beenurgedbysomeformermembersofthatcommitteealsotowritetoyoutoday. From2006to2008Iwasacouncilexecutivemember,alsoknownascouncilcabinetmemberinsome localauthorityareas,withresponsibilitieswhichincludedcommunitysafety,publicprotection, procurementandtheperformancemanagementofallcouncilservicesinaninnerLondonborough Islington ,withthethirdmostsignificantlevelofdeprivationofallLondonboroughs,adiverse communitybothethnicallyandinmostotherrespectsandagreatvarietyofsocioeconomicgroupsliving inintegrated,mixedcommunitiesnotinseparationasisseeninsomeotherareasincludingpartsof London.Ourboroughprideditselfonthewaythatittackledcommunitysafetyissuesintheareawith novelsolutionsworkingwithallwhocouldpotentiallyhaveanimpactonthosesolutions,includinglocal residentsandmembersofourlocalcommunityincludingthosewhoworkinthearea,peopleofawide varietyoffaithsandtheirrepresentatives,local,regionalandcentralgovernmentagenciesincluding policeandfireservices,localbusinesses,thelocalpress,researchersincriminologyfromLondon's universitiesandvoluntarysectororganisationsandotherindividualsandgroupswhowishedto contribute.WeusedawidespectrumofmeansincludingtheimplementationofaCCTVschemeanda combinedschemetoenablehelptobesummoned,thereforeIwouldclaimthatwehadsomeexperience ofthecontrolledandmeasureduseofsurveillanceinpublicspaceatthelocallevel. Iwritealsoassomeonewhocanbevisiblyidentifiedasamemberofaminorityethnicgroup,whois female,whohasspentmostofherlifeinLondonandwhowasthemotherofatoddlerwhileacouncillor, whichgivesadifferentexperienceofthelocalcommunityandseemstobringwithitakindofintimacy thatcrossesallsocialdivides.Inadditionmembersofmyfamilyinanothercountryhavebeeninvolvedin thelegalrepresentationofminoritycommunitiesandindividualsfromthosecommunities,oftenfrom faithswhichfeelpersecutedinthatcountryandalsoinourcountry,andthereforeIbelieveImaybemore sensitivetotheseissueshere. MycareeroutsidelocalandregionalpoliticshasbeenprincipallyintheITindustrybothasaconsultant andinacorporateITdepartmentworkinginbothcaseswithteamsandsystemswhichcoveredmany countriesthoughmostlybasedintheUK,butonoccasionelsewhereaswell;andthisisanadditional reasonwhyIamrespondingtoday.Iretainlinkstotheindustryandtothosewhoworkinthe communicationsandtelephonyindustries.IhavealsohadthebenefitofhavinglivedinFranceonthree separateoccasionsduringthepast20orsoyearsandhavelivedinrural,provincialurbanandParisian environmentsforover2yearsintotalworkingintheITindustrytheretoo. Comments Onsocialchangeswhichhavetakenplacerecentlyfacilitatedbyinformationtechnology Whileithasbeensaidthatalltheworldisatsixdegreesofseparation,inotherwordsthatfromfriends andfriendsoffriendsandonwardsthroughthatchainweareconnectedwiththewholehuman populationoftheworldwithinsixsteps,itwasannouncedrecentlyandplausiblythatthatnumberis decreasingbecauseofinformationandcommunicationtechnologyandthatthechaincontinuesto decrease.Inadditionthereisachangeinthewaypeoplebehaveinthattheymaywellbemorelikelyto help,adviseorrecounttheirexperiencestopeoplewhomtheymadecontactwithorhadintroductions frombyelectronicmeans.Iaskthecommitteehere,howmeaningfulisthedatathatthecommittee proposesshouldbemadeavailablethroughsurveillancebythisdraftbill?Whatconclusionifany,inan ageofaccessbyoneindividualtomuchofthehumanrace,canbedrawnfromthefactthattwo individualshavebeenincommunicationorcontact?Muchofthechangeininteractionswhichwas
348
foretoldbythebookTheCluetrainManifestoinitsfirstchapterinhowindividualsinteractwithlarge organisationshasindeedtakenplace,howeverthesechangesapplynotjusttocommercialorganisations asdiscussedinthebook,butacrosstheboardtoallorganisationsandmostindividualswhohaveaccess tomoderncommunicationstechnology.Iquestionforhowmuchlongerthedatawhichyouproposeto collectwillcontinuebringbenefit.Pleaselooktotheobsolescenceofthemeasureswhichyouproposeto putinplaceandhowwidelytheyshouldthereforebeused. InadditionIurgeyoutoconsiderthefactthatseveralmillionwarrantshavebeenissuedunderRIPA,well overhalfamillioninasinglerecentyearandgiventhescenarioIhavedescribedaboveitiseasily possibleforanymeasuresyouputinplacetobeusedexcessivelytooandlikeRIPAfarbeyondthescope forwhichtheywereoriginally,publiclypromulgated.Iappreciatethatyouare,inthisdraftbillputting measuresinplacetopreventthat,andyetwhatbodiesareyouputtinginplacetochallengethosewho overstepthemarkandwhatconfidencedoyouhavethattheywillproveeffectiveregulators.Thereare somepowerswhichyoushouldwitholdonthebasisthatonexistingformthosewhoapplyforwarrants haveshownthattheywilldosoexcessivelyandnotkeeptothespiritofthelaw,butaimfortheletterofa poorlyregulatedarea,whichmaywellproveimpossibletoregulateeffectivelywithintheresources whichyouhaveatyourdisposal. InadditioninMalcolmGladwell'sbooktheTippingPointweseethattherearecertainindividualswho havecontactwithafarlargernumberofindividualsthanothers,hecallsthemtheconnectors.Whileyou mayormaynotacceptotherconclusionsofhisbook,itistruethatsuchindividualsexist,thattheyare influential,andthatmanysuccessfulpoliticiansareorwereamongsttheirnumber.Thereforeanylarge scaleattemptatsurveillanceoftheirdatawillnecessarilyincludeanoverlylargeproportionofdata concerningsuchpeople,amongstthempoliticians.Itisthereforenecessarytobearthisinmindwhen extendingpowersofsurveillance,particularlyastheobjectiveofthepowersistoupholddemocracyand nottosnoopintotheprocesseswhichallowthedemocraticprocesstobemeaningful.Itshouldalsobe borneinmindthatpeoplebecomemorehesitantormorecautioustocommunicatefranklyandfreely, speakingtheirminds,withpeoplewhosecommunicationstheybelievemightwellbemonitored. Oneffectsonlocalcommunitiesandindividualsandoncrimepreventionandreduction Inthefieldofcrimereductionandcrimeprevention,particularlywhenstrugglingtotackleissuessuchas domesticviolenceorotherformsofabuse,whichaffectallcommunities,itiskeythatpeoplebelievetheir communicationsaretrulyconfidential;notonlythecontentoftheircommunicationbutalsothefactthat theyhavemadeanycontactatall.Anincreaseinthelevelofmonitoringmayhaveapositiveeffecton fightingsomesortsofcrime,butalsohaveanegativeeffectonothersorts.Theothersortsaresortswhich needevengreaterfocusandhaveanimportantimpactonfamilies,childrenandoftenwomenin particular,groupswhoseinterestsareunderrepresentedinourimperfectdemocracyandwhose wellbeingmaynotbeaswellservedinapoliticalestablishmentwhereothergroupsaremoredominantly represented.Merelyincreasingthecultureofsurveillanceofprivatecommunicationinourcountrywill beastepbackwardsinworkingtoreducecrimesofthissortwhichtakeplaceinsecrethiddenfromview. ThetypesofcrimeofwhichIwriteleadtothedeathofapproximately100womeneachyearinour countryandaretypicallyprecededbyseveralyearsofeventswhichifreportedinconfidencemightwell leadtomeasuresbeingputinplacewhichwouldsavethoselives.HoweverwhileIquotethatstatistic thatisnottheonlytypeofcrimewhichismorelikelytobereportedinanenvironmentwhereprivacyis assuredandtheindividualcanmakeadecisionaboutthepaceatwhichtheyproceed;itisanillustration ofamoregeneralpoint. During2005,whiletakingevidencewithothermembersofthecommitteeinvestigatingtheuseofCCTV surveillanceinEngland,ItooktheopporutnitytoaskmayquestionsbothontheuseofCCTVandthe regulationofsurveillancenotasitstoodinlaw,butasitwaspracticallyimplementedbythepeople carryingoutthatsurveillance.Iwasstruckatthetimebyhowpoorlyregulatedsurveillancewithcameras is,andhavenoreasontobelievethatIshouldhaveanygreaterconfidenceintheregulationofanyother formofsurveillanceinthiscountry.Relativelyjuniormembersofstafffromwhominmanycaseswetook evidencefeltnorealauthoritytosaynotothepoliceorotheragenciesortoquestiontheneedfordata.I seethatinthisdraftbillyouproposethatmoreseniorstaffshouldhavegreatercontroloverthe processes,howevergiventhevolumeofwarrantswhichareissuedIquestionwhetheranysinglemember ofstaffwillwithoutfailgivethematterofwhetherawarrantisjustifiedornottheattentionwhichit deserves.Theattitudesofseniormembersofstaffinallorganisationstocivillibertiesandprivacyvaries,
349
oftenasafunctionoftheirownpoliticalviewsandpersuasions;anditisquestionablethatwithout traininginthisareaandmoderationandstandardisationoftheiractionsacrossthecountry,merely appointingaseniormemberofstaffalonewouldserveyourpurpose.Inaddition,withoutspotchecksin depthinvestigationsinrandomlychosencasesandwidespreadknowledgethatsuchcheckswilltake placeasamatterofroutineinasubstantialnumberofcasesIquestionwhetheranymechanismwould provideaneffectivecheckorbalancetothetendencytojustwavethroughallwarrantapplications withoutquestioninthewaythatIwasledtobelievewasalreadytakingplace.Therewasnopossibility thatthepersonwhoseprivacywasintrudeduponwouldfindoutaboutorhavethecapacityorrightto takeactionfortheissueofaninappropriatewarrant,thustherewasanegligiblechancethatthoseacting uponthewarrantorthoseapplyingforitwouldfaceconsequencesandindeedtheissueofthe consequencesoffailingtoquestionthegroundsforissueofawarrantwasneverraisedwithmeeven thoughthetakingofimagesataknowntimeandplaceonpublicandpotentiallyprivatepropertyis undoubtedlyintrusive. Writingasamemberofavisibleminorityethnicgroup,whohasspentmostofherlifeinLondonandwho wasalocalcouncillorfrom2002to2010inoneofthemostdeprivedandinalmosteverywaydiverse boroughsinLondon,IbelievethattheexcessiveandwidespreaduseofsurveillanceasenabledbyRIPA 2000hasacorrosiveeffect,creatinggroupsorcommunitieswellawarethattheyaremonitoredorlikely tobemonitoredandgroupsorcommunitieslessawareofthisanddividingusintothosewhoarewaryto communicatebecauseofthepotentialforcommunicationstobetakenasevidenceofsomeunforeseen andunintendedintentwhofeelvulnerable,andthosewhoareconfidentoftheabilitytodefendourselves inthateventperhapsbecausewearemorearticulateorhavetheresourcestocommandotherswhoare. IalsobelieveonthebasisofwhatIhaveseensince2005thatattitudestoprivacy,surveillanceand intrusionbothphysicalandelectronicdifferandthatthosedifferencesdocorrelatewith,thoughthey maynotpreciselyfollow:thesexoftheindividual,theculturalbackgroundoftheindividual,thefamilyor domesticcircumstancesandrelationshipsoftheindividualandtheirreligiousbackground.Theequality impactofsurveillanceistoolittleresearchedandtoolittleknownandofcrucialimportancetothe cohesionofoursociety,whichiskeytothestatedaimsofthisdraftbillinitsforeword.Itisinmyopinion importantthatyousatisfyyourselvesthatthemeasuresyouproposewouldnothavetoogreata differentialimpact,particularlyonthosegroupsmostlikelytobevulnerable,leastlikelytohaveaccessto yourcommitteeandmostlikelytofeelmarginalisedbyoursociety.Ourlegalsystemiscomplexandfor somewhoarenewtothiscountryorwholackthecapacitytounderstandit,itssystems,regulationsand institutions,thereisthefeelingthatindepthsurveillancewillinevitablyleadtotherevelationofareas wheretheyhaveunwittinglyomittedtoobeyregulationsortodischargedutiesfully.Thuspeoplewho arenotentrenchedinoursociety,inthewaythatmostpeopleofallbackgroundsinpoliticsdotendtobe, feeldoublyvulnerabletoanyincreaseinsurveillanceeveniftheyhavenoparticularreasontodoso. OnITissues Ihaveworkedinsoftwaredevelopmentandconsultancy,intheprocurementofITcontractingservices,as amemberoftheboardsorgoverningbodiesofanumberoforganisationsindifferentsectorsandasan advisertotheboardofanNHSTrustwhereITissueshavebeenregularlyraisedincludingissuesabout privacyandconfidentiality.Softwareisoftendevelopedinanorganicfashion,meaningthatsystemsare improvedandchangedwhileinuse.Tobeentirelyconfidentaboutthedatageneratedonewouldhaveto haveperfecttrackingoftheversionandsystemwhichgeneratedthatdata.Tobeentirelyreliablethe softwarewouldneedtobetestedtoadegreeandspecificationwhichitisunlikelywouldbestrictly necessaryforamobilephonecompany,becausethereisnosafetyorotherrequirementtodoso.Dataon timeandpositionfrommobilephonesignalsisnotalwaysofaqualitytobeentirelyreliable,andwhileit maybeusefulinattemptingtolocateapersoninneed,itisnotnecessarilyconsistentlyofthequality neededtobeusedasevidenceincourt.WhentakingevidenceIsuggestthatyouenquireaboutthequality ofthedatawhichisbeinggenerated.Ifthedataisnotofsufficientqualitytobeusefulforthepurpose intendedthereislittlepointinforcingitsretentioninlargequantitiesforayear,overaperiodofmany yearsatsomeconsiderablecost.Itisalsounlikelythatacommercialorotherorganisationwillvolunteer thefactpubliclythatitsdataandprocessesofsoftwaredevelopmentarenotentirelyreliablebecauseof thepotentialreputationaldamagetotheorganisation,thereforewithoutincisivequestioningthisissue willnotemerge.DataqualityisapersistentissueinalllargeorganisationsusingITsystems,andIimagine thatifthedataisforusebytheservicesnameditsaccuracyisfarmoreofanissue.
350
ITdevelopmentprojectsinlargeorganisationsoftenuselargenumbersofcontractorsandemployees fromseveralorganisationsbasedinmanydifferentcountries.Telephonyisnoexceptiontothis.Asin othersectors,thetendencyistoarrangeforasmanyaspossiblewhoareinvolved,tosignnondisclosure agreements NDA's ,howeverdetailedinspectionofsuchNDA'sdoescalltheireffectivenessinto question.Theseagreementssometimesputconditionsonthosewhosignthemwhichcouldnotpossibly beupheldiftheyaretocarryouttheirjobs,andinadditionthesheernumberofpeoplesigningthem meansitwouldbenearimpossibletoworkoutfromwhereanyleakageofprivilegedinformationhad come.IwouldquestionwhetheritisreallyintheUK'sintereststoputtogetherdatabasesholdingsuch informationwhichpeopleinpotentiallyanycountrywithanybackgroundwhatsoevermightgainaccess to.Whatsanctioncouldbeplaceduponthepeopledevelopingthesystem,accessinglivedataand potentiallygivingunauthorisedaccesstoothers;isitinfactwisetohaveitinthekeepingofacommercial organisationwithemployeesofthirdpartyorganisationswhoaremaynotbeawareofanyindividual sanctionwhichtheywouldfaceintheeventofmisconduct? AssomeonewhohasworkedwithITcontractors,myfeelingisthatthenatureoftheagreementsto ensurethatthedatawassecurewouldbecomplex,costlyandthecostnotaccuratelypredictablebecause itwouldbetoomuchafunctionofthelevelofsecuritywhichwasrequired.Inevitablyitwouldnotbe politicians,butotherswhowouldspecifythelevelofsecurityrequired,andthatlevelmightwellbefar lowerthanthatwhichpoliticiansandthepublicwouldcallfor.Idorequestthatonourbehalvesyou insistthatyouasourrepresentativesarekeptfullyinformedofanycompromiseswhichhavebeen reached,anycornerswhichhavehadtobecutandthatyouputinplacesomearrangementstocallahalt toprojectswhichdonotfitthestandardswhichyouyourselvesconsideracceptable.Thisiscommonif notthenormintheprivatesector,andneedstobethecaseinthepublicsectortoo,particularlywhen consideringsensitivedata.Iamnotawareofamechanisminparliamentaryprocedurewhichallowsfor suchanobjectivetobeachievedandwouldsuggestthatitisimportantforthebettermanagementof publicITprojects.Accurateforecastingbothofcostandofsecurityarrangementsinsuchsystemswhich arehostedexternallyisfarmoredifficultthanarrangingsecurityofsystemshostedbyourownpublic services.Thereismuchroomformisinterpretationandarrangementsforpublicscrutinywouldbe complexandtheworkforceinvolvedisoftenunstablewithsomepersonnelbeingrotatedbetween customersandteamsgivingfartoomanypeopleaccesstosystemsanddata.WhileIhavemade generalisationswhichmightnotbetrueineverycase,theyarecertainlytrueinsomecasesofwhichIam aware. Iwouldadvisethatthesecurityrequirementsonrealtimedataprovidinginformationonthepositionof specificindividualsbeconsideredcarefully.Thedatawouldundoubtedlybeusefultocriminal adversariesofforexampleanycriminalwhosewhereaboutshappenedtobebeingtrackedandtherefore wouldnecessarilyleadtothepotentialforfuturecorruption,evenifthereisnolikelihoodofsuch corruptionatpresent.Thisdraftpresentstheperverseincentiveforrealtimedatatobeinappropriately sought,toocarelesslyallowedandthencorruptlysold.Suchdataisclearlyasignificantintrusionintoa person'sprivacy,mayputtheirpersonalsafetyatriskifinsecureoraccessibletolargenumbersofpeople. IknowfrommyworkonCCTVwhichrecordsbothidentityandlocation,thatthisisasignificantconcern tomanyandIsuggestthatyouengageinawideandpublicdebateonthisissueatatimeofyearwhichis moreconducivetosuchmatters,asopposedtothiscallforevidencewhichhascomeinJulyandAugust.I wouldsuggestthateverysingleoccasionofuseofrealtimedatashouldbeindependentlyscrutinisedand thatadequatearrangementsbeputinplaceforreviewofthissystemofscrutiny. Whenyouconsiderthequestionofdatasecurity,pleasealsoconsiderthequestionoftheeffectivenessof highlevelscrutinyindetectingthepresenceofwrongdoingsufficientlyrapidlytopreventharm, particularlywhentheteamofpeopleworkingonthesesystemsmayinvolvestaffbasedgloballywitha highlynetworkedstructureofteams.Myinitialreactionisthatitisnotpossibleforsuchscrutinytobe effectivelyorganised,andthoughitmaybethatotherswillexpressviewstothecontrary,itisequally possiblethattheystandtogaindirectlyorindirectlyfromholdingacontraryview.Itisnowalsoaregular occurrenceforprivateinformationtobeaccidentallyemittedbylargeorganisations.Ihavenotasyet seenanyaccountofafailsafemethodforpreventingthetypesofhumanerrorwhichleadtothis, thereforeforeachpieceofdatawhichyouconsiderretaininghereyoumightwellimaginethatoneday thatdatawillbemadepublicanditisonthatbasisthatitisbeingstored.
351
Thankyouforyourpatienceinreadingthissubmission.Iwillbehappytosupplyfurtherdetailsor explanationsofanyoftheremarksmadehereifnecessary. August2012
352
J Richardson
AnswertoQuestion1:No.IamconvincedthegreatmajorityofpeopleareunawareofwhattheBill wouldmeanifitbecomesanact.Notenoughindependentpublicityandtimehasbeengiveninorderto enlightenthemassofthepublicabouttheintrusionthisactwillhaveontheirprivacyandfreedom. Answertoquestion2:No.Speaktotheordinarymaninthestreetandyouwillsoonrealizetheyknow verylittleaboutwhatisgoingonwithregardtotheirprivacyandfreedomifthebillbecomeslaw. Answertoquestion4:AlreadythemediumsizedtownwhereIlivehasinexcessof550CCTVcameras capableofmonitoringtheactivitiesofanyone24/7,provencriminalornot.Thevictimsvisitsto Hospitals,shops,Hairdressers,theirlocalpub,PostOfficeonPublicTransport,awalkinthepark,the cinemaandtheatre,andotherplacescanallbewatched. Thelistseemswithoutend.Evenhisorheractivitiesaroundtheirownhomearereportedbacktothe localNeighbourhoodWatchcontact,encouragedtodosobythePoliceorLocalAuthorityTechnocrats.So wehaveasnoopy,hushhushsituationwhereneighbourspiesonneighbour,ratherthantheintended strangersandintrudersforwhattheywerefirstintendedtodo.Causingproblemsamongstthelocal community. Trytogetalittleprivacybytakingbytakingarunoutinyourcartothecountryforapicnic,youwillnot getawaywithitthepoliceandDVLAwillhaveyourdetails,carandall,ontheirDataBases. Iam84andrememberwelltheinformationthatcameoutofNaziGermanyaboutthecovert,oppressive andcruelregimethatexistedtherebeforeandduringWW2.Thesetupwasverysimilartothatwhich existsinthiscountrytoday. Commentsonquestion12:Accesstoinformationgatheredbycovertmeansshouldbetreatedashighly confidential. TherehavebeentoomanyinstancesupanddownthecountryofPoliceandLocalAuthorityTechnocrats abusingthesystembyusingtheinformationgathered,fortheirownpersonaluse.Thenumberof abusersisinthehundreds,andthatisonlyfromafewforcesu.Goodnessknowswhatthetotalfromall forceswouldbe. Thelawasitstandsismorethanadequatetodealwiththeamountofterrorismthatoccursinthis country.AntiTerrorismLawsintroducedasasafeguardarecounterproductive,andwillwhenused reducethefreedomandprivacyofall. August2012
353
Duncan Roy
TheproposedCommunicationsDataBillraisessignificantissuesissuesconnectedwithhumanrights, privacy,security&withthenatureofoursociety.Theseissuesareraisednotbythedetailofthebillbut byitswholebeing.Addressingthemwould,inmyopinion,requiresuchasignificantredraftingofthebill thatthebetterapproachwouldbetowithdrawthebillinitsentiretyandrethinkthewaythatsecurity andsurveillanceontheInternetisaddressed. Asnoted,therearemanyissuesbroughtupbythedraftbill:thissubmissiondoesnotintendtodealwith allofthem.Itfocusesprimarilyonthreekeyissues: 1 Thenatureofinternetsurveillance.Inparticular,thatinternetsurveillancemeansmuchmorethan communications,partlybecauseofthenatureofthetechnologyinvolvedandpartlybecauseofthemany differentwaysinwhichtheinternetisused.Internetsurveillancemeanssnoopingnotjuston correspondencebutsociallife,personallife,finances,healthandmuchmore.Gatheringbasicdatacan makethemostintimate,personalandprivateinformationavailableandvulnerable. 2 Thevulnerabilityofbothdataandsystems.Nodataorsystemcaneverbemadetrulysecure.The evidenceofthepastfewyearssuggestspreciselytheopposite:thosewhoshouldbemostableandtrusted withthesecurityofdatahaveprovedvulnerable.TheCommunicationsDataBillfailstotakeproper accountofthatvulnerabilityandsetsupnewandmoresignificantvulnerabilities,effectivelycreating targetsforhackersandotherswhomightwishtotakeadvantageoformisusedata. 3 Therisksoffunctioncreep.ThekindofsystemsandapproachenvisagedbythedraftBillmakes functioncreeparealandsignificantrisk.Data,oncegathered,isaresourcethatisalmostinevitably temptingtouseforpurposesotherthanthoseforwhichitsgatheringwasenvisaged. Iammakingthissubmissioninmycapacityasanonpractisingbarristerandlegalbloggerwithastrong interestintechiematters.Todescribethegovernment'scompetencewithtechnicalmattersistorollon thefloorlaughing.Virtuallynogovernmentintheworldseemscapableofunderstandingthekeyissuesor procuringthecorrectsolutions.Youarenodifferent.Witheverystepyoucreatenewproblemsfor yourselfandforus. 1TheNatureofinternetSurveillance AssetoutinPart1ofthedraftbill,theapproachadoptedisthatallcommunicationsdatashouldbe capturedandmadeavailabletothepoliceandotherrelevantpublicauthorities.Theregulatoryregimeset outinPart2concernsaccessingthedata,notgatheringit:gatheringisintendedtobeautomaticand universal.CommunicationsdataisdefinedinPart3Clause28verybroadly,viathecategoriesoftraffic data,usedataandsubscriberdata,eachofwhichisdefinedinsuchawayastoattempttoensurethat allinternetandothercommunicationsactivityiscovered,withthesoleexceptionofthecontentofa communication. Theallencompassingnatureofthesedefinitionsisnecessaryifthebroadaimsofthebillaretobe supported:ifthedefinitionsdonotcoveranyparticularformofinternetactivity whetherexistentor underdevelopment ,thentheassumptionwouldbethatthosewhothebillwouldintendtocatchwould usethatform.Thatthecontentofcommunicationsisnotcaptured thoughitisimportantinrelationto moreconventionalformsofcommunicationsuchastelephonecalls,lettersandevenemails isoffarless significanceinrelationtointernetactivity,asshallbesetoutbelow 1.1CommunicationsDataandtheseparationofcontent Asnotedabove,thedefinitionofcommunicationsdataisdeliberatelybroadinthebill.Onthesurface,it mightappearthatcommunicationsdatarelatesprimarilytocorrespondencebringingintheECHR Article8righttorespectforprivacyofcorrespondenceandindeedcommunicationsliketelephonecalls, emails,textmessages,tweetsandsoforthdofitintothiscategorybutinternetbrowsingdatahasa muchbroaderimpact.Apersonsbrowsingcanrevealfarmoreintimate,importantandpersonal informationaboutthemthanmightbeimmediatelyobvious.Itwouldtellwhichwebsitesarevisited, whichlinksarefollowed,whichfilesaredownloadedandalsowhen,andhowlongsitesareperused andsoforth.Thiskindofdatacanrevealhabits,preferencesandtastesandcanuncover,toareasonable probabilityreligiouspersuasion,sexualpreferences,politicalleaningsetc,evenwithoutwhatmight reasonablybecalledthecontentofanycommunicationsbeingexaminedthoughwhatconstitutes contentiscontentious.
354
ConsideringaGooglesearch,forexample,ifRIPAsrequirementsaretobefollowed,thesearchterm wouldbeconsideredcontentbutwouldlinksfollowedasaresultofasearchcountascontentor communicationsdata?Whoistherecipientofaclickedlink?Ifthedataistobeofanyuse,itwouldneed torevealsomethingofthenatureofthesitevisitedandthatwouldmakeitpossibletoreverse engineerbacktosomethingcloseenoughtothesearchtermusedtobeabletogetbacktothecontent. Thecontentofavisitedsitemaybedeterminedjustbyfollowingalinkwithoutanyfurtherinvasionof privacy.Whenslightlymorecomplexformsofcommunicationontheinternetareconsiderede.g. messagingorchattingonsocialnetworkingsitestheseparationbetweencontentandcommunications databecomesevenlessclear.Inpractice,assystemshavedeveloped,theseparationisformanyintents andpurposesafalseone.Theissueofwhetherornotcontentdataisgatheredisoffarlesssignificance: focussingonitisanoldfashionedargument,basedonaworldofpenandpaperthatistoagreatextent oneofthepast. Whatismore,analyticalmethodsthroughwhichmorepersonalandprivatedatacanbederivedfrom browsinghabitshavealreadybeendeveloped,andarecontinuingtoberefinedandextended,most directlybythoseinvolvedinthebehaviouraladvertisingindustry.Significantamountsofmoneyand effortarebeingspentinthisdirectionbythoseintheinternetindustry:itisakeypartofthebusiness modelsofGoogle,Facebookandothers.Itisalreadyadvancedbutwecanexpecttheprofilingand predictivecapabilitiestodevelopfurther. Whatthismeansisthatbygathering,automaticallyandforallpeople,communicationsdata,wewould begatheringthemostpersonalandintimateinformationabouteveryone.WhenconsideringthisBill,that mustbeclearlyunderstood.Thisisnotaboutgatheringasmallamountoftechnicaldatathatmighthelp incombatingterrorismorothercrimeitisaboutuniversalsnoopingandprofiling. 1.2Thebroadimpactofinternetsurveillance Thekindofprofilingdiscussedabovehasaverybroadeffect,onewithahugeimpactonmuchmorethan justanindividualscorrespondence.Itispossibletodetermine toareasonableprobability individuals religionsandphilosophies,theirlanguagesusedandeventheirethnicorigins,andthenusethat informationtomonitorthembothonlineandoffline.Whencommunications andinparticularthe internet areusedtoorganisemeetings,tocommunicateasgroups,toassemblebothofflineandonline, thiscanbecomesignificant.Meetingscanbemonitoredorevenpreventedfromoccurring,groupscanbe targetedandsoforth.Oppressiveregimesthroughouttheworldhaverecognisedandindeedusedthis abilityrecently,forexample,theformerregimeinTunisiahackedintobothFacebookandTwitterto attempttomonitortheactivitiesofpotentialrebels. Itisofcoursethiskindofprofilingthatcanmakeinternetmonitoringpotentiallyusefulin counterterrorismbutmakingituniversalratherthantargetedwillimpactdirectlyontherightsofthe innocent,rightsthat,accordingtotheprinciplesofhumanrights,deserveprotection.Inthetermssetout intheEuropeanConventiononHumanRights,thereisapotentialimpactonArticle8 righttoprivate andfamilylife,homeandcorrespondence ,Article9 Freedomofthought,conscienceandreligion , Article10 Freedomofexpression andArticle11 Freedomofassemblyandassociation .Internet surveillancecanenablediscrimination contrarytoECHRArticle14 prohibitionofdiscrimination and evenpotentiallyautomateitawebsitecouldautomaticallyrejectvisitorswhoseprofiledoesntmatch keyfactors,orchangeservicesavailableorpricesbasedonthoseprofiles. 2Thevulnerabilityofdata Theessentialapproachtakenbythebillistogatheralldata,thentoputcontrolsoveraccesstothatdata. Thatapproachisfundamentallyflawedandappearstobebaseduponfalseassumptions.Most importantly,itisafallacytoassumethatdatacaneverbetrulysecurelyheld.Therearemanywaysin whichdatacanbevulnerable,bothfromatheoreticalperspectiveandinpractice.Technological weaknessesvulnerabilitytohackersetcmaybethemostnewsworthyinatimewhenhackergroups likeanonymoushavebeengatheringpublicity,buttheyarefarfromthemostsignificant.Humanerror, humanmalice,collusionandcorruption,andcommercialpressures bothtoreducecostsandto monetisedata maybemoresignificantandthewaysthatallthesevulnerabilitiescancombinemakes theriskevenmoresignificant. Inpractice,thosegroups,companiesandindividualsthatmightbemostexpectedtobeabletolookafter personaldatahavebeensubjecttosignificantdatalosses.TheHMRClossofchildbenefitdatadiscs,the
355
MODlossesofarmedforcespersonnelandpensiondataandthenumerousandseeminglyregulardata lossesintheNHShighlightproblemswithinthosepartsofthepublicsectorwhichholdthemostsensitive personaldata.Swissbankslossesofaccountdatatohacksanddatatheftdemonstratethateventhose withthehighestreputationandneedforsecrecyaswellasthegreatestfinancialresourcesare vulnerabletohumanintervention.ThehighprofilehacksofSonysonlinegamingsystemsshowthateven thosethathaveaccesstothehighestleveloftechnologicalexpertisecanhavetheirsecuritybreached. Thesearejustafewexamples,andwhilstineachcasedifferentissueslaybehindthebreachthe underlyingissueisthesame:wheredataexists,itisvulnerable. DesigningandbuildingsystemstoimplementlegislationliketheBillexacerbatestheproblem.Thebillis notprescriptiveastothemethodsthatwouldbeusedtogatherandstorethedata,butwhatevermethod isusedwouldpresentatargetforpotentialhackersandothers:wheretherearedatastores,theycanbe hacked,wherethereareblackboxestofeedrealtimedatatotheauthorities,thoseblackboxescanbe compromisedandthefeedsintercepted.Concentratingdatainthiswayincreasesvulnerabilityand creatingwhatarecolloquiallyknownasbackdoorsfortrustedpublicauthoritiestousecanalsoallow thosewhoarenottrustedofwhateverkindtofindarouteofaccess. Onceothershaveaccesstodataortodatamonitoringtherightsofthosebeingmonitoredareeven furthercompromised,particularlygiventhenatureoftheinternet.Information,oncereleased,canand doesspreadwithoutcontrol. 3FunctionCreep Perhapsevenmoreimportantthanthevulnerabilitiesdiscussedaboveistheriskoffunctioncreepthat whenasystemisbuiltforonepurpose,thatpurposewillshiftandgrow,beyondtheoriginalintentionof thedesignersandcommissionersofthesystem.Itisafamiliarpattern,particularlyinrelationto legislationandtechnologyintendedtodealwithseriouscrime,terrorismandsoforth.CCTVcamerasthat arebuilttopreventcrimearethenusedtodealwithdogfoulingortocheckwhetherchildrenliveinthe catchmentareaforaparticularschool.Legislationdesignedtocounterterrorismhasbeenusedtodeal withpeoplesuchasantiarmstradeprotestorsandeventostoptrainspottersphotographingtrains. InrelationtotheCommunicationsDataBillthisisaverysignificantriskifauniversalsurveillance infrastructureisputintoplace,thewaysthatitcouldbeinappropriatelyusedarevastandmultifaceted. Whatisbuilttodealwithterrorism,childpornographyandorganisedcrimemightcreeptowardsless seriouscrimes,thenantisocialbehaviour,thentheorganisationofprotestsandsoforth.Furthertothat, therearemanycommerciallobbiesthatmightpushforaccesstothissurveillancedatathoseattempting tocombatbreachesofcopyright,forexample,wouldliketomonitorforsuspectedexamplesofpiracy.In eachindividualcase,theusemightseemreasonablebutthefunctionoftheoriginalsurveillance,the justificationforitsinitialimposition,andthebalancebetweenbenefitsandrisks,canbelost.Aninvasion ofprivacydeemedproportionateforthepreventionofterrorismmightwellbewhollydisproportionate forthepreventionofcopyrightinfringement,forexample. TherisksassociatedwithfunctioncreepinrelationtothesurveillancesystemsenvisagedintheBillhave anumberofdifferentdimensions.Therecanbecreepintermsofthetypesofdatagathered:asnoted above,thesplitbetweencommunicationsdataandcontentisalreadyonethatiscontentious,andas timeandusagedevelopsislikelytobecomemoreso,makingtherestrictionsastowhatiscontentlikely toshrink.Therecanbecreepintermsoftheusestowhichthedatacanbeput:fromthepreventionof terrorismdownwards.Therecanbecreepintermsoftheauthoritiesabletoaccessandusethedata:from thoseengagedinthepreventionofthemostseriouscrimetolocalauthoritiesandothers.Allthese differentdimensionsrepresentimportantrisks:allhavehappenedintherecentpasttolegislation e.g. RIPA andsystems e.g.theLondonCongestionchargeCCTVsystem . Preventionoffunctioncreepthroughlegislationisinherentlydifficult.Thoughitisimportanttobe appropriatelyprescriptiveanddefinitiveintermsofthefunctionsofthelegislation andanysystemsput inplacetobringthelegislationintoaction ,functioncreepcananddoesoccurthroughthedevelopment ofdifferentinterpretationsoflegislation,amendmentstolegislationandsoforth.Theonlyrealwayto guardagainstfunctioncreepisnottobuildthesystemsinthefirstplace:akeyreasontorejectthis proposedlegislationinitsentiretyratherthantolookforwaystorefineorrestrictit. 4Conclusions
356
ThepremiseoftheCommunicationsDataBillisfundamentallyflawed.Byitsverydesign,innocent peoplesdatawillbegathered andhencebecomevulnerable andtheiractivitieswillbemonitored. Universaldatagatheringormonitoringisalmostcertaintobedisproportionateatbest,highly counterproductiveatworst. ThisBillisnotjustamodernisationofexistingpowers,norawayforthepolicetocatchup.Itis somethingonawhollydifferentscale.Weascitizensarebeingaskedtoputahugetrustintheauthorities nottomisusethekindofpowersmadepossiblebythisBill.Trustisofcourseimportantbutwhat characterisesaliberaldemocracyisnottrustofauthoritiesbuttheiraccountability,theexistenceof checksandbalances,andthelimitationoftheirpowerstointerferewithindividualslives.Thisbill,as currentlyenvisaged,doesnotprovidethataccountabilityanddoesnotsufficientlylimitthosepowers: preciselythereverse. Evenwithoutconsideringtheissuesdiscussedabove,thereisapotentiallyevenbiggerflawwiththebill: itappearsveryunlikelytobeeffective.Thepeoplethatitmightwishtocatcharetheleastlikelytobe caughtthoseexpertwiththetechnologywillbeabletofindwaysaroundthesurveillance,orwaysto piggybackonotherpeoplesconnectionsanddrawmoreinnocentpeopleintothenet.AsDavidDavis MPputit,onlytheincompetentandtheinnocentwillgetcaught. Theentireprojectneedsathoroughrethink.Warrants orsimilarprocesses shouldbeputinplace beforethegatheringofthedataorthemonitoringoftheactivity,notbeforetheaccessingofdatathathas alreadybeengathered,ortheviewingofafeedthatisalreadyinplace.Amoreintelligent,targeted ratherthanuniversalapproachshouldbedeveloped.Noevidencehasbeenmadepublictosupportthe suggestionthatauniversalapproachlikethiswouldbeeffectiveitshouldnotbesufficienttojust suggestthatitisneededwithoutthatevidence,nortoprovideprivateevidencethatcannotatleast qualitativelyberevealedtothepublic. Thatbringsabiggerquestionintothespotlight,onethattheCommitteemightthinkisthemostimportant ofall:whatkindofasocietydowewanttobuildonewhereeveryonesmostintimateactivitiesare monitoredatalltimesjustincasetheymightbedoingsomethingwrong?That,ultimately,iswhatthe draftCommunicationsDataBillwouldbuild.Theproposalsruncountertosomeofthebasicprinciplesof aliberal,democraticsocietyasocietywherethereshouldbeapresumptionofinnocenceratherthanof suspicion,andwhereprivacyisthenormratherthantheexception.IsthatwhattheCommitteewould reallyliketosupport? Evenifyouenactthisbill,itwon'tworkthepeopleyoumostwanttocatchwon'tbecaughtbyitbecause themeanstoevadeitarealreadywellknown.Takethehint,dropit. August2012
357
Dr Peter Saul
IwouldliketomakejustafewcommentsonthisBill,Imsorrybutmyparagraphnumberingdoesnot linkwiththecommittees. 1 Ihaveseriousconcernswithrespecttoprivacy.ThisBillwillinvolveroutineintrusionintolaw abidingcitizensprivacy.Authoritieswillbeabletotrackwhoapersoniscontactingandwhen andoftenfromwhere.Theabilitytolookatwhichwebsitesarevisitedislikebeingabletotrack whichbooksandmagazinesapersonreads,againanimportantinvasionofprivacy. 2 Aknowledgeablepersoncouldcircumventproposedmeasuresbyusingproxyserversand overseasmailproviders.Reallybadpeoplewouldlikelyknowthisandonlylesssophisticated lowlevelcriminalsmighthavedatacaptured 3 IfoneacceptedtheneedtoreviewthisdatabytheauthoritiesIfeelthathigherlevelsofscrutiny andpermissionshouldbesought.Iwouldexpectatleastanapplicationtoamagistrateandfor theapplicanttoshowreasonablecausetoseekit. 4 ImnotsurewheretheHomeOfficegetsitsfigureforproposedsavings.Isuspectthatthe governmenthasdecidedthatitwillhavethisBillandsubmissionslikethishaveminimaleffect. Butifitdoesgoaheadandthesavingsdontcomepleaseensuretheyditchit. August2012
358
Dr Ashley Savage
Introduction 1. I make this submission in my capacity as lecturer in Law at Northumbria Law School, Northumbria University where I teach public law and information rights in employment. My doctoralthesis,completedattheUniversityofDurham,considersthepositionofCrownservants who leak official information or make whistleblowing disclosures and accountability of the executiveandcentralgovernmentdepartments.Considerablefocusisgiventotheprotectionof official information and the whistleblowing mechanisms available to employees in central governmentdepartmentsandtheintelligenceagencies. 2. ItcanbereadilyidentifiedthattheproposalscontainedwithintheDraftCommunicationsDate Bill are likely to interfere with an individuals right to respect for private and family life, enshrinedinarticle8ECHR.Whilstitmaybearguedthattheinterferencecanbejustifiedinthe interests of national security, or the prevention or disorder or crime or indeed any of the exceptionscontainedinart.8 2 ECHR publicauthoritieshaveclearobligationsfromtheinitial interferenceinobtainingthedatatothewayinwhichitisusedandstored.Publicauthoritiesare likely to be in breach of their obligations, rendering any interference disproportionate, where theyfailtoprovide:practicalandeffectiveprotectiontoexcludeanypossibilityofunauthorised accessoccurringinthefirstplace. 461Withthisinmind,myresponsewillfirstlyoutlineconcerns fordatasecurity.Itwillthenproceedtooutlinetheneedforrobustaccountabilityandreporting mechanisms. Finally, I note general concerns relating to the impact that the bill will have on freedomofexpressionandjournalisticsourceprotection. Concernsregardingdatasecurity 3. One would hope that procedures and systems will be put in place to safeguard the data from computer hacking. However, we should also consider the risk caused to such information by humanerror,lossortheft.InJanuary2008,theMODlostdetailsof600,000personsinterestedin joiningtheUKArmedForcesbytheMOD.InJuly2008newsreportsemergedthattheMODhad admittedthat658laptopshadbeenstolen,89lostand32recoveredsince2004and121memory sticks were unaccounted for. 462 Thirty five laptops were reported to have been lost at GCHQ resulting in concerns raised by the Intelligence and Security Committee in their 20072008 annualreport. 463Inthesameyear,amobiletelephonesoldoneBaywasfoundbythenewowner tocontainphotographsandinformationrelatingtoterrorisminvestigationswhichhadnotbeen deletedbythepreviousowner,anoperativeinMI6. 464 4. Detailedquestionsneedtobeaskedastohowtheinformationwillbestoredonceobtainedso that the risk of unauthorised third party access could be minimised. It is appreciated that, followingtheaforementioneddatalosses,theIntelligenceandSecurityCommitteewasprovided with assurances by the government that new controls had been implemented. Could these processesbeimprovedandshouldtheseassurancesbecheckedbeforethebillproceedsfurther?
461AccordingtotheEuropeanCourtofHumanRightsin 462
IvFinland Applicationno.20511/03 ,para47.
MODadmitslossofsecretfiles,BBCNewsWebsite,http://news.bbc.co.uk/1/hi/uk/7514281.stm
accessed15/11/09 .
463Cm7542. 464
MI6PhotosSoldonAuctionSite,BBCNewsWebsite,http://news.bbc.co.uk/1/hi/uk/7643374.stm
accessed15/11//09 .
359
5.
Where such important private information is at stake, we must ask whether, in appropriate circumstances, data losses should be dealt with by way of a criminal penalty. Section 55 Data ProtectionAct1998providesanoffencetoknowinglyorrecklesslyobtainingordisclosingdata. Furthermore,theinformationthattheCommunicationsDataBillproposestocoverislikelytobe protected by the Official Secrets Act, in particular s.4 which concerns crime and special investigationpowers.Section8oftheActmakesitanoffencewhereaCrownservantfailstotake suchcaretopreventanunauthoriseddisclosurethatapersoninhispositionoughttoreasonably take. Despite the number of data breaches of information which would be covered by the categories of information listed in the Act, to date, the offence has only been used once to prosecuteaseniorCivilServantwholefttopsecretdocumentsonatrain. 465
Concernsregardingaccountability 6. Theprocessofauthorisationcontainedinclause9oftheBillismostconcerning.Thedesignated seniorofficermaygrantauthorisationforthepurposesofaspecificinvestigationorfortesting the system. One must question whether clause 9 contains sufficient safeguards from abuse. Whilst any authorisation made must be necessary and proportionate this places a significant burdenontheseniorofficertomakethecorrectproportionalityassessmentwheretheindividual may have a vested interest in obtaining the information sought. Where disproportionate interferences do occur, the victim of the intrusion is unlikely to be aware unless he or she is contactedduringthecourseofaninvestigation.Itisacknowledgedthatbillprovidesforscrutiny by the Interception of Communications Commissioner, however, given the potential number of requests and the number of public authorities involved it will be difficult to maintain effective monitoring. If access to the provisions is expanded to include local authorities the scheme will become very difficult, if not impossible, to monitor effectively. 7. It is suggested that consideration must be given to the whistleblowing/ reporting mechanisms within the organisations concerned to determine whether they are sufficiently robust for employeestoraiseconcernsaboutabuseoftheprovisions.Regularindependentmonitoringand review of the mechanisms is needed by oversight bodies such as the Civil Service Commission forHMRC HerMajestysInspectorateofConstabulary forthepolice andtheIntelligenceand Security Committee for the Intelligence agencies . 8. Littleinformationisprovidedastothewhistleblowingproceduresavailabletoemployeesofthe security and intelligence agencies. Media reports and brief reference in hansard suggest that there is an independent staff counsellor. The Intelligence and Security Committee provided no officialacknowledgmentoftheindependentstaffcounsellorinitsannualreportsuntilits2007 2008 annual report when it discussed a new ethical counsellor available to employees of the SecurityService.Itmaybethattherespectivecounsellorsareveryeffectiveandaretrustedby the employees, yet, effective oversight of these roles is needed by the Intelligence andSecurity Committee. Procedures should be in place to allow employees from all public authorities who wouldhaveaccesstotheprovisionscontainedinthebilltodirectlycontacttheInterceptionof Communications Commissioner. At present it is not known whether there are procedures or protocols in place for the Commissioner to receive concerns from employees. 9. Consideration must also be given to theemploymentprotection employees mayreceive if they choosetoraiseconcerns.Policeofficers,employeesinSOCAandHMRCwouldreceiveprotection for raising concerns under the Public Interest Disclosure Act 1998 provided that they do not breakthelawindoingso.TheInformationCommissioneriscurrentlyincludedasaprescribed
465465
RvJackson. unreported CivilServantFinedforleavingdocumentsonTrain,Independent,28th October2008.
360
person designated to receive whistleblowing concerns. At present, the Interception of Communications Commissioner is not designated for this purpose, meaning that it would be more difficult for individuals to receive protection for raising concerns to the Interception of Communications Commissioner because the evidential requirements are harder to satisfy. Employees of the Security and Intelligence services currently do not have access to PIDA, thus reducing the incentive to raise concerns. 10. Employees of the four main bodies will likely face prosecution if they raise concerns about wrongdoingtothegeneralpublicwheretheinformationdisclosedbreachestheOfficialSecrets Act1989.InareportoutliningbestpracticeforintelligenceservicestheSpecialRapporteuron the promotion and protection of human rights and fundamental freedoms while countering terrorismidentifiedsuggestedthatprotectionsfromreprisalshouldextendtodisclosuresmade tothemediaorthepubliciftheyaremadeasalastresortandpertaintomattersofsignificant public concern. 466 Currently, the United Kingdom falls short of this ideal, however while the optionofpublicdisclosureremainsunavailablefortheseemployeesitisvitalthattheeffective accountabilityandoversightmechanismsareinplacewhichofferdirectaccesstoraiseconcerns. Generalconcernsregardingarticle10ECHR 11. Retentionanduseoftrafficdataislikelytohaveanimpactontherighttofreedomofexpression, safeguarded by article 10 ECHR. The nature of the proposed retention and monitoring can be likenedtoBenthamsPanopticon.Individualswhowouldotherwisebecriticalofauthoritymay feelinhibitedfrompoliticalexpressionforfearthattheyarebeingwatched.Atpresentthebill does not contain adequate safeguards to ensure that freedom of expression will be protected. 12. Itwouldappearthatnosafeguardsareinplacetoensuretheprotectionofjournalisticsources. The Strasbourg court has consistently applied a high standard of protection identifying that potential sources will be deterred from assisting the press to inform the public on matters of concern. 467 There is no question that the proposals will act as a chilling effect on journalistic sources.Theemphasisoncommunicationsdataratherthanthecontentofthemessageswilloffer little hope public authorities will still be able to determine which individuals have contacted journalists and when. This will present a more attractive alternative than obtaining a search warrant under the Police and Criminal Evidence Act which provides safeguards for journalistic material. This deficiency could be rectified by adding additional requirement as part of the authorisation process currently contained within clause nine. It would require a degree of knowledgethattheindividualinquestionisajournalistorisinvolvedinjournalisticactivity.A fundamentalflawintheproposalsisthatitwouldbenearimpossibletoprotectallindividuals engaging in journalistic activity, particularly those involved in blogging or other forms of web basedmedia. FurtherInformation 13. IwouldbehappytoprovidefurtheradviceorassistancetotheCommitteewhererequired. August2012
466ReportoftheSpecialRapporteuronthepromotionandprotectionofhumanrightsandfundamental
freedomswhilecounteringterrorism,MartinScheinin,Compilationofgoodpracticesonlegaland institutionalframeworksandmeasuresthatensurerespectforhumanrightsbyintelligenceagencies whilecounteringterrorism,includingontheiroversight 2010 ,Practice18.http://daccessdds ny.un.org/doc/UNDOC/GEN/G10/134/10/PDF/G1013410.pdf?OpenElement 467SeeforexampleGoodwinvUK 1996 22E.H.R.R.123,para39.
361
Robbie Simpson
Mysubmissionprimarilyaddressestechnicalfactorsandpotentiallimitationsoftheproposals.Thisisin keepingwithmybackgroundasastudentandresearcherinComputingScience Ishoulddeclarethat whileIhavestudiedmanyaspectsofsecuritythatnetworkingisnotoneofmymainareasofinterest . SectionAprovidesanoverviewanddiscussesthedifficultyofseparatingcommunicationandnon communicationtraffic.Itaddressesquestions22,23and24ofthecallforevidence. SectionBdiscussestheproblemofseparatingcommunicationsdataandcommunicationscontent.It addressesquestions22and23ofthecallforevidence. SectionCaddressestheproblemofinterceptingencryptedtraffic.Assuchitmayaddressquestions25 and26ofthecallforevidence. SectionDaddressthefeasibilityofstoringcommunicationsdata.Itaddressesquestion22ofthecallfor evidence. A.Technicalfeasibilityofinterception Currentlawsprovideastrongframeworkforthegovernmenttoaccesscommunicationsdataheldby organisationsthatareeffectivelyboundbyUKlaw;entitieslocatedintheUKorentitieswithassets withintheUK,entitiesperformingbusinessintheUKetc.Currentlawdoesnotprovideaneffective methodtoensurecompliancebyentitieslocatedoutsideofUKjurisdiction,andattemptingtodirectly obtainlegalcontroloversuchentitiesiseffectivelyimpossible. ThisdraftbillinsteadintendstoobligecommunicationsprovidersoperatingintheUKtostore communicationsdatabetweenUKentitiesandoverseasproviders.Inpracticethiswouldinclude telephoneprovidersmaintainingrecordsofcallsmade,andinternetserviceprovidersholdingrecordsof trafficbetweentheircustomersintheUKandcomputersystemsoverseas. Itismybeliefthatsuchaschemeistheoreticallypossiblebutwouldencounteranumberoftradeoffsthat wouldmakeiteithertechnicallyinfeasibleorofincrediblylimiteduse.Keyissuesincludethedifficultyof identifyingcommunicationsofinterestfrombackgroundtraffic,difficultiesinstoringthisinformation andinseparatingmetadata socalled`communicationsdata' fromcontent 'communicationscontent' . Theissueofdealingwithencryptedcontentmustalsobeaddressed. ThefirstissueIwilladdressisthedifficultyofidentifyingcommunicationsofinterestfrom communicationstrafficinanefficientmanner.Allowustosupposethatanordertoobtain communicationsdatahasmadeinregardtoaspecificindividualundertheprovisionsofthisAct.Letus thenconsiderthepracticalimplicationsfromthepointofviewofaninternetserviceprovider. AccordingtoOFCOMtheaverageinternetuserintheUKdownloads17gigabytesofcontentpermonth. Thisisnotafairreflectionofthetotaldatatransferred,asitomitsuploadshoweveruploadfiguresare normallyconsiderablylowerthanthecorrespondingdownloadusage.Combined,atotaltransferofabout 20GBpermonthseemsareasonableapproximation. VerylittleofthiswillbecommunicationsdatainthesenseofthisAct.Someofitwillbeentirely automatedcommunicationsthatformpartoftheinfrastructuretheheadersofHTTPpackets,Domain NameServerlookupsandmanymoresimilarsystems.Themajorityofthedatawillprobablybemadeup oflargemediaobjectsstreamingvideoorradio,orthedownloadingofapplications.Muchwillbe impersonalwrittencontentblogs,newspapers,howtoguides.Thisleavesverylittlethatislikelytobe communicationsintheintentofthisActpersonalcommunicationsbetweenentities,beitintheformof emails,instantmessaging,voiceconversationsetc. Performinghighlysensitiveanalysisofallthisdataisclearlyinfeasibleduetothelargeamountsofdata thatwouldbeneededtoprocess.Itisnotdifficultinpracticetoseparateoutthedifferentformsoftraffic describedabove,andhenceisolatethecommunicationsworthyoffurtherinvestigation.However,this processcannotbeperfect.Itisentirelyfeasibletohideimportantcommunicationswithinnon
362
communicationsdata.Thetechniqueofstenographyiswellknownhidinginformationwithinimages. Moretechnicalapproachesareentirelypossible,andwewillelaborateone. DomainNameServersareusedtomapwebaddresses e.g.www.google.com toIPaddresses e.g. 130.209.240.151 sothattrafficcanberouted.Thisprocessoccurseverytimeacomputerattemptsto reachapreviouslyunknownwebaddress.Thiscaneasilybeusedtotransmitmessages.IndividualAcan sethiscomputertouseaserverinthecontrolofOrganisationBasaDNSserver.IfAthenattemptsto accesstheURLbombplantedatX.comhiscomputerwilltransmitthisURLtoB'sserver.Thiswillappearas perfectlylegitimateinfrastructuretraffic,butBcanlocatethismessageinthelogsoftheirserver. ThiswouldbealmostimpossibletodistinguishfromnormalDNStrafficwithoutusingthemostelaborate ofclassifiers,andsuchclassifierscouldnotpracticallybeappliedtothefullrangeofnetworkdata producedduetothesheersize.Similarlogicdoesofcourseapplytohidingmessageswithinimages,video orindeedanyobjecttransferredoverthenetwork. Thisallowstometoproposethefirsttradeoffensuringthatallpotentialcommunicationsare discoveredwithoutrequiringincrediblyexpensivesystems.Itappearstomethatanysuchsystemwould eithercostconsiderablymorethanthe1.8billionproposed,orwouldprovidetoomanyformsofevasion tobepractical. B.Feasibilityofcontentanddataseparation Akeyplankoftheproposedbillistheseparationofcommunicationscontentfromcommunicationsdata whichIshallrefertoas'metadata',asisstandardintheliterature .Thebillisrighttohighlightthis difference,andnotjustbecauseofthelegalpositionofmetadatabeinglessprivilegedthancontent. AttemptingtostoreandanalyseallcommunicationscontentwouldbepracticallyimpossibleCisco reportsmonthlyinternettrafficintheUKof844petabytesasof2011.844petabytesofstoragewould costabout200millionusingcurrentstoragetechnology.Theseproposalsthereforeareinfeasibleunless aneffectiveandefficientmechanismforseparatingcontentanddatacanbedeveloped. InsectionAIhavealreadyoutlinedhowcommunicationscontentcouldbehiddeninseveralformsof normaltraffic,andputforwardmyopinionthatitisnotpossibletodetectthisto100%accuracy. However,Iacknowledgethatthegovernmentmaybesatisfiedwithahighbut 100%coverage,soIwill discussamoreconventional ifsomewhatstereotypicalexample . PersonAisamemberofajidhadistcellbasedintheUK,whilepersonBisajidhadistleaderoperatingout ofSaudiArabia.TheycommunicatebyexchangingemailsonaPakistanbasedwebmailsystem.For simplicityweassumethatconnectionstothiswebmailsystemarenotencrypted. AuthorisationunderthisacthasbeengrantedtointerceptthecommunicationsofA,andhisISPis recordingthetrafficbetweenhiscomputerandthewebmailsystem.Thiscommunicationisintheformof HTTPtransfersforpagesstoredinthewebmailserver.Theresponseisawebpagecontainingthe layoutofthepage,styleinformation,linkstoaccessotherpagesonthesystemandthecontentofemails themselves.However,theseparationoftheseelementsisnotneatandwillvarydependingonthe softwarerunningthewebmailsystemanditsconfiguration.Thereisintheoryaninfiniteamountof possiblecombinationsofcontent. Thedifferencebetweenemailcontentandothercontentonawebpageisquiteaneasytaskforhumansto performwedoiteveryday.Itisnottrivialforacomputertoperform,especiallywhenwedesireboth speedandaccuracy.Forourpurposeitmustbe100%accurateastheauthorisationgrantedbythisbill onlyallowsinterceptionofmetadata,notcontent.Isitpossibletodevelopacomputerisedclassification systemthatcanseparatecommunicationsandcontentonanunknownwebpagewith100%accuracy? Theanswerisclearlyno. Thesamegoesformanyothertypesofcommunication,includingthoseoutlinedinsectionA.Theold certaintyofphonecommunications,wherecallmetadataandcallcontentwasseparatedonotapplyhere. Fromaninternetserviceproviderspointofviewallcommunicationsarejustdatapacketstoberouted fromonecomputertoanotherandtheprotocolswithinthesepacketsneednotbeeitheropenor
363
documented.Thisleavesusinatrickysituationifweaimtointerceptapacketbetweentwocomputers howcanwepossiblyseparatemetadataandcontentifwedonotknowthespecificationofthedata within?Wecannot. Ametaphormayassistthisisakintoopeningeverylettersentinthemail,onlytodiscoverthateach lettercontainsthousandsofwordswritteninoneofathousanddifferentlanguages.Touncoverthe differencebetweendataandcontent oreventhefinaldestinationoftheletter weneedtolearnto understandalltheselanguageswithoutreadingthecontentoftheletters. C.Feasibilityofdecryption Sofarwehavenotconsideredthecasewherecommunicationsareencrypted ratherthanhidden . Encryptioncannothidetheintermediatedestinationofanyinternettraffic,asthatmuststoredin cleartextsothepacketcanbeforwarded.Thefinaldestinationofthetrafficcaneasilybehiddenthough, withthenextstepbeingdecodedoncethepacketarrivesatthenexthop.Thisishowtheinternetworks apacketmayleaveLondonboundforAmsterdam,andonarrivalinAmsterdambeforwardedtoNew York,andthenonwardstoMexicoCity.Thiswholeprocesstakesonlyafewseconds,anditisnotalways clearwhatthefinaldestinationis. However,letusfocusononecommonformofencryptiontheuseofsocalledVPNtunnels.Thesehave becomepopularforthoseinvolvedintheillegaltransferofcopyrightedmaterial,aswellasotherillegal activities.InthissystemaserverlocatedoutsidetheUK usuallyinacountryconsideredtohavestrong protectionsfromgovernmentinterception,suchasSweden isremotelyconnectedtofromwithintheUK overanencryptedconnection.WhentheuserwithintheUKaccessestheinternettheoutsideworldsees theirconnectionasoriginatingattheSwedishserverwhiletheirUKISPseestrafficgoingtotheSwedish server,buthasnoideawhereittravelsfromthereonwards. UnlessthisencryptionisbrokenthisBillcanhavenoeffectitisnotpossibletoidentifywhoisbeing communicatedwith.Butbreakingencryptionisnontrivialtheopennatureofresearchinthisfield meansthattheaverageuserhasaccesstothesameencryptionalgorithmsusedbysecurityservicesand multinationals.Anentirelystandardandstraightforwardencryptionalgorithm:RSAencryptionwitha 1024bitkeyhasneverbeenbroken.Manytechniquesexistthatexploitweaknessesinimplementation, butwellimplementedencryptionisunbreakable.KnowingthisthereareprovisionsunderRIPAtoforce thedisclosureofencryptionkeyswithseveralpenaltiesfornotbutinsomecasesitmaybeeasierto takethepenaltyforfailingtodisclosekeysthantorevealevidenceofterrorismorpaedophilia. D.Technicalfeasibilityofstorage Thisdraftproposesthatallcommunicationsdatawouldbestoredforaperiodof12months.Ihave alreadyoutlinedthedifficultiesofseparatingdataandcontent,whichmakesquantifyingtheamountof datatobestoreddifficult.Thereforeweneedtothinkintermsofoptionsandtradeoffs. Ifwedecidethatstoringthemaximumpossibleamountofpotentialcommunicationsdataiskeywe wouldneedtostorealltheInternettrafficpassingthroughtheUKwithinthat12months.Asoutlinedin partB,thisamountstoaround10000petabytesor10exabytes.Asystemcapableofstoringthisamount ofinformationwasrecentlyannouncedbytheAmericancompanyCleversafe,andreportersestimatedthe purchasecostofsuchassystematover$1billion.ActualcostsintheUKwouldlikelybemuchhigher,as datawouldbestoredbyindividualserviceprovidersandnotpooled,reducingeconomiesofscale. Alternatively,letusassumethatasystemexiststhatcanextractusefulcommunicationsdatawithahigh levelofaccuracy,andthereforeweneedonlystore1%ofinternettrafficamere100petabytes.A scientificprojectinAustraliaaimstostorethisamountofdataforaround40million,althoughonceagain thisisacentralisedsystemandnotseparatestorage. Itappearsthatstorageisperfectlyfeasibleaslongasonlyasmallpercentageofoverallinternettraffic mustbestored.However,itisimpracticallyexpensivetostorecommunicationsifcontentanddatacannot beaccuratelyseparated.
364
Onefinalnotewhilethecostofstoragewillundoubtedlydecrease,historyshowsusthatinternettraffic willincreaseatatleastthesamerate.Weshouldnotbefooledintobelievingthattimewillmake infeasibleproposalsmorefeasible. August2012
365
Richard Smith
IwouldliketosubmitevidenceinlinewithoneofthequestionsposedbytheJointSelectCommitteeon thedraftcommunicationsbill. Mycredentialsarethefollowing: Individual: BSc1stinComputerScienceEdinburghUniversity Corporate: DirectorofaSmallWholesaleBusiness 20staff whosmaincountryofsupplyisChinaandwhouses manyofthetechnologiesdescribedbelowtoprovidesecureandunmonitoredcommunicationswith suppliersandcontactsinthiscountry. Ihavechosentoprovideinformationrelatedtopoint25asIbelieveitisoneofthemostimportant questionsasifatechnologydesignedtocatchthefewbutmonitorthemanycanbecircumventedwith easebythefewthenwhatbenefitsdoesithavetothemany?
Itwillbeincredibilityeasytocircumventthemeasuresinthisbillinthefollowingways: Ausermaycreateanencryptedconnectiontoa3rdparty outsidethemonitoringproposedin thisbill whointurnmakestherequestsforthemandpassestheinformationbacktothem.In thiscasethesystemproposedbythisbillwillonlyseethattheusercreatedsomekindof encryptedconnectionbetweentothe3rdpartyandnothingmore.Examplesofthisinusetoday areanykindofVPN mostbusinessintheworldwhohaveemployeesoutsidetheirmainoffice usethistechnology ,anysecuretunnelforwebdatae.g.asshtunnel. Thecostofsuchaservicerunstotheturnofafewpoundsamonthandoneservicecanbesharedwitha largenumberofusers Ipersonallyhavewebhostingformypersonalwebsitewithacompanyoutside theukwhoofferunlimitedsshaccountswhichanyusercouldencrypttheirtrafficthough.So theoreticallyIcouldoffertheentireoftheukanonymityfromthisbillfortheoneofcostoflessthana yearlytvlicence. TherealworldexamplesIofferofthisarethatmostofmynonteksavybusinesscontactsandfriends wholiveinChinausethistechnologyeverydaytoaccessbannedsitessuchasfacebookandyoutubeand manyuseittoaccessusefulservicessuchasgoogleapps. Anyuserwhousesawebsiteoverssl thisisthepadlockorgreenbaryougetwhenyouconnect toyourbankoranyonereputableonlineshoporemailservice willbeprotectedfromthevast majorityofmonitoringofthiskindwithoutevenknowingitorhavingtochangetheirwebhabits whatsoever. Anywebsitewhichdisplaysthispadlockorssltechnologyisalsocreatinganencryptedtunnelbetween theuserandthesiteinquestionsoasinpoint1themonitorwillonlybeabletoseetheyvisitedthis websiteandnothingastowhattheuserwasdoingonthiswebsite.Forexampletheycouldseeyou visitedhttps://www.hotmail.combutnothingelse.Ifthissiteisofferingwebmailsuchashotmail,yahoo orgmailandtheuserissendingemailsthoughtheirservers whichiflocatedoutsidetheUK thisbillwill havenoeffect. FurthermoreIbelievethispointincentivesuserstouseandpassdatathoughservicesinothercountries whocouldpotentiallybemonitoringthesecommunicationsthemselvesthereforeprovidingthemwith informationratherthantheUKgovernment.Alsoitwillincentivisecompaniestomovetheirdatasites outoftheUKtocountrieswithlessrestrictiveandintrusivelawswhichinturnreducessecurityforthe UKnottomentionjobsandinvestment. TheuseofsoftwaresuchasTor www.torproject.org willallowanyusertobrowsetheweb
27. HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill?
366
anonymouslyoutofthereachofthisbill.Thisisstandalonesoftwarethatcanbeinstalledand runonanycomputeratafewclicksofabutton. Anywouldbecriminalcanemployanyoftheabovetechnologiesandmanymoretogetaroundthisbill. Anyorganisedcriminalactivitywillsurlyadoptthesetechniquesveryquicklyifsuchabillispassed. Thesetechnologiesalsohaveverylegitimateusessocannotbealsomadecriminalwithanylevelofease. AssuchasthisbillstandsIconsideritwoefullyinadequatetodealwiththiskindofcrime.Atthesame timeIconsiderittobemonitoringonascaleunprecedentedinUKhistoryandoffersseriousrisksifthe datarecordedfallsintothewronghands. Iwouldgladlycommentonmanymoreofthepointsraisedandwilldosoifthesubmissiondateis relaxed.IfthecommitteewouldlikeIamwillingtoprovidemoreevidencewithreferencesandexamples ofusetoanyofthepointsmentionedaboveaswellasanyotherpointsontechnicalandbusinessimpacts ofimplementingsuchalaw.Ibelievethathavinghadaneducationcoveringalmostallaspectsofthe implementationofthistechnologyaswellashavingbusinessexperienceinoperatinginacountrythat employeeslawsverysimilarandinmanycasesmorerigorousthanthoseproposedinthisbillgivesmea goodinciteintohoweffectivelythislawwouldfunctionifputinplace. August2012
367
Robert Smith
General: 1. HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? a. No,theexcusefightingterroristsisrubbish.Theressomethingthattendstoidentify terrorists,theyareMuslims.TheentirepopulationoftheUKisnotMuslim yet ,ergo thecorrectdecisionwouldbetoonlymonitorthosebelongingtothatreligiousgroup.Of course,thisgovernmentisasspinelessanddirectionlessasthelastlotandcantbeseen tobepickingonanyminority,preferringtoobliterateanyideaprivacyforallofits citizens. 2. HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthe draftBill? a. Absolutelynot!ItsblatantlyclearthattheprocedureofapproachingaJudgewith sufficientevidencetoissueawarrantwilldoexactlywhatisrequired.Ofcourseit impliesthatoursecurityagenciesandgovernmentarentincompetentbuffoonsand actuallyhavesomeevidence. 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? a. Howaboutthestrawthatbrokethecamelsback?Yourebringingaboutatotalitarian stateseeminglywithgayabandon.ItsgoodthatyouacknowledgethatCommunications DataBillisnottheonlywaythegovernmentintrudesintoitscitizensprivacythough. Howaboutmakingabiglistandpublishingit,justsoeveryoneknowswhatyoureupto? 4. Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? a. ImsureastudyofNaziGermany,BasathistIraqandStalinistRussiawouldbevery usefultoyou. 5. Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? a. Thefactthisquestionexistsimpliesthatthebillisgoingtogetpushedthough regardless.Iproposeyoudont!Idohaveapointtomakeaboutthecosthowever: Ultimatelyitdoesnotmatterwhichtechniqueisused,itsyourcitizensthatwillbemade tofootthebill,whetheritsthoughtheirtaxcontributionsbeingredirectedtothis shambleorforcingtheISPstopayforit.TheISPswillpassthecostontothecustomer. 6. ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesof legislationinterrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthat governstheretentionofcommunicationsdata? a. Idgooneoverreachingpieceoflegislation.Thatwayitwillbeeasierforthepolitical partythatgetsvotedinafteryoulottooverturnit. 7. IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasures thatcouldbescrappedasaquidproquotorebalancecivilliberties? a. Nothing,absolutelynothingisessentialinthisbill,allofitshouldbescrapped. 8. WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUK asalessattractivebase.Whatmightbetheeffectonbusiness? a. Ofcourseitwill,whowillwanttohavetoconformtostoringpetabytes possibly exabytes ofdata?GiventhechoiceIwouldnotsetupanISPbusinessifIhadtooutlay extramillionsfordiskstorageandpresumablyacompatibleDMSinorderforthedatato bequeried.Thewholethingwillstifleanyhopeofeconomicrecoveryyoulotarefailing toengineer. Costs: 9. Istheestimatedcostof1.8bnover10yearsrealistic?
368
Illanswerthisquestionwithaquestion.SincewhenhasamajorITdevelopment instigatebythisoranyothergovernmentcomeinontimeandunderbudget?Now comparethatwiththefailures,suchastheNHSsystem.Ithinkyoullhaveyouranswer. However,neverbeingonetounderestimateanypoliticalpartysabilitytolackanyform ofcomprehensionwhencomestoanythinginvolvingcomputers:Ofcourseitwontbe enough!Illlayoddsnowthatyoullhit1.8billioninsixmonths! 10. TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? a. Noofcourseitsnot;youllgomassivelyoverbudget,negatinganyperceivedbenefits. Youwillhaveforgottentofactorinelementssuchasthefundingforthepolicingbody thatmonitorsforandpunishesmisuseofthedatabypoliticalpartiesorthecivil servantswithaccesstoit.Youknow,liketheonethatchecksthatlocalcouncilsarent misusingRIPApowers.Forstufflikebarkingdogs,noisychildren,illegalfishingor offencesundertheWeightsandMeasuresAct.AllveryimportantagainsttheWaron Terror. Scope: 11. Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate? DotheysensiblydefinethescopeofthepowersinthedraftBill? a. Probablynot,thesethingsrarelyare.HoweverImhopingsomeidioticloopholehas beenleftinsothatsallImgoingtosayonthematter. 12. WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? a. Noneofthem,itshouldnotbeavailableinthefirstplace! 13. Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? a. Onceagain,Igetthefeelingthisbillisgoingthroughregardless.Allthiseffortexplaining toyoujusthowstupidyouarewillbewasted. UseofCommunicationsData: 14. Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? a. Therearenocircumstancesthistypeofdatashouldbeaccessedwithoutawarrant issuedinacourtoflaw. 15. Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? a. Toolong,shouldbe0seconds. Safeguards: 16. Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.How should"designatedseniorofficer"bedefined?Isthissystemsatisfactory?Arethereconcerns aboutcompliancewithArticle8ECHR? a. ThedesignatedseniorofficershouldbedefiledasaJudgeinacourtoflaw,who providesawarrantoncesufficientevidencehasbeenpresented. b. Article8ECHR:Yes,thereshouldbeconcern,yourbasicallydefecatingonitfromagreat height.Thewordinghasbeendeliberatelymisinterpreted;itsridiculoustoarguethat theoriginalintentionofthiswordingwouldallowtheblanketsurveillanceoftheentire countriescitizens.Ofcoursetheresaworldofdifferencebetweenconcernandactually doinganythingaboutitisntthere? 17. Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapply toallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe?
a.
369
Hellyes,awarrantissuedbyajudgeforANYONEwantingaccess.Theimplicationwould bethatyoulothavetopresentsomeevidencefirst,whichwouldimplythatsomeone wouldbedoingtheirjobforonce. 18. IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformation Commissionersensible? a. Whyproposethemiftheyarenotsensible?Reallywhy?Itsalegitimatequestion. ParliamentaryOversight: 19. ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBill satisfactory? a. Ofcoursetheyarenot.Andtheyneverwillbe. Enforcement: 20. Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomply withtherequirementsofthedraftBill? a. Theyarenodoubttotallyoverthetop,Irecommendasternlywordedletter. 21. Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforin thedraftBillamounttoanoffence? a. No,thepenaltyshouldbeincarcerationforlifefortheindividualandalloftheir superiors.Withnochanceofappealorrelease.AndyesIambeingserious. Technical: 22. Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapture communicationsdatareliably,storeitsafelyandseparateitfromcommunicationscontent? a. No,itspossibletoencryptandhidedatainsomanywaysthattheISPswillneverbeable todoit;theywillhavetocaptureeverythingandleaveittoyouMuppetstotryandwork outwhatscommunicationsandwhatsnot.Inotherwordsyouregoingtoendupwitha huge andImeanhuge pileofdatawhosformatwillprobablydifferfromISPtoISP thatyoullneverbeabletofullynormalise.ThinkofallthedataonFacebook,multiplyit byahundred,stickitinablenderandpresto!Thatwillbetherealityofwhatyoure dealingwith.Anygenuineterroristknowsthisandknowshowtohidetheirdata,the onlypeopleyouwillevercatchwillbetheonesthatareasthinkaspigpooandhave alreadyleftatrailamilewideforpeopletofollow. 23. Howsafelycancommunicationsdatabestored? a. Itcantbe,eveniftheimpossiblehappensandaccesstothisdataisnotmisusedfrom within,itwillstillbehackablenomatterhowsecureyouthinkitis.Ifhumanscanaccess it,thentheycanbetricked.Byitsverynatureitwillneedaccesstotheinternet.And rememberthatthehardwareitselfcouldbevulnerable,SergeiSkorobogatovstill maintainsthatabackdoorhasbeenfoundinChinesechipsusedbytheUSmilitary.I wonderhowmuchoftheUKsinternetinfrastructureisbuiltusingChinesehardware? 24. Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? a. NO!Seeanswertoquestion22. 25. HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? a. Nocomment. 26. Arethereconcernsabouttheconsequencesofdecryption? a. Ipredictasharpriseintheuseofencryptionshouldthisabortionofabillcometopass. Theconsequenceisthatmorehardwarewillberequiredtodecryptit,drivingupcosts massively itscomputationallyexpensivetodecryptsomething .Iimagineitwillmakea mockeryofanycarbonfootprinttargetstoo. Ifyouvegottotheend,welldone,Ifullyexpectedforthistohavebeenbinnedbeforenow.
a.
370
Illleaveyouwiththisfinalthought,youputthroughthisbillandtheleastyoucanexpectisthelossof myvote.Iintendtobeasvocalandasactiveaspossible whilestayingwithinthelaw ingettingthis billoverturnedandremovingtheconservativesfrompowerforalongaspossible. Ifyoucareaboutthiscountry,askyourselfthis. AssumingyouhadparentsorgrandparentsthatfoughtinWWII,whattypeofworldwherethey fightingtoavoid?Howmuch,nowdoesthiscountryresembletheregimethatwasdestroyedduring thatbloodywar?Ifyoucantseetheparallelsthenyouatraitortothiscountyandatraitortoyour ownfamily,dontdestroyanymoreofourhardwonlibertiesplease. August2012
371
SOCA
GENERAL: 1. HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? Yes. The Serious Organised Crime Agency SOCA is tackling seriousand organisedtransnationalcrime ata timewhentherehasbeenanexplosionofcommunicationmeansandservices,manyofthemfacilitated bytheinternet.AshortanalysisoftheissuesthatSOCAandotherlawenforcementbodiesfaceduring investigationsthatseekinformationfromcommunicationsdata CD isexploredfurtherinthepaperon theuseofandchangesincommunicationstechnologyatAnnexA. SOCAs understanding of the scope of the draft Bill is that it will ensure law enforcement can maintain accesstosubscriberdata,trafficdataandservicedatainverymuchthesamemannerasitcurrentlydoes, but that the data retained by Communication Service Providers CSPs will reflect the changes in technologyandthusincludeinformationrelatingtocommunicationssentusingtheinternet. 2. HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedin thedraftBill? Yes. It is important to distinguish between obligations to retain data and rights to access it. The draft bill createsapowerthattheSecretaryofStatemayusetomandatetheretentionofCDthatisnotcurrently subjecttotheDataRetentionRegulations.Thisisanewpower.However,itwillensurethatthequality and coverage of CD available to public authorities is maintained at the current level with mobile networks.TherearenonewpowerstoobtainCDbypublicauthorities;thepowersinChIIofthedraftBill arealmostidenticaltothosecurrentlyinRIPA,withaminoradministrativechangetoplacethefocuson assessingtheprivacyimplicationsofrequests,ratherthanthelegalformusedtosecurethedata. SOCA believes that the draft Bill will enable the agency to maintain its capability to obtain CD in the dynamically changing technology environment. A growing and particular challenge is obtaining data whichmaynotbeheldbyaCSPbecausethereisnocurrentbusinessneedforittoberetained,orthat dataisheldbyCSPsbasedoverseasandthereareobstacles,especiallyintermsoftimelyacquisition,in acquiringrelevantinformation. 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusioninto individualsprivacy? SOCAunderstandsthatthedegreeofintrusionintoindividualsprivacymaintainsthatofthecurrentCD acquisitionlegislationandintheconsiderationofeachapplication,thefullassessmentofthebenefitsof obtainingdataagainsttheintrusionsofprivacyaremadeinaccordancewithArticle8ECHR. SOCA,alongwithotherlawenforcementagencies,conductsinvestigationsusingabroadrangeofovert and covert techniques. In order that SOCA can minimise the impact on an individuals privacy, the operational strategy devised by the investigating officer must consider the proportionality of every technique that is deployed, and also assess the aggregated proportionality of all techniques deployed through the life of the investigation. The acquisition of CD is the least intrusive of covert investigative techniques:itisfocusedandcanreducetherelianceontraditionalresourceintensive,moreintrusiveand expensivetechniquessuchasmobilesurveillanceanddeploymentofcoverthumanintelligencesources. 4. What lessons can be learnt from the approach of other countries to the collection of communicationsdata? ThecommunicationslandscapeintheUnitedKingdomissignificantlydifferentfrommostofEuropeand the rest of the world. The commercial provision of infrastructure and services by a wide variety of organisationshasseenthecostofaccessreduceandthetakeupbyprivatecitizensriseexponentially.UK law enforcement therefore faces a more complex task in obtaining CD and has no obvious overseas partner against which it can either compare or benchmark the manner in which it currently operates. ThisfactoriscompoundedbytheverydifferentlegalsystemsfromthatexperiencedintheUK egcivil code,ornonECHRcommonlaw .
372
Duringcollaborativeinvestigationswithoverseaspartners,SOCAhasobservedthatseveralEuropeanlaw enforcement organisations have a relatively low authorisation level for access to CD. In one country, accesstosubscriberdatacanbeselfauthorisedwithdesktopaccesstotheCSPdatabase. 5. Are there any alternative proposals withregard to the technique and cost of obtaining communicationsdatathattheGovernmentcouldconsider? SOCA and other law enforcement partners have worked closely with CCDp to consider a number of alternatives,whichhaveallbeenassessedtobetoosensitive,toocostlyortechnicallyimpracticalandwe considerthischangetolegislationasthemostappropriateresponsetothetechnologychallenge. 7. IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyother measuresthatcouldbescrappedasaquidproquotorebalancecivilliberties? SOCAdoesnotconsiderthistobeanadditionalpowerforlawenforcement.Theeffectiveinvestigationof crimeisitselfpartofsafeguardingcivilliberties.Thenewbillrepresentsareturntothepreviouslevelsof coverage experienced when communications were primarily via voice and textmessage telephony. All thesamechecksandbalancesforobtainingCDremain. COSTS: SOCAisnotdirectlyengagedwithcostsrelatedtoimplementationoftheBill. However,thebenefitsthatSOCAgainfromthedeploymentofhighlyfocusedCDacquisitionshouldnotbe underestimated.Gatheringofevidencetoprove/disprovecriminalconspiracythroughuseofCDwillbea cheaper financial cost than more staff intensive investigative methods, and will carry significantly less operational risk than more intrusive covert techniques. Further, the timely use of CD during crimes in actionsuchaskidnaporthreatstolifewillleadtoswifterresolutionofanoperation.Theaveragecostof amurderinvestigationis1.8M;swiftinterventionthereforesavesnotonlylives,butconsiderablesums forthepublicpurse.In2011,SOCAwasinvolvedin240operationsofthisnaturewithnolossoflife;the costoffullmurderinvestigationsforallthesecaseswouldapproximateto432M. SCOPE: 12. WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? SOCA believes the draft Bill should maintain the current provisions under RIPA acquisition of CD. The requirementfornewlegislationisdrivenbytheexternaltechnologychangesandshouldnotaffectwho has access to CD. The issue of SoS amendment by Orders already exists within RIPA and should be maintainedwithinthenewlegislation. USEOFCOMMUNICATIONSDATA: 14. Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? Bydefinition,SOCAusesCDforthepurposeofpreventingordetectingcrime. SOCAsfunctionsareset out in the Serious Organised Crime and Police Act 2005 SOCAP and in relation to civil recovery functions intheSeriousCrimeAct2007.Theyaretopreventanddetectseriousorganisedcrimeandto contribute to its reduction in other ways and the mitigation of its consequences, and to gather, store, analyse and disseminate information on organised crime. SOCA works in close collaboration with UK intelligenceandlawenforcementpartners,notablyUKpoliceforces,HMRevenueandCustoms HMRC andtheUKBorderAgency UKBA ;theprivateandthirdsectors;andequivalentbodiesinternationally. Thedifficultyinsettingthebarforseriouscrimeisthattheissuewillbeconsideredsubjectivelybyan investigator. There will also be cases that may initially seem relatively minor but which can swiftly escalate as the nature of the criminality or conspiracy is better understood and the investigation
373
progresses. In general terms, if a criminal offence has been committed for which there is a criminal penalty,lawenforcementshouldbeabletoinvestigateusingproportionateandnecessaryinvestigative techniques.ThesemayincludeobtainingCDifthetestsaremet,inorderthatajudicialoutcomemaybe achieved. 15. Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? ThereareoccasionswhenSOCAisunabletoobtaincommunicationsdatabecauseitisnolongeravailable having exceeded the 12 month retention period. However, as the majority of the communications data thatisrequiredbySOCAtoundertakeourinvestigationsfallswithinthe12monthperiod,SOCAwould notseektoincreasethecurrentretentionperiod. SAFEGUARDS: 16. Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguards includingapprovalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest. Howshoulddesignatedseniorofficerbedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? The safeguards articulated in the Act and in the Code of Practice are implemented over and above a securityframeworkthatinvolvesthefollowingprotectivesecurityfeatures: 1. PersonnelSecurity:Duediligencefollowedbynationalsecurityvettingisconductedtoensure that staff who operate in the communications data unit maintain a level of integrity, honesty and trustworthinessthatiscommensuratewiththeinformationtowhichtheyaregrantedaccess. 2. PhysicalSecurity:Bothphysicalandproceduralsecuritymeasuresaredeployed,suchasrobust buildingdesign,locks,alarmsandauditableaccesscontrolsystemstoprotectthecommunicationsdata fromunauthorisedaccess. 3. Information Security: Confidentiality, Integrity and Availability of data is assessed and proportionateprotection,auditableaccesscontrol,andsecuredatastorageareimplementedtoprevent unauthorisedaccess. 4. Training: All staff that are involved in the processing of applications for CD undergo relevant trainingfortherole;theSinglePointsofContact staffwithresponsibilityforacquiringthedatafromthe CSP undergoformalandcontinualassessmentbeforetheycanbeissuedwithaPersonalIdentification NumberthatgrantsthemaccesstoCSPsdata. Every application requires designated senior officers to judge the necessity of obtaining the data, includingotherpossiblemeansofobtainingtheinformation,andhowproportionateobtainingitiswhen judged against the outcome the applicant is trying to achieve. Weighing up both criteria for each application ensures that the privacy rights protected by Article 8 ECHR are given full effect by the CD applicationprocess. 17. Wouldawarrantsystembe moreappropriate?If you favourawarrantsystemshouldthis applytoallpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryin allcircumstances?Andwhatwouldtheresourceimplicationsbe? No. The current framework provides proper scrutiny of a process that seeks to balance investigative necessityandproportionalitywiththeobligationsofArticle8ECHR.SOCAfollowstheprocessassetout intheCodeofPracticewhichhasanumberofsteps,eachseparatedbyeitherfunctionorgrade,orboth: 1. Theapplicant,usuallyofalowergradeandlinkedtotheinvestigation,willsubmittheircasefor CD within the framework of the investigating officers overall strategy having assessed necessity, proportionality and collateral intrusion. Training is provided to Applicants to ensure they recognise humanrightsimplicationsoftheiractivities,materialbenefitsandrequirementtobeaccountable.
374
2. The application is submitted to a Single Point of Contact SPOC who: has undergone formal training; is independent from the investigation; will advise the applicant; and will submit applications thatmeettherequirementsofnecessity,etcforauthorisation. 3. AuthorisationisundertakenbytheDesignatedPerson DP ,aseniorofficeratarankstipulated byParliament,alsoindependentfromtheinvestigationandtrainedinconsideringtheimpactofnecessity, proportionalityandcollateralintrusiononanindividualsprivacy. 4. IfauthorisedbytheDP,theapplicationisreturnedtotheSPOCwhowillobtaintheCDandpassit totheapplicant. 5. The process is overseen by the Senior Responsible Officer SRO who is accountable for the integrityoftheprocess. SOCA is inspected bythe Interception ofCommunications Commissioners Office IoCCO annually who scrutinisetheprocess.Theprimaryobjectiveoftheinspectionistoensurethatthesysteminplacefor acquiringCDissufficientforthepurposesoftheActandthatallrelevantrecordshavebeenkept;ensure that all acquisition of communications data has been carried out lawfully and in accordance with the HumanRightsAct HRA ,PartIChapterIIofRIPAanditsassociatedCodeofPractice CoP ;and,provide independentoversighttotheprocessandcheckthatthedatawhichhasbeenacquiredisnecessaryand proportionatetotheconductbeingauthorised.ObtainedCDisalsosubjectofintenseexaminationinthe judicialsystem.Lawenforcementactivityoccurswithinthecriminaljusticeprocess,inwhatisprobably the most rigorous disclosure regime in the world. Criminal trials often expose applicants and DPs to crossexamination,andtheirdecisionstojudicialscrutiny. SOCA believe the current oversight and scrutiny process is robustly sufficient and therefore do not supporta3rdPartyauthorisationprocess.Therewouldbeconsiderableresourceimplicationstoinitiate any new process as they would require training in the process and in the investigative methodology appliedbylawenforcement,securityclearanceofstaffandsecurityinfrastructuretobeputinplace,and tobeavailabletomeetnotonlyroutinebuturgentandoutofhoursrequests.Whilstnoneoftheseissues areinsurmountable,therewouldbenoreductioninthedegreeofinternalscrutinybylawenforcement prior to CD requests being submitted for authorisation by whatever body was elected to conduct such activity. The ongoing maintenance to sustain the sheer number of applications per year would require additional configuration in the workflow processes,potentially including secure ICT infrastructure, and wouldcosttimeinbothextractionbylawenforcementtoattendmagistratescourts/independentbody, anddelayinauthorisationwhichmayimpactonurgentordynamicoperationalactivity.Itisunclearhow such 3rd Party authorisation would add value to the current process, whether it would offer any additionalassuranceorhowanyadditionaloversightofthisnewsafeguardproposalwouldbeintroduced asnottobesubjectofanyfurthercriticism. 18. Is the role of the Interception of Communications Commissioner and the Information Commissionersensible? Yes. SOCA sees the role of the Interception of Communications Commissioner, dealing with issues of data access, and the Information Commissioner, dealing with data retention, as being essential to ensuring there is independent oversight and scrutiny of the processes used by SOCA in this environment. They provide reassurance that SOCA activity remains lawful and, because of their reach across different organisations,canprovideaperspectiveonbestpracticeintermsofboththeprocessbywhichactivityis conductedandwhycertainaspectsarenecessaryorworkwellindifferentcircumstances. ENFORCEMENT:
375
21. Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccess tocommunicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforin thedraftBillamounttoanoffence? SOCA has not been subject of any issues of inappropriately requesting CD. SOCA staff may face prosecution for misconduct in a public office, or potentially under the Computer Misuse or Data ProtectionActs,iffoundtobeobtainingdataunlawfully.Inaddition,staffwouldbesubjecttodisciplinary proceedingsiftheywerefoundtobeinbreachoftheSOCACodeofConduct.WhilsttheCodeofPracticeis recognisedasbeingthelawfulprocessbywhichCDisobtained,itisverymuchasetofguidelinesabout howtoimplementtheActanditisunclearhowsanctionsforcontraveningtheCodewouldaddvalue. TECHNICAL: 25. Howeasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraft Bill? ThedraftBillmaintainsthecurrentaccessregimeandSOCAdoesnotthereforeenvisagetherebeingany changetoitscurrentbusinessprocessesnortothesecurityandsafeguardsthatarealreadyinplaceasa resultoftheimplementationofthedraftBill. Itisassessedthatorganisedcrimegroupsalreadytakecountermeasurestotrytoevadedetectionbylaw enforcement.ThedraftBillshouldenablelawenforcementtobuilduparicherview whennecessaryand proportionatetodoso ofawiderrangeofsuspects'onlinecommunications.Thatmakesitlesslikelythat criminals'countermeasureswillsucceed. Annex IntroductionandBackground The following scenario and statistics are provided to give an example of how the communications environmentintheUKhaschangedinthepast20years,sincethefirstdialupinternetaccesswasoffered in1992.FiguresaretakenfromOfcomortheInternationalTelecommunicationUnion partoftheUN .It is intended to illustrate the reasons why traditional CD, held by CSPs pursuant to the Data Retention Directive2006isnolongersufficienttogiveadetailedpictureofatargetscommunications. ScenarioAdayinthelife Dougie is a medical student living in Milton Keynes with his parents and studying in London while holdingdownaparttimejobinCostaCoffeetohelpfundhisstudies.HeisakeenAstonVillafanandhas apassionforgadgetsaswellasbeingaregularonlinegamer. a. AtypicaldaystartswithDougiebeingwokenbythealarmclockonhisiPhone4at7am.Using WIFIconnectivity,connectstotheVirginMediaSuperhubinstalledathisparentshome.Hecheckshis Yahooemailaccount,TwitteraccountandFacebookprofile.HealsologsintotheSkyGoapplicationusing hisparentsSkyIDtowatchSkySportsNewstoseeifAstonVillahavesignedanynewplayersovernight. HealsologsintotheteamsAstonVillafanforumtoseewhatrumoursandspeculationotherfanshave submitted; b. Whileeatinghisbreakfast,hecheckstheVirginTrainsandTFLapplicationsdownloadedontohis iPhonetocheckfortrainandundergrounddelays,beforeleavingthehousetotraveltohisplaceofstudy atGowerStreetinLondon; c. Dougie rides his bike to Milton Keynes Central Station and boards a Virgin Westcoast train to Euston.OnthetrainheconnectstotheWIFIservice,providedtothetrainsbyTMobileandtopsuphis Oystercardonline; d. HearrivesatEustonStationandheadstowardstheVictorialinetocatchaSouthboundtrainto WarrenStreet.WhilewaitingontheplatformheusestheUndergroundWIFIserviceprovidedbyVirgin Media to check his emailsagain. He reads an email from his girlfriend statingthat she has booked the hotelinRome;henowneedstosorttheflights;
376
e. HearrivesatWarrenStreetandmakeshiswaytohislectures.Duringhisbreakshelogsintothe internet GSM onhisiPhoneprovidedbyVodafoneandcheckshisFacebooklocationservicestocheckif anyofhisfriendsareinclassestodayandchecksinhimselfsothattheyareawareheisinLondon.He arrangestomeettwoofthemforcoffee,sendingthemInstantMessages IM ontheserviceprovidedby Facebookchat; f. HefinisheshislecturesforthedayandheadstoOxfordStreettostarthisshiftatCostaCoffeeand meethisfriends.Duringhisshift,helogsontothefreeWIFIserviceprovidedinCostaCoffee,providedby O2,andlogsintohisEasyjetaccountusingtheapplicationdownloadedtohisphone.Hebooksflightsfor himself and his girlfriend to travel to Rome, entering names, addresses, dates of birth, financial informationandpassportdetails.HealsomakesuseofthefreeWIFIconnectiontocallhisgirlfriendon hisViberapplicationtogiveherthedetailsoftheflights; g. Dougie completes his shift and travels back to Milton Keynes, continuing to utilise the WIFI servicesontheUndergroundandVirginTrains.Whileonthetrain,hesendsafreetext SMS message usinghisWhatsAppapplicationtohisbrotherinItalytellinghimtobeinat9pmwhenhewillringhim fromhome.HethenlogsintohisEbayaccountandbuyshimselfanewsuitcaseforthetripandbookshis carinforaserviceatthelocalKwikfitcentre,enteringhiscardetailsandtime/datefortheservice; h. Backathisparentshouse,heuseshisiPadtologintohisfavouriteVOIPaccount,Webcalldirect andsetsupacallbackservicefromhisparentslandlinenumbersuppliedbyVirginMediatohisbrothers telephone number in Rome, supplied by Telecom Italia. This service provides a free call between two landlinenumbers,butoriginating/connectedfromtheInternetcall.Afterprovidingtheflightandhotel detailsofhisvisit,Dougiearrangestomeethisbrotheronlinein5 minutestoplayWorldofWarcraft, wheretheycontinuetheirconversationusingtheingamechatfacility. The above scenario, although fictitious, is by no means complicated or futuristic in its content and the applications,websitesorconnectionsareusedbymanymillionsworldwideeveryday. ThebelowisatablecompiledbyOfcomtoshowhowfriendsandfamilyintheUKregularlycommunicate eachmeansbeingusedatleastonceperday OverviewofchangesinUKcommunicationsmarket Fixedline broadband infrastructure: In1992,thefirstdialupinternetaccesswasintroducedtotheUK.Thisnarrowbandservicehasnow almostbeenentirelyreplacedbysuperfastbroadbandexchangesandmobile internet phonenetworks. In2000theITUreportedthat26.2%oftheUKpopulationwereusingtheinternet;thishadincreasedto 52% by 2004, and 82.5% by 2010. Ofcom statistics show that at the end of 2011, 18.8 million fixed residential broadband connections were installed in the UK; over 75% of homes. Superfast broadband servicesbecamewidelyavailablein2010;1.4millionconnectionswereinplaceby2012.Thisrepresents almost7%ofallbroadbandconnections.Superfastbroadbandiscapableofsustainingmoreservicesat fasterspeeds,withthepotentialtoincreasethenumberofservicesanindividualusesconsiderably MobilesandMobileInternet: Thefirstpubliclyavailablemobilephonewasreleasedin1983.Bytheendof1999,13millionpeoplein Britainhadamobilephone.Tentative andpossiblynave predictionssuggestedthiswouldriseto20 millionwithin5years.ButbyOctober2000Britishownedmobilephoneshadreached34million over 50%ofthepopulation :ownershipappearstohavecoincidedwiththetextingphenomenon. 2005sawtheintroductionoftheSmartphonewhichofferedmobileinternetaccess GlobalSystemfor Mobile Communications GSM among many other things. In the following 7 years to March 2012, 33 millionunitsweresoldintheUKaloneandSmartphoneusageaccountedfor50%ofthemobilephone market.Ofcomhavereportedthatinthe3yearsfrom20082011,theUKsawthenumberofSmartphone datausers internetusage almostquadruplefrom8.4millionto32.6million.
377
In 2002, the first multimedia messaging services MMS were introduced and by 2005 GSM networks accounted for over 75% of the worldwide cellular network market serving in the region of 1.5 billion subscribers.Today,GSMAssociationestimatesthatGSMstandardserve80%oftheglobalmobilemarket over5billionpeopleacross212countriesandterritories. Currentinfrastructureandassociatedrisks With the introduction of more complex and improved networks, faster connection speeds, cheaper or free services,fragmentation,thousandsofapplicationsandanabundanceofdevicesavailable,moreand moredataispotentiallyavailable. Fragmentation: The internet was developed as a best efforts technology; rather than establishing a single physical connection between two points as in circuitswitched telephony , information is broken down into manypiecesandsentacrossthenetworktobereassembledatthedestinationterminal.Thisincreases thespeedwithwhichlargeamountsofdatamaybesent,butresultsinthedatabeingfragmentedacross thenetwork.Theinternetwasalsodesignedasanendtoendtechnology,withnocentralisedcontrol; thismeansthattheonlypointsintheconnectionwhereallthepacketsareguaranteedtoappearareat theendusersterminals.Packetslostintransmissionarererequestedandresent,butthiscanonlybe done by the recipient end users device. Further, CSPs providing connectivity have no interest in the communications sent usingthe service. Whilstthe type ofdatapacketfor example, video, text will haveimplicationsforcapacity,theusemadeofinternetaccessisofnointeresttoCSPsandassuchisnot captured.Dataabouthowuserscommunicateonlineisthereforeheldbyseveralapplicationproviders andnotbyCSPsthemselves. Growthforecastslookingforward There have been significant rises in the uptake of broadband services, superfast broadband services, mobilephones,internetenabledmobiledevices,Smartphonesandapplications,butwhatcanweexpect to see over the next few years? CISCO forecasts huge and rapid growth in the takeup, use of and evolutionofIPenableddevicesandtheirassociatedtraffic: a. IPTrafficforecast:IPTrafficwillgrow4foldfrom2011to2016,acompoundannualgrowthrate of29%; b. Internet Traffic forecast: Internet traffic overall internet use will grow 3.8 fold from 2011 to 2016,compoundannualgrowthof31%; c. Mobile Data forecast: Mobile Internet access predicted to grow 18 fold from 20112016, a compoundannualgrowthof78%.Mobiledatatrafficin2016willbe5xthatoftheentireGlobalinternet usein2005; d. DeviceGrowthforecast:Therewillbe19billionnetworkeddevicesin2016,upfrom10billionin 2011. Communications devices will continue to evolve rapidly and their use is going to increase at the same rate.Changesintechnologywillallowaquicker,easierandmoreconvenientwaytocommunicate. August2012
378
Society of Editors
TheSocietyofEditorshasmorethan400membersinnational,regionalandlocalnewspapers,magazines, broadcasting,digitalmedia,medialawandjournalismeducation. Itisthesinglelargestorganisationforeditorsandsenioreditorialexecutives.Itsmembersareas differentasthepublications,programmesandwebsitesandotherplatformsforthedeliveryofnewsthat theycreateandthecommunitiestheyserve.Buttheysharethevaluesthatmatter: Theuniversalrighttofreedomofexpression. Theimportanceofthevitalityofthenewsmediainademocraticsociety. Thepromotionofpressandbroadcastingfreedomandthepublicsrighttoknow. Thecommitmenttohigheditorialstandards. FollowingconsiderationoftheCommitteesDraftCommunicationsBill,theSocietylendsitssupporttoa detailedsubmissionbytheNewspaperSociety.Wesupporttheconcernsoutlinesintheirentirety. We remain alarmed, as previously echoed by Lord Black during adebate on the Queens speech, at the breadthofthelegislationandthepotentialthreat andlackofspecificsafeguards toprotectconfidential journalisticsourceswhichcanberevealedbycommunicationsdata. Although naturally the Bill is being described as a protective measure to enhance the safety of the populationagainstonlinecriminalsweremainconcernedthatplanstobeefupdataretentionincludea "request filter", which could allow police officers, tax inspectors, the security services etc to trawl for information across privatelyowned databases in order to build up a picture of suspects' internet browsinghabits,contactsandmovements,andthatthismaypotentiallybegrantedonaverywiderange ofgroundseachcapableofverybroadinterpretation. In light of this it is entirely feasible to assume that this could have a detrimental effect on journalistic sources,deterwhistleblowersandincreasetheriskofpersonaldetailsbeinghacked. Asisoftenthecaseintermsofpredictedexpenditureandsavingsweremainunconvincedofthe feasibilityofanestimatedcostof1.8bnover10years.Furthermorebenefitsofbetween5billionand 6.2billionoverthesameperiodappearunrealisticwhenplacedalongsideWhitehallshistoryof preventinginitialfiguresfromspiralingoutofcontrol. ThefactthattheUKisthoughttobetheonlycountryintheworldattemptingtogathercommunications data in this way is worrying. Aspects of the bill seem capable of being judged merely as a snooping charter.Weareyettobeconvincedthatthereisadequatejustificationforwideningthescopeofaccessto communicationsdatawhenfiguresreleasedbySirPaulKennedyinhisannualreportoutlineasignificant number of "communications data errors" in recent months. In light of this we question not just the inadequacyofsafeguardsbuttheinadequatejustificationforthewidenedscopeasawhole. August2012
379
Professor Peter Sommer

Summary Thissubmissionconcentratesonthetechnicalfeasibilityandefficacyandvalueformoneyofthepolicies behind the draft Bill. The Bills aim is to realise the ambitions of the Home Offices Communication CapabilityDevelopmentProgramme CCDP . The role of retained communications data in investigations needs to be understood within the broader contextofalltheavailablepotentialstrandsofevidenceavailableforconsideration.Theeverwideruseof computersandtelecommunicationsbyindividuals,businessesandgovernmentshashadatransformative effectonmanytypesofcriminalandintelligenceinvestigation.Retainedcommunicationsdataisbutone elementandwhileovertimesomeformsarebecominglessavailable,thislossismorethanbalancedby theincreasedavailabilityofothertypesofdigitalevidence. Thepreciseproblemsassociatedwithcommunicationsdataarebestaddressedbylookingatthevarious types of Communications Service Provider and the classes of data they might retain. The globalised percentagesapproachoftheHomeOfficemisleads.Manyformsofcommunicationsdatawillcontinueto be available for the foreseeable future without new legislation, while others are held by businesses outside the easy jurisdiction of the UK courts, raising the question of how UK laws, orders, and court decisionscaninpracticebeenforced. A key requirementofany law isthat it is easy to interpret. It is now increasingly difficulttoalignand interpret the legal definitions of communications data and content with the complex ways in which dataistransmittedovertheInternet.Resortmustbemadetoexpensivehardwaretoapplyaverylarge numberoftechnicalfilterswhicharesupposedtoreflectthestatutorydefinitions.Thesefiltersmustbe constantlyupdatedandaddedto,toreflecttheincredibledynamismoftheInternet.Eventhenonecan anticipatesomeofthesewillrequiretestinginthecourts.Thecomplexityanddifficultiesalsohavean impactontheextenttowhichParliamentcanbeexpectedtoscrutinisetheOrderscontemplatedinPart1 of the Bill, and to which the regime can be effectively overseen by the Interception of Communications Commissioner. Thepenaltiesforincorrectseparationofcommunicationsdatafromcontentfallchieflyonthepolice.The regimesforaccessareverydifferentinterceptionofcontentrequiresawarrantfromtheSecretaryof State,communicationsdataanauthorisationfromaseniordesignatedofficer.CommunicationsService Providers are de facto protected from mistakes, but police who have acquired material ultra vires will findthemselvesindifficulties,nottheleastatdisclosureandthepossibilitiesofargumentsaboutabuseof process. The problem is significantly compounded by the UKs almost unique position in treating interceptedcontentasinadmissibleandnotreferabletoinlegalproceedings. The Request Filter proposals in cl 1416 appear to be an attempt to overcome the twin problems of interpretation and the two entirely separate regimes for communications data and the interception of content.Butmakingthisafunction,directordelegated,ofthesameSecretaryofStatewhoalsoissues interceptionwarrantsandOrdersundertheDraftBillissurelyamistake;ifthereistobeacredibleand viableindependentfilteringagencymuchmoreneedstobesaidaboutitsresourcesandgovernance. ThecostsoftheHomeOfficesproposalsareimpossibletocalculateastherearetoomanyunknownsbut itispossibletoidentifycriteriaforlikelyvalueformoney.NeithertheExplanatoryNotesnortheImpact Assessments discuss the source of funding but it seems reasonable to assume that in the current economicclimatefundingwillhavetocomefromexistingresources.Itisthususefultoseektoevaluate theroleofthefeaturesofretainedcommunicationsdatathatwouldbeenhancedweretheHomeOffices proposalstobeacceptedagainstthelossofsomefundingtootherexistingformsofinvestigativeactivity andevidence. Those who seek to avoid having their Internet activities being monitored will have a number of easy routes,evenaftersignificantpublicexpenditureontheCCDP.ThereisadangerthatCCDPwillhaveever expandingtechnicalambitionsastheInternetchangeswhich,coupledwiththeneedforsecrecy,willlead torunawaycosts. Isuggestthatwaysforwardinclude:
380
bringinginterceptionevidencebackintoadmissibilitysoastosimplifymanyofthetechnical interpretativeproblemsthedraftBillcreates continuingthecurrentpositionthattherequirementsofdomesticCSPstoretain communicationsdataislimitedtorecordstheycreateaspartoftheirregularbusinessactivities asubstantiallyrevisedsystemfortheissuingofwarrantsandauthorisationscoupledwithmore robustandcredibleformsofoversight,soas,amongotherthings,topersuadecriticalnonUK basedCommunicationsServiceProviderstoaccedetotherequestsoftheUKauthorities.
ThissubmissionconcentratesonthefollowingquestionsintheJointCommitteesCallforEvidence:1,2, 5,6,11,13,17,18,19,22,24,25,26. Referencestocommentsmadeinearlieroralevidencesessionsaretotheuncorrectedversionspublished ontheJointCommitteeswebsite. DigitalEvidenceLandscape The requirement for and costjustification for an enhanced regime for retained communications data needstobetestedinthecontextofthevastlyincreasedrangeandextentofmanytypesofdigitalevidence available to the UK authorities since the passing of the Regulation of Investigatory Powers Act 2000 RIPA . Over75%oftheUKpopulationhaveaccesstotheInternetfromtheirhomeandeachUKhouseholdon average owns three Internetenabled devices 468. Nearly 80% have at least one home computer 469. Costsofharddiskstoragefallby50%every18monthsa1000GB 1TB harddisknowcostsabout60 sothatinatypicalpolicesearchwarrantexecutionondomesticpremisestheycanexpecttofindseveral PCsofvariousvintages,plusexternaldatastoragedevicessuchasdisksandUSBmemorysticks.There are130mobilephonecontractsper100ofthepopulation,39%ofthemsmartphones,ineffectpowerful ultraportablecomputers 470.Nearlyallofthesedevicescontainsubstantivefiles,copiesofemailssent andreceivedandhistoriesofsuchInternetactivityaswebsitesvisited,preoccupationsofandresearch carriedoutbytheowner.PCsmayalsocontainartefactsrelatingtoothertypesofInternetservicesused, completewithusernamesandpasswords.Theymayalsoprovidestrongevidenceofpersonswithwhom thecomputerownerhasbeenincontact.Allmobilephoneswillcontainsomerecordsofcallsmadeand received and copies of SMSs made and received Ofcom says 200 SMSs are sent per person per month 471.Smartphoneswillcontainmuchmorerecoverabledata. All of these are key sources of digital evidence and none fall within the regime of the Regulation of Investigatory Powers Act 2000 RIPA or the Draft Bill, which are solely concerned with data in the courseoftransmission.SignificanttypesofevidencethatcanbeobtainedunderRIPApowerscanalsobe foundonseizedPCsandmobilephones;andtherecovereddatawillhaveaconsiderablehistoricelement because of the capacity of the associated storage devices. Computers and mobile phones are normally seizedunderpowerswithinPartIIofthePoliceandCriminalEvidenceAct,1984 PACE butthereare alsomanyadditionalpowersinotherlegislation 472.WhereastheRIPAroutewillexcludecontentfor admissibilitypurposes 473,thesamematerialiffoundonaharddiskisfullyadmissible.
468Ofcom,Q2012,http://media.ofcom.org.uk/facts/ 469ONS,SelectedConsumerDurables,http://www.ons.gov.uk/ons/rel/familyspending/family
spending/familyspending2011edition/sumconsumerdurablesnugget.html
470Ofcom
http://stakeholders.ofcom.org.uk/binaries/research/cmr/cmr12/UK_0.pdf 471http://stakeholders.ofcom.org.uk/binaries/research/cmr/cmr12/UK_0.pdf 472Egs14ComputerMisuseAct1990ands114FinanceAct,2008 473S17RIPA2000
CommunicationsMarketReport2012
381
Over the last 12 years, since RIPA came into force, the amount of information collected by commercial bodies about individuals has increased greatly, chiefly through get to know your customers interests betterCustomerRelationshipManagement CRM softwareandthedevelopmentofcommercialcredit and marketing databases. 474 Commercial marketingtype data can be bought by law enforcement agencies on commercial terms, privatelyheld data can be acquired via Production Orders under PACE, subjecttotheprovisionofacertificateunders28or29oftheDataProtectionAct1998. 475Thesame route can be used to obtain information about banking and credit card transactions credit and debit carddatamayalsocontaininformationofthelocationatwhichatransactiontookplace. AtthesametimetheavailabilityofClosedCircuitTelevision cctv ,bothofficiallyandprivatelyowned, has expanded greatly, both in the quantity of cameras 476 and their locations and in the quality of images. 477.TheUKsNationalPolicingImprovementAgencyoperatesanationalDNAdatabase,which isoneoftheworldslargest,withprofilesonanestimated5,570,284individualsasof31March2012.It alsooperatesanationalautomatednumberplaterecognitionsystem,whichbyMarch2011wasreceiving 15 million sightings daily, with over 11 billion vehicle sightings stored. A national fingerprint database contained 8.3m individuals prints in April 2010. 478Another newish method for tracking the movements,atleastofpeopleinLondon,isviatheOystercard 479. TypesofCommunicationsServiceProvider There are several distinct types of organisation and business subsumed under the phrase CommunicationsServiceProvider.Byidentifyingthemwecanmoreeasilyseewhatpotentialevidence they might produce, what role that evidence could have in investigations and what obstacles the authorities may encounter. Several important forms of communications data are not under threat of diminutioninvalueasaresultoftechnologicaldevelopments. Individualbusinessesmayoffercombinationsoftheserolesandtheremayalsobealimitedamountof blurringoffunctionality. Telcos These are the conventional telephone companies, offering either fixed or mobile services. In termsofcommunicationsdata,theyuseandalltelcoscanprovide:theidentityofsubscriber 480andfor each call: counterparty number, time and duration of call. Mobile phone companies can also provide locationdata whichisbasedonthetechnicalrequirementforthemobilephonesystemtoknowwhere eachofitssubscribersphonesislocatedsothattheycanbeactuatedtoreceiveanincomingcall .Mobile phone call data records also include the hardware identity of the handset IMSI and the SIM in use IMEI . Alltelcorelatedcommunicationsdataisusefulinbuildinguppatternsofcallsbetweenparties,perhaps to show some form of conspiracy; mobile phone location data additionally shows the movements of a cellphoneownerbytimeoveralandscape.Policeroutinelyusespeciallinkanalysissoftwaretoshowthe
474EgDataHQ,Experian,Equifax.http://www.graydon.co.uk/,http://www.worldcheck.com/
GovernmentAccesstoPrivateSectorData,Brown,InternationalDataPrivacyLaw,2012 in press 476CheshireConstabularyestimatedin2011thatthereare1.85mCCTVcamerasintheUK,1.7mofwhich areprivatelyowned 477SeeBBCresearchin2009onthedensityoflocalauthorityownedcctvcameras: http://news.bbc.co.uk/1/hi/uk/8159141.stmandaChannel4Newsassessmentthatin2008there wasacctvcameraforevery14citizens. http://www.channel4.com/news/articles/society/factcheck how many cctv cameras/2291167. html 478www.npia.police.uk 479http://news.bbc.co.uk/1/hi/england/london/4800490.stm 480ButnotforPAYGcustomers;additionalformspf,matchingareneededtoidentifythem
475Seealso
382
patterns of usage 481 and a number of companies also offer Cell Site Analysis to show patterns of movement. Although some fixed line calls may over time migrate to Internetbased telephony VOIP, Skype ,theuseofmobilephonesisunlikelytodiminishandhoweverthesephonesareused,solongas theyareswitchedon,theywillcontinuetodeliverlocationdata. Network Access Providers This is what most people regard as Internet Service Providers. The core serviceistogivethesubscribersomeformofbox hub throughwhichtheInternetmaybeaccessed.The actualservicemaybesuperimposedonaconventionaltelephonelineorentertainmenttvcable,ormay involve a dedicated line, perhaps fibre. A Network Access Provider NAP usually thinks of itself as a conduit. In addition to the basic facility there will usually be others, to handle conventional email, to improve the experience of using the world wide web for example by caching , and the same business mayalsoofferitssubscribershostingfacilities,forexampletoprovideabaseforawebserverfromwhich thesubscribercanpublishtheirowninformation. NAPscanprovide:detailsabouttheirsubscribers 482andalsowhichoftheirsubscribersheldwhichIP addressesatparticularpointsintime. 483ThelatterisespeciallyimportantastheoriginatingIPaddress of a communication is routinely gathered in many types of Internet transaction such ecommerce, e banking, use of filesharing services, and it then becomes possible to associate the IP address with a subscriber or an individual. The NAP also provides a very convenient collection point at which to monitor the activities of their subscribers, subject to legal constraints. Nearly all large NAPs will have alreadyhaveinstalledLawfulInterceptfacilities asrequiredunders12,RIPA,2000 andtheyarealso thelogicalplacewhereanyfilteringtoretaincommunicationsdatamighttakeplace. UndertheBillNAPswillbeartheburdenofcarryingoutthefilteringfunctions;ineffecttheirrolewill changefrommerelyretainingdataroutinelygeneratedaspartoftheirbusinessfunctionsforbillingand qualityofservicepurposesintocollectingdataabouttheircustomersforwhichtheyhavenobusiness usebutwhichmayberequiredbytheSecretaryofState. PrivateBusinessNetworksAsthenameimplies,thesearenetworksrunbybusinessesandorganisations fortheirownbenefitortoservetherequirementsofadiscreteindustrial,professional,academicorother community.Theyaretypicallyrunonequipmentownedorrentedbytheorganisation.Thesedaysthey nearlyallusethesametechnicalprotocolsastheInternet TCP/IP .Generaladmissiontothepublicis notallowed;manyprivatenetworkshavegateways,somelimited,tothepublicInternet.PrivateBusiness NetworksstillfallwithintheremitoftheDraftBill ss1 3 and2 1 RIPA,2000 andmoreparticularly iftheprivatenetworkisfacilitatingacommunicationontoapublictelecommunicationsnetwork. Becausetheyhavecontroloverthenetwork,ownersandmanagershavecompletetechnicalaccesstoall traversingtraffic,thoughlawfulsurveillancemaybelimited. 484Theremayalsobeextensiveloggingto recordaccessesbyusers,visitstowebsitesandtheactivitiesofantivirussoftware.IfaRIPAapproach doesnotproveeffective,thesameinformationcouldbeobtainedbyProductionOrderor,inextremis,by aPACEorsimilarwarranttoseizerecordsandhardware, TheauthoritiesmightincurdifficultiesingettingaccessunderRIPAorothermeansiftheprivatenetwork ismanagedfromoverseasandisuncooperative.RIPAcoversallsituationswherethetrafficcrossesthe UK, but enforcement would then require resort to a Mutual Legal Assistance Treaty, the outcome of whichcouldbeunsatisfactory. Social Network Service Providers This rather awkward phrase SNSP encompasses businesses who offer communications and information services via a webinterface or phone/tablet app. The services are sometimes described as nomadic, as they are available whereever there is an Internet connection.
481egI2;http://www.i2group.com/uk 482TheNAP/ISPcanonlyprovideinformationabouttheirsubscriber,thepersonwithwhomtheyhave
thecontract,thatmayonlyindirectlypointtowhowasactuallyusingtheequipmentatthetime
483AnexplanationofIPaddressappearsfrompara0below.Theavailabilityofdataisunlikelytobe 484Telecommunications
changedasaresultofthemigrationfromIPV4toIPV6. LawfulBusinessPractice InterceptionofCommunications Regulations2000
383
ExamplesincludethewebbasedemailfacilitiesofMicrosoft Hotmail,Live,Outlook.com ,Gmail,Yahoo andmanyothers.ItalsoincludesbusinessesthatoffersocialnetworkingsuchasFacebookandLinkedIn and Internet indexing facilities such as Google and Bing. Many VoiceoverInternetProtocol VOIP services,includingSkype,fallintothesamecategory. Cloudservices are a variant: they offer remote storage and remote processing; examples are Google Apps/Drive,MicrosoftSkyDrive,DropBox,AmazonElasticComputing,WindowsAzureandAppleiCloud. Thesameprovidermayoffermorethanonefacility:MicrosoftandGooglebothofferInternetindexing, webbasedemailandchat realtimeconversationviakeyboard ;Googleprovidessocialnetworkingas wellInternetindexingandemail,Facebookprovidesamessagingservice,Skype,primarilyaVOIPservice alsoofferstextmessagingandsoon. A yet further variant are sites offering participation in online games; in some of them whole virtual worldsarecreated,participantscancreateavatarsofthemselvesandchattootherparticipants;aleading exampleuntilrecentlywasSecondLife;anumberarenowdeliveredviagamesconsolessuchasXbox.. Concernissometimesexpressedthattheseservicescanbeusedforcovertmessagingbetweencriminals andothers,thoughIhavebeenunabletoidentifyanyverifiedinstance. The headquarters of the legal entities behind the vast majority of SNSPs are based outside the United Kingdom, which means that noncooperative enforcement of UK law is difficult. Most are based in the UnitedStates.TheUKwouldhavetorelyontheoperationofMutualLegalAssistanceTreaties MLATs andthesecanbeslowinprocessbecauseoftheneedtofollowavarietyoflocalprotocols;theyalsorely ontheenthusiasmoflawenforcementagenciesinthecountriesinwhichtheSNSPislocated.Manylarger SNSPshavetechnicalfacilitiescomputerserverfarmslocatedinmanyjurisdictionsallovertheworld, sothatidentifyingwhereanyparticularcommunicationortransactionisphysicallytakingplacemaybe almostifnotentirelyimpossible. SNSPswillhavelimitedsubscriberdataasformanytheenrolmentprocessreliesonthevoluntarysupply ofinformation,whichisoftennotverified;mostdonotimposeachargefortheirbasicservices,sothat thereisnolinkageviathebanking/creditcardsystem.HoweverIPaddressdatamaybecollectedsothat anindividualmaytracedthatway seeabove .HoweverSNSPsoftencollectlargequantitiesofcontent; forsomethebusinessmodelconsistsofgivingdesirableinformationorfacilitiestocustomersinorderto collect information about them which in turn can be translated into opportunities for targeted advertising. In investigatory terms the content may be directly invaluable and may also help identify individualsevenwherethoseindividualshavesoughttoobscurewhotheyare.Cloudsuppliersalsostore large quantities of their customers data files; these presumably could be available to investigators, subjecttotheappropriatelegalprocesses. Manyoftheseservicesusehttps,thesecureencryptedformoftheweb,andwhichisalsothefoundation ofwebbasedelectroniccommerceandbanking.Encryptionisused,nottothwartlawenforcementbut to protect customers from criminal eavesdropping. But the use of https also makes the type of NAP monitoring to obtain enhanced data retention contemplated in the draft Bill much more difficult to achieve. In the US attempts are being made to bring SNSPs into the lawful intercept framework of CALEA CommunicationsAssistanceforLawEnforcementAct,1994,asamended whichwouldimply,intheUS at least, an interception capability although this could be provided using software on SNSP servers, ratherthantheinterceptionofcommunicationsonthewire. TheJointCommitteewillundoubtedlybemakingitsownenquiriesofSNSPsbutinformalindicationsare thatsomeUSbasedSNSPsarewillingtorespondinformallyinapositiveandtimelyfashiontoUKRIPA typerequests.Howeverinsodoingtheyhavetoconsider,amongotherthings,theirobligationsunderUS law, the impact that knowledge of their cooperation has on their customers and hence their business, and concern that authorities in other jurisdictions would want similar facilities. What is likely to be persuasive is the fairness and transparency of the ways in which requests which would otherwise be warrants and authorisations are made and by whom, how any material supplied is subsequently handled,andthequalityandextentofoversightandaudit.
384
SmallscaleinformalprivatenetworkservicefacilitiesThisequallyawkwardphrasecoversthesituation where communications and information facilities are set up on the Internet by individuals and small groups to service the need of small communities. Although the services are available on the Internet, access is restricted and may be only available by payment or specific invitation. Examples include bulletinboardsystems whichalsohaveprivatemessaging ,privatechatsystems,filesharingsystems, andsecureemail whichoperatesoutsideorinparallelwithpublicemail . These services require only modest levels of technical skill to set up. Software to create the basic infrastructure is readily available, much of it at low or no cost. It is easy to run such services with cryptographicprotection httpsanditsemailequivalent .ManyISPsofferhostingfacilities,thatis,the use of computers already connected to the Internet and to which the customer can upload his own software. It is also possible covertly to set up such services on large computer systems which are insecurelymanaged Many of these services are nonsinister; for example bulletin board systems may serve people with particular professional or leisure interests. But the same technical infrastructure can facilitate illegal enterprises. The opportunities for the authorities to detect such sinister services by routine as opposed to targeted Internet surveillance are very limited. The normal methods of detection are via traces left on the computerofoneoftheparticipants,confessionorinfiltrationofthemembership. Other forms of covert Internet communications At this point we also oughttoconsider other forms of covert communications across the Internet, typically using existing Internet facilities and protocols in wayssothatmessagesanddatacanbesentwithouteasydetection.Itcanbeamistaketobelievethat covert Internet communication is only possible through the deployment of a sophisticated technology. Messagescanbepublishedviaemail,websites,socialnetworkingsiteswherethewordsthoughinnocent inappearance,haveparticularmeaningtoindividuals;itistriviallyeasytopublishwebpagesandfiles whicharenotdirectlyindexedonanotherwiseinnocentsiteandwhichcouldthereforeonlybefoundby thosewithspecificinstructions.Moresophisticatedmethodsofconcealmentarealsoavailable,butthey requiregreaterlevelsofskillinparticipants. AlmostnoneofthesecovertcommunicationswillbedetectedbyroutineInternetmonitoring. CommunicationsDataandContent Laws,inordertowork,needtobecapableofeasyinterpretation.Oneofthegreatweaknessesofthedraft Billisthatthedefinitionsofcommunicationsdatadonotalignwiththerealityofthecircumstancesthe Billissupposedtoberegulatingandmanaging.AttheheartoftheHomeOffice'sproposalsisabeliefthat itispossibleeasilytoseparatecontentfromcommunicationsdata. Thepenaltiesforincorrectseparationofcommunicationsdatafromcontentfallchieflyonthepoliceand other agencies. The legal regimes for access are very different interception of content requires a warrant from the Secretary of State, communications data an authorisation from a designated senior officer. Communications Service Providers are de facto protected from mistakes 485, but police who haveacquiredmaterialultravireswillfindthemselvesindifficulties,nottheleastatdisclosureandthe possibilitiesofargumentsaboutabuseofprocess.486Theproblemissignificantlycompoundedbythe
dejureunders3 3 ,RIPAinthattheyareallowedtoviewinterceptmaterialforthe purposesofseparatingitfromcontent.Intheeventofinadvertentreleasetheywouldargueabsence ofmensreaandalsoinvitetheCPStoapplyapublicinteresttest. 486See,forexampletheCodesofPracticeontheDisclosureandAcquisitionofCommunicationsDataand InterceptionofCommunicationsissuedunders71RIPAandinparticularChapter7ofthesecond Code.SeealsotheCPSDisclosureManualandinparticularChapter27.

485Theyprotected
385
UKsalmostuniquepositionintreatinginterceptedcontentasinadmissibleandnotreferabletoinlegal proceedings. 487 Packetcommunications Inconventionalanaloguetelephony,thedistinctioniseasytomake. 488Communicationsdataconsists of an enhanced telephone bill traffic data, who called who, when, and for how long and information aboutthesubscriber.Thecontentisthevoicecomponent,whatwouldbecapturedifataperecorderor similar were placed across the line. In mobile telephony, location data is also provided but is clearly separablefromthevoiceelement. DatapacketsWhileinconventionaltelephonyapermanentuniquecommunicationslinkexistsbetween thepartiesforthedurationofthecall aseriesofswitchescreatingthelinkforaslongasitisneeded , Internettrafficofallkindistransmittedasaseriesofpackets.Thesystemmakesmuchmoreefficient useofavailablephysicallinks;eachlinkmayconveylargenumbersofconversationsortransmissions. Datatobetransmittedisbrokendownintoaseriesofsmallchunks packets eachofwhichcontains: the address IP address 489 of the originator, the IP address of the intended recipient, some supervisory information in case packets arrive at their destination outoforder and need to be re assembledcorrectly,andpayload. Packet payload may include what RIPA regards as communications data and also what when captured becomesaRIPAinterception.Buttherewillalsobeaseriesofstructurescommands,labelsorvalues which are the building blocks of the many protocols that make up the Internet email, webservices, secure webservices, file transfer, filesharing, VoiceoverInternet. These commands are not normally seen by the regular user; some of these commands and labels may themselves be either RIPA communicationsdataorRIPAcontent,ormayhelpidentifythesubsequentsequencesoftext,etc.as eithercommunicationsdataorcontent. ContentsofwebpagesThecomplexitydoesnotendhere.Asinglewebpagemaycontain,atleastinthe termshopedforinthedraftBill,bothcommunicationsdataandcontent.Atypicalexamplewouldthe inboxofawebmailservice.Theidentityofthesenderandthetimeoftransmissioniscommunications data,butthesubjectmatteriscontent.Onanindividual basisvisualinspectionmayeasilyspotthe difference,butwhatisrequiredisthattheseparationbecarriedoutautomaticallyatveryhighspeedby software; each individual different design of a webmail webpage would need separate attention and whenever a specific webmail service has a changed design, the technical instructions for scraping the communicationsdatafromthecontentmayneedtobealteredaswell. Asifthisisnotenough,moderntechniquesforcreatingwebpagesrelyontakingmaterialfrommultiple sourcesandusingprogrammingfacilitiesloadedintothewebbrowser,thepageisonlyfinallyassembled ontheindividualuserscomputer. ThistechniquereliesonvariantsofJavaScriptandHTML .Inorder toreconstructfrommonitoredpacketsthewebpagethattheuserseesandhencebeinapositionto applythelegaldefinitionsofcommunicationsdataandcontentseveraldifferentpacketstreamsmay have to be assembled and reviewed. Some of the packets will contain fragments of the Javascript, etc. miniatureprograms. DPI The basic tool for examining packets is called Deep Packet Inspection DPI ; it can operate in software in situations where traffic levels are low, but for high traffic levels as when monitoring all communications by very many users , specialised hardware must be deployed. All DPI software and
487See,amongothers,
Justice,2010,PrivyCouncilReviewChilcot,.Cm7324,
TelephoneTapEvidenceandAdministrativeDetentionintheUK,JohnRSpencer inAWaronTerror,edWade&Maljevic,Springerverlag2010andInterceptEvidence:Liftingtheban,
488Iamconscioushowusefulillustrationsanddemonstrationsmightbeatthispointbutamalsomindful
oftherestrictionsinnormalParliamentarypublishing.IwouldbehappytoprovideCommittee memberswithaseriesofdemonstrationsiftheyfeelitwouldaidtheirunderstanding 489IPaddressesarerelativelyuniquetoanindividualcomputer;underthepresentsystem,IPV4,the ISP/NAPassignsIPaddressestotheirindividualcustomersandmaintainsarecordofsuch assignment,usuallyviatheRADIUSlog.LargeorganisationshavepermanentIPaddresseswhichcan belookedupviatheInternetwhoisfacility.
386
hardwarearriveswithaninbuiltknowledgeofthemainInternetprotocolsofthetimeandcanperform basic analyses on a perpacket basis. But any additional features require the writing of specific filters. Wheretheanalysisrequiresseveralpacketstobeconsideredfortheireffecttogether,asinthecomplex webpageandJavaScriptetc.facilitiesdescribedabove,thecapabilitiesofDPIequipmenttohandlelarge amountsofdataautomaticallyandrapidlyareunknown. DPI equipment can usually only work where the web page instructions and components are sent unencrypted. But services from the likes of Google, Facebook, webbased email, are now delivered in encrypted form using https not deliberately to thwart the police and Agencies, but to protect their users for eavesdropping by criminals. For practical purposes in these circumstances, the only entities thatcanseparatecommunicationsdataandcontentaretheGoogles,Facebooks,andownersofwebmail services,whichIhavereferredtoasSocialNetworkServiceProviders. Request Filters As noted above at paragraph 0, an apparent individual communication may involve several different CSPs, a typical example being webmail or social networking. A subscribers Network AccessProviderwouldonlybeabletocapturetheidentityofthemachinetowhichthesubscriberwas connecting cl 28 2 and 3 . The Social Network Service Provider might recognise that a customer/member was in communication with another customer/member but might lack detailed and authentic knowledge of who that customer/member is. The NAP does know, however, because the subscriber is identified when they pay by direct debit or standing order for the network access service. TheBill,cl1416andENs7393,envisagesanentityseparatefromboththeCSP s andtherequesting lawenforcementagencywhichanalysesaspecificproblem,requestsmaterialfromtherespectiveCSPs whichwillprobablyincludecontentalongwithcommunicationsdataandthencombinesthemsothat there is a resulting clearer identification of who is communicating. The process, so it is hoped, will prevent the requesting investigating agency from seeing anything other than communications data. In terms of webmail it will enable the requesting agency to see that their person of interest, who is now clearly identified from data supplied by the NAP accessed the webmail service and via it exchanged emails or other messages with a number of individuals at particular times. But the requesting investigating agency would at no stage see the subject matter of the messages. This is also the explanationofferedbyPeterHillatQ94. Cl 1416 have a number of safeguards in that necessity and proportionality tests must be applied throughout, there must be rigorous security, after the delivery of the filtered material any remaining materialobtainedbytheRequestFilteringEntityinthecourseoftheirworkmustbedestroyed,andaudit records kept for scrutiny by the Interception of Communications Commissioner. However if these safeguards are not rigorously applied and fully examined by the Interception of Communications Commissionerthereisariskthatthatwhatisdescribedasrequestfilteringbecomeslargescaledata mining;thenecessityandproportionalitytestsneedtobeappliednottojusttheindividualdatastreams assuppliedbyCSPsbuttothelikelyeffectwhentheyareassembledtogether. The main purpose of this complex arrangement seems to be to protect CSPs and law enforcement agencies from the situation where the requesting investigating agency inadvertently receives content withtheconsequencesindicatedatparagraph0above. DoubtmustalsobeexpressedaboutthecredibilityandviabilityoftheentitythatperformstheRequest Filter.CoulditreallybethesameSecretaryofStatewhoalsoissuesinterceptionwarrantsunderRIPA Chapter1andwhoalsoissuestheOrdersundercl1oftheDraftBill?Ifitistobeaseparatedesignated publicauthorityassuggestedincl20 1 itwillneedresources,amongthemhighlyskilledstaffwhoare familiarwiththelaw,theapplicabletechnologiesandpoliceinvestigativeprocedureandwhocanalso actindependently.Theywillalmostcertainlyneedhighlevelsofsecurityclearance.Intheprivatesector suchpeoplearelikelytoearnfairlyhighincome;moreovertheywillwantsomeformofcareerstructure andstability.Buttheremaynotbeasufficientlyconsistentflowofworktomakethispossible. PracticalitiesandInterpretations Theprocessofseparatingcommunicationsdatafromcontentisthustheoreticallyasfollows: Inthefirstplacethecommunicationmustbeviewedastheparticipantswouldnormallysee itandthelegaldefinitionsinclause28 25 applied.
387
ThismustthenbeconvertedintoinstructionswhichtheDPIinterceptionequipmentcan implement;thisinturnimpliesafullunderstandingofthevariousprotocolsinuseforthe mainInternetservicesaswellastheconstructionofcertainwebpageswhichcontainboth communicationsdataandcontent.
Someaspectsmaybeeasierthanothers,forexamplecl28 2 b iii :comprisessignalsfortheactuation ofapparatususedforthepurposesofatelecommunicationsystemforeffecting inwholeorinpart the transmission of the communication. This subclause moreorless reflects something that can be recognisedatatechnicallevel.Butothersdonot. The Bill has a number of clauses in this area that look as though they are capable of several interpretations.Forexamplecl28 3 : Data identifying a computer file or computer program access to which is obtained, or which is run, by meansofthecommunicationisnottrafficdataexcepttotheextentthatthefileorprogramisidentified byreferencetotheapparatusinwhichitisstored. Thisisborrowedfroms21 6 RIPA,2000.Oneparticularproblemisthestatusofwebpageswithina website the identity of the website is communications data, the web pages within it are content, but what happens if the filename of the web page gives an indication of its content? An example: http://www.independent.co.uk/news/uk/crime/rebekahbrooksandandycoulsonconspiredtohack millydowlerand600others7966265.html Orcl28 4 : Use data means information a which is about the use made by a person i of a telecommunications service, or ii in connection with the provision to or use by any person of a telecommunications service, of any part of a telecommunication system, but b which does not apart fromanyinformationfallingwithinparagraph a whichistrafficdata includeanyofthecontentsofa communication. Whatwouldbethepositionofawebsitewhichbuildsupaprofileofitscustomersactivitiesinorderto makethemfutureoffersbasedonprevioussaleslikeAmazon?Orasocialnetworkingsitethatsimilarly collectsinformationaboutitsusersothatinteraliaitcanmakerecommendations?BothFacebookand LinkedInfrequentlysuggestPeopleYouMayKnowassuitabletoaddasfriendsbasedonprevious activity. SimpleinterpretationofwebpagesgeneratedbysocialnetworkingsitessuchasFacebookmayalsobe surprisinglydifficult;heretherecanbesignificantproblemsinidentifyingwhichelementsonawebpage are communications data as opposed to content even before we attempt to turn these into technical instructions.Dowetakeitthattheidentitiesofpostersarecommunicationsdataandwhattheysay or pictures they put up is content? What is the effect if some postings are only available to selected viewersFriendsasopposedtobeingpublishedtotheworldatlarge?Whatisthepositionofoneto manycommunicationsbutwhichstillfallshortofgeneralpublicpublication? Implicationsforclause1Orders ThestructureoftheBillisthatitisprovidesaframework,withthedetailtobecoveredbyOrderstobe issuedbytheSecretaryofState.EN22setsouttheintentions: Inpractice,itislikelythatanorderunderclause1may,amongstotherthings,imposerequirementson operators to: generate all necessary communications data for the services or systems they provide; collect necessary communications data, where such data is available but not retained; retain the data safelyandsecurely;processtheretaineddatatofacilitatetheefficientandeffectiveobtainingofthedata by public authorities; undertake testing of their internal systems; and cooperate with the Secretary of Stateorotherspecifiedpersonstoensuretheavailabilityofcommunicationsdata. Clause 2 sets out the requirements that Ofcom, the Technical Advisory Board TAB set up under s 13 RIPA and which I understand has until now hardly ever met , and relevant stakeholders must be consulted. But the main democratic safeguard is supposed to be that Orders are subject to affirmative resolutionbyParliamentcl29 2 .
388
GiventhepressuresonParliamentarytimeandmaterialthatwillbetechnicallycomplexandoutsidethe normal experience of most Parliamentarians, it seems highly doubtful that detailed consideration will takeplace.Anysuchdiscussionwouldrequireinformationabouttheprecisenatureofthethreatsand, basedonwhatACCGaryBeautridgesaidtotheCommitteeinoralevidence Q152 ,thepolicewillwant to discourage public debate as they fear that might inform criminals and others of gaps in law enforcementcapability.Ineffect,Parliamentaryaffirmativeresolutionwillnotbeasafeguard. Costs,ValueforMoney TheImpactAssessmentaccompanyingthedraftBillestimatescoststobe1.8bnforthe10yearsfrom 2011/12 without allowing for inflation, VAT and depreciation. The main assumptions are: the total volumeofinternettrafficincreasestenfoldover10years,CSPsretaindatafor12months,datastorage costsdecreaseby25%perannum.Ofthe1.8bn,859mistheestimatedcosttotheprivatesectorCSPs ofallkindsandwhichwillbepaidforbytheHomeOffice.Thebalanceismadeupofcostslikelytobe incurred in management and facilities by law enforcement and the agencies and in oversight by the InterceptionofCommunicationsandInformationCommissioners 490. One of the unfortunate features of the Impact Assessment is that the only bodies listed as formally consultedweretheusersofcommunicationsdata,asopposedtotheCSPswhoareexpectedtoprovide it491.Itispuzzlinghowcostscouldbecalculatedwithouttheirinput. ForecastinganythingtodowiththeInternetisfraughtwithuncertainty.Lookingbackoverthelast10 yearsonemustpointoutthattheearliestmanifestationofFacebook,oneofthekeyconcernsbehindthis Bill, dates from 2004 and was only opened to the publicatlarge in 2006. MySpace, its predecessor in popularity,wasfoundedin2003andinJune2006wasmorevisited,atleastintheUS,thanGoogle492 but it was overtaken by Facebook by April 2008 and by August 2012 had declined to being the 166th most visited Internet site493. Twitter dates from March 2006, Google Apps, its consumer orientated cloudserviceofemail,onlinecalendarandremotelystoredandeditabledocumentswasfullylaunchedin July2009494.Skype,oftencitedasaparticularproblemforinvestigators,wasfoundedin2003andhas beenthroughanumberofversions. CostandBenefitEstimates The Home Office Impact Assessment seems solely based on increases in the total volume of Internet traffic, not on its increasing complexity and level of change, which is what any form of separating of communicationsdatafromcontentwillhavetobeconcernedwith.Evenforecastsoftrafficvolumesover 10yearsareproblematic;lookingsimplyoverthenextthreeyearsmuchwilldependontherateofroll out of highspeed fibrebased links which by themselves would encourage greater usage and also to takeupofvideoondemandservices,inwhichcustomersseefilmsnotovertheair terrestrial,satellite, conventionalcable orbyrentingDVDs,butbyreceivingvideoovertheInternet. 495 Similar doubts must exist of the estimate of benefits, which are suggested as being between 5 and 6.2bn.TheImpactAssessmentsays: These benefits are assessed by operational stakeholders and, using a model validated by HM Treasury, translatedintoeconomicvalues.Theassessmenttakesintoaccountananalysisofcriminalbehavioursby theSeriousandOrganisedCrimeAgencyandananalysisofthefuturecommunicationsmarketbasedon OFCOMandothermarketsources.Thelargestcategoriesofbenefitsaredirectfinancialbenefitsarising mainly from preventing revenue loss through tax fraud and facilitating the seizure of criminal assets.
490SeealsoCharlesFarrsreplyatQ73. 491ParagraphA3oftheImpactAssessment. 492http://news.cnet.com/Googlesantisocialdownside/21001038_36093532.html 493http://www.alexa.com/siteinfo/myspace.com 494http://googleblog.blogspot.co.uk/2009/07/googleappsisoutofbetayesreally.html 495SeetheHouseofLordsCommunicationsCommitteeReport:
http://www.publications.parliament.uk/pa/ld201213/ldselect/ldcomuni/41/4102.htm
389
Values for benefits for example from lives saved and children safeguarded are derived from standard estimatesbyHomeOfficeeconomists. ButifweturntothemainHomeOfficeResearchdocumentcited 496manycaveatsaremade: Whilst information on the total and average costs of crime is extremely useful, average cost of crime estimatesinthisstudyneedtobetreatedwithsomecaution,foranumberofreasons. _Differentcrimeswithinthesameoffencecategoryarelikelytohavevastlydifferent costs. _Particularcrimereductioninitiativesmayimpactondifferenttypesofcrimewithinthe sameoffencecategory.
available.However,duetolackofgoodinformationinanumberofareas,theestimates areinevitablyimprecise.
_Thecostsofanidenticalcrimemayfalldifferentiallyondifferentsocial,economicor geographicgroups _Somecrimesareinevitablycostedlessaccuratelythanothers,andunquantifiedcosts existwhichmaydifferbetweencrimes.Acomparisonofaveragecostsbetweendifferent crimescouldthereforebemisleading.Ahigheraveragecostforonecrimethanfor anothercouldreflectthesizeofquantified,ratherthanunquantifiedcosts,ratherthana realdifferenceinthecostsofthecrimestosociety,althoughtosomeextentthisis unavoidableinanexerciseofthisnature. The Impact Assessments benefits have a further problem: they are claims about what would result fromtheincreaseinaccesstocommunicationsdataoverwhatiscurrentlyalreadyavailable. Whatever the size of the costs and benefits, the Impact Assessment makes a further assertion: The proposed 10 year investment in communications data capabilities of 1.8bn compares with an annual costforpolicingaloneof14billion.Butthisisforeveryaspectofpolicing;itmaybemorerealisticto lookatthefrontlineorganisationsdealingwithseriouscrime.SOCAsresourceexpenditurein2011/12 was427.9m,withafurther34mincapitalexpenditure 497.AfurtherbasisforcomparisonistheUKs CyberSecurityStrategyfromNovember2011. 498TheNationalCyberSecurityProgrammehasabudget ofrealnewmoneyof650mforthefouryears20112015,ofwhichonly10%,65m,willgototheHome Office for tackling cyber crime. Out of this comes a specific budget for the police: the new National CrimeAgencywillincludetheexistingPoliceCentralECrimeUnit,theexistingSOCAecrimeandCEOP, the child online protection group. On this basis the estimated costs for the proposed Communication CapabilityDevelopmentProgrammebegintolookratherlarge. SourceofFundingforCCDP Evenifcostsaredifficulttocalculateitispossibletoidentifycriteriaforvalueformoney.Oneofthegreat weaknessesoftheBillandthepoliciesbehinditisthatnowherehastherebeenanyexplanationofthe source of the required funding. The government is currently seeking reductions across the whole of public spending costs of 20%, including the police. It seems a reasonable assumption that similar cuts will be expected from the Security and Intelligence Agencies. Only unambiguous evidence of new and
_Averagecostestimatesgiven.arebestestimatesofcostsgiventheinformation
496
http://webarchive.nationalarchives.gov.uk/20110218135832/rds.homeoffice.gov.uk/rds/pdfs/hors 217.pdf 497http://www.soca.gov.uk/aboutsoca/library/doc_download/392socaannualreportandaccounts 201112.pdf 498http://www.cabinetoffice.gov.uk/sites/default/files/resources/ukcybersecuritystrategyfinal.pdf
390
growingthreatswouldovercomethis.Butoverallcrimeisdown 499andthelastdeathsintheUKfrom terrorismwerein7July2005,althoughofcoursethiscannotbethesoleindicatoroflevelofthreat. If we assume that the CCDP will have to be funded from existing resources, the question then arises: which current areas of expenditure will have to be further curtailed beyond the 20% acrosstheboard savingsalreadydemanded?Thereseemtobetwobroadchoices,eitherfromeveryformofgovernment expenditureeducation,health,defence,transport,socialservices,etc.ormorespecificallyfromthe policeandAgencies.OnesuspectsthatthepoliceinparticularwillhavereducedenthusiasmforCCDPif theyhavetopartiallyfunditsinfrastructurecosts. EssentialCriteriaforSuccess If CCDP is to be successful, or value for money, it must have a number of features, not all of which are explicitlyreferredtoeitherintheExplanatoryNotesortheImpactAssessment: DPIequipmentmustnotslowdowntheInternetexperienceAtpresentCSPsaresimplyrequiredtoretain business records which fall into the definitions of communications data. The Bill requires them to processit seeparagraphs0ff andaswehaveseentheseprocessescanbequitecomplex;withoutvery highspeed equipment which implies expense the users experience of Internet browsing will be slowed.ThisoutcomewoulddirectlyconflictwithotheraspectsofGovernmentpolicy,includingthatfor superfast broadband. 500 DPI equipment installed now would need to be upgraded as fibrebased deliveryservicesarerolledout MonitoringmustbenearcompleteTheavowedaimofdataretentionisthatonceanindividual,hitherto thought innocent, comes under suspicion, investigators are able to discover their past online activities. Although 100% availability of retained communications data seems infeasible, each 1% per cent drop surely significantly weakens the benefits as one must expect that those who wish to conceal their activitieswilltakeevasiveaction.A90%coveragewouldincursignificantcostsbutmightonlycapture theactivitiesofthewhollyinnocent.Thus,everyUKISP,nomatterhowsmall,wouldneedtobecovered, unlessthatISPwasonlyabletofunctionbybeingaclientofalarger,UKbasedISP. The Home Offices position here appears confusing. At Q9 Charles Farr speaks of hoping to get, by deployingCCDP,upto85%ofcoveragewhichpresumablyrefersto85%ofcommunicationsdatabeing transmittedinandthroughtheUK.RichardAlcockatQ77,saysthesamebutatQ82says: IntermsofthegeneralnumberofCSPs,justintheUnitedKingdom,Ithinkitisintheorderof250to300 communications service providers. We certainly do not envisage working with that many within the piece.Clearly,itdependshowcommunicationsserviceschangeovertimeandwhethergroupsgravitate toacertainserviceornot.Butwecertainlydonotenvisageworkingwitheveryone,andIestimateitwill bearelativelysmallproportionofthose. emphasisadded Thislackofclarityaboutintendedscopeofcoveragelooksoddagainstthesuspiciouslypreciseprojected costofpaymentstoCSPsof859m. EvasivemeasuresInaddition,theproponentsofCCDPwillneedtoexplainhowtheywouldaddressthe obviouseasyroutestoevadingattention: BoughtforcashpayasyougoSIM,givinganonymity UseofInternetcafesandotherpublicaccessservices unlessitisassumedthattheownersof theseserviceswillkeepelaborateverifiedrecordsoftheidentitiesofalltheircustomers HijackingofunencrypteddomesticInternetaccesspoints withtheresultthattheInternet activityisattributedtotheregisteredsubscriber
499http://www.ons.gov.uk/ons/rel/crimestats/crimestatistics/periodendingmarch2012/stbcrime
statsendmarch2012.html
500http://www.culture.gov.uk/publications/7829.aspx
391
UseofencryptedwebmailandotherservicesfromprovidersoutsidetheUKandwithwhose lawenforcementagenciestheUKdoesnothavecloseworkingrelationship UseofsmallNAP/ISPs,thoughtunlikelytobeaskedinstalltheDPImonitoringequipment
Thereareothermethodsofevasionbuttheaboverequirenoskillonthepartoftheuser,otherthanto knowthattherouteexists How will encrypted services be handled? As we have seen, an increasing number of large important servicesarenowencrypted,usinghttpsseeparagraphs0andfollowingabove.Theredoesnotappearto be a routine means of decrypting and hence getting access to anything that might be communications data. HTTPS is fundamental to Internetbased ecommerce and ebanking. In the course of a targeted investigationitmaywellbepossibletoobtainthecooperationoftheencryptedserviceastherewillthen be evidence upon which judgements of necessity and proportionality can be made 501. But CCDP is abouttheroutineretention/collectionofdatafromthewholepopulationandintheabsenceofspecific suspicions. ApossiblesolutionwouldbefortheCSPtoretainalldatathatappearedtobeencryptedandtomakeno attempt at separating communications data and content until there was a specific request. However, giventhequantitiesofencryptedtransmissions,CSPstoragecostswouldsoar.ButRichardAlcock,Q47, seems to say that RIPA would not allow this, presumably as content, even if encrypted, cannot be retained. 502 And most versions of https can only be intercepted at the time encrypted messages are sent,usingamaninthemiddleattack. HowwilloverseasCSPsbedealtwith?TheUKappearstohavetworoutestodealingwithCSPsoutside thejurisdiction.Thefirstistoseektheircooperation,aviewreflectedinCharlesFarrsresponseatQ52: Thecentralplankofthisprogrammeisacollaborativerelationshipwithserviceprovidersinthiscountry andoverseas.DPI,blackboxes,orwhateverothermetaphororlanguagewechoose,onlycomeintoplay incertaincircumstanceswhenanoverseasproviderorthestatefromwhichanoverseasprovidercomes, or both together, tell us that they are not prepared to provide data regarding a service which is being offered in this country and which we knew and know is being used by criminal elements of whatever kind.ThisincursrelativelylowfinancialcostsbutmayinvolvepersuadingtheCSPsthatthelegaland regulatoryframeworkforissuingrequestsisfairandrigorous.Seemyremarksatparagraph0aboveand 0below. The second route appears in the same answer: The legislation therefore creates the option, in those circumstances,ofputtingablackbox,usingyourlanguage,onaUKnetworkacrosswhichthedatafrom the overseas provider must move, with the purpose of sucking off that data, under our guidance controlistoostrongawordandstoringitthroughthatnetworkprovider.Inotherwordsaformof filtering based on that service. At Q54: he says: The network provider would take off the network the dataparticulartotheserviceofconcerntousandstoreallthatdata.Wewouldthenapplytothenetwork provider for specific bits of the data that has been so stored, in accordance with usual practice. This wouldincurexpenseandtheJointCommitteeshouldmakefurtherenquiriesastoitslikelylevel. Many of the big overseas services with which we assume there is the greatest concern, like Google, Live/Hotmail, Twitter, Facebook, etc. use encrypted links, in which case this second route would have verylimitedeffect. BenefitElements TheHomeOfficeexpressthebenefitsintermsofglobalisedpercentages,sayingthattheyhopetomove from a 75% availability to 85% Q9 . At Q22, Charles Farr produces a percentage breakdown of applicationsforcommunicationsdata,presumablybasedonexistinglaw.
501Therearealsoothertechnicalrouteswhichareavailableinatargetedinvestigationintheeventof
noncooperationfromtheserviceprovider point.
502ItispossiblethattheuncorrectedtranscriptiononwhichIamrelyingisnotwhollyaccurateatthis
392
27% of data for which applications are made and obtained is for drugsrelated offences, 15% is for propertyoffences,arson,armedrobbery,theft,12%isforfinancialoffences,10%isforsexualoffences, 6% is for homicide, 5% is for missing persons, 5% is for harassment, 4% is for offences against the persons,and4%to5%isforexplosives. Butwhatisreallyrequired,ifthereistobeapropervalueformoneyassessment,istheabilitytoidentify particular types of communications data originating from particular classes of communications service provider. Many existing highly useful forms of communications will continue to be available for the reasonablyforeseeablefutureincludingmobilephonelocation whichisnotInternetdependent and, from Network Access Providers, the ability to link IP addresses obtained by a variety of means to the identities of their subscribers. What is needed is a way of identifying the specific forms of further communicationsdatathatCCDPwilldeliversothatitcanberelatedtothecostsofacquiringit. One purpose of setting out the various types of CSP and the classes of data they might produce in paragraphs 0 to 0 above was to assist the Joint Committee in gaining a better ability to assess these separateelements.InotetheremarksofACCGaryBeautridgetotheCommitteeinoralevidence Q152 and have some sympathy with his concern not to expose current law enforcement weaknesses. But I hopetheJointCommitteewillpursuewithvigourandcarefullytestanyconfidentialinformationsupplied toitbyACPOandothers. CostElements DPIBoxesThefirstcostelement,tobepaidforbytheHomeOffice,istheinstallationoftheDPIboxesat NAP/ISPs. Because one must anticipate attempts at evasion by those of greatest interest to the authorities, this investment will have to be frontloaded. That is to say, near 100% coverage of UK NAP/ISPswillberequirednottoolongaftertheintendedstartup.AlthoughtheHomeOfficespeakof wishingtorunpilotstudies,usuallyanimportantmeansoftestingapolicy,thepilotscouldnotshowhow wellCCDPwasmeetingthethreatsofevasion.Thissignificantlyincreasestherisktothetaxpayer. Asnotedabove,giventhegrowthspeed,anddifficulttopredictnatureoftheInternetDPIboxeswould needconstantlytobeupgraded FilteringSoftwareAsexplainedatparagraphs0to0above,theprovisionoffilterstoberunontheDPI hardware is likely to be an extensive and ongoing project. It is not clear who will do the necessary researchandproducefinalproductsGCHQmightbeacandidate.Thiswillstillbeacostwhichhastobe metfromsomebudgetorotherultimatelyfundedbythetaxpayer. CSP additional costs In addition to the costs identified in the ENs and Impact Assessment, the Joint CommitteeshouldaskCSPsaboutthecostsofproducingmaterialfromtheirarchivesofretaineddataat speed to meet likely emergency requirements from law enforcement. It is not enough that required communications data is simply kept, it must also be available; and that implies some near online capability. Mobile phone companies, on whom there are frequent demands but where the normal requestsareverystandardisedcallingnumber,receivingnumber,date/time,callduration,IMEI,IMSI, locationhaveautomatedorsemiautomatedsystems.Willsomethingsimilarberequiredofothertypes ofCSP,andwhatwillbethecostimplications? OpenendednatureofCCDP Thefollowingelementsarehighlydifficulttoforecast:thegrowthinInternettrafficvolumes,thelevelsof complexity of future Internet services, the numbers of CSPs, and the extent of attempts at evasion. If allowed to proceed in in anything like its current form CCDP will have all the preconditions for an uncontrolled government computing project or MoD defence contract. Its details will be shrouded in secrecyinordernottogivecriminalsandothersanadvantage,anyassociatedcontractswillbehidden from scrutiny as commercially confidential and the precise specification will be subject to constant change.Thisistheclassicformulaforrunawaycostsandhenceasignificantrisktothetaxpayer. PossibleAlternativeLegislativeandPolicyRoutes IhopeitwillhelpifIsketchoutsomealternativestotheproposalsinthedraftBill.
393
Intrusive Data Monitoring Warrant A more radical form of legislation would almost certainly have to abandontheattempttoseparatecommunicationsdatafromcontent,sothatanintrusivedatamonitoring warrantwouldcoverboth.ThiswouldmeanthatthepeculiarUKpositionofmakinginterceptevidence inadmissible 503 would also have to be abandoned. RIPA already features directed and intrusive surveillance regimes s28 and s 32 respectively. The test for granting would depend on the levels of intrusion rather than a technical assessment of whether data was communications data rather than content. Any new power along these lines would almost certainly have to be subject to judicial scrutiny as opposedtothecurrentpositionwherewarrantsareissued,forhistoricreasons,byaSecretaryofState actingonbehalftheCrown.IamawaretheargumentsforandagainstofwarrantsissuedbyaSecretary ofStateandofthesimilarargumentsaboutselfauthorisationbydesignatedseniorofficerinrelationto communicationsdata. DataRetentionofBusinessRecordsThiswouldbeverysimilartothecurrentpositionwhereCSPsretain recordsthattheycreateinthenormalcourseoftheirbusinessandwhichwouldincludecommunications dataascurrentlydefinedinRIPAorEUDRDbutwouldnotrequirethemtodoanyfurtherprocessing. I would favour passing power this over to judicial scrutiny as well, not the least for the reasons now exploredbelow. PositionofOverseasCSPs,includingSNSPsAswehaveseen,muchofthematerialwhichtheauthorities hope CCDP would make more available is held by CSPs based outside the UK. It seems much more sensibletoseektheircooperationratherthanrelyingeitheronMutualLegalAssistanceTreaties,which can be cumbersome and too slow to be effective, or to hope that the data can be monitored while in transit in the UK. But to do this may require convincing SNSPs that UK legal procedures are fair and transparent. As noted above, SNSPs will need to consider their position under the laws of their home jurisdiction,usuallytheUnitedStates,andalsotheperceptionsoftheirworldwidecustomerbase. JudicialsupervisionisfarmorecommonandunderstoodworldwidethanthenUKpracticesofapolitician to grant warrants for the most intrusive activities and selfauthorisation by senior law enforcement officer for the rest. For that reason alone, judicial supervision is likely to be more credible and persuasive. Thereisafurtherelement:companieslikeGoogle,Facebookholdlargeamountsofpersonaldataabout theircustomersanddosowiththeirconsent.Cloudprovidersholdfilescreatedbytheircustomers.In these circumstances theassessmentof proportionalitybecomes especially important. Should awarrant automaticallygiveaccesstoallthematerialthecloudproviderholds?Tomyknowledgethisissuehas notbeexaminedinanydetailanywhereintheworld. EnhancedroleofCommissionersAlsoaspartofapolicyofconvincingSNSPsandothersoftherigourand fairness of UK procedures, there surely needs to be a more visibly robust regime of Interception of CommunicationsandInformationCommissioners.InformationCommissionershavealwayshadapublic profile, appearing on television, engaging in debate and making public demands for law changes and increased resources. Interception Commissioners have until recently been almost invisible. The most recentreport 504,for2011providesmoredetailandcandourthanhitherto,buttheCommissionerheld justonemeetingoutsideawhollyofficialenvironment,withthespecialistDataProtectionForum. AlthoughhisReportdescribeshowheauditstheactivitiesofthepolice,Agenciesandotherbodies,itis unclearhowfarhequestionsthereasoningandevidenceofthenecessityandproportionalityteststhat are the starting point for each warrant/authorisation. If he doesnt he should do so and identify situationswherematterswentawry.Obviouslyanyreviewofsuchtestswouldhavetobeonthebasisof information available at the time. The Commissioner could also usefully describe in more detail the resources and skills of his inspectors. Consideration should be given to moving this role into the
503S17RIPA 504http://www.intelligencecommissioners.com/docs/0496.pdf
394
Information Commissioners Office, where it might be less easily perceived as captured by the law enforcementandintelligenceagenciesitissupposedtobeoverseeing. TheInvestigatoryPowersTribunalisevenlessvisible,andhencelesscredible,thantheInterceptionof Communications Commissioner. It would have much greater perceived independence and credibility if reconstituted directly under the control of the Supreme Court as is the US Foreign Intelligence SurveillanceCourtandForeignIntelligenceSurveillanceCourtofAppeal ,withmoretransparency. Anewtypeofretentionwarrant?Onecanalsoenvisageanewtypeofwarrant,alsoissuedbyajudge,on thebasisthatalthoughanindividualwhoisnotcurrentlypresentingsufficientofathreattojustifyfull scale monitoring there was the possibility by virtue of people whom they knew or views they were thoughttohold,itmightbeusefuliftheISPweretoretaintheircommunicationsandcontentforaperiod ofyearagainstthefuturepossibilitythatthepoliceorotherinvestigatorsproducedafullwarranttoview the material. This would address a problem identified by investigators that on occasion they identify a substantial conspiracy in an advanced stage and wish to know something of the previous actions and thoughtsandassociatesofthosethoughttobeinvolved.Howeverthislastproposalhasmanydifficulties associatedwithitwhatwouldbetheactualcriteriafortheissuingofsuchawarrantandhowwouldit besupervised?Butitwouldhavethefurtheradvantageofbeingtargetedeffortandexpenditurewould be directed against those who might in the future be of interest, as opposed to the 99.5% of the populationwhoneverwillbe. IwouldbehappytoansweranyquestionstheJointCommitteemayhave. August2012
395
Dr Eric Stoddart
Summary i. Asophisticatedtestofproportionalitycomprisesfourdimensions.Asimpleonequestiontestis inadequateforthisBill. ii. Anholisticmodelofcommunicationsdataisrequiredinordertoappreciatetheassemblageof surveillancedata.Itisamistaketoconsiderinformationretainedasmerelymanyinstancesof discretedatapoints. iii. Arelational,performativeunderstandingoftheselfchallengesattemptstobifurcate communicationsdatafrommessagecontent;bothareintegraltoformingtheselfandthus demandingofprivilegedprotection. iv. Anadequatelyresourcedwarrantsystemforinstitutingsearchesofretaineddatais recommended. v. Thecapacitytoretaineveryonescommunications/contentdataisacknowledgedbutitis proposedthatthisbeactionedonlybywarranttowardstargetedpersons. vi. Thewholesaleretentionofeveryonescommunicationsdataisrejected. TheauthorisAssociateDirectoroftheCentrefortheStudyofReligionandPolitics,andalectureratthe UniversityofStAndrews,Scotland.HeistheauthorofTheologicalPerspectivesonaSurveillanceSociety: WatchingandBeingWatched Aldershot:Ashgate,2011 andwriteshereinapersonalcapacity. Asophisticatedproportionalitytest. 1. ThegovernmentrepeatedlyclaimsthattheproposalsinthedraftBillareproportionate.Quite whatthismeansandwhetheritcanbeappliedasasingletestacrosstheBillinitsentiretyarequestions largelyleftaside.Icontendthatthereareatleasttwoseparatetestsofproportionalityrequiredhere: a consideringtheindiscriminateretentionofcommunicationsdatabeyondthatcurrentlyheldbyCSPsfor businesspurposes,and b theproposalthatdatabasesbesearched,albeitmediatedbyafilteringsystem, without a warrant. Furthermore, a proportionality test does not comprise only one question. Although thereisnopreciselegalformulationforsuchatest,itsuseinthereviewofcasesundertheUKHuman Rights Act has generated typically four subquestions. These address the legitimate objective, rational connection,minimalimpairmentandoverallbalance. 505 2. The first subquestion asks if the objective is sufficiently important. This is immediately problematicinthisBillbecausetherearemultipleobjectivesscoopedupwithintheinitialoverallaimof protecting the public stated in the initial Home Office press release prior to the Bill later being published . This aim becomes, to protect the public and bring offenders to justice, in the Home SecretarysforewordtotheBill.WhenAssistantCommissionerCressidaDickgivesheroralevidenceshe referstothevalueofcommunicationsdataincasesofabduction,locatingsuicidalpersons,andtackling guncrime,robberiesandrapes whereinmobilephonesareoftenstolen . 506Thescrutinycommitteehas alreadybeenexercisedovertheobjectiveoftacklingaseriouscrimeforwhichnolegaldefinitionexists andrecognizesthatseriousisasubjectiveandcontextualdesignation. 3. ItmeansverylittletosettlequestionsofproportionalityatthegenerallevelinwhichthisBillis worded.ProposersandsupportersoftheBillaremistakeniftheybelievethatproportionalitytestedata very general level can be treated as if it were a trickledown effect. Whilst an instance of alleged gun crimemightbeofconsiderableseriousnesstoaparticularcommunitysuchcontextualspecificityshould not be deemed to be proportionate in relation to the mass and indiscriminate retention of the populationscommunicationsdata.Neitheroughtthedevastatinghumancostandtragedyofincidentsof thiskindbedeemed,asitwere,togenerateatrickleupeffecttotheproportionalitytest. 4. The whole question of legitimate objective within a proportionality test is further complicated for,inoperationalpractice,unacceptablediscretionishandedtoadesignatedseniorofficertodetermine proportionality.TheactualpointatwhichproportionalityistestedisnotinParliamentbutatthedeskof anofficerwithinwhat,aswitnessestotheCommitteehavealreadyalluded,mightbea'canteenculture'of
505AlanD.P.Brady,
ProportionalityandDeferenceundertheUKHumanRightsAct:AnInstitutionally SensitiveApproach Cambridge:CambridgeUniversityPress,2012 .
506HC479iii,q.150.
NeitherwitnessesnorMembershavehadtheopportunitytocorrecttherecord.The transcriptisnotyetanapprovedformalrecordoftheseproceedings.
396
minimal scrutiny or within a paradigm that gives the benefit of the doubt tooreadily to institutional objectivesoverindividualrightsand/orthepublicinterest. 5. The second proportionality subquestion asks if the measure is appropriately connected to the objective. Atboththegeneral level ofthe Bill and inoperational contexts this questioncould be easily answeredintheaffirmative.Communicationsdataissoclearlyrelevanttomonitoringthebehaviourand actionsof networks of people and individualssuspected ofor involved in any level of criminal activity. Thisdimensionoftheproportionalitytestoughtnotbeinvestedwithtoomuchimportancebecausesoto do would give a false impression that oversimplifies questions of proportionality. In other words, the subquestionsdonotcontributeequallytotheoveralltest.Thetestofrationalconnectionisbotheasier toanswerandoflesserimportance;aninvidiouscombinationoffeatureswhensomeincidents,suchas theLondonriotsof2011orchildabductionsstirthepublicimagination. 6. A third subquestion expects minimal impairment. We, the public, want assurance that the measuregoesnofurtherthanisnecessarytoachievetheobjective.Thisisparticularlycontentiousand difficulttoanswerconvincinglygiventhepaucityoflongitudinalstudiesintotheeffectsofbeingunder masssurveillance.Ifthesystemswereabletoretainthedataofanyonethenastrongcasecouldbemade that targeting a specific person or communications device is legitimate in just the same way as warranted covert surveillance under existing legislation . The problem for proportionality is that the systemretainsthedataof everyonetoenableretrospectiveanalysisandrapid ifnotrealtime tracking ofadeviceandanetworkofcommunicants. 7. Whatishappeningisthatnotionsofprevention,precautionandpreemptionareassumingever increasing importance. The new paradigm of precaution adds further dimensions to responsibility for ourselvesandothers andsolidarity wherethecostofdamageissharedacrosssocietyandbusinessby compensation and insurance systems . Concerns over irreparable and catastrophic damage lead us to expect precautions to be taken and sanctions to be in place for those people who not only fail to heed available knowledge but risks that ought to have been suspected as demanding proactive attention. 507 We endeavour to prevent a terroristcrime by guarding vulnerable sites andscrutinising travellers and theirluggage.Preventionfocusessurveillancebutprecautiondiffusesitbecauseweknowthatthereexist threatsofwhichweare,asyet,unaware. Preemptive actionisthereforeexpectedofthosechargedwith preservingoursecurityandsafety. 8. An otherwise proper precautionary approach can leech into culture in such a way that it contaminatesourattitudesand mutates intoan illegitimate defenceofpreemptive responses.We see this in crime control where a public health conception requires the preemptive identification and managementofriskyindividuals. 508Inthecontextofmentalheathserviceschargedwithsimilarpre emptive analysis, Nikolas Rose observesthatanagenda ofprotecting society may obscure theneed for protecting from society when prejudice is stoked by fear of those who are different and vulnerable. 509 Without judicious handling, intervention policies to preempt peoples action become deterministic. In other words,the future harm is presented as inevitable in the lightof which preemptive strikes as in military action or intervention as in gathering data on whole populations from which a threat will emerge arelegitimated. 510 9. Themythofpreemptionisthestatesresponsetohavingitscoverblownwhenterrorists,other criminalsorderangedindividualscommitactsthatdemonstratehowlittlerealorderandcontrolastate
507FranoisEwald,'TheReturnofDescarte'sMaliciousDemon:AnOutlineofaPhilosophyofPrecaution',
inTomBakerandJonathanSimon eds. ,EmbracingRisk:TheChangingCultureofInsuranceand Responsibility Chicago&Longon:UniversityofChicagoPress,2002 ,273301. 508NikolasRose,PowersofFreedom:ReframingPoliticalThought Cambridge:CambridgeUniversity Press,1999 ,7. 2002 ,20937.
509NikolasRose,'AtRiskofMadness',inTomBakerandJonathanSimon
eds. ,EmbracingRisk:The ChangingCultureofInsuranceandResponsibility Chicago&Longon:UniversityofChicagoPress,
510Throughthepreemptivelensthefuturebecomesaninevitableseriesofevents,elevatingfatetoan
agentofhistoricalevolution,GregElmerandAndyOpel,'PreEmptingPanopticSurveillance: SurvivingtheInevitableWaronTerror',inDavidLyon ed. ,TheorizingSurveillance:ThePanopticon andBeyond Cullompton,Devon:WillanPublishing,2006 ,13960at144.
397
canexerciseoveritsterritory. 511Theironyisthatapublicwhofeelstheneedforpreemptiveactionsuch asdatagatheringisitselfthendesignatedasthesitefromwhichsuchriskyindividualsemergeandthus blanketsurveillanceofeveryone,notjustanyoneisexpected. 10. We simply do not know what effect on general and local populations accrues from a vague awarenessthattheyareundermasssurveillance.Whetherornotitmattersthatmonitoringandanalysis ofthedataisperformedbysoftwareratherthandirectlybyhumananalystsisalsounderinvestigated. Much,inthissubquestion,dependsonthetimescaleoverwhichimpairmentistobetested.Itisquite possiblethattheBillasenvisagedhaslittleadverseeffectonthepublicsbehaviourifmeasuredonaday today basis. Broader and longterm effects of a culture of surveillance could prove to be much more damaging.Scholarlydiscussionsofarisksocietyandthedesignationofriskyindividualssuggestthat narratives of precaution, preemption, and prevention could turn out to be more detrimental than previouslythought. 11. Thefourthproportionalityquestionasksif,overall,afairbalancewasstruckbetweentherightsof theindividualandpublicinterests.Balance,asLuciaZednerpointsout,isanothernotionthatcaneasily obfuscateassumptionsthatneedtobemadetransparent.Beforewecanconcludethata fairbalancehas beenstruckweneedtoaskwhathastippedthebalance,inwhoseintereststhebalancehasbeensecured andwhatliesinthescales? 512 12. In this case the disequilibrium to be addressed is one over the shift to digital and mobile communications devices that generate data that escape the purview of police and security services. However,theestimatesofthedatagapneedtobereadagainstabackdropofbothacultureoffearandof precaution.Itistooeasytosetupathemandus whoseinterestshavebeenforfeitedthroughcriminal action,intentorsuspicion .IagreewithZednerthatweofferourselvesafalsesenseofsecuritythatwe willneverbeamongstthosewhofallfoulofsurveillanceactivitiesbythestate.Drawingontheexampleof the limitations on the right of silence arising in the specific context of terrorism in Northern Ireland , Zedner warns that emergency measures have an uncanny way of being perpetuated beyond that emergency and extended to offences of lesser gravity. 513 Plans to further standardise communications dataacrossEuropetomoreeasilyfacilitatelawfulinterceptionaresignificantinthisregardtoo. 13. Whenitcomestoaskingwhatliesinthescales,knowninterests suchasprivacy areweighed against future uncertainties; what can be understood as temporal dissonance. 514 The uncertainties of security are themselves of two conditions: objective being protected from some harm and subjective psychological state of being fearful . It is vital that balancing is itself viewed critically for it assumes that, even those aspects of our life most closely associated with our status as free and equal, is, in principle,upforgrabs. 515Thestakesarehighhereforallofus.Bytreatinghumanrightsas quantitiesof freedomitiseasytoforgetthatthoserightsserveamorefundamentalpurposeinprotectingourstatusas moralagents. 516 14. Fair balance within the proportionality test could be defended where objective harm is being prevented.Quitewhetherthisisafairbalance overallisanothermatteraltogether.Communicationsdata retentionof everyoneratherthanmerely anyone isattheheartofnotonlythisBillbutanapproachto governancethatsaturatesaBritishresponse. Anholisticmodelofcommunicationsdata.
511DavidGarland,'TheLimitsoftheSovereignState:StrategiesofCrimeControlinContemporary
Society',BritishJournalofCriminology,36 1996 ,44570,GabeMythenandSandraWalklate, 'CriminologyandTerrorism:WhichThesis?RiskSocietyorGovernmentality?',BritishJournalof Criminology,46/3 May1,20062006 ,37998. 512LuciaZedner,'NeitherSafenorSound?ThePerilsandPossibilitiesofRisk',CanadianJournalof CriminologyandCriminalJustice,48/3 2006 ,42334. 513Zedner,'NeitherSafe',at515. 514Zedner,'NeitherSafe',at516. 515StavrosTsakyrakis,'Proportionality:AnAssaultonHumanRights?',InternationalJournalof ConstitutionalLaw,7/3 2009 ,46893at489. 516Tsakyrakis,'Proportionality',at490.
398
15. The Bill is predicated on a distinction between communications data subscriber, usage and traffic andmessagecontent.Inthisway,theBillsproponentsanddefendersbelievethatconcernsover individual privacy are unwarranted; rigorous data protection regimes being suitable safeguards. The assumption that information can be bifurcated into communications data and content is, I suggest, ill advised and misleading. Such an approach fails to appreciate the nature of contemporary surveillance systemsand,moreimportantly,neglectsaproperlyrelationalunderstandingoftheself.Anholisticmodel ofcommunicationsdatathataddressestheseissuespresentsaseriouschallengetothewayinwhichthe Billisconceived. Thesurveillanceassemblage. 16. IdonotdisputethatknowingthatIspeaktoXonagivenoccasionisgenerallylessintrusivethan what I say to X. However, to discuss communications data as if this refers to single instances is misleading.KnowingthatIspeaktoXninetimesinoneweek,whenIaminlocationsD&E,butnotwhen IamatlocationFisbeginningtocomposeavarietyofpossibleimpressionsaboutme.InformationthatI speak to X always shortly after speaking to Y, perhaps with no other intervening communications enrichesthepicture.Addtothis,informationthatIalwaysvisitpagesPandQofwebsiteTimmediately afterspeakingtoX,andaquitedetailedprofileemerges. Itisthe assemblage 517ofdifferentpiecesofcommunicationdatathatis,Iwouldargue,akinto messagecontent data. Knowing about whom, when, where, to what sites, and with which devices a personcommunicatesasdiscretepointsofinformationaregenerallyratherinnocuousdetails.However, whenassembled,andespeciallyconcerningnotjustonepersonbutanumberofpeoplewhoconnectwith oneanother,thegroundhasshifted. 18. Whilst an authority might legitimately argue that privacy was not breached on any single occasioninthegatheringofanydiscreteelementofthedata,Isuggestthatitistheassemblagethatneeds to be legitimated. Unfortunately, privacy and regulatory frameworks fall short because these generally conceive of occasions or discrete pieces of data rather than assemblages of information. Even more significantly, in the case of privacy laws, these were formulated when most details about us were ephemeral.AsHelenNissenbaumobserves,informationthatwasoncescatteredandtransientmaynow be ordered, systematized, and made permanent. 518 Data about our movements or connections with peoplewasoncepossiblyknowntoafewandobservablebysomemore butnottoomany iftheyhad thetimeandinclination;thatsituationhaschanged.Withtheubiquityofmobileandotherdigitaldevices onceobscureinformationaboutusisnowmadeaccessible. 519 19. Am I saying that communications data and messagecontent are therefore the same? No, but what the theory of surveillance assemblage suggests is that we must discuss communications data subscriber, usage and traffic as another kind of messagecontent around which the Bill already concedestheremustconsiderablesafeguardsagainstintrusionofprivacy. 20. That content is a much wider concept than is currently accepted is a view given even more weightoncewestartaskingquestionsofthemodeloftheselfthatisassumedwithintheBill. Therelationalandperformativeself. 21. Aclassicliberalmodeloftheselfwilltendtopositanautonomousagent,abstractedfromspecific contextsandfocusupontheindividualastheprimary ifnotthesole modeofbeinghuman.Itisthus possible to see how the division between context and self might be carried over into similar thinking about communications as comprising abstractable, detachable communications data and personal contentdata. Toposit insteada relational self is notmerely toacknowledgethe importance of human cooperation, connection and shared interests. A relational model of the self contends that it is in relationshipsthattheselfisconstructed.Theimplicationforcommunicationsdatabeingthatthese,just
17.
BritishJournalofSociology, 51/4 2000 ,60522. 518HelenNissenbaum,'ProtectingPrivacyinanInformationAge:TheProblemofPrivacyinPublic',Law andPhilosophy,17/5/6 1998 ,55996at577.SeealsoHelenNissenbaum,PrivacyinContext: Technology,Policy,andtheIntegrityofSocialLife Stanford,CA:StanfordLawBooks,2010 . 519DanielJ.Solove,UnderstandingPrivacy Cambridge,Mass.:HarvardUniversityPress,2008 ,189.
517KevinD.HaggertyandRichardV.Ericson,'TheSurveillantAssemblage',
399
likethecontentofmessages,areboundupwithformationandreformationoftheself;worthytherebyof similarprotections. 22. There is no single conceptual model of the relational self. Although some alternatives to the liberal, autonomous, decontextualised agent ground the self in psychological and social relationships these may not be sufficiently critical of cultural expectations and particularly of the way power is deployedbyinstitutionsandsocialstructuresthatseektonormalizeus.ForpoststructuralistslikeJudith Butler we have no stable essential self; instead personal identity is an illusion because the self is performative. 520Inotherwords,bysayingsomethingwearedoingsomethingnotmerelydescribingor reportingit. 23. Theimplicationsforattemptstobifurcatecommunicationsdataandcontentofmessagescome intosharpfocusnotonlywhenweconsiderourconnectivity ourrelationships asintrinsictoourself formation but once we appreciate that we are not being a self but doing a self. A communications data/contentdichotomyisuntenableandindeedperniciousfortheperformativeself.Theperformative speechacts in which we continually make and remake ourselves cannot be carved up into content, subscriber, usage and traffic components. All elements together and indivisibly form speechacts. Attemptstodisengagediscretecomponentsarepoliticalsteps,particularlysowhenthisaffectsthosewho liveattheintersectionsofsystemsofeconomic,racial,gender,andclassstratifications. 24. The problem does not, however, vanish if we are unable to concur with Butlers poststructuralism. Seyla Benhabib has argued for a sociallysituated self and rational philosophical justificationofuniversalnorms. 521Hernarrativeconceptionoftheselfisoneinwhichweareconstantly writingandrevisingourunderstandingofwhoweareasweengagewiththeselfreflectivenarrativesof other people. We continue to be faced with the crucial point that who, when, for how long, where and with whom else we are communicating is integral, not extrinsic, peripheral or detachable from our mutuallyengagingnarratives. Conclusions 25. Arelationalmodeloftheselfinconjunctionwithanappreciationofthe assemblageofdataleads totheconclusionthatthecurrentdefenceoftheproportionalityoftheBillsproposalsispredicatedona mistakenbifurcationofcommunicationsdatafrommessagecontent. 26. Setting it within a broader context of precaution and preemption, the Bill fails a sophisticated test of proportionality. Possibilities of function creep and greater standardizing of communication technologyspecificationsataEuropeanlevelonlyexacerbatethedangersinthegovernmentsproposals. 27. Asystemforretainingcommunicationsdataandcontentisnecessary.However,retentionofdata beyondnecessarybusinesspurposes oughtonlybepermittedupontheissueofawarrant. 28. Although the data of some innocent parties may be retained and searched during a specific investigation, procedures can be required for this data to be destroyed upon elimination of such an individual from enquiries. This approach would authorise the creation of a means of retaining and searching everyones data but, crucially, its use would only be permitted in a targeted and warranted investigation. 29. An important corollary follows: that the resources be made available to adequately train the magistracyinorderthattheymightmakeinformeddecisionsinarapidlydevelopingfieldand,similarly, thatinformationcommissionersmightproviderobustoversight.
anyonemaybemonitored,noteveryoneis.
August2012
30.
In sum, surveillance as a tool and as a disposition is to be constrained whereby although
520See,forexample,JudithButler,'ContagiousWord:Paranoiaand'Homosexuality'intheMilitary',inIain
MorlandandAnnabelleWillox eds. ,QueerTheory Basingstoke:PalgraveMacmillan,2005 ,142 57. 521SeylaBenhabib,SituatingtheSelf:Gender,CommunityandPostmodernisminContemporaryEthics Cambridge:Polity,1992 .
400
Steven Taylor
1."Ifyouvegotnothingtohide,youvegotnothingtofear" It isnt about what weve got to hide but about what we want to protect, i.e. our private thoughts and personal space, our private legitimate business andour personal details. No one would be happy if the governmentorthepolicewantedtoinstallaCCTVsystemintheirhousejustincasetheyonedaysuspect youhavecommittedacrime,wouldthey?Crimepreventionargumentsmustnotunquestionablyoverride theprivacyoflawabidingcitizens. 2."Thepoliceserviceneedsaccesstothisinformationtokeepupwithcriminalsandstopterrorists" The police and intelligence services already have powers to place individuals suspected of committing crimeundersurveillance. Thedraftbillhowever,wouldallowinformationtobesystematicallycollectedabouteveryone,effectively treatingalllawabidingcitizenassuspectedcriminals. Furthermore,thisisnotjustaboutseriouscrimeorterrorismdetectionbythepoliceorsecretservices. Access to communications data is granted to local authorities and many other public bodies for a wide rangeofpurposesthathavenothingtodowithcrimefighting. Whatsmore,thereareandwillalwaysbemethodsofcommunicationthatdonotcomewithintheStates reach. These range fromthe use of payasyougomobile phones tocomplicated encryption techniques notusedbyordinary,innocentpeoplebutnodoubtfamiliartoandwidelyusedbyseriouscriminals,who willlikelyavoiddetection.Whilstthesensitive,personalandprivatedataofmanyinnocentpeoplewillbe captured,seriouscriminalsmaybeunaffectedandgounmonitored. 3."TheCommunicationsDataBillwontchangeanything.Itsalreadyarequirementforsometexts,emails andphonecallstobestored" ItismyunderstandingthathisrequirementisalreadyproblematicandtheGovernmentnowwantstogo muchfurther.Forthefirsttimeprivatecompanieswillbeinstructedtocollectinformationonbillionsof communications made bytheir customers for no other reason thanthe authorities future demands for access.Thisamountstomass,blanket,surveillanceofthepopulationoutsourcedtotheprivatesector. For these reasons courts in Germany, Romania, Bulgaria, Cyprus and the Czech Republic have found similararrangementsintheirrespectivecountriestobeunconstitutional. 4."It'snotaboutthecontentreadingpeople'semailsorlisteningtotheirtelephonecalls.It'saboutthe 'who,whenandwhere'ofcommunications" Fraudsterscanstealapersonsidentitybysimplysiftingthroughapersonsrubbishtocompileapicture of their target from the fragments of information they retrieve. Your communications data trail can buildupaverydetailedpictureofyourlife:whoyouhavetexted,emailedandtelephonedonanygiven day;whereyouwerewhenthecontactwasmadeandforhowlong;whichwebsitesyouhavevisitedin theprivacyofyourownhomeandmore.Inparticular,webaddressescantellyouanawfullotabouta personthestateoftheirhealth,theirhobbiesorpoliticalinterests. This, together with the concerns expressed in the following paragraph, could expose innocent, law abidingcitizenstounnecessaryrisksoffraudand/oridentitytheftwhichwouldbedifficulttorectifydue tothefactthataccesstothedataholdingbodiesbyordinarycitizenswouldlikelyberestricted. 5."Communicationscompaniesandthestatewillkeepourpersonalinformationsafeandneverlookwhen theyrenotsupposedto" If the data loss scandals of recent years have taught us anything, its that the building of huge and unwieldydatabasescarriesrealandprovenrisks.Inrecentyearsthegovernmenthaslost25millionchild benefitrecords mineamongstthem aswellasthepersonalinformationofthoseservinginthearmed forces,witnessesincriminalcasesandprisoners.Localauthoritieshavealsousedintrusivesurveillance techniquessimplytodeterminewhetherafamilylivedintherightschoolcatchmentarea.
401
Buildingsuchacomprehensivedatabaseofthewebhabitsofthewholepopulation leavesusallatriskof bureaucratic error and fraud something that will not be lost on the criminal computerhacking community. 6.SUMMARY Ibelievetherearealreadysufficientpowersinexistencewhichareatthedisposalofthepoliceandother lawenforcementagenciestodealwithsuspectedcriminalsandterrorists. Effectively placing the whole population under surveillance is akin to using a sledgehammer to shell a peanut.Itwouldbeenormouslycostlyandpotentiallysounwieldyastobeineffectual. The risks to the ordinary, lawabiding citizen from data loss, hacking and fraud should not be underestimated or discounted. No system is 100% secure and the more information held upon it the more likely it is to be targeted by hackers and criminals. Sensitive data has been lost previously which wassupposedtobeheldsecurely. Finally,Iliketothinkthatwestillliveinacivilisedsocietywhereonehasarighttoenjoyprivacyinones privateaffairs.Previousgenerationsfoughtwarsagainstdespotsandtyrantswhousedsimilarmassdata collectiontocontrolthepopulationsintheircountries.TheintroductionofthisBillwould,Ifear,putin placepowerswhichcouldpotentiallyhavedarkconsequencesforthefuturefreedomsofeverycitizenin thiscountry. August2012
402
Telefnica UK Ltd
GENERAL: HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? TelefnicaUKLimited TUK understandstheissuestheBillisattemptingtodealwithandthe communicationsfromtheHomeOfficehasbeencomprehensive. 2. HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? TUKtakestheprivacyandsecurityofitscustomersdataextremelyseriouslyandhasalwaysresponded responsiblyandinatimelyfashiontolawful,authoriseddisclosurerequestsregardingitsowncustomers. ThewideningofthescopetoincludeTUKsowncustomersdatathatmaynotcurrentlybeheldfor businesspurposesappearstobeareasonableextensionoftodayspowers.WideningthescopetoANY datathathappenstotraverseournetworkdoesnot. TUKiscurrentlynotconvincedthatallprovidersofUKcommunicationswillbetreatedequallyandfear thatUKbasedprovidersmayfindthemselvesdisadvantagedbythisBill. 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? TUKbelievesitoffersafairlybalancedimpactontheprivacylandscape.Theadditionalintrusionof extendingaccesstoALLdataisoffsetbytheadditionalproportionalityoftherequestfilterandthe additionaloversightofrequestsfromlocalauthoritiesetc. 4. Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionof communicationsdata? TUKbelievesfewlessonscanbelearntfromtheapproachofothercountries..Thefundingmodeladopted bytheHomeOfficeinadditiontoanadversarialjusticesystemmeansthattheUKlawenforcementisone ofthemostsophisticatedusersofcommunicationsdataintheWorld 5. Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? TUKbelievesthatthemostcosteffectiverouteforwardistoextendcurrentpowerstoincludealldata belongingtotheCommunicationsServiceProviders CSPs customerswhethercollectedforbusiness purposesornot.Collectingtransitingdataintroducesexpensiveduplication,drasticallyreducesthe usefulnessofthedatacollectedandaharshcommercialimbalanceinthecommunicationsindustry. 6. ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernsthe retentionofcommunicationsdata? Twopiecesoflegislationonethatclearlystateswhatwillbecollectedandtheotherthatsayshowitwill beaccessedhasworkedwelltodate.TheDraftCommunicationsDataBill CDB ,however,replacesthe RegulationofInvestigatoryPowersAct RIPA part1,chapter2,butalsotriestooverridetheUK transpositionoftheEuropeanDataRetentionDirective EUDRD byincludingnewrulesforwhatwillbe availabletoberetained,thusblurringtheboundaries. 7. IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties? 1.
403
WithinthedraftCDBthescrappingofalltheoddpiecesoflegislationthatcommunicationsdataappeared tobeauthorisedbyISagoodquidproquo. 8. WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKasa lessattractivebase?Whatmightbetheeffectonbusiness? ThisbillissettodriveacommercialwedgebetweenUKpublicnetworkprovidersandtherestofthe communicationsprovisionindustry.AtfacevaluetheBillappearstoplacetheresponsibilitywhollyon thebackbonenetwork.TheOTTplayershavealreadydisintermediatedthenetworksandthefinancial modeluponwhichtheywerebuiltnolongerexists.ThisclearlyplacesevenmoreadvantagewiththeOTT playersanddeterminesabusinessmodelwhereitmakeseconomicsensetodevelopproductsand servicesoutsidetheUK. COSTS: 9. Istheestimatedcostof1.8bnover10yearsrealistic? Withoutfurtherdetailastohowthiswascalculated andindeedhowmuchofthedraftCDBextreme potentialwillbeutilised ,TUKisnotinapositiontocomment. 10. TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBillcould beworthbetween56bn.Isthisfigurerealistic? Withoutfurtherdetailastohowthiswascalculated andhowthedecryptionofproprietaryencryption willbeachieved ,TUKisnotinapositiontocomment. SCOPE: 11. Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate?Do theysensiblydefinethescopeofthepowersinthedraftBill? Thekeytotheeffectiveuseofthecollectiontechnologywillbeaverydetaileddefinitionofwhatisand whatisnotcommunicationsdatainanInternetProtocol IP World.Thereisnotsufficientclarity availableasyet.Thewordsusedtodescribecommunicationsprovidersareoutofdateandneedupdating toensurethereisnoroomformisinterpretation. 12. WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill?Shouldit bepossiblefortheSecretaryofStatetovarythislistbyOrder? Thepublicauthoritiesshouldcontinuetobelimitedtothepoliceandcertaingovernmentagenciesthat canprovetheirneedunderRIPA. TheSecretaryofStateshouldbeabletovarythelistandbeabletoremoveanyLEAwhohasabusedthe privilege. 13. Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? TUKdoesnotbelievetheplansareatallrobust.Thespectrumofoverseasprovidersgoesfrommulti nationalplayerswhoseetheUKasatinypercentageoftheirmarketandwhowillbeunwillingtochange theirtradingpracticestosuit,throughtobackroomapplicationdeveloperswhowillbeimpossibleto locate. USEOFCOMMUNICATIONSDATA: 14. Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? Nocomment
404
15. Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? Neither.SincetheUKtranspositionoftheEuropeanDataRetentionDirectivewasintroducedintheUKin 2007,12monthshasprovedtobelongenoughtoensurethatdataisavailablelongenoughtobeavailable forthemajorityofcasesbutnotsolongthatavastamountofinnocentdataisbeingheldunnecessarily. SAFEGUARDS: 16. Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould designatedseniorofficerbedefined?Isthissystemsatisfactory?Arethereconcernsabout compliancewithArticle8ECHR? Adesignatedofficershouldbesomeonewhoisspecificallytrainedtounderstandwhatheorsheis authorisingandtheimpactsthereof.ThedraftCDBalsohandsthedeterminationofthecorrecttypeof requesttotherequestingofficer.Intheoryitappearstobeagoodsystem. UsedcorrectlythedraftCDBappearstobeneutralwithregardstoArticle8EHCR. 17. Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplytoall publicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? NoThewarrantsystemisantiquated,laboriousandoffersnomoresecurityorassurance. 18. IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformationCommissioner sensible? Moredetailrequired. PARLIAMENTARYOVERSIGHT: 19. ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? Moredetailrequired. ENFORCEMENT: 20. Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomplywith therequirementsofthedraftBill? Nocleardefinitionofthepenaltiesorhowandwhentheywillbeinvokedaregiven.Itis,therefore, impossibletocomment. 21. Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthe draftBillamounttoanoffence? Moredetailrequired TECHNICAL: 22. Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapturecommunications datareliably,storeitsafelyandseparateitfromcommunicationscontent? Yesaslongassufficientdetailonthedefinitionofcontentversuscommunicationsdataisagreed. 23. Howsafelycancommunicationsdatabestored?
405
Communicationsdatacanbestoredverysafelybutthecomplexityofthenecessarysecurityandthe impactsofhandlingencrypteddataincreasethecost. 24. Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? TUKbelievesthatitwillbetechnicallypossible,ifexpensive,butalotmoredetailisrequiredtocomment onappropriateness. 25. HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Moredetailrequired. 26. Arethereconcernsabouttheconsequencesofdecryption? ThereislikelytobeamarkedincreaseintheuseofencryptioniftheBillgoesthroughascurrently written.Thedecryptionofthedatatoturnitintousefulintelligencewillbeamajorhurdle. August2012
406
Ernest F. Thornton
Ihopeyouwillforgivemyintrusionintoyourdeliberationsbutitisapparentlydeemednecessaryto proceedfurtheralongtheOrwellianroadofpeoplewatching.MayItakethisopportunitytourgethe committeetoensurethat: safeguards,checksandappealsystemsarerobustenoughtoprotectindividualprivacyandthe rightofdefenceundercriminallaw. therelevantpublicauthoritiesareaccountableandthatfuturerequestingauthoritycannotbe handledbyaprivatecompany suchasG4S orsomeobscurequango. theInformationCommissionerandInterceptionofCommunicationsCommissionerandjudicial authorityhavesufficientpowersandresourcestooverseeandinvestigateinorderthatwedonot havearepeatofthemisuseofphonetappingbysomelocalauthorities. sincethereistobeanappropriatecontributiontowardsthecosttothetelecommunications operator,whichineffectmeansthatthetaxpayerswillbepayingfortheiremailcommunication datatoberecorded,willtherebeanylimitationontheamountspaid? thereissomepolicingofthedurationofauthorisationsandfilteredcommunications.
ThankyouforprovidingtheinformationthatallowedthiscommunicationtobemadeandIwishyou everysuccessinstrikingabalancebetweenprotectingtherightsofindividualsandtheinterestsofpublic safetyornationalsecurity. August2012
407
Timico Ltd
Summary ThedecisiontopassnewlawsisverymuchthedemesneofMembersofParliament.Thedecisionof whethertopursuetheCommunicationsDataBillwillclearlybetheirs. ThisdecisionshouldbebasedonwhetherthepotentiallossofprivacytoUKcitizensiswarrantedbythe possiblegainindetectingandpreventingcrimes.Timicosympathisesconsiderablywiththoseworkingin theareaofLawEnforcementbuthasseriousconcernsthatwearegoingdownapaththatmightbettersit inaGeorgeOrwellnovel. Whilstitisprobablytechnicallypossibletoachievemanyofthemeasuresthatmightbeenvisagedfor implementationitisunlikelythatwehaveagoodunderstandingofthetotallongtermcostsofthe project. Thereisalsoaconcernthatthesemeasureswillbeinsufficienttointerceptcommunicationsbetween criminalsintentonthemostseriouscrimesastherewillbemanywaysofavoidingdetection. Introduction TimicoisasuccessfulbusinessInternetServiceProviderwithitsHeadquartersinNewarkin Nottinghamshire.TimicoiswhatyoumightcallamidsizedISP.AcrossthegroupofTimicocompanies therearearound25,000broadbandcustomerstowhowealsosellhosting,mobile,VoIPandother communicationsservices. Becauseofoursizeandthebusinessnatureofourcustomerbasewehavetypicallybeenoverlookedby theGovernment/OfcomwhenitcomestobeingsubjecttoISPspecificlegislation.Forexamplewearenot partoftheinitialtrancheofISPscoveredbytheDigitalEconomyActalthoughwecouldwellbeatalater phase.Althoughitistoosoontotellitislikelythatwewouldalsonotinitiallyberequiredtoimplementa CommunicationsDataActshouldthecurrentDraftBillevergettothatstage. Preamble TimicoaremembersoftheISPAssociationandnormallyleaveittotheirexperthandstoreplyto Parliamentaryrequestsforconsultation.OnthisoccasionhoweverweconsidertheDraft CommunicationsDataBilltobeoneofsuchenormousconsequencesthatwefeelcompelledtoprovide ourowninput. ItisrecognisedthattheSecurityServiceshaveaneedforinformationthatwillhelptosolveorprevent crimes.AgreatdealofinformationisalreadyavailabletotheseagenciesandisalreadyaccessedviaRIPA requests. Itisalsorecognisedthatthetechnologicalworldhasalsoprogressedinthemodesofcommunications beingavailabletopeople.Theplainoldtelephonecallmovedontothecallbeingmadefromamobile phone,supplementedbytextmessages. Todaythereareahugenumberofwaysthatpeoplecommunicate:socialmediaplatforms,email,instant messaging,video,onlinefora,VoiceoverIP,blogsandotherwebsites.Theamountofdetailed informationavailableaboutanindividualcouldbeextensiveifwehadthefacilitytocollectingitall. Concern#1LossofPrivacy HistoricallythedataprovidedtoLawEnforcementandotherAgencieshasbeenverytargeted. Whoownsthismobilephonenumber? Wherewasthismobilephoneatagiventimeanddate WhoownsthebroadbandlineassociatedwiththisIPaddress
408
Andsoon Thetypeofinformationavailablehasbeenfairlylimitedbutbecauseofthisthepotentialfordamage throughtheleakingorlossofpersonaldatahasalsobeenlimited. Ifwearenowaskingforwhatcouldeffectivelybeacompletecharacterisationofanindividualspersonal lifetobestoredreadyforretrievalthenthescopefordamagetoapersonsprivacyisfargreaterifthat dataislostorstolen. Whostoresthedataisalmostirrelevant.StoringthedataattheISPmay ormaynot preventaccessby individualsorGovernmentwhomightexploittheavailabilityofthatdataforunintendedusesegfishing forpossibleperpetratedcrimesbasedonsearchesagainstattributesofknowncriminals.Wherethe informationisstoredisnotthepoint. Thepointisthatitisphysicallyimpossibletototallysecurethisinformation.WheredidWikileaksgetits informationfrom?Whetheritisdowntoinsiderinvolvement,corporateincompetenceorfailuretospot extremelyunlikelyscenariosasforexamplehappenedwiththemeltdownoftheFukushimanuclear reactorsinJapansurelyanareaoftechnologicalsecuritythathadthemostreliablesafetyfeaturesbuilt in. Weneedtoassumethatthehighlypersonalinformationbeingstoredwillindeedbeleakedandfor examplepublishedonaRussianwebsiteasrecentlyhappenedwith6.5millionLinkedInpasswords. Thequestionhereiswhetherthisisanacceptabletradeoffforthebenefitsthatmightbeaccruedtothe securityofourcountry? Itcouldwellbearguedthatmanybusinessesalreadyhaveamassiveamountofpersonalinformation aboutindividualsandallthatisbeingrequestedintheDraftCommunicationsDataBillisthatinformation similartothisismadeavailableforthepurposesofLawEnforcement.Itmightperhapsbereasonableto askwhetherbusinessesshouldthemselvesbeallowedtostoresuchpersonaldata. Concern#2Costandtechnicalfeasibility BecausetheDraftBilldoesnotgointothespecificsofwhatisgoingtobeaskedforitisdifficultto determinewhetherthiswillbetechnicallyfeasibleornot.Onthebasisthatmosttechnologicalproblems canbesolvedifenoughtimeandmoneyarethrownatthemwecanprobablysaythatwhateverisasked ofISPscanprobablybedone. Whilstitmaybepossibletointerceptandstoreallthedatarequested,thenatureoftheinternetissuch thatwaysofcircumventingthesedetectionmeasureswillbefound.Newemailproviders,newIMor socialmediaplatformscouldbeusedthatwillinevitablyinvolveanexpensiveandcontinuousprocessof maintainingthecapability. Itisdifficulttobelievethatthecostsassociatedwiththisactivitycanreasonablybedeterminedwithout understandingthescopeofthework.Duetothenatureofwhatisbeingpursuedherethecountrycould belookingatanexpensiveandendlesstaskwithatotalcostthatcannotbeforecast. Concern#3Efficacy AsfarascostgoesonemightaskWhatpricepreventinganother9/11?whichwouldbeavery reasonableapproach. Thereisamoreimportantunderlyingissueherethatconcernswhetherspendingthemoneywouldreally haveanyeffect.Itmaywellbethatsomecrimeswouldbesolvedwherepreviouslythiswouldnothave beenthecase.
409
HoweveritislikelythatmostcriminalsorterroristspursuingtheirgoalsknowingthatLawEnforcement Agencieswouldbelookingoutforthemwouldemploycommunicationsmethodsthatwouldnotbe detectable.Forexampleusingproxyserverstohidetheirtruelocationandusingencryptedemails. Asanexampleofthis,anecdotallytheblockingintroducedtosupporttheInternetWatchFoundationis notconsideredtohavepreventedanypaedophilesfromaccessingtheunlawfulmaterialtheblockswere supposedtoprevent. AlsotheBBCrecentlyreportedthatthetraffictothePirateBaywebsitehadgrownsincethecourtorder wasissuedmakingISPsblockaccesstothesite. http://www.bbc.co.uk/news/technology18518777 Thistellsusthatanytechnologicalmethodsemployedtodetectandcontrolaccesstospecificwebentities caneasilybebypassed. Concern#4ScopeCreep Ifwesweepasideanyconcernsregardingprivacy,costandefficacythenscopecreepstillremainsasa worry. Thecapabilitythatwouldbeputinplaceherewouldbeextensiveinitsabilitytocollectinformationon people.Whilsttheintentionmightwellbetousethisinformationinlimitedandcontrolledcircumstances itisnotdifficulttoenvisagepoliticiansinyearstocomeseeingusesfortheinformationthatwerenoton theradaratthetimetheActwasconceived. Itisntconstructivetodetailwhatsuchanextendedusemightbewhetherpoliticalorinsupportof privategain.Howeverifthecapabilityisnotthereitcantbedone. Conclusions ThedecisiontopassnewlawsisverymuchthedemesneofMembersofParliament.Thedecisionof whethertopursuetheCommunicationsDataBillwillclearlybetheirs. ThisdecisionshouldbebasedonwhetherthepotentiallossofprivacytoUKcitizensiswarrantedbythe possiblegainindetectingandpreventingcrimes.Timicosympathisesconsiderablywiththoseworkingin theareaofLawEnforcementbuthasseriousconcernsthatwearegoingdownapaththatmightbettersit inaGeorgeOrwellnovel. Whilstitisprobablytechnicallypossibletoachievemanyofthemeasuresthatmightbeenvisagedfor implementationitisunlikelythatwehaveagoodunderstandingofthetotallongtermcostsofthe project. Thereisalsoaconcernthatthesemeasureswillbeinsufficienttointerceptcommunicationsbetween criminalsintentonthemostseriouscrimesastherewillbemanywaysofavoidingdetection. August2012
410
The Tor Project

BackgroundtoTheTorProjectandtheTorsoftware 1 TheTorProjectisa501 c 3 nonprofitbasedintheUnitedStates,butwithemployees,contractors, andvolunteersworldwide includingtheUnitedKingdom .TheTorProjectconductsresearch, training,andsoftwaredevelopmenttoimproveInternetprivacyandsafety,andtopromotefree speech,freeexpressionandcivicengagement. 2 TheTorProjectispredominantlyfundedbyNonGovernmentalOrganisations NGOs and governments,aswellasindividualandcorporatedonations.RecentfundersincludetheSwedish InternationalDevelopmentAgency Sweden ,theBroadcastingBoardofGovernors US ,the NationalScienceFoundation US ,theNLnetFoundation Netherlands andHumanRightsWatch US . ThecoresoftwareproductdevelopedbyTheTorProject,"Tor"wasoriginallydesignedand implementedasaresearchprojectbytheUnitedStatesNavalResearchLaboratory.TheTorsoftware improvesitsusers'safetywhileusingtheInternetbyredirectingcommunicationsviatheTor networkapproximately3,000computers "nodes" operatedbyvolunteersworldwide.Thenodes chosenforaparticularcommunicationareselectedrandomlybytheTorsoftwarerunningonthe user'scomputer. CommunicationssentviaTortypicallywillpassthroughthreenodesbeforebeingsenttothe ultimatedestination.EachoftheseTornodeswillknowthesourceimmediatelybeforeit,andwill knowthenextdestinationforthecommunication,butanyonenodewillnotknowboththeoriginal sourceandultimatedestinationforthecommunication.Communicationbetweennodes,andbetween theuser'scomputerandtheTornetworkareencryptedtoprotectagainsteavesdroppingand tampering. Throughthisapproach,Torprotectsusersagainstsomeonemaliciouslyobservingtheircomputer's Internetconnectionfromdiscoveringwhichwebsitestheyareaccessing,andwhomtheyare communicatingwith.Thiscouldbeofimportance,forexample,toajournalistcollectinginformation abouthumanrightsabusesfromsourceswhosepersonalsafetycouldbeputatriskifthegovernment discoveredtheyweretalkingtojournalists. Toralsoprotectsusersagainstwebsitesdiscoveringtheidentityoftheuserswhoareaccessingthem. Thiscouldbeofimportance,forexample,toalawenforcementagencycollectingintelligencefroma websitesuspectedtobeinvolvedincriminalactivity.Equally,normalInternetusersmaydesire privacyandwanttoprotecttheiridentityfromwebsiteswhotheyareconcernedmightprofiletheir behaviouranduseitinappropriatelyorsellit. ArapidlygrowinguseofToristoallowuserstocircumventnationalcensorshipschemes.Such censorshipmaybelongterm,suchasthe"GreatFirewallofChina",orcanberesponsivetoparticular events,suchastheblockingofFacebookandYouTubebytheTunisianregimeintherunuptothe revolutioninlate2010/early2011. OtherusesofTorincludevictimsofcrimetalkingtofellowsurvivorsanonymously,children protectingtheirpersonallyidentifiableinformationwhileusingtheInternet,militarypersonnel workingundercover,operatorsofanonymoustiplinesreducingtheriskoftheirsourcesbeing compromised,whistleblowersreportingoncorruption,andfinancialinstitutionsconductingdue diligence. FurtherinformationaboutTheTorProjectcanbefoundonourwebsite: https://www.torproject.org/
UseoftheInternetbyHumanRightsActivists 10 ThissubmissionisnotonlybasedonhowtheDraftCommunicationsDataBillwouldaffectTheTor Projectandusersofitssoftware,butalsohowthedraftbillwouldaffectmoregeneraluseofthe Internetbyhumanrightsactivists.Informationincludedinthissubmissionisbasedonexperienceby TorProjectmembersoftraininghumanrightsactivistsonhowtoeffectivelyandsafelyuse computersandtheInternet. 11 InternetusagebyHumanRightsActivistscanbebroadlysplitintotwocategories.
411
12 FirstlythereistheuseofgeneralpurposeInternetservices,suchasFacebook,YouTube,Twitter, Flickr,andwebmailproviders.Thesearepopularamongsthumanrightsactivistsbecausetheyare familiar,easytouse,andcapableofwithstandingburstsindemandthatmightswampsmaller services.Theyarealsowidelyusedoutsideofthehumanrightscirclesandsomaydrawless attentionbytheregimebeingdefendedagainst,andmakeiteasiertogetinformationoutofthe countrytopromotetheircaseabroad. 13 Secondly,therearespecialpurposetoolsdesignedwithhumanrightsactivistsasasignificant althoughperhapsnotexclusive targetusergroup.ToolsinthiscategoryincludeTorandMartus a softwarepackagedevelopedbyBenetech 522forsecurelycollectingdataofhumanrightsabuses . Suchtoolsaredevelopedbecausethereisalackofsecurityorfunctionalityingeneralpurpose Internetservicesandsoftwarepackages. 14 Bothcategoriesofusageareimportant,althoughperformingaquantitativecomparisonisdifficult. UseofgeneralpurposeInternetservicesforhumanrightsislikelytobemorepredominant,butwhile usesofspecialpurposeInternetservicesmaybefewerinnumbertheymaybegreaterintheir importance. CommentsontheDraftCommunicationsDataBill SecurityofstoredCommunicationsData
AddressingQ2223
15 Thecurrentstateoftheartincomputersecurityisnotsufficienttoadequatelyprotecteitherstored communicationsdataorrestrictaccesstofacilitiesbuilttocollectcommunicationsdata.Although therearetechniquestoprotectcomputersystemsfromlargescaleattacks,therearenoeffective measuresforprotectingcomputersystemsfromtargetedattackbyacapableadversary,especially whenanadversarywithstatebackingisapossiblethreat asisthecasewithcommunicationsdata concerninghumanrightsactivists . 16 Thiscanbeseenfromthenumerousbreachesofsecurityofcommunicationsserviceproviders,even thosewhobyfarexceedindustrystandardlevelsofprotection.Itislikelythatthereareothercasesof breachesthathavenotbeendisclosedduetocommercialsensitivity. 17 OnesuchexampleisthebreachofGoogle'swebmailserviceinDecember2009 523.Thisattackwas specificallytargetedagainstChinesehumanrightsactivists.ThebreachofGooglewaspartofaco ordinatedandsophisticatedattackthatalsoincludedAdobeandothercompaniesthatchosenottobe publiclydisclosed 524.Theattackmadeuseofcustommademalwarethatwasspecificallydesignedto, andsucceededat,avoidingdetectionbyantivirussoftware.Italsoexploitedavulnerabilityin MicrosoftInternetExplorerwhichwas,atthetimeoftheattack,notknownpublicly.Theidentityof theattackersremainsunknownandwasdisguisedbybouncingtheircommunicationsthrough hijackedcomputersintheUSandTaiwan.
18 AnothernotableincidentisthecompromiseoftheVodafonetelephoneexchangeinGreece 525, allowingattackerstobugthemobiletelephoneofover100highrankingdignitaries,includingthe primeminister.Inahighlysophisticatedattack,customdesignedsoftwareactivatedthelawful interceptfunctionalityofthetelephoneexchangeeventhoughVodafonehadnotpurchasedit.The attackersalsosuccessfullycircumventedtheauditlogging,tohidetheunauthorisedaccess. Eventuallythetamperingwasdiscoveredbutonlyafteralmostayearofbeingactive theexactdate theattackwasperpetratedremainsunknown . 19 Asafinalexample,ahackersupportiveoftheIraniangovernmentbutwhostatedthathewasnot affiliatedtothegovernment,compromisedthecertificationauthoritiesDigitNotarandComodo and claimstohavecompromisedothers ,andmanagedtoobtaindigitalcertificateswhichwere successfullyusedtoimpersonateGoogle'swebsite,potentiallycollectingsensitiveinformationsuch
522https://www.martus.org/ 523http://googleblog.blogspot.co.uk/2010/01/newapproachtochina.html 524http://www.wired.com/threatlevel/2010/01/operationaurora/ 525http://spectrum.ieee.org/telecom/security/theathensaffair/
412
aspasswords,communicationsdata,andcontent 526.ThesameattackeralsotargetedTheTorProject website,soitisreasonabletosuspectthathumanrightsactivistswerealsoamongthetargets. SensitivityofCommunicationsData 20 ThedraftbillandsubmissionsoftheHomeOfficemakeclearthatonlycommunicationsdata,not content,maybecollectedanddisclosed.TheHomeOfficearguethatcommunicationsdataisless sensitivethancontent,andthusdoesnotdeservethesamesafeguards,restrictionsoncollection,or levelofauthorisationtoaccess. 21 However,inmanycasescommunicationsdatacanbeassensitiveascontent,andinsomecasesmay bemoresensitivethancontent. 22 Forexample,"usedata" followingtheterminologyusedintheannextothedraftbill revealingthat someoneaccessedawebsitewhichiscollectingevidenceonhumanrightsviolationscouldputthat personortheirfamilyinseveredanger. 23 EvendisclosingthatsomeonewasusingtheInternetataparticulartimecanbesensitivewhenitis correlatedwith,forexample,thepostingofvideosofhumanrightsabusesonYouTube.Whilethe timingofasingleinstanceofavideoisunlikelytouniquelyidentifyaperson,repeatingthisexercise, combinedwithknowledgeofthe"usualsuspects"forsuchactivity,couldsingleoutanindividualfor repercussions. 24 Experimentshaveshownthat23.3%ofWikipediauserscouldbeuniquelyidentifiedfrom"usedata" alone,hadtheybeenusingTortoprotecttheirprivacy 527.Thisproportiongoesto95.7%whenonly Wikipediauserswhohaveposted50ormoreitemsonWikipediaareconsidered. 25 Asanotherexample,"trafficdata"showingthataphonecallmadebyajournalistwasfroma particularlocationcouldputthatjournalistatrisk.IthasbeenreportedthattheSyriangovernment wereusingtrafficdataanalysistotargetjournalists,andthistechniquehasbeenimplicatedinthe deathofSundayTimeswarcorrespondentMarieColvin 528. 26 Even"subscriberdata",whiletypicallylesssensitivethanusedataortrafficdata,canbeofcritical importance.Thedisclosureoftheidentityofapersonpseudonymouslybloggingaboutsexuality, politicalorreligiousbeliefscouldputsomeone'semploymentatrisk,evenwithinliberal democracies. 27 Thereasonthatcommunicationsdatacanbemoresensitivethancontentisthatitismoreamenable toautomatedanalysis,particularlywhencollectedinbulk asproposedbythedraftbill .Contentis designedforhumanstoread,anditisachallengingproblemforcomputerstoaccuratelyinterpret content.Incontrast,communicationsdataisdesignedforcomputerstointerpretandsoisfareasier forcomputerstoanalyseandallowingamoreaccurateanddetailedprofileofindividualstobebuilt thanispossiblewithcurrenttechnologytointerpretcontent. 28 Theexamplesaboveshowthatthediscussionofthedraftbillshouldnotexclusivelycentreona tradeoffbetweencivillibertyandsecurity.WhileitisundoubtedlynottheintentionoftheHome Office,thisdraftbillwillsignificantlyharmthesafetyofhumanrightsactivists.Thediscussionofthe draftbillthuscanbeframedasatradeoffbetweengivingadditionalpowerstolawenforcementto helpimprovepublicsafetyinexchangefortakingawaytheabilityofhumanrightsactivistsand humanrightsorganisationsofprotectingthemselves. 29 Inmakingthistradeoffitisalsoimportanttonotethatwhileasinglebreachofsecurityissufficientto compromisethesafetyofahumanrightsactivist,theinabilityforlawenforcementtoobtain communicationsdatarelevanttoasuspectedcrimedoesnotmeanthattheinvestigationwillnot succeed.Therearefrequentlyalternativesourcesofinformationthatwillresultinasuccessful outcomeofthecase.
526http://arstechnica.com/security/2011/09/comodohackerihackeddiginotartooothercas
breached/
527http://wwwusers.cs.umn.edu/~hopper/surf_and_serve.pdf 528http://www.telegraph.co.uk/news/worldnews/middleeast/syria/9098511/MarieColvinBritain
summonsSyriaambassadoroverkilling.html
413
Safeguards
AddressingQ1618,24
30 Thedraftbillproposessafeguardsforaccesstocommunicationsdata,includingapprovalbya designatedseniorofficerbeforetheapplicationcanbemade,andrequiringthattelecommunications serviceprovidersretaindatasecurely. 31 Asdiscussedabove,itisunlikelythatmechanismstopreventunauthorisedaccesstodata,or interceptionfacilities,willworkasneeded.Auditmechanisms,todetectauthorisedaccess,areforthe samereasonslikelytobepossibletobypass. 32 Furthermore,afeaturethatwilllikelyberequiredbylawenforcementagenciesandintelligence agenciesisthatthequeriesbeingpassedtotheRequestFilterbethemselvesconfidential asthe compromiseofthisdatacouldinterferewithinvestigations .Thereforeitwilllikelynotbepossible forthetelecommunicationsserviceprovidertoproperlyauditaccess,anditwillbechallengingto safelystorelogsforanysubsequentauditbytheInterceptionofCommunicationsCommissionerand theInformationCommissioner. 33 Evenignoringthesignificantpossibilityofunauthorisedaccesstostoredcommunicationsdata,and ignoringthesignificantpossibilityofunauthorisedenablingofinterceptionfunctionality,themere possibilitythatthepowersinthisdraftbillwillbeexercisedintroducesharm. 34 Thisisaconsequenceofthefactthatthecostandriskofaddingnewfunctionalitytoacomputer systemgrowsdramaticallythelaterinthedevelopmentprocessthatthechangeisintroduced.While itmaybecomparativelycheaptoaddnewfunctionalitywhileasystemisonthedrawingboard,it willbemuchmoreexpensivetoaddthesamefunctionalityoncethesystemisdeployedinthefield. 35 Therefore,thefactthatthepowersinthedraftbillmightbeexercisedwillleadto telecommunicationsserviceprovidersandtheirequipmentsupplierstoputinplacefunctionalityto interceptandstorecommunicationsdata,evenbeforeanypowersareexercised.Providersmayalso adoptdesignsfortheirsystemswhichfacilitateinterception,suchasthroughgreatercentralisation, butwhichleavethesystemsmorevulnerabletoattack. 36 Asaconsequence,theriskofinterceptioncapabilitybeingactivatedwithoutauthorisationwillbe increased.Furthermore,thesameequipmentwilllikelybesoldtoothercountrieswhomayusethe sameinterceptioncapabilitytospyonhumanrightsactivists. 37 ItisalsolikelythatothercountrieswillusethefactthattheUKisproposingsuchlegislationasa justificationfortheirownsurveillanceproposals.ThispatternwasrecentlyseenwhentheChinese statenewsagencycapitalisedonthePrimeMinister'sstatementtotheHouseofCommons contemplatingthecensorshipofsocialnetworksduringthe2011riots 529. Responsesfromindustry 38 TheresponseofInternetservicestotheriskstohumanrightsactiviststhattheproposedbillpresents willdependonhowimportanthumanrightsactivists,andotherswhodependinInternetsecurityfor theirsafety,aretothecompaniespriorities. 39 ForgeneralpurposeInternetservices,humanrightsactivistsarearelativelysmallproportionof theirusagebase,andwhilesomeprovidershavebeenproactiveinprotectinghumanrightsactivists fromattack suchasGoogle 530 ,othercommercialconsiderationswilllikelytakepriority,andthese arebetterleftstatedbythecompaniesthemselves.
40 Incontrast,Internetservicesdesignedforhumanrightsactivistswilllikelytakeamoreproactive responseinprotectingusersfromharmandsoaremorelikelytoavoidbeingputinthepositionof havingtocompromiseusersafetybyavoidinghavingaUKpresence. 41 IntheparticularexampleofTor,recallthatitistheuser'scomputerwhochoosesthepaththrough thenetwork,soifthereissufficientfearthatUKnodesareunsafe,usersarefreetoavoidUKnodes withoutanyinterventionofTheTorProject.
529http://opennet.net/blog/2011/08/amidstriotsukcallscensorsocialmedia 530http://www.guardian.co.uk/technology/2012/jun/06/googlestatesponsoredhacking
414
42 Projects,suchasTor,mayalsoconsiderthatcarryingoutsoftwaredevelopmentintheUKistoohigh arisk,becauseofthepossibilitythatthisproposedbillcouldbeusedtocompelaprogrammerto introduceabackdoorintoaprogramtocollectcommunicationsdata.
AddressingQ25
Circumvention
43 AscanbeseenwiththeattacksonVodafoneinGreece,GoogleandAdobeintheUK,andDigiNotarin Denmark allofwhichtheidentityoftheattackersisunknown ,itiswellwithinthecapabilitiesof sophisticatedattackerstohidetheirtracesbyhijackingcomputersandusingtheseasstepping stones.Hijackedcomputersareeffectivelybeingusedasatelecommunicationsserviceprovider,but willnotfallunderthecontrolofthislawbecausetheownerofthehijackedcomputerwillnotknow thatitisbeingusedasatelecommunicationsserviceprovider. 44 Therearewellknowntechniques 531,andsoftwareavailable,fordefeatingtracingcommunications basedoncommunicationsdata.Specifically,messagesaredelayed,andextra"dummy"messagesare added,ateachpointthatcommunicationsarerelayed.Suchtechniquesincurahighoverheadbutan attackerwhohashijackedacomputertoactasasteppingstoneswillnotbepayingforthenetwork resourcesandthereforewillhavenoneedtobeconcernedatthecost. August2012
531http://mixminion.net/
415
Twitter Inc
Twitterisaglobalcommunicationsservicethatwascreatedin2006.Twitterallowsuserstosetupan accountforfreeandprovidesanopenplatformforcommunications.ATwitteruserfollowsdifferent Twitteraccountsandcansendandreceiveshort,140charactermessagescalledTweetsregardlessof thedevicetheyareusing.Twitterhasmorethan140millionactiveusers,including10millioninthe UnitedKingdom.Approximately400millionTweetsperdayarepostedgloballyonTwitter. TwitterInc.,isbasedinSanFrancisco.TwittersofficesinEuropearelargelyfocusedonsalesof advertisingproductsintegratedintotheservicefeaturesofTwitter. MostofwhathappensonTwitterispublicandviewabletoanyone.Theoverwhelmingmajorityof TweetsarepublicandaccessibletoanyonewhowantstofollowanaccountoraccesstheTweetsdirectly ontheweb,mobiledevice,orothermedium.Whenausersetsupanaccount,Twitterdoesnotaskthata userprovideahomeaddress,gender,age,orfinancialinformation.Theuserprovidesverylimited information suchasabioandanavatarpicture andthisinformationisalsopubliclydisplayedtoall otherusers.Accordingly,TwitterisapublicfacingserviceinthesensethatmostusersgotoTwitterto viewpublicTweetsandpublicinformationandtosendtheirownTweetspublicly. TwitterandLawEnforcement MostinformationonTwitterispubliclyavailabletolawenforcemententitieswithoutanyadditional assistance.Forthelimitedinformationthatmaynotbepubliclyavailable,TwitterhaspublishedLaw EnforcementGuidelines https://support.twitter.com/articles/41949guidelinesforlawenforcement whichoutlinetheproceduresbywhichlawenforcementcanrequestinformationormakearequestto preserveinformationforaninvestigation. WithregardstoUKlawenforcement,TwitterhasestablishedadedicatedliaisonpointwithUKpolice. Twitter,asaUSbasedentity,respondstoemergencyrequestswherethereisariskofdeathorserious injurytoaperson.Accordingly,weprocessandrespondtoemergencydisclosurerequestsfromtheUK, 24/7.Inaddition,supplementalmechanismswereputinplaceinpreparationforandduringtherecent LondonOlympicstoensurethatanypotentialemergencysituationcouldberapidlyaddressed.Fornon emergencies,TwitterrespondstorequestsforuserinformationfromnonUSlawenforcementthatare issuedviaU.S.courteitherbywayofamutuallegalassistancetreatyoraletterrogatory.Moreover, TwitterwillalsopreservenonpublicinformationuponrequestfromUKlawenforcement. Unlessotherwiseprohibited,itisTwitterspolicytoincludenoticetotheuseroftherequestforherorhis databeforesuchdisclosureismadeinordertoprovidesuchusertheopportunitytoseeklegalcounselor movetoquashtherequestincourt.Ifnosuchmotionismadeorthemotionisdenied,Twitterspolicyis torespondtocourtordersbyproducingrecordsinTwitterspossessionthatdonotcontainthecontents ofcommunications. Twitterspolicyistobeopenandtransparentwithourusersaboutthemeansandextentofdata collectionanddatarequestsmadeofusbylawenforcement.Inadditiontonotifyingusersofrequests madefortheirinformation,inJuly,Twitterreleaseditsfirsttransparencyreport https://support.twitter.com/articles/20170002twittertransparencyreport .Itdocuments governmentrequestswereceivedforuseraccountinformationorcontentremoval,alongwithcopyright takedownnotices. DraftCommunicationsDataBill TwitterdeeplyappreciatestheopportunitytocommentontheDraftCommunicationsDataBill,and wouldliketothanktheHomeOfficefortheirtimededicatedtooutreachonthisimportantpieceof legislation.WenotethestatedobjectiveoftheBillistoensurethatlawenforcementcanaccesscertain informationintheinvestigationofcrimeandterrorism.InofferingviewsontheprovisionsoftheBillwe arealsomindful,asindeedtheHomeSecretaryherselfhasstated,oftheneedtofindtheappropriate balancebetweenprotectingthepublicandsafeguardingcivilliberties. PartofthedifficultyinassessingtheimplicationsofthisBIllisthatitisessentiallyenablinglegislation. Thespecificdetails,implementingregulations,andformandcontentofsubsequentordersareasyet unknown.
416
PartIoftheDraftBillbroadlyauthorizestheSecretaryofStatetoorderatelecommunicationsoperatorto collectorgeneratecommunicationsdata,evenwheretheoperatordoesnotcurrentlycollectorgenerate suchdata.Asnotedabove,Twitterisaservicethatcollectsverylittleinformationaboutourusers,and whatlittleinformationwedocollectismostlypublictoall,includinglawenforcement.Most governmentalentities,includingtheUS,haveexertedgreatpressureoncompaniestominimizethe collectionofuserdataratherthanincreaseit.Werecognizethatthepolicyshiftflowsfromperceived newchallengesintheinvestigationofseriouscrime.However,inthatcontextitwouldbedesirabletosee abetterarticulationofthestandardsfordatacollectionandhowthosestandardswouldmeetthe competingrightsandpolicyobjectives. Clause14oftheBillcontemplatestheimplementationoffilteringarrangementssoastoattemptto addressfragmentationofdatawhenidentifyingthegenuineuserofacommunicationservice.The technologicalandadministrativemechanismswhichwouldfacilitatesuchfilteringarrangementsare notdetailedinthelegislationorintheexplanatorymaterial.ItisthereforedifficultforTwittertooffer comprehensiveobservationsonthisaspectoftheBill.However,becausethissectionofthebill potentiallyraisessignificantissueswewelcomeanyadditionaldetailandclaritythatthesponsorscan provideinordertomorefullyassesstheimplicationsofsuchfilteringarrangements. Anadditionalquestioniswhetherconsiderationwasgivenduringthedraftingofthelegislationto balancingtheneedsofnationalsecurityandcriminalinvestigationwithpublictransparencyaboutthe extentofonlinesurveillance.WhiletheprovisionsinthedraftbillauthorisetheSecretaryofStateto issueorderstocompelcommunicationsoperatorstogenerateandstoredata,itenvisagesthatthiswillbe doneinconsultationwithcommunicationsoperators.However,theredoesnotappeartobeaprocessfor disclosuretoorinputfromthepubliconthisissue.Nordoesthereappeartobeanyprovisionforuser notificationwhenrequestsfortheirpersonaldatahavebeenmadebylawenforcement. Wewouldbeinterestedtounderstandwhatconsiderationwasgiventoissuesofproportionalityinthe draftingofthisprovisionaswellassomecrossjurisdictionalchallengeswhichmayarise.Forexample,it ispossibleandindeedhighlylikelythatthistypeofmonitoringwouldresultinthecollectionand retentionofdataonuserswhoareoutsideoftheUnitedKingdom.Thishasthepotentialtoplaceusin legallyuntenablepositionwithrespecttoprivacy,dataretentionanddataprotectionlawselsewherein theworld. Followingonfromtheabove,wewouldwelcomesomeclarityonhowtheprovisionsofthisBillworkin concertwithotherrequirementsplacedonglobalcompanieswithrespecttouserprivacyanddata retention.ThesecouldincludeEUDataRetentionandDataProtectionDirectivesasincorporatedinto domesticlawsinmembersstates,humanrightslegislationaswellasprivacyanddataretentionlegal frameworksintheUnitedStates,andelsewhere. OnthewiderpointofthepolicyprinciplesunderpinningtheBillandtheconsiderablepowersit proposestoextendtolawenforcement,weareinterestedinhearingwhatconsiderationhasbeengiven totheprecedentitmaysetinternationally.Whileitisonethingforagovernmentwhichhasincorporated theEuropeanConventionofHumanRightsintodomesticlawtoseektoassertauthorityoveroverseas companies,itwouldbeofquiteadifferentorderforthegovernmentofalessdemocraticcountrytoseek toexercisesimilarpowers.Insuchacasehowever,thereisariskthatthestandingoftheUKgovernment andUKcompaniesinresistingsuchdatacollectionfromitsowncompaniescouldbesignificantlydiluted. Indeed,manydissidentsabroad,suchasMichaelAntiinChina,countuponWesterndemocraciestolead byexampleandtopressuretheirowngovernmentstoupholdessentialInternetfreedoms. Finally,ifcompanieslikeTwitterdonotestablishreadyaccesstosuchdataorgeneratedatathatBritish authoritiesbelieveisnecessary,thereisauthorizationinthebillforauthoritiestocompel telecommunicationsoperatorstoobtainthatdata.Wemaynotbeprivytosuchorders.Wemaynot knowwhenrequeststoobtainouruserdataarebeingmadetoothertelecommunicationsoperators. Whatisthemechanismforinformingoverseascompaniesthatitsdataisbeingsoughtorcollected?How dowereflectsuchlackofknowledgeinourownTermsofServicewithrespecttoourusers,wherewe typicallydescribeandareheldaccountablebyregulatorsintheU.S.fortheprivacyandsecurityfeatures ofourservice?
417
ThankyoufortheopportunitytoprovidewrittencommentsontheDraftCommunicationsData Bill.TwitterispreparedtoworkwiththeMembersoftheJointCommitteewithrespecttoanyadditional questionsthepanelmayhave. August2012
418
UK Border Agency
1. On12thJuly2012,GillianMcGregor,DirectorofOperationalIntelligenceintheUKBorderAgency, provided oral evidence to the Joint Committee on the Draft Communications Data Bill. This evidencebuildsupontheevidencealreadyheardbytheJointCommittee. The UK Border Agency UKBA , within the Public Authority of the Home Office, is the UK law enforcement agency with responsibility for investigating immigration and border related customs nonfiscal offences,bothasleadagencyandinpartnershipwithSOCAandotherlaw enforcementpartners. UKBA also currently supports applications that may be made for communications data by colleaguesinBorderForce, alsounderthePublicAuthorityoftheHomeOffice .BorderForce split from UKBA in March 2012, but continue to require access to communications data in relation to its primary functions. Under the current operating mandate for Border Force, all matters identified at the border and pertaining to border crime are referred to UKBA for investigation. UKBAusesallthreetypesofcommunicationsdata trafficdata,serviceusedataandsubscriber data asdefinedundersections21 4 a , b and c oftheRegulationofInvestigatoryPowers Act2000 RIPA insupportofitsremittoinvestigateimmigrationandborderrelatedcustoms crimes. Applications are made for the statutory purpose of preventing or detecting crime. Examplesofkeycustomsoffencesincludedrugsandprohibiteditemsmuggling offencesunder theCustomsandExciseManagementAct1979 ,aswellasmoneylaunderingoffencesunderthe Proceeds of Crime Act. Key immigration crime offences include those of facilitation and organised people smuggling contrary to section 25 of the Immigration Act 1971 , trafficking offences bondedlabour,vice,vulnerablepersons ,forgery,counterfeitingandIDoffences. In addition to criminal investigations, applications can also be made to support investigations conductedwithintheUKBADetentionEstate, forthepreventionanddetectionofcrimeandin theinterestofpublicsafety ,andforinvestigationsbytheSecurityandAntiCorruptionUnitin relationtomisconductinpublicoffice.UKBAisalsoempoweredtoaccesssubscriberandservice usedatawheninvestigatingasylumbenefitfraud. UKBAacquiresallthreetypesofcommunicationsdataunderRIPAonadailybasisinsupportof itscorefunctions.TheAgencyaccesseddatainrelationto2,854individualcommunicationsdata itemsin2010,risingto4,062itemsin2011andthistotalisprojectedtoriseto6,000for2012. ThevolumeofcheckshasgrownyearonyearastheAgencyhascontinuedtodevelopitscriminal investigation capability. These increases follow the organisational changes in 2009 which saw thenewlycreatedUKBorderAgencytakeresponsibilityforHMRCdrugsinvestigationsandthe consequenttriplinginthevolumeofchecksmadethroughtheSinglePointofContact SPOC .
2.
3.
4.
5.
6.
Whydoweneedaccesstothisdata? 7. Communications data is particularly beneficial when targeting those involved in cross border crimes, precisely because this criminality involves a great deal of movement. Experience has shown, in both immigration crime and drug smuggling investigations, that those involved frequentlycoordinatemuchoftheirbusinessbymobilephoneand,toanincreasingextent,the internet. If for example, the subjects of the investigation are moving commodities or human beingsintotheUK,theyfrequentlyliaisewiththeircriminalassociates eithertheorganisersor
419
thoseresponsibleforthenextstageofthesmugglingoperation bymobilephoneortheinternet. Communicationsdatathereforebecomesacrucialtoolintheinvestigationoftheseoffences. 8. With the communication methods of criminal gangs involved in immigration and border crime developing and changing, it is crucial that UKBA retains access to all types of communications datainordertoeffectivelycombatthiscriminality.UKBAneedstobeabletoutiliseeffectivetools in order to quickly identify and apprehend those responsible, and establish the full extent of a criminalnetworkinvolved.Asubscribercheck,whetherrelatingtoaphoneoremailaddress,can oftenestablishastartingpointforaninvestigation,whilstdatafrombillingscanbuildthepicture further by identifying criminal associates or key contacts that are made around the known criminalevent,e.g.adrugsseizure.Cellsitedataisaparticularlyeffectivetoolwhenattempting tolocatethoseindividualswhoarefrequentlymovingbetweenUKairorseaportsandaddresses intheUK,suchassafehouses.Someofthefollowingsuccessfuloutcomeswouldnothavebeen achievedwithoutaccesstocommunicationsdata: a. Communications data has secured guilty pleas from the subject s arrested or secured theirconvictionatcourt.Inmanyofthecasesthathaveresultedinaguiltypleadueto theincontrovertiblecommunicationsdataevidencethatwaspresented,significantcosts havebeensavedbecauseaprotractedtrialprocesswasavoided. b. Convictions have been secured at trials due in large part to the detail within the communicationsdataevidencepresented. c. In numerous investigations, the communications data acquired has enabled investigators to identify the wider organised crime group involved in the criminality underinvestigation,andensured,forexampleinadrugsimportation,thatnotonlyisthe courierarrestedandcharged,butthatotherkeyorganisersareidentifiedandthemodus operandiofthenetworkisestablished. d. Inimmigrationinvestigations,communicationsdatahasidentifiedbeneficiariesand/or victimsofthecriminalnetworkwhohavebeenfacilitatedortraffickedintotheUK. e. Communications data has also proved vital in excluding subjects from further investigation,ensuringthatanyadditionalintrusionisprevented.
9. Communicationsdataplayedapartinover460separateUKBAcriminalinvestigationsin2011. The Agency also disrupted the activity of 74 organised crime groups and secured 1,600 prosecutions.Itwouldnothavebeenpossibletoprogressorresolvemanyoftheseinvestigations ifaccesstocommunicationsdatahadbeenrestrictedorwasunavailable.
Whycantyouachievethesameoutcomeusingothertechniques? 10. Border related criminality is often well organised and utilises the involvement of varying numbers of individuals, all with different roles to play in the criminal activity. Much of the communicationbetweentheseindividualstakesplaceovertheinternetorusingmobilephones. Thestartingpointofaninvestigation,forexamplewhendrugsareinterdictedattheborder,may provideone phone number or an emailaddress whichthe investigating officer can build upon. Furthercommunicationsdatachecksmayhighlightothercriminalassociationsandkeycontacts aroundaknowncriminalevent.Intheseinstances,communicationsdatacanbeboththestarting point,butalsosometimestheonlymeansofprogressinganinvestigation. 11. Without access to communications data, it is likely that investigations would either not be progressedoralternatively,othermoreintensiveandintrusivetechniqueswouldhavetobeused toobtainthesamelevelofevidence.Forexample,investigatorswouldinsteadbeforcedtouse expensiveandresourceintensivedirectedsurveillanceforprotractedperiodsinordertoidentify andevidencecriminalassociations,activity,locationsandmodusoperandi.Inthesamewaythat
420
guiltypleassavemoneyintrialcosts,itisclearthatifUKBAdidnthavethistoolitwouldcostthe Agencymoremoney. AnswerstoSelectQuestionsSetbytheJointCommittee.
12. QHastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthe draftBill?

AUKBAbelievesthattheGovernmenthasmadeaconvincingcaseforthenewpowers.UKBA investigationsareoftenveryreliantupontimelyaccesstocommunicationsdata,forexampleas thekeypieceofintelligencethatstartsaninvestigationorastheevidencethatlinksthemembers of an organised gang both to each other and to criminal events. Technical developments have allowedcriminalstodiversifyhowtheycommunicateanditiscrucialthatweareabletokeep pace with these changes. As more and more alternative means of communicating are based on theinternet,thismeansthatmoreSPOCrequestsforcommunicationsdataaresenttointernet companiesbasedoverseas.Withoutaccesstothisdata,UKBAwillhavelostavitalinvestigative toolandcriminalswillpotentiallybeabletocarryoutborderrelatedcrimeswithimpunity.
13. QWhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder?

ATheprincipleconcernforUKBAisthatweshouldretainaccesstocommunicationsdatafor the purpose of investigating border related criminality. In addition, previous organisational changes within UKBA, for example the recent evolution from Immigration and Nationality Directorate, to Border & Immigration Agency and finally to UKBA, plus the current split with Border Force have all demonstrated that there is still a need for flexibility in this area. OrganisationalchangeshavethepotentialtonecessitateachangetothelistofPublicAuthorities.
14. Q Are the circumstances under which communications data can be accessed appropriate and proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect?
A As outlined above, UKBA is responsible for investigating a broad range of border related crimes including: drugs and prohibited item smuggling, facilitation and organised people smuggling, trafficking offences, forgery, counterfeiting and ID offences. Some of these offences, suchastraffickinghaveasignificantdetrimentalimpactonindividualsconcerned,whilstother offencessuchasdrugsmugglingcanhaveseveresocialconsequencesfortheUK.Counterfeiting, IDfraudandforgeryoffencesmayappeartocauselessimmediateharm,buttheseoffencescan haveeconomicconsequencesfortheUKiftheyenablelargenumbersofpeopletoillegallyenter thecountry.Equally,therecouldbesignificantconsequencesfornationalsecurityifindividuals posingathreattotheUKusedforgeddocumentstoenter.99%ofUKBAscommunicationsdata applications are carried out for the purpose of preventing or detecting crimes similar to those outlined above. We therefore believe that it is appropriate, proportional and in the publics interestthatUKBAhascontinuedaccesstothisinvestigativetool.
15. QIstheproposed12monthperiodfortheretentionofdatatoolongortooshort?
A We believe that the 12 month data retention period is appropriate. Drug smuggling and facilitation organised crime groups have in the past been identified as running operations that cover significant periods of time and communications data going back up toa year has proved crucial in identifying and evidencing criminal events. For example, communications data going backuptoayearhasbeenusedbyUKBAasevidenceagainstorganisedcrimegroupswhohave facilitated individuals into the UK by arranging sham marriages with EU nationals. Communications data in this scenario provided incontrovertible evidence of other older sham marriageeventsandthecriminalassociationsoftheperpetrators.
421
16. Q Would a warrant system be more appropriate? If you favour a warrant system should this apply to all public authorities including law enforcement agencies? Should a warrant be necessaryinallcircumstances?Andwhatwouldtheresourceimplicationsbe?
A From a UKBA perspective, the sheer volume of requests made by the agency in conducting these investigations would make a requirement to seek judicial / magistrate warrant for our requestsasevereburden.UKBAcurrentlyrunsanelectronicprocesswhichallowsfortheswift distributionofcommunicationsdataapplicationformsfromtheSPOCtotherelevantDesignated Person,somethingthatisparticularlybeneficialinurgentoperationalcircumstances.Anysystem in which a warrant was required would have to ensure that the minimum efficiency standards already existing in this area are maintained in order to avoid having a negative impact on investigations. If a warrant system was introduced for UKBA, this would have a significant negativeimpactonthetimeavailableforinvestigationsasinvestigatorsspendtimetravellingto andfromCourtstopresenttheircase.UKBAisnotinfavourofawarrantsystemgiventhatwe believe the safeguards provided by the external inspection regime and the existing processes ensurethatthecurrentsystemisproperlyrobust.
17. Q Is the role of the Interception of Communications Commissioner and the Information Commissioner IOCCO sensible?
A UKBA has had a very positive experience with the Interception of Communications CommissionersOffice IOCCO overthelastfewyears.Wearenotonlyinspectedtoensureour compliancewithRIPA,butIOCCOhasalsoconsistentlygiventheAgencyclearandhelpfuladvice withregardtoimprovingtheefficiencyofourprocesses.Therobustandconstructiveapproach oftheIOCCOinspectorsensuresthatseniormanagersareabletohavecontinuingconfidencein theAgencyscompliancewiththelegislation.
18. Q Applications for accessing communications data will be subject to a series of safeguards includingapprovalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest. How should "designated senior officer" be defined? Is this system satisfactory? Are there concernsaboutcompliancewithArticle8ECHR?
A Strict processes within the UKBA SPOC ensure the integrity of the process for accessing communications data. Applications for data can only be authorised by specified operational gradeswithintheAgencyHMInspectorsorSeniorOfficersforborderrelatedcriminality,and specified grades for anti corruption, asylum fraud and Detention Services applications. Those individualsmusthavereceivedspecifictrainingasaDesignatedPersonandthistrainingensures thatallUKBADesignatedPersonsarefullyawareoftheimportantArticle8ECHRconsiderations thatformthebasisofeachapplicationform.TheSPOCensuresthatapplicationformsaresentto impartialandobjectiveDesignatedPersonswhoarenotassociatedwiththeoperationandgiven that UKBA is a national Agency, forms are usually considered by Designated Persons from completelydifferentregions. 19. The service providers can only issue communications data to a limited number of accredited SPOC officers within the Agency, and only when given the name of the Designated Person responsibleforauthorisingtheapplication.Theentireprocessisfullyauditableandapplication forms must clearly indicate how a telephone number or email address is associated with the investigation. IOCCO carry out random checks on our files in conjunction with the service providersinordertoensuretheintegrityoftheprocess. 20. UKBA is confident that the robust safeguards in place effectively ensure that noone can circumvent the process for obtaining communications data. In support of this fact, there has never been any abuse of the process for accessing communications data in UKBA. If any such abusewasidentified,UKBAacknowledgestheseriousnatureofthesepotentialincidentsandas
422
withexistingtypesofdata,breacheswouldbetreatedasdisciplinaryoffenceswhichmayresult in a range of penalties, up to and including dismissal. We believe that these penalties are appropriateandabespokeoffenceisnotnecessary. Conclusion 21. TheharmcausedtotheUKthroughthesmugglingofdrugs,organisedfacilitationandtrafficking cannot be overestimated. Furthermore, for UKBA to meet its obligations as one of the 4 key partnersinvolvedintheOrganisedCrimePartnershipBoard OCPB ,alongsideSOCA,HMRCand ACPO,paritywiththeseagenciesisvital.Itisonlywithcontinuedaccesstocommunicationsdata thatUKBAwillbeabletocontinuefullyandeffectivelytacklingimmigrationandcustomscrime, protectingourborderanddisruptingsuchharmfulcriminalnetworks. August2012
423
Virgin Media
VirginMediaLimited VirginMedia isanentertainmentandcommunicationsbusinesswhichoffersa quadplayofbroadband,fixedlinetelephony,mobiletelephonyandTVservicestoresidentialand in relationtosomeservices commercialandpublicsectorcustomersintheUK.VirginMediaisoneofthe UKsleadinginternetserviceprovidersdeliveringfixedlinebroadbandservicestoover4million customers. VirginMediawelcomestheopportunitytorespondtothejointcommitteesrequestforwritten submissions. Introductorycomments VirginMediarecognisesthatlawenforcementshouldhavereasonableandtimelyaccessto communicationsdatainordertohelpachievesuccessfulprosecutions.Clearly,forthistobethecaseitis vitalthattheintroductionofanynewcommunicationsdataregimeisworkableforindustry,while retainingthetrustofthepublic.Itisalsocriticalthatanymeasuresareproportionateanddeliveredon thebasisofreasonablechecksandbalancestoensurethatthelegitimateprivacyofusersisprotected. VirginMediatakesitsobligationsregardingdatasecurityanddataprivacyveryseriouslyandhasdetailed privacyandinformationsecuritypoliciesinplace. VirginMediaunderstandstherationaleoftheGovernmentsproposals.Itisevidentthatasthedigitalage evolves,thecommunicationslandscapeischanging.Communicationsservicesandtechnologiesare changingrapidly,bringinghugebenefitstotheUKssocietyandeconomy.Buttheevolutionof communicationstechnologyalsomeansthattheinternetcanalsobeusedtounderpincriminal behaviour.Asaresult,lawenforcementauthoritieshaveaconcerntoensuretheyhaveaccessto communicationsdatainordertohelpachieveeffectiveprosecutions. Thecurrentregime Thecurrentregimehasstrengths,particularlytheSinglePointofContactSystem SPOC ,whichprovides animportantframeworkfortherelationshipbetweenlawenforcementauthorities LEAs andCSPs.Like ISPA,werecognisethatthecurrentsystemalsoensuresthatthecoststhatCSPsincurwhentheycomply withrequestscanbereimbursedsothatCSPscontinuedinvestmentinotherareas,suchasbroadband rollout,isnotaffectedbydataretentionrequirements.Thisalsoactsasasafeguardwithlawenforcement onlyrequestingdataknowingthecosthastobejustified.Itiscrucialthattheseelementscontinueaspart ofanyfuturecommunicationsdataregime. TheDraftCommunicationsDataBill VirginMediahasbeeninvolvedindiscussionswiththeHomeOffice,overanumberofmonths,aboutthe practicalaspectsoftheBillshoulditreceiveParliamentaryapproval.Thediscussionshavebeenuseful andhaveprovidedmuchvaluedclarityabouttheimplementationoftheBill,shoulditreceiveapproval. However,giventhatmanyofthedetailsoftheBillaretobeclarifiedinsecondarylegislationitis inevitablethatdiscussionsonfurtheraspectsofimplementationwillberequiredinorderforthe necessaryclaritytobedelivered Atthisstage,ourprimaryconcernwiththedraftBillasitstandsrelatestotheretentionrequirementson providersnotpreviouslycaughtbydataretentionrequirementsandtherequirementforUKprovidersto retaindataoftheseproviders.VirginMediacurrentlyenjoysgoodworkingrelationshipswitharangeof thirdparties,bothdomesticallyandinternationally.Inmanycases,VirginMediamakestheirapplications andservicesavailabletoitscustomersthrough,forexampleitsTiVoservice.IfVirginMediaislegally obligedtoprovidedatafromsuchthirdparties,thismaywelldamageitscommercialrelationshipwith thosepartiesandotherthirdparties,particularlythosebasedoverseaswhomaybereluctanttomake theirservicesavailabletoVirginMedia. VirginMediaisalsoconcernedtoensurethatthereisalevelplayingfieldforalldataholderscovered underthelegislation.ThelegislationmustbeunderpinnedbyarobustCodeofPracticewhichsetsoutthe processthatisrequiredforallthirdpartydatarequests.VirginMediaandotherUKbased
424
communicationsprovidersobligationstosupplythirdpartydatashouldbeseenasalastresort,only exercisedoncethethirdpartyinquestionhasrejectedtherequest.OncetheCodeofPracticeisin operationVirginMediarecommendsthatitiskeptunderreviewandregularParliamentaryscrutinyto ensuretheappropriatechecksandbalancesremaineffective. VirginMediawelcomestheproposedcontrolsregardingaccesstocommunicationsdatabypublic authorities,butbelievesitwouldalsobehelpfultoclarifytheabilityofthirdpartiestoaccessadditional dataretainedasaresultoftheBillundersocalledNorwichPharmacalorders.Privatecompaniesand individualsregularlymakeapplicationstocourtfordisclosureofawiderangeofpersonaldataforawide rangeofreasons,includingdefamation,copyrightinfringementandsecurityandconfidentialitybreaches, andtheseapplicationsarefrequentlygranted.TheimpactoftheBillontheseapplicationsandtheirscope needstobeconsidered. August2012
425
Vodafone
VodafonewelcomestheopportunitytoprovideevidencetotheJointCommitteeandthescrutiny providedbythedraftbillconsultativeprocess.Thisisanimportantandcomplexpolicyareawhichwill benefitfromafullpublicdebate. Vodafonerecognisestheimportanceofcommunicationsdatametadataaboutacommunication,and notthecontentofacommunicationinthefightagainstterrorismandcrime,andiscommittedto workinginpartnershipwithGovernment,lawenforcementagenciesandtherestoftheindustrytoplay itspart.Vodafonerecognisethatthetechnologicalchangeandspreadofcommunicationsoverthe Internethascreatednewchallengesforlawenforcementagencies,andunderstandsthatthisproposed legislationaimstomaintainlawenforcementcapabilityinthelightofthesedevelopments. ItisuptotheGovernmenttorecommendwhatnewpowerslawenforcementneedstoensureithasthe rightinformationtofightcrime,andoncethishasbeendecidedandbeenpassedbyParliament,Vodafone willdoitsbesttosupportthelawenforcementagenciesanddeliveraneffectiveandefficientservice withinthisnewlegalframework. Vodafonealsorecognisestheimportanceofprivacy.Itisvitalthatthemeasuresareproportionateand necessarytoprotecttheprivacyofour19mcustomers,thevastmajorityofwhomarelawabiding citizens.Thismeansallparticipantsinthisdebatehavearesponsibilitytoensurethatchangestothe currentregimeareimplementedinawaythatrespectstheirrighttoprivacy. Vodafonehasasolidrecordofbothsupportinglawenforcementandprotectingtheprivacyofits customers. Inthisconsultativestage,Vodafoneiskeentoensurethatanynewproposalsaretechnicallyworkable, providelawenforcementtheinformationtheyneedwhilstalsoprovidingmaximumprotectionofits customersprivacy. Wewouldurgethecommitteetoensurethatthereisanappropriatedebatefollowingthefindingsofthe JointCommitteeandthattheJointCommitteehasanopportunitytorespondtotheGovernments responsetoitsreport. FromVodafonesperspective,therearesixmajorissueswhichtheCommitteeisrequestedtoexplore: ResponsibilitiesofUKandoverseasproviders Interactionwithprivacyregulation Retentionanddeletionrequirements Definitionofvalidrequestingauthority Oversight Technicalboundaries ResponsibilitiesofUKandoverseasproviders Themajorimpactofthislegislationisthatitcouldbeusedtoasktelecommunicationsoperatorstocollect dataforwhichtheyhavenodaytodaybusinessuse,simplyforthepurposeofmakingitavailabletolaw enforcementagencies. Inthemain,therecommendationsinthedraftBilltakethecurrentmodel enshrinedintheData Retention ECDirective Regulations2009,andtheRegulationofInvestigatoryPowersAct2000 and extendittocoverthenewplatformsandsoftwareusedtocommunicateovertheInternet.Clearly,taking apreinternetmodelandassumingitworksintheinternetageisntnecessarilygoingtodelivera workablelongtermsolution.Preinternet,thevastmajorityofcommunicationswereenabledbyservices
426
providedbyUKbasedtelecommunicationscompanies,whichalsooperatedthenetworkoverwhichthe communicationsweretransmitted. Thisisnolongerthecase.Therehasbeenaseparationofnetworkandservice,suchasVoIPbased services,andsoftwareenablingVoIPcommunications,andsocialmedia.Assuch,whilsttelecoms operatorsmayprovidethenetworksoverwhichtheseservicesareaccessed,orbymeansofwhichthe communicationsarecarried,thetelecomsoperatormaynolongerbetheprovideroftheserviceor softwaretheformerlinkbetweennetworkandserviceisnolongerapplicable.However,thevast majorityofinternetcommunicationsareconductedonplatformsorviasoftwareprovidedbyafew leadinginternetcompanies. Webelievethatthebestwaytotacklethischallengeistoensurethataprincipleisestablishedthatthe companyprimarilyresponsiblefortheapplicationorservicethattheconsumerisusingtocommunicate ontheinternetisthecompanywiththedutytoholdthedatarelatingtothatcommunication.Thisfits withtheprinciplethatcompaniesonlyholdinformationgeneratedintheirdaytodaybusinessactivities. Naturallythisraisesajurisdictionalissue.Manyofthetoolsusedforcommunicationsareofferedby companiesbasedoverseas.Thisshouldnotbeareasonfortheirremainingoutsidethesystem.The Governmentthereforeneedstoensurethelegislationworkswiththesecompanies.Thisisanareawhere theGovernmentneedstobeclearhowitintendstoensurethatthisdatawillbecollectedina proportionateandappropriatemannerbythoseorganisationsbestplacedtodoso.Thereseemstobe scopeinthedraftBilltoestablishthisprinciple,enablingtheSecretaryofStatetoimposeanorderon anyperson,whetherbasedintheUKornot.Clearly,thisisawideframeworkanditwouldbeusefulto understandmoreabouthowitcouldbemadetoworkinpractice. Intheextreme,wheretherewererogueapplicationsoperatingoutsideoftheframeworkbyorganisations whichdonthaveaninterestinsupportingUKlawenforcementorcomplyingwithUKlaw,itis understandablethatimposingobligationsonUKbasedoperatorsisseenasafallback. Ifsomeserviceproviders,byvirtueofbeingbasedoverseas,areabletoescapetheseobligationsbeing placedonthem,UKnetworkprovidersprovidingcommunicationsserviceswillnotbecompetingona levelplayingfield. Interactionwithprivacyregulation Beyondthequestionaboutwhichbusinessesshouldholdthedata,itisimportantthatexisting and future privacyanddataprotectionlegalframeworksworkwellwithanynewproposals.Weneedbothto ensuretheprotectionofprivacy,andavoidmultipledifferentregulatoryandpotentiallyconflicting standardswhenitcomestoprotectingourcustomersprivacy,giventhepotentialforconflicting requirementsoncommunicationproviders. ItwouldbepreferabletohaveoneoverarchingpieceoflegislationratherthanthedraftBillsitting alongsidetheDataRetentionregulations.Ascurrentlydrafted,theproposeddraftBillgoesconsiderably furtherthanmereretention,including,asproposed,obligationstogeneratedata. Retentionanddeletionrequirements TheUKchoseatwelvemonthretentionperiodunderitsimplementationoftheDataRetentionDirective, sothereisaprecedentbutitisfortheGovernmenttodecidethesetimeperiods.TheDirectivepermitted retentionforbetweensixandtwentyfourmonths.However,thelongerVodafoneisaskedtoholddata thegreaterthecostandthegreaterthestoragecapacityrequired.Itshouldalsobenotedthatwewillbe requiredtoholdsomedataforlongerifflaggedbylawenforcementagenciesaspotentiallyrelatedto illegalactivities. Wealsohaveconcernsabouttherequirementforanoperatortodestroydatainsuchawaythatitcan neverberetrieved.Neverisanunrealisticrequirement,becausewearenotinapositiontodetermine thestateoftheartinthefuture.Underthedataretentionregulations,therequirementistodeletethe
427
datainsuchawayastomakeaccesstothedataimpossible,reflectingwhatispossibletoday,and Vodafonewouldsuggestthatthisrequirementshouldbereflectedhere. Definitionofvalidrequestingauthority IftheproposalinthedraftBillisenacted,clearlythelistofpublicauthoritiesabletoaccess communicationsdataneedstobekepttoaminimum.Requestsneedtobenecessaryandproportionate, andonlyforthepursuitofcriminalactivity.Itisprobablysensibletovarythislistbutonlyifthereisa preconditiontowardsreducingthenumberswherepossiblenotincreasingthem.Requiringjudicial authorisationforlocalauthorityaccessisappropriate. Whencommunicationsdataisrequested,wesupportashighalevelapprovalprocessaspossibleto ensurethatrequestsfordataaretakenseriously,givenboththeprivacyintrusionandthecosttothetax payerofunnecessaryrequests.Webelievethatthecontinuationoftheprocesscurrentlyinplace i.e.a noticeauthorisedbyadesignatedperson isaminimumrequirement. Oversight Withoutaclearindicationonhowthisregimewillworkinpracticeitisdifficulttocommenton appropriatepenalties.Clearlythemorebureaucraticandcomplextheregime,themoreprotection telecommunicationsoperatorsshouldbeafforded.Ifbesteffortshavebeenappliedthenthisshouldbe takenintoaccount.Apenaltiesregimeshouldformaseparateconsultationonceitisclearhowthis legislationwillworkinpractice. However,itmustbethecasethatpublicauthoritiesresponsibleforhandlingandrequestingpersonal datamusttakethesepowersasaveryseriousundertaking.Thisbeingthecase,thereshouldbe consequencesformishandlingdataormakingerroneousrequests.However,wearentqualifiedto commentwhatthepenaltiesshouldbe.Clearlytheycantbelessthanthosefacedbytheprivatesector. Becauseofpotentialimpactonprivacywhichwehighlightabove,thereisaneedforstrongindependent oversight.AnynewoperationalpowersgiventoeithertheICCorICOneedtobeproperlyresourcedand fitascloselyaspossibletoexistingprivacyanddataprotectionprocedures.Thislegislationseemstobe askingICOtotakeonamuchmoreproactive,inspectoratetyperole.Thiswouldbeanotablechangeof currentpractice. Technicalboundaries Itistechnicallypossibletoretaincommunicationsdataandcommunicationsserviceproviderscan alreadybeservedwithobligationstodoso.However,thecapabilitytodothiswoulddependonthe communicationsserviceinquestionthiswouldneedtobeassessedonaperservicebasis.Whereit wasnotpossibleforacommunicationsprovidertodifferentiatebetweencontentandcommunications datainrespectofanygivencommunication,thecommunicationsprovidermuststopattemptingto recordcommunicationsdataforthatcommunication. Asamatterofsimplepractice,ifVodafoneweretobeobligedtoacquirecommunicationsdatarelatedto encryptedcommunications,itwouldneedtobesuppliedwiththecapabilityforconvertingthe communicationtoaformatwhichenablesittoextractandstorethecommunicationsdata.Vodafone wouldnotbeabletoattesttotheaccuracyoftheoutputofsuchacapability. TotheextenttheobligationsrequireforVodafonetosupplydatatoathirdpartysystemforanalysis,we arenotinapositiontocommentonhowsuchasystemwouldwork.Itshouldbenotedthatthisapproach isnewandsowillrequireagooddealofclosecollaborationbetweentelecommunicationoperators, Governmentandtheorganisationprovidingthefilteringservice.Wefeelthatthereshouldbeaproper consultationprocesswiththekeyplayerstoensurethatthisnewsystemworkswell.However,weare confidentthatwehavetheexpertisetostorecommunicationsdatasafely.Wealreadydothisforour19m UKcustomers. August2012
428
David Walker
MynameisDavidWalker.IhaveworkedinInformationTechnologysince1993,andspecialiseinsystem andnetworksecurity.Icurrentlyrunasmallbusinessspecialisingindesignandimplementationof multileveandcrossdomainsecuredesktopandserverinfrastructures,butmostnotablyforthepurpose ofthisdiscussion,backin2001whenIwasaSecuritySubjectMatterExpertatSunMicrosystemsUK a postIoccupieduntil2010 ,Icodesigneda"blackbox"lawfulinterceptsolutionbasedonoriginal research,andpresentedit,inconjunctionwiththeHomeOfficeandinthecontextofRIPAandNTAC,to theCTOsoftheUK'smajortelcos. IhaveworkedonITsecuritysolutiondesignandimplementationinanumberofindustriesoverthe years,includingFinancialServices,Telco,UtilitiesandPublicSector involvingLawEnforcement,Defence andIntelligence ,andhavebeeninvolvedinresearchintoadmissibilityofelectronicdataasevidence,as partofatechnicalteamassembledbyStephenMason.Ialsocontributemyviewsonrelevantissuesto variousInformationAssuranceorganisations. Isubmitthisworkonmyownbehalf,intheformofresponsestothespecificquestionsposedinthe Consultation.IftheCommitteewishestoenterintodiscussionregardinganyofthepointsIraisebelow, orhavemepresentevidenceorally,Iwouldwelcometheopportunitytoparticipatefurther. SUMMARYKEYCONCEPTS *ExtentoftheInternet;significantlylesserextentandreachofBritishlegislation;mismatchbetween Britishandforeignlegislationandstandards;datasensitivityandvetting *Trivialityofsetupandmigrationofremoteanddistributedcommunicationsservices *Proxying,tunnelling,cryptographyandotherobscuringtechnologies;mappingtotradecrafttechniques *Cowrappingandseparationdifficultyof"communicationsdata"and"communicationscontent" *Numberanddiversityofcommunicationsprotocols BelowarespecificquestionsaboutthedetailsofthedraftBill.TheJointCommitteewouldappreciate writtensubmissionsonanyofthesequestionsonwhichyouhaveevidencetocontribute. Itisnotnecessarytoaddresseveryquestion.TheJointCommitteewillalsowelcomeothercomments relatedtothedraftBill,evenifnotdirectlyaddressingthequestionsbelow. Itwillprobablybehelpful,whenansweringsomequestions,formetoincludehypotheticalexamplesof somecommunicationsbetweenuptothree"personsofinterest".Forpurposesofillustration,thesethree personswillbereferredtobelowas"Fred","Jim"and"Sheila". GENERAL: 1. HastheHomeOfficemadeitclearwhatithopestoachievethroughthedraftBill? Toalargedegree,yes;certainlytotheextentthatitisclearthattheHomeOffice'sintentionsarenot technicallyfeasibletoimplementinamannerwhichresultsintheirintendedoutcomes,nomatterhow muchmoneyisavailableforsolutionimplementationandmaintenance. However,someelementsoftheBillremainunclear,tosomeoneusedtocommunicatingintheaccepted industryvernacular.Seemyresponseto eg Question11below. 2. HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill?
429
Asindividualsandorganisationsperformmoreoftheirsocialandbusinesscommunicationsonline,it initiallyappearssensibletoattempttoaddressthesefomsofcommunicationfromtheperspectiveof interception. However,asIhopewillbecomeclearinmyanswerstosubsequentquestions,theworldofelectronic communicationsissufficientlydifferentfromtheworldofphysicalcommunications,locationand movement,thatattemptingtoidentifyandisolatetheelectroniccommunicationsofapersonofinterestof moderatetechnicalskillwouldbeequivalent,inatraditionaltradecraftcontext,tobeingabletoshadow someoneabletochangetheirappearancearbitrarily,teleportandproduceillusoryindependent duplicatesofthemselvesatwill.Also,itisnotnecessaryforapersonofinteresttoinventanyofthe technologiesneededtoachievethesefeats;theyalreadyexistandhavegeographicallydistributed supportinginfrastructuresinplace. Inshort,"theneedfornewpowersandinitiativesisevident,buthavingthemwillnotnecessarilyhelp fulfiltheaimsintended". 3. HowdotheproposalsinthedraftBillfitwithinthewiderlandscapeonintrusionintoindividuals privacy? Inmyview anddisregardingtechnicalissues theysitreasonablywellalongsideotherelementsofRIPA. 4. Whatlessonscanbelearntfromtheapproachofothercountriestothecollectionofcommunications data? Iknowlittleoftheactionsofothernationsregardingthepurecollectionofcommunicationsdata; howeverwhenitcomestotheinterceptionandblockingofcommunications whichcanbeconsidereda supersetofcollection;datatobeinterceptedandblockedmustbynecessitybeidentified,isolatedand collectedinrealtime,suchthattherealtimerequirementistheprincipaladdedimposition ,largescale communicationscensorshipinfrastructuressuchasthesocalled"GreatFirewallofChina"are notoriouslyporous. AlsoashasbeenfoundinChinaandelsewhereifapersonororganisationlocatedinacountryandof interesttothatcountry'sGovernmenthasaccesstothefundsandtheinclinationtosousethem,they couldcompletelybypassanynationaltelecommunicationsinfrastructure andinterceptioncapabilities placeduponit byspendingafewthousandpoundstorentorpurchaseahandsetconnectedtothe IridiumorInmarsatsatellitecommunicationsnetworks. InotethatInmarsatisaBritishcompanyheadquarteredinLondonandlistedontheLSE,sotheycould beconsideredtofallwithinthesphereofinfluenceoftheBritishGovernmentandthusberequiredto installcommunicationsgatheringequipmentaccordingtotheproposedBill.Iridium,beingAmerican,fall outsidetheBritishGovernment'ssphereofinfluence. Expandingonthe"GreatFirewallofChina"experience,numeroustechniqueshavebeendevelopedand deployedtocircumventandbypassthecontrolsinplace.Thetechniquesandtoolswhichimplement themarewidelyknownandfreelyavailable,andwherenecessary,haveglobaldistributed infrastructuresinplacetosupportthem.Theyinclude: *tunnellingonenetworkcommunicationsprotocoloveranother suchasIRCoverDNS ;thedesignof TCP/IPenablesthistobeachievedforanypairofprotocolswhichrunoveraTCP/IPstack,andalso allowsIPtobetunnelledoverIP seeeghttp://www.ietf.org/rfc/rfc2003.txt . *useofproxyingservicestomaskthesourceand/ordestinationendpointsofacommunication along standingandpopularanonymousremailerservicewashostedatanon.penet.fi;newerequivalentsinclude hidemyass.com .Inourcontext,suchaproxyingservicecanbeeasilysetupillegitimatelyonany compromisedInternetconnectedsystemoverseas,orlegitimatelyonanyoverseascloudservice.Inote that,historically,manyInternetbasedattacksusedtoappeartocomefromproxysystemslocatedin Singapore;Singaporewaschosenasaparticularlysuitableplacetobreakintoacomputerandinstalla proxy,asuntilrelativelyrecentlyithadnolegislationaimedataddressingcomputermisuse.
430
*useofcryptographyandmessagewrappingtechniques,inconjunctionwithwrappingawareproxies,to maskthedestinationendpointofacommunicationbyconcealingencryptedmessagedestinationdata withencryptedmessagecontent.Intraditionaltradecraftterms,thisisequivalenttodoublebagginga postalcommunication;FredcouldsendSheilaaletterinthepost,forexample,insidewhichisan envelopecontaininganotherletter,addressedtoJimandwithdeliveryinstructionsforSheila.This schemenaturallyextendstotripleandnbagging. *useofonlinefilestoragefacilitiessuchashttp://www.dropbox.com/,withsharingofaccountstocreate thedigitalequivalentoftradecraft"deadletterboxes".Thisstarted andcontinues withsharedaccounts atcybercafes;Fredwritesafile,goesaway,andJimcomesalongwithknowledgeofFred'scredentials, logsonasFredandreadsthefile.Thischangesthescopeof"communications"trackingifJimknowsthe detailsofFred'saccount,thenthereisnoelectroniccommunicationsdatawhichindicatesdatapassing fromFredtoJim. 5. Arethereanyalternativeproposalswithregardtothetechniqueandcostofobtaining communicationsdatathattheGovernmentcouldconsider? Iwouldsuggestthatthisquestionisextended,toconsideralternativemeansbywhichtheendsintended tobeachievedbyobtainingcommunicationsdata,couldbeachieved.Arephrasingtosomethinglike "Whatalternativemeansofachievingthestatedobjectives,ifany,mightbemorelikelytosucceed,given thefundsavailableanddevelopmentsincommunicationstechnologyandinfrastructuresoverthepast decade,aswellasthosecurrentlyunderway?"seemsappropriate,andIwouldhopethatthisquestion yieldsconstructiveanswersfromrespondentsskilledinconventionaltradecraftandforensic investigation. Toputthisincontext,theissuesofobtainingcommunicationsdataaresufficientlyasymmetricfromthe perspectiveofcreating,provisioningandmaintaininglawfuldataobtainingcapabilitybeingverydifficult andexpensive,andevadingcommunicationsdataobtainingmeasuresbeingfairlyeasyandmonetarily eitherfreeornearlysothatdivertingfundscurrentlyearmarkedforcommunicationsdatagatheringto otherlawenforcementandintelligenceinitiatives,wouldprobablyyieldgreaterbenefit. Forexample,IrecallProf.RossAnderson'scommentonRadio4's"Today"Programmeon01/11/11; apparently,ithasbeenfoundfromwellknownconventionalbankaccounttracingtechniquesthatthe vastmajority some90% offundsgarneredbyInternetspammerchantsarefunnelledthrough3banks inAzerbaijan.AsactionshavebeensuccessfullytakentosevercommunicationsbetweentheSWIFT networkandallbanksinIran,aspartofeconomicsanctionsagainstthatcountry,a"followthemoney" approachsuggeststhat,ifpartoftheintentofcommunicationstrackingistofacilitateattacksagainst organisedcrime,attempltingtoseverconnectionsbetweenSWIFTandtheseAzeribankswouldlikelybe ofbenefit. 6. ThedraftBillsitsalongsidetheDataRetentionRegulations.Howwillthesetwopiecesoflegislation interrelate?Woulditbepreferabletohaveoneoverarchingpieceoflegislationthatgovernstheretention ofcommunicationsdata? Itmakesmoresensetometokeepthepiecesoflegislationseparate,aswhiletheirpurposesoverlap,data retentionalsorelatestocontextsotherthancommunicationsinterception. Ialsonotethattheissueofdatadestructionneedstobeaddressedmoreexplicitly;seelater. 7. IfitisconcludedthattheprovisionsofthedraftBillareessential,arethereanyothermeasuresthat couldbescrappedasaquidproquotorebalancecivilliberties? NotthatIamawareof. 8. WilltheproposalsinthedraftBillposeariskthatcommunicationsserviceprovidersseetheUKasa lessattractivebase.Whatmightbetheeffectonbusiness? Yesandthisappliesmorewidelythanjusttocommunicationsserviceproviders.
431
Forcommunicationserviceproviderswhowillberequiredtointegrateandhostcommunicationdata gatheringequipment,themeansofintegratingthisequipmentbecomesaprimaryrequirementofany currentandfuturecommunicationsinfrastructuredesign.Provisionforfeedingdatatogathering equipmentwillhavetobemaintained,foraslongastheproposedlegislationisinforce.Thismayactasa dragoninnovation;datagatheringboxeswillneedtobemaintainedasseparateentities,whichwill requireprovisionofphysicalconnectionsofappropriatetypeandspeed,andprovisionofappropriate datatothosephysicalconnections.Ifatsomefuturepointaninterceptcapabilityisincorporatedinto infrastructureasavirtualisedservice,theassuranceofseparationwillneedtobeverified,testedand assuredbythelikesofGCHQandthiswillinvolveimposingregularinspectionsandotherinconvenience onserviceproviders. Also,thewordingoftheproposedBillregardingreasonsfordatagathering,seemsverybroad specifically,page25subsection6claused."intheinterestsoftheeconomicwellbeingoftheUnited Kingdom". Dependingontheinterpretationofthisclausebytheirriskmanagers,companiesintheFinancialServices industrycouldinterpretthisasmeaningespeciallygivenmanystoriesinthepressoverthelastcouple ofyearsaboutviewsbetweenGovernmentandFinancialServicesthatanyFinancialServicescompany couldreadilybesubjecttogatheringofalltheircommunicationsdatabyGovernment.Whilethiswould beunlikelytobepivotalinadecisionregardingwhethertoconduct orcontinuetoconduct businessin theCityofLondon,itmayhaveadverseeffect. COSTS: 9. Istheestimatedcostof1.8bnover10yearsrealistic? Iamunabletocommentonthis,astheworkingbywhichthenumberisderivedisnotgiven. 10. TheHomeOfficesuggeststhebenefitsthatcouldbedeliveredbytheenactmentofthedraftBill couldbeworthbetween56bn.Isthisfigurerealistic? Iamunabletocommentonthis,astheworkingbywhichthenumberisderivedisnotgiven. SCOPE: 11. Arethedefinitionsofcommunicationsdataandcommunicationsserviceproviderappropriate? DotheysensiblydefinethescopeofthepowersinthedraftBill? Notreally.Intermsofdefining"communicationsserviceproviders": *A"telecommunicationscompany"isanentitysuchasBT,Vodafone,VirginMedia,AT&Tetc;acompany whichownsandrunsphysicalcables,switches,satellitesandrouters OSIlayers13,atleast overwhich communicationsprotocolsrun. *A"communicationscompany",bycontrast,includescompaniessuchasGoogle,Twitter,Appleetc,who providescommunicationsapplicationsandprotocolstorunovertheinfrastructuresprovidedbythe telecommunicationscompanies. *Also,somewhereinbetween anditneedstobedecidedandstatedwhichsideofthedistinctionthese companiesfallon arethosecompanieswhoprovideinfrastructureaccessibleviatelecommunications companies,andwhichcanbepurposedforanythingthecustomeriscapable,includingstandinguptheir owncommunicationsserviceinstances.CloudServiceProviderssuchasAmazon,RackspaceandFirehost areincludedinthisset. *Further,Inotethatsomecommuncationscompaniesownandhosttheirowninfrastructure;othersuse Cloudenvironments.
432
*Stillfurther,therearepseudotelecommunicationscompaniessuchasTalkTalkandTesco.net,whichre brandandresellbandwidthoncommunicationsinfrastructureultimatelyownedandprovidedbyBT. Whichclass es ofcompany,fromtheabove,willberequiredtoinstallandmaintaintheinfrastructure tapsforthelawfulinterceptcapabilitiesproposed? Thedescriptionof"communicationsdata" whichismorecommonlyreferredtoas"communications metadata" givenisaccurateinsomecontextsandforsomeprotocols,anddownrightwronginandfor others.WhileitiscutanddriedforconventionalandoldfashionedemailheadersweredefinedinRFC 821,contentinRFC822SMStextmessagespassoverthesameSS7signallingprotocolusedforcall setup. Further,whenconsideringtheplethoraofothercommunicationsprotocolsavailableIRC,IM,VoIP, embeddedVoIPsharingcommunicationschannelswithmodelandstatedataingames,filetransferand alsowhenconsidering"doublebagged"emailemployingproxiesandencryption,ifcommunicationsdata isnottobemissed,anyandallencryptedmessagedatamustbedecryptedtoensurethatnoonward communicationsdataremainsinencryptedform,atthepointofgathering. Finally,thereisthetrivialcasewherecommunicationsdataiscontainedplainlywithinthe communicationtext.ConsideranemailmessagefromFredtoSheila,containingtextalongthelinesof "thelateststatusupdateis severalsentencesorparagraphselided .BesuretotellJimaboutthis, too." 12. WhichpublicauthoritiesshouldbeabletoaccesscommunicationsdataunderthedraftBill? ShoulditbepossiblefortheSecretaryofStatetovarythislistbyOrder? Ihavenocommentonthisquestion. 13. Howrobustaretheplanstoplacerequirementsoncommunicationsserviceprovidersbased overseas?Howrealisticisitthatoverseasproviderscouldbepursuedforbreachofduty? Theplansappeartobeneitherrobustnorrealistic.Ihavehearddescriptionsofthepracticalaspectsof the"specialrelationship"betweentheUKandtheUSwhichIwillnotrepeathere,butsufficeittosaythat "theInternetextendsbeyondthesphereofinfluenceofanynationstate". Ashasalreadybeenmentioned,therearenationswhichhavenolegislationagainstcomputermisuse Singaporehasenactedsomeinthelastdecade ;therearealsofunctionallyungovernedplaces I disapproveoftheterm"failedstate" withconnectivitytointernationalfibre. Also,withtheriseinconsumerdrivenCloudservices,itisfairlystraightforwardtostandupanemail serviceforasmallishnumberofusers,onnonstandardportsandwithmultiplelayersofproxyingand encryptionsuchthateverycommunicationtraversesapathinvolvingcryptographicprocessinginatleast 2countries,usingtoolsnomorecomplexthanacreditcardandfreelyavailablesoftware.Ihavenot actuallydonethis,butestimatethattodoitwell,includingidentifyingappropriatecloudservice providersandlearningtheirprovisioningsystems,wouldtakemenolongerthan3weeks.Anengineer morepracticedincloudserviceprovisioningcouldhaveitdoneinratherlesstime;potentiallyacoupleof days. Evenwhereoverseasproviderscanbepursued,therearefurtherissuestoconsider,suchasmismatchin forensichandlingstandards;Igather fromdiscussion,ratherthancaseprecedent thatthesearenot evenharmonisedacrosstheEU,yet.IntheeventofapersonofinterestbeingarrestedinFrance,for example,iftheircomputerequipmentisseizedunderwarrantandexaminedforensicallybytheSurete, theirproceduresforpreservingthechainofintegritywhenhandlingthedataretrieveddonottallywith Britishrequirementsforsame,sotherewouldbeissuesofadmissibilityofthedataasevidenceina Britishcourtoflaw. Thereisalsothematterofknowledgerequiredofserviceproviderstaff.Thelistofpersonsofinterestor theinclusionofaspecificpersononthelistofpersonsofinterestmaywellbeamatterofnational
433
security.Therefore,unlesstheserviceproviderstaffassociatedwiththemanagementandmaintenanceof thecommunicationsinfrastructureconnectedtothedatagatheringsolutionhaveundergoneappropriate UKvettingandarecleared,theycannotbepermittedtoknowwhosedataisofinterest.Insuch circumstances,thewholeofthatprovider'strafficwillneedtobecapturedinsitu,relayedacrossrelevant links,andonlyseparatedoutonceitisinatrustedenvironment,inordertoprovideacapturesolution withzerolocalknowledge. USEOFCOMMUNICATIONSDATA: 14. Arethecircumstancesunderwhichcommunicationsdatacanbeaccessedappropriateand proportional?Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? Ihavenocommentonthisquestion. 15. Istheproposed12monthperiodfortheretentionofdatatoolongortooshort? Ihavenocommentonthisquestion. SAFEGUARDS: 16. Applicationsforaccessingcommunicationsdatawillbesubjecttoaseriesofsafeguardsincluding approvalbyadesignatedseniorofficerwithinthepublicauthoritymakingtherequest.Howshould designatedseniorofficerbedefined?Isthissystemsatisfactory?Arethereconcernsaboutcompliance withArticle8ECHR? Ihavenocommentonthisquestion. 17. Wouldawarrantsystembemoreappropriate?Ifyoufavourawarrantsystemshouldthisapplyto allpublicauthoritiesincludinglawenforcementagencies?Shouldawarrantbenecessaryinall circumstances?Andwhatwouldtheresourceimplicationsbe? Ihavenocommentonthisquestion. 18. IstheroleoftheInterceptionofCommunicationsCommissionerandtheInformationCommissioner sensible? Ihavenocommentonthisquestion. PARLIAMENTARYOVERSIGHT: 19. ArethearrangementsforparliamentaryoversightofthepowerswithinthedraftBillsatisfactory? Ihavenocommentonthisquestion. ENFORCEMENT: 80. 20. Arethepenaltiesappropriateforthosecommunicationsserviceproviderswhofailtocomply withtherequirementsofthedraftBill? 81.Thesedonotappeartobewelldefined. 21. Arethepenaltiesappropriateforthosepublicauthoritiesthatinappropriatelyrequestaccessto communicationsdata?ShouldfailuretoadheretotheCodeofPracticewhichisprovidedforinthedraft Billamounttoanoffence? Ihavenocommentonthisquestion. TECHNICAL:
434
22. Doesthetechnologyexisttoenablecommunicationsserviceproviderstocapturecommunications datareliably,storeitsafelyandseparateitfromcommunicationscontent? Unequivocallyandemphatically,"No";seedetaileddiscussionsabove,andfurtherdiscussionhere. Evenifthetechnologyisdeveloped,theconsiderableasymmetryofeffortbetweendeployingand maintainingitontheonehand,andbypassingorotherwiserenderingcaptureddataofnovalueonthe other,isastrongargumentforredirectingefforttootherapproachesandtechniquesmorelikelytogive resultsrepresentingvalueformoney. Inotethat,evenwheredataisnotencrypted,andisatrackablecommunicationratherthanone associatedwithadeadletterbox,asystemtoseparatecommunicationsdatafromcommunications contentwouldneedtounderstandeverycommunicationsprotocolcurrentlyemployedbyeverypieceof communicationssoftware.Therearehundredsofsuchprotocols,manyareproprietary,andnewonesare producedanddeployedinnewsoftwarereleasesfairlyregularly.Theinitialengineeringefforttoproduce suchprotocolparsers,andtheongoingefforttoincorporatenewones,wouldbeprohibitive. Wherecommunicationsdatais"doublebagged"usingencryption,suchthatatpointofcapturetheonly discernibleinformationisthatFrediscommunicatingwithsomeserverin say theUkraine which wouldinturntakeoffalayerofencryption,forwardthemessagetoaserverin say Indonesiaaccording totherevealedcommunicationsdata,thentheserverinIndonesiawouldactontherevealed communicationsdatatowrapthecommunicationwithanotherlayerofencryptionandsendittoJim ,the communicationcouldpotentiallybecapturedreliably althoughthereareconsiderableperformance considerationstotakeintoaccount ,howeveritwouldbeoflittleuse. IfGCHQissittingonanewbranchofmathematicsorsomeremarkableadvanceincomputingwhich enablesthemtodecryptAES256inpracticaltime,then andonlythen doesdatagatheringhave practicaluse,ifthepersonsofinteresthavetakenthetroubletoenableorconfigureencryptionandare usingaproxyservice.Eventhen,thewholeofthecommunicationwoudlneedtobedecrypted,inorderto revealtheencapsulatedandencryptedmessageforwardingdatanecessarytoconstructthewhole communicationpath. Also,Paragraph73onpages302givesafurtherwellconsideredviewonissuesassociatedwith communicationsdataretrieval: Thereareanumberoffeaturesofinternetbasedcommunicationswhichhaveanimpactonthe acquisitionofcommunicationsdatabypublicauthorities: Thetechnologywhichisusedtooperateinternetandmobileservices,andcollaborationbetween numerouscompaniesmaymeanthatcommunicationsdataregardingasinglecommunicationisnolonger retainedinasingleplace.Thisfragmentationofdatamakesitdifficulttoobtainandaggregateallofthe communicationsdataapublicauthoritymayneedtoansweraspecificquestion. *Companieswhoprovideinternetcommunicationservicesdonotalwaysrequireauthenticatedidentity information,makingitmoredifficulttoidentifythegenuineuserofacommunicationservice.Moreover,a rangeoftechnologiesareavailablewhichattempttoanonymiseboththelocationandtheidentityof serviceusers. NumerousmobilecommunicationdevicescanbeusedtoaccessInternetcommunicationserviceswhile onthemove,makingitmoredifficulttoestablishfromwhereacommunicationwasmade. Thereareavastrangeofglobalinternetcommunicationservices.Itisveryeasytocommunicate simultaneouslyusingmultipleservicesandmovequicklytonewservices. 23. Howsafelycancommunicationsdatabestored?
435
Thisnaturallydependsonwhereandhowitisbeingstored.Ifitisbeingstoredattheserviceprovider, andtheproviderisuntrusted,thewholeoftheprovider'sdatafeedmustbestoredinordertogiveazero localknowledgesolution. Variousnovelmethodsofdispersedzeroknowledgestoragehavebeendevelopedrecently;themost interestingofthese whichisnotrecommendedforrealtimeaccess,sotherearecaveats isdetailedat http://www.cleversafe.com/ Note:IhavenocommercialinterestinCleversafe,Ijustfindtheir technologyintriguing. Anequallyinterestingquestionwhichisnotaskedhere andprobablyshouldbe ,is"Howsafelycan communicationsdatabedeleted?"InotethatthedraftBillstatesinseveralplaces egpage18para32 that"Thedatamustbedestroyedinsuchawaythatitcanneverberetrieved",butwithoutprovidingany prescriptiveinformationonhowthismightbeachieved.Thereareseveralstandards egInfosecMemo 5 ,forerasureofstoreddatawithanintendedoutcomeofthedatabeingirrecoverable,howeverifthe disksarelikelytofallintothehandsofaFISatanypoint,physicaldestructionwithananglegrinderor similaristheonlyguaranteedoption..TheBillwouldbenefitfrombeingmoreprescriptive,here. 24. Aretheproposalsforthefilteringarrangementsclear,appropriateandtechnicallyfeasible? Thisrequiresfurtherthinkinganddiscussion.Unfortunately,I'venothadchancetogivethispointthe considerationitneeds. 25. HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill? Thisdependsonthecontextofthepersonsofinterestwishingtocommunicatewitheachother.Insome contextsitcouldbewhollytrivial,in*all*othercontextsitwouldbereasonablystraightforward,and achievableforzeroorfairlytrivialfinancialoutlay. ThisisunlessGCHQissittingonanewbranchofmathematicsorsomeremarkableadvanceincomputing whichenablesthemtodecryptAES256inpracticaltime,ofcourse. 26. Arethereconcernsabouttheconsequencesofdecryption? Thisdependsonwhatisabletobedecrypted.IfGCHQissittingonanewbranchofmathematicsorsome remarkableadvanceincomputingwhichenablesthemtodecryptAES256inpracticaltime,revealingthe existenceofsuchtechnologydirectly,orindirectlybyaction,wouldcauseworldwidepanic.If,however, GCHQisnotabletodecryptAES256inpracticaltime,then"doublebagging"communicationsisa reasonablystraightforwardandeffectivecountermeasureagainsttheaimsoftheBill. August2012
436
Andrew Watson
Thissubmissionisbeingmadeinapersonalcapacity,notasarepresentativeofanyorganisation.The authorhasover30yearsexperienceintheITindustry,andhasbeenfollowingtheprogressoflegislation oncommunicationsinterceptionsincethedebatethatsurroundingtheRegulationofInvestigatory PowersBill aswas in2000. 1.Inotethat"TheJointCommitteewillalsowelcomeothercommentsrelatedtothedraftBill,evenifnot directlyaddressingthequestions listedinthecallforevidence ".Thissubmissiondoesnottherefore attempttorespondtothecommittee'slistofquestions,butinsteadlistspointsthatparticularlyconcern theauthor. 2.Ihavealsoread,andcompletelyconcurwith,responsessenttothecommitteebyDrPaulBernal,Glyn MoodyandAlecMuffett.Iwillnotrepeatthemanyvalidpointsthattheymake. 3.Asdrafted,thislegislationpermitsthecollectionandstoragebypublicauthoritiesofdataabout anyone'scommunicationsforpurposesthatinclude"publicsafety","preventingcrime","preventing disorder","protectingthepublichealth"and"assessingorcollectinganytax" Clause9 6 .These purposesaresobroadastopermitmassblanketsurveillanceofthepopulation.IndependentJudicial approvalwouldonlyberequiredinsomecasesmanyauthoritieswouldbeabletoconductmass surveillanceofeveryonetheychose,eventhosenotdirectlysuspectedofanycrime,withoutany contemporaneousexternaloversight. 4.ThisdraftBilldoesnotexistinisolation.Itmustbeexaminedalongsideotherlargescaledata gatheringsystemsdeployedbypublicbodiesoverthepastdecade.Thereisacomprehensivelistin "DatabaseState",areportpublishedbytheJosephRowntreeReformTrustin2009,andwhichI recommendthattheCommitteestudy.InthisresponseIwillbrieflycallattentiontojusttwootherlarge scaledatagatheringsystemscontrolledbyHomeOfficeagencies. 5.PoliceforcesintheUKhavecreatedasinglenationaldatabaseholdinginformationfromanetworkof severalthousandAutomaticNumberPlateRecognition ANPR camerasonBritain'sroads.Dataonevery vehiclewitharegistrationplatethatpassesanyANPRcameraissenttoanationaldatabaseinHendon, whereitisstoredforatleasttwoyears,evenwherethereisnosuspicionofwrongdoingconnectedwith thatvehicle.Thisdatabasethereforeholdsdataonthemovementsofeverylawabidingvehicleuser.At theendofMarch2011itheld11billionvehiclesightings,andwasaccumulatingnewsightingsattherate of15millionperday. 6.AspartofitseBordersscheme,theHomeOfficeiscreatingadatabaseofthemovementsofevery travellerwhocrossestheUK'sbordersbyanymeansoftransport.Alltraveldetailsarestoredina databaseinWythenshawe,nearManchester,for10years.Thisdatabasethereforeholdsdataonthe movementsofeverylawabidinginternationaltraveller. 7.WhenusedwiththecrossdatabasesearchtechnologydescribedbyGlynMoodyinhissubmissionto theCommittee,datafromthese andother HomeOfficecontrolleddatabasescombinedwith communicationsdatagatheredunderthisdraftBillwouldpermittheagenciesofasingleGovernment departmenttotrackthemovementsandactivitiesofeverylawabidingcitizeninnearrealtime,withno externalJudicialoversight. 8.Thisisclearlyaveryundesirablestateofaffairsinademocraticsociety. August2012
437
Dr John Welford
1. Introduction 1.1InmyapproachtotheanalysisofanyproposalIfinditusefultosubdividemythinkingundertwo distinctheadings,andthisishowIshallthereforestructuremysubmission.FirstlyIaddressthe principle.Thisisconcernedwiththebasicrightnessorwrongnessofwhatisproposed.Thus,for example,shouldtheproposalinquestionberuledoutregardlessofanyotherconsiderations?SecondlyI turntothepracticalities.Thisisconcernedquiteseparatelywithwhethertheproposalisfeasiblewith regardtoalltheotherfactors,suchascost,complexity,effectiveness,reliability,etc.Basically,willitwork anddeliverwhatispromisedfortheestimatedcost?Andalsoimportantly,couldtheproposalleadtoany unintended especiallynegative consequences? 1.2Ihavecrosslinkedmycommentstojustthreeofyour26questions. 2. ThedraftBilltheprinciple Question16.ArethereconcernsaboutcompliancewithArticle8ECHR? 2.1MostpeopleIspeaktoaretrulydismayedandhorrifiedbytheverynotionbehindthisdraftBill,the ideathatthegovernmentwantsinfuturetobeabletoinvadetheprivacyofperfectlyinnocentpeople. Andproposingtodothisbypryingintopeoplesinternetandphoneuse,tofindout,forexample,whom theyspeaktoandwhichwebpagestheychoosetolookat.Interestingly,itisnotsoverylongagothatthe entirenationwasunitedinhorrortodiscoverthatanewspaperhadsimilarlyinvadedtheprivacyofan innocentyoungmurderedgirl,viz.MillyDowler,byhackingintohermobilephone.Sowhywoulditbe acceptabletotheverysamepeopleforthegovernmenttobegoingdownafrighteninglysimilartrack,but doingthisonaglobalcomprehensivescalewiththeentirepopulation?Basically,whatbusinessisitof thegovernmenttobedoingthis? 2.2Ofcourse,suchintensiveinvestigationofinternetandphoneusecouldverywellbejustifiedinthe caseofanindividualwhohadcomeundersuspicionofhavingdonesomethingseriouslywrongorof beingabouttodosomethingseriouslywrong.Andthiscould,asnow,obviouslybesanctionedbya magistrateswarrant.Butotherwise,Iaskagain:whatbusinessisitofthegovernmenttobepryinginto theinternetandphoneuseofperfectlyinnocentpeople?Unlessyourjointcommitteehasasolid convincinganswertothiskeycentralquestionthenIamnotsurehowmuchitisworthpursuingany furtherwithyourother25questions. 2.3Itseemstomethattheproposaltopryintensivelyintotheactivitiesoftheinnocentcrossesavery dangerousline,alinewhichtomyknowledgehasneverbeencrossedbeforeinthiscountry.Moreover, onceyoucrossthisline,andeffectivelyturneveryoneintoasuspect,thenwhereareyougoingtostop? Forexample,theproposalboaststhatatleastthereisnointention atpresent ofmonitoringtheactual textinpeoplestextandemailmessages.Butoncethecrucialintrusionoftheinnocentlinehasbeen crossed,thereissurelynologicalreasonnottogofurtherandfurtherandfurther.Fromthereonnothing canbelogicallyruledout,whetheritsreadingthetextininnocentpeoplesemailmessages,steaming openalltheirlettersoreveninstallinggovernmentCCTVcamerasineveryroomintheirhouses.And withoutdoubtalloftheseadvancescouldandImsurewouldbejustifiedforperfectlyplausiblereasons. Forexample,bothnationalsecurityandtheprotectionoftheyoungfromabusebypaedophilescouldbe usedtojustifytheinstallationofCCTVcamerasineveryroominpeopleshouses.Butwouldthisbethe kindofNineteenEightyFoursocietythatanyofuswouldwanttolivein? 2.4Behindthedraftproposalthereis,ofcourse,thewholequestionoftrust.Inparticular,havingaccess tosuchanintrusivepictureofeverycitizenslife,couldanyfuturegovernmenteverbetrustednotto misusesuchinformationtoadvanceitspartyposition?Forexample,theinformationcouldbereadily usedtopressurepoliticians,journalists,whistleblowersandotherstomaintainsilencewhentheyshould bespeakingoutonavitallyimportantnationalissue.No,obviouslynofuturegovernmentcouldeverbe trusted.InthiscontextaquotationfromcomputersecurityspecialistBruceSchneierspringstomind:It ispoorcivichygienetoinstalltechnologiesthatcouldsomedayfacilitateapolicestate.AndIbelievethat thedraftBilloutlinespreciselythekindoftechnologydevelopmentthatSchneierhasinmind. http://www.schneier.com 2.5Needlesstosay,atpresenttrustinourpoliticiansiswithoutdoubtatitslowestebbinliving memory.AndindeedtheveryfactthatthecurrentproposalisbeingputforwardbyaConservativeand
438
LiberalDemocratcoalitiongovernmentonlyservestodemonstratethejustificationforpeopleslackof trust.Forpriortothelastelectionbothofthecoalitionpartieswerepromisingtorollbackthe surveillancestate,andinthecoalitionagreementtheypromisedthattheywouldscalebackLaboursBig Brotherstate.Sowhyhavetheygonebackontheirpromisestotheelectorate,andwhyhavethey shiftedtheirpositionbyacomplete180degrees?Theonlyconclusionthatcanbedrawnisthatoncein powerourMPsprefertoworktothequitedifferentongoingagendaofthepermanentstaffattheHome Office,ratherthangenuinelytryingtofulfilltheirpromisestotheelectoratethatbroughtthemtopower. Thisisthereforeadeeplydepressingstateofaffairs,puttingintoquestionthehonestyandintegrityofour ministersandthereforethestateofourdemocracy.Sowithoutdoubt,ifthedraftBillgoesaheaditwill onlyservetoconfirmpeoplesdeepandgrowingmistrustintheirpoliticalrepresentatives. 3. ThedraftBillthepracticalities Question9.Istheestimatedcostof1.8bnover10yearsrealistic? 3.1Ihaveabsolutelynoideahowthisfigurewasarrivedat.Butwhatiscertainlywellknownisthat governmentITprojectsarerenownedfor a costingsignificantlymore usuallybyseveralfactors than hadbeenoriginallyestimatedand b takingmuchmuchlongertodeliverthanwaseverprojectedatthe outset.Thereareseveralkeyreasonsforthisgrossinaccuracy: a. 3.2ThevastmajorityofpoliticiansaretechnicallynaivewhenitcomestoITprojectsand engineeringgenerally,andsoarenotinagoodpositiontobeabletounderstand,evaluateandthoroughly questionpreciselywhatisbeingproposedbytherelevantexperts.Andsotheyarenotinagood positiontooppose,orlaterabandon,technicallyweakproposalswithunrealistictimescales. b. 3.3Thosewhopropose,supportandseektoimplementtheproject forexample,commercial companies shareaninterestinnotwantingtofrightenpeopleoffbysuggestingthatitwillprovetobe toocostly.Sotheywillaimtosupplythelowestfigurepossibleinordertoobtainapproval,fullyaware thatonceaprojectisunderwayreasonsforincreasedcostscanalwaysbeconjuredupandplausibly justified. c. 3.4ManygovernmentITprojectsrunthemselvesintoseriousdifficultiesbecausetheyaretoo large,ambitiousandtechnicallyoverlycomplicated.AssuchtheyseriouslyconflictwiththebasicKISS designprinciple:KeepItSimpleStupid.Inotherwords,systemcomplexityshouldbeavoidedatallcosts; thebestandmostreliablesystemscanbedevelopedonlywheresimplicityisaprimarygoal.Mygut feelingabouttheprojectproposedhereisthatitisoverlycomplicatedandhighlyambitious,anditdoes notthereforegiveconfidencethatanyonewillbeabletoproperlyguide,controlanddeliverit.Indeed, theveryfactthatinyourcallforevidenceyouhavefounditnecessarytoraiseasmanyas26detailed questionsissomeindicationoftheprojectslevelofcomplexity. d. 3.5ApartfrombeingoverlycomplicatedmanygovernmentITprojectsalsosufferfrombeing novelandleadingedge.Assuch,therefore,nobodywillbeinagoodpositiontopredictinadvancehow thingsaregoingtodevelopandindeedevenwhetherthecurrentobjectiveisgoingtobeachievableand costeffective.Butofevengreatersignificanceisthatweandthesystemdesignersareinthecurrentcase confrontedwithamovingtarget.Inparticular,howcanwepossiblypredictthetechnicaldevelopments therearegoingtobeoverthenexttenyears,bothincommunicationstechnologyandsystemsandhow people includingcriminalsandterrorists willchoosetousethem.Andtotheextentthatthiscannotbe reliablypredictedhowcananITsystemdesignedtodaybeguaranteedtodealwiththechangedsituation fiveortenyearshence.Thisisthedesignersmajornightmare,theotherbeingpoliticianstendencyto meddleandseektochange andusuallyexpand thedesignspecificationpartwaythrough. e. 3.6Finally,itispossibleforcertaindesignfeaturesnottobegivenaproperconsiderationand nottobeproperlycostedin.InthepresentcasespecificallyIamconcernedthatdueconsiderationmay nothavebeengiventothepropersecurityoftheaccumulatedconfidentialdataaboutpeopleslife patterns.Suchdatacouldclearlybeofsignificantvaluetocriminals,andthereforetheremustbe scrupulouscaretakentoensurethatthedataisabsolutelysafeandwillnotbeleakedorstolen. Achievingthiswilladdconsiderablytothecostofrunningthisproject,anditisvitalthereforethatit shouldbeproperlycostedinandnotoverlooked.
439
3.7Myconclusionfromalltheseconsiderationsthereforeisthattheestimatedfigureof1.8bnisalmost certainlyprettymeaningless,andhasmostlikelyjustbeenpluckedoutoftheairbysomeonepressured intodoingitforpoliticalreasons.Andgiventhatsuchaprojecthastodateneverbeencompleted successfullyanywhereelseonearth,thismustplaceitintheveryhighriskcategory.Myhunchfeeling thereforeisthatthisprojectcouldwellturnouttobejustonemoremassiveITgovernmentprojectthat eventuallyhastobeabandoned.Awhiteelephantinthemaking. Question14.Whatkindofcrimesshouldcommunicationsdatabeusedtodetect? 3.8IntheHomeSecretarysForewordtothedraftBillshejustifiestheneedforgoingaheadwithit,viz. toensurethatthepoliceandintelligenceagenciescontinuetohavethetoolstheyneedtodothejobwe askofthem:investigatingcrimeandterrorism,protectingthevulnerableandbringingcriminalsto justice. 3.9Themostimportantpracticalquestion,therefore,andonewhichisregrettablynotexplicitlyraised inyourcallforevidenceiswhethertheprojectwillactuallydeliver.Willthesystemworkashoped,and willitachieveitsprimeobjectiveofsuccessfullybringingcriminalsandterroriststojustice?Ifthe answertothiskeyquestionisnothenclearlyitwouldbeextremelyfoolishtoembarkonit. 3.10Unfortunately,theharshtruthisthatcriminalsandterroristsareinvariablywellaheadofthegame inthesematters.Theythereforekeepabreastofallrelevanttechnicaldevelopments,andtheywill naturallyseekoutanysystemweaknessesthatcanbeexploited.Iamnotmyselfanexpertinthecomplex worldofsecurityengineering,butIwouldcertainlysuggestthatthetechnicalviabilityoftheproposed projectneedstobescrupulouslyexaminedbythosewiththerelevantexpertise.Onesuchpersonwould obviouslybeRossAnderson,ProfessorofSecurityEngineeringatCambridgeUniversity,andItrustthat hisinputhasalreadybeensoughtbyyourJointCommitteeandobtained. http://www.cl.cam.ac.uk/~rja14/ 3.11Evenforthelowestlevelcriminalthestatemonitoringofallemailandinternetcommunications canbereadilybypassedmerelybystealingorborrowingsomeoneelsessmartphone,usingitandthen quicklydisposingofit.Buthigherlevelcriminalsandterroristswill,Imsure,beconstantlydeveloping otherandmuchmoresophisticatedtechniquesandstrategiesforbypassingthemonitoring. 3.12Inallcrimedetectionthereis,ofcourse,theseriousquestionoffalsepositives.Thismeansthatin anysystemofblanketsurveillanceandcrimedetectionyouwillinevitablyturnupmanyinnocentpeople whoseinternetusageprofiles,forexample,mightincorrectlymarkthemdownaspotentialsuspects. Unfortunately,withverylargepopulationsthiscanrevealsomanyfalsepositivesuspects typically runningintomanythousands thattherearejustfartoomanytoinvestigate,andthesystembecomes completelyunworkable.Incommonparlancethisinherentweaknessinblanketsurveillanceis sometimesexplainedbysayingthatifyourelookingforaneedleinahaystackitdoesnthelptoobtaina biggerhaystack.Amuchmoreeffectiveandcosteffectivestrategywouldbetooptforintelligenceled monitoringandsurveillance,i.e.focusingintensivelyonyoursuspectsratherthantheentirepopulation atlarge. 3.13Finally,itiswellknownthatthepoliceatpresentrelyverymuchonthepublicforhelpindetecting andreportingcrime.Soanobviousquestionthatmustbeaddressediscouldtheimplementationofthis statesurveillanceproposalleadtosuchaseriousalienationbetweencitizensandthepolice andthestate generally thatpeoplearenolongerwillingtoassist?Inotherwords,apolicyintendedtoimprovecrime detectionmightindirectlyandironicallyseriouslyimpaircrimedetection.And,ofcourse,theremaybe manyothersocialandotherseriousunintendednegativeconsequencesofproceedingwiththisproposal. August2012
440
Wikimedia UK
WikimediaUKistheWikimediaChapter532coveringtheUnitedKingdom.WikimediaUKisaregistered charitywiththeaimofsupportingthedevelopment,collectionanddistributionofopeneducational, culturalandhistorical,content.Contentis"open"whenitisavailabletothegeneralpublicfornocharge, withlegalpermissions,toview,copy,share,adapt,improveandotherwisereuse i.e.withopen copyrightlicences . WikimediaUKbringstogethertheWikimediaCommunityintheUK,tobuildlinkswithUKbasedcultural institutions,universities,charitiesandotherorganisations. WikimediaUKworkscloselywiththeWikimediaFoundation533,whichisthebodythatoperates Wikipedia.WikimediaUKisincorporatedinEnglandandWalesasacompanylimitedbyguarantee534 andhasnocontroloverWikipediaoranyotherWikimediaFoundationprojects535. Prelegislativescrutiny WewelcomethefactthattheDraftCommunicationsDataBill theBill issubjecttoformalpre legislativescrutinybyaJointCommitteeofbothHousesandaregratefulforthisopportunitytoprovidea submissionofourkeyconcernsregardingtheBill. WidescopeandlackofclarityintheBill PriortoaclosereadingoftheBillwewereunclearofitsapplicabilitytousasanorganisationandtothe membersoftheWikimediaUKcommunity.CloserreadingoftheBillandtheoralevidencegiventothe JointCommitteeduringJuly2012536hasfailedtoprovideuswithmuchgreaterclarityorcertainty.Our keysubmissionwouldbethatthislackofclarity,certainty,anddefinitionofscope,intheprovisionsofthe Billareacauseforconcern. Weanticipateotherorganisations, suchasJustice,theOpenRightsGroupandLiberty 5thathave alreadyprovidedoralevidencetotheJointCommittee,maycoveringreaterdetailtheimplicationsofthe Billforcivilliberties.WewillthereforeconfineoursubmissiontohowwefeartheBillmayaffectour operationsasacharity,ourCommunityandmembersintheUK. 3.Servicesofoverseasproviders Para19oftheBillsexplanatorynotesstates: Part1buildsonexistinglegislationbyrequiringtelecommunicationsoperatorstoobtainandretain communicationsdatatheywouldnotordinarilyretainfortheirbusinesspurposesforaperiodofupto12 months.Thismightincludedatarelatingto i theoperatorsownserviceswhicharenotwithinthescope ofexistinglegislation,andfromwhichdataisnototherwiseretainedforbusinesspurposes; ii the servicesofoverseasprovidersusedbypeopleinthiscountrywhichtransitsystemsbutwhichthesystem providercurrentlyhasnobusinesstoretain.
532 http://meta.wikimedia.org/wiki/Wikimedia_chapter http://wikimediafoundation.org/wiki/Home 533 WikimediaUKisaCharitableCompanyregisteredinEnglandandWales.RegisteredCompany 534 No.6741827.RegisteredCharityNo.1144513.RegisteredOffice:4thFloor,DevelopmentHouse,5664 LeonardStreet,LondonEC2A4LT http://www.wikimedia.org/ 535 http://www.parliament.uk/business/committees/committeesaz/jointselect/draft 536 communicationsbill/publications/
441
CharlesFarr,DirectorGeneral,OfficeforSecurityandCounterTerrorism,HomeOfficeatresponseto Q48537:confirmedthat: obligationsdoapplytooverseasprovidersandintheevent,whichIregardasunlikely,thatcooperation wasnotpossible,anenforcementroutewouldbeopentoMinisters,iftheychosetoexerciseit,through civilaction.Thiswouldapplyasmuchtooverseasprovidersastodomesticproviders. Theobligations,undertheBill,whichmaybeimposedontheserviceofoverseasprovidersusedby peopleinthiscountryisrelevanttoourconsiderationoftheBillasdetailedbelowatpara5. WikimediaUKandWikimediaFoundation WedonothaveownershiporcontroloverserversthatoperatetheWikimediaFoundationsprojects whichprojectsincludeWikipedia.Ourpublicwikiuk.wikimedia.orgishostedandownedbythe WikimediaFoundationintheUS.AllWikimediaUKstaff,somevolunteers,andalltrusteeshave administratorrightsonuk.wikimedia.orgwiki.However,wehavenoaccesstodataonusersfromthat wiki. Wehaveaccesstothecontributionhistoryofusersonthesite,aswellasthepubliccommunicationof usersonthatsiteasdoeseveryoneelse.TheWikimediaFoundation'stores/collects'thatdata. AfterstudyingtheBillweremainunclearastowhetherourcharity,WikimediaUK,wouldbeclassedasa telecommunicationsoperator. Howeverwefeelitisreasonabletofearthatweasanorganisationorasindividualmembersofstaff, Trustees,orvolunteers,whohavehigherleveladministrationrightsinrelationtousagedata,mayfall intotheclassificationsasaTelecommunicationsOperator. Suchconcernsandfearsmaystifleouroperationsasacharity,asmembersandstaffwhohave administrationaccesstousagedata,maybecomefearful,ofbeingsubjecttoobligationsundertheBill.In theextremecasetheWikimediaFoundationmaybecomecautiousaboutgrantingsuchadministrator accesstomembersoftheUKcommunityandtherebycurtailingthelevelofparticipationandactivityin theUK.Thiswouldaffectthecharitysabilitytoachieveitsfullpotential.Thecharityisayoung organisation,withtheaimoffacilitatingthedevelopmentanddisseminationofeducationalandcultural content.Thecharityhasseenafastrateofgrowthinthelastyear,andhascreatedfivefulltimesjobs. Continuedgrowthisforecast.Wewouldnotwelcomethissortofadditionalobligationsonthecharityor itscommunitywhichcouldbeimposedbytheBill. ThewidescopeoftheBill FrancisDavey538,Barrister,writingabouttheBillemphasisedtheworryingscopeoftheBillwhich reinforcessomeofourconcerns: thegovernmentmaydoprettymuchanythingthatisatleastrationallyconnectedtoensuringthat communicationsdataisavailable.Iftherewasanydoubtaboutthis,therestofclause1spellsoutjust howwidethepoweris,forinstance: requirements "youmust" orrestrictions "youmustnot" maybeimposedonanyone; theSecretaryofStatemaybegivenapowertoimposerequirementsandrestrictionsonanyonebynotice thoserequirementsmayincludeforcingtheuseofparticularsoftware,equipmentoralgorithms Itseemstomethatclause1isjusttoowide.Itallowsfartoomanythings.Thereareessentiallyno restraintstostopadeterminedgovernmentdoingwhatitwants. 53710thJulyoralevidencetoJointCommitteehttp://www.parliament.uk/documents/joint committees/communicationsdata/ucJCDCD100712Ev1.pdf 538http://www.francisdavey.co.uk/2012_06_01_archive.html
442
Whilstcommunicationsdata,relatingtoourcommunity,staffandmembers,maybemorereadily acquiredbypublicauthoritiesfromISPs,weremainconcernedbytheextentofthepowersgrantedtothe SecretaryofStateundertheBillasfunctioncreepandmissioncreepisnotentirelyunforeseeable shouldtheBillbecomelaw. Bywayofexample,ofmissionorfunctioncreep,werefertoapointtheChairmanoftheJointCommittee raisedaspartofevidencetakenon10thJuly2012 atQ61 inrelationtotheexistinglegislation, RegulatoryofInvestigatoryPowersAct2000 RIPA : whentheBill RIPA wascompletedtherewereabout32publicauthoritiesadded.Twelvemonthslater, weendedwith500addedandnowwehave650. Althoughtheabovee.g.illustratestheexpansion,underRIPA,ofthenumberofpublicauthoritiesthat couldrequestdata,weareconcernedthatundertheBill,moreorganisationsmaybecomesubjectto noticefromtheSecretaryofStateunders1,thanmaybecurrentlyenvisagedorintended. Conclusion WesubmitthatinitscurrentstatetheBillisnotfitforpurposeforanumberofreasonsincludingthe oneswehavehighlightedabove.WewoulddrawtheattentionoftheCommitteetothefactthattheUK wouldbeconspicuousbyexceptioninthedemocraticworldifthisBillwastobeenacted.Evidencegiven totheCommittee539suggeststhatthisextentofcollectionofdatahasonlybeenimplementednationally inChina,IranandKazakhstanandsuchnationalscalecentralisedlevelofdatacollectionhasnotbeen doneinademocraticcountry. August2012
539DrHoseininresponsetoQ124http://www.parliament.uk/documents/joint committees/communicationsdata/ucJCDCD110712Ev2.pdf
443
Nic Wisttreich
Modernwebservicesarebuiltarounduserssharingtheirpersonaldataandinformation,inthecloud. Thiscouldbesharingphotos,videos,statusupdates,thoughts,feelings,wishes,aspirationsand frustrationsandisthelifebloodofthemoderndigitaleconomy. CentraltothesuccessofthisareaofinnovationwhichspansfromInstagramtoFacebook,Beboto BlipPhotoaswellasdatingandpersonalssitesispeoplefeelingcomfortableandsafeaboutsharing theirdataandpersonalinformationwithaserver A'snooperscharter'whichestablishesinthemindofthepopulationthattheyarebeingwatchedinpublic andinprivateandthatanythingtheysayordowillbetakendownandcouldbeusedinevidenceagainst themisselfdefeatingonmanylevels. FirstlythosewhoIimaginethislegislationisdesignedtocatchpaedophilesandterroristswillbemore likelytouseencryptedprivatechannels.Meanwhiletherestofuswillgrowevermoreanxiousabout usingdigitalservicesthatencourageustoshareourpassingviewsandexperienceswiththeworld. There'salsotheveryrealissueofhowtokeepsuchadatabasesecure.Thisisthekindofissuethat someonewhohasn'tspenttheirlifeinITwillassumeisaseasyastheITcontractorconvincesthemitis. Butitisn't.Itwouldbeahugedatabase,andfilledwithinformationthatcouldbeusedtoblackmailor threatenpeople.Howmanypeoplemaynotwantto'comeoutthecloset'abouttheirsexuality?Or religiousviews?Ourpolitical,religious,sexual,socialandidealogicalinterestsareanindisputablepartof ourhumanfreedomandwehaveanunbreakablerighttokeepthemprivateunlessthereisgoodcause tobelievewemightbedoingorabouttodosomethingwrong. Instead,thispresumptionofguiltforthewholepopulationwithfulltimestatesurveillancewouldbea sad,backward,misguidedstep.Itmayseemwellintentionedandharmlessnow,butnoneofuscan predicthowafuturegovernmentmaychosetouseitnorindeeddowenowtheconsequencesitcould haveforreducinguseofweb2.0servicesandpushingrealcriminalstobetterencryptedchannels. IurgeyoutostepbackfromthebrinkandtakealookatthepeacefulpassingoftheOlympicsasclear evidencethatwearenotinsuchanemergencyastoneedsuchtinpotdictatormeasures. August2012
444
Ben Woodling
ThankyoufortakingthetimetoconsidermyviewsupontheDraftCommunicationsDataBill. IwasalarmedwhenhearingofearlyplansforthisBillsomemonthsagoandhaveunfortunatelynothad thetimetofollowdevelopmentsclosely. Lookingfromabroadperspective,citizensofthiscountryhaveseentheircivilrightserodedintheearly yearsofthismillenniumatarapidrate.Newpolicepowerstodetainterrorsuspectsfor28dayswithout charge,newstopandsearchpowershandedtothepolice,andrestrictionsontherighttopeaceful protesthaveallbeenintroducedinrecenttimes.Groupsdefendingcivillibertiesareunderstandably shockedbysuchchanges. InwritingtoyourselvesIwishtowriteasubstantiveandinformedletterasopposedtomerelysigningan onlinepetition.Pleasenote,however,thatIhavebeenmadeawareofthisconsultationprocessonlyvia contactbythecampaigningsite38Degrees.Iwillreplytosomeofthe26questionsindetailbutfirstIwill trytosurmisemythoughtsonwhatIfindmostworryingaboutthisDraftBill. Crucially,IthinkthatthechangesproposedinthisDraftBillwouldoverallhaveanegativeeffectonthe healthofUKcitizensandleadtoanincreaseincrime.Paranoiaisaseriousandincreasingprobleminour society.Thefearthatoneisbeingwatchedisaverycommonneurosisandmentalhealthcomplaint.The centralprovisioninthisBillistoenablethestatepowersandrelevantauthoritiestotracetheinternet andtelephonecommunicationsofthepublic.OnceimplementedtheideathatBigBrotheriswatching youisgivenfurthercredenceandreality.TheBillseemstosuggesttothepublicthatinordertokeep yousafeandwell,wewillpoliceyourconversations.ItishardnottoinferfromthisthattheGovernment wishingtomakesuchproposalslawisonethatisparanoidaboutitsowncitizenry. Idontwishtoliveinacountrywhereparanoiaissuchamarkedconcern.ItisbecauseofthisthatI opposetheBill.Tragicasthe7/7terroristatrocitieswereIdonotrecognisetheneedforheightened securitymeasuresintheshapeofsnoopingpowers.IwantaGovernmentthatsupports,encouragesand believesinitspeople,notonethatmistruststhem. Inreplytothe26questions: 1.No. 2.No.TheresaMayscommentsintheCommons:"Ascriminalsmakeincreasinguseofinternetbased communications,weneedtoensurethatthepoliceandintelligenceagenciescontinuetohavethetools theyneedtodothejobweaskofthem:investigatingcrimeandterrorism,protectingthevulnerableand bringingcriminalstojustice."Thisispoliticalmediaspin.Thesecommentsfailtoaddressthesignificant civillibertiesandtechnicalconcernsthatmanyinterestedpartiesseekanswersto. 3.Verypoorly.IperhapscantsaytoomuchabouttheLevesonInquirybuttherehaveobviouslybeen severecriticismsofthesnoopingpowersofNewsCorporationandsuggestionsthatboththeMetropolitan PoliceandLabourandConservativegovernmentshavebeen,ifnotinvolved,highlyawarethatsuch snoopingputthatmediamultinationalinapositionofmuchpower.Withaccesstocommunications informationthroughtechnicalgadgetrybecomingmorewidespreadandpotentiallypurchaseableIfeel thesensiblemovefortheGovernmentandpoliceistobackofffrominfringingonthepublicsrightto privacy. 4.PlentyofothercountrieshappilyworkwithJudicialwarrantsforCommunicationsData,ratherthanthe UK"selfauthorisation"approach. 5.DataPreservationforspecific,narrowlytargetedinvestigations,restrictedtoSeriousCrimesonly, ratherthanmassiveDataRetentionofalmostentirelyinnocentdata. 8.Yes,Ithinkthatisquitepossible.Thiscouldresultinhigherconsumerprices. 9.Iverymuchdoubtthatforecastingabudgetforatenyearimplementationcaninanywayforesee changestopolicies,politicalandeconomicdevelopmentslyingahead,letalonetechnicaldifficulties. Financially,Ithinkthismoneycouldbebetterallocatedtospendingonmoreconventionalpublicservices suchasschoolsandhospitals.
445
10.No.Iwouldimaginethataselectgroupofcompanyownersandshareholdersmayforawhilemake millionsofpoundsthroughthecontractingoutofthisschemebutitwouldleadtoafinanciallossforthe averageUKtaxpayer. 11.No. 12.TheremustbenoOrdermakingpowersatallintheCommunicationsDataBill. 13.Mostlyunrealistic.Nothelpfulforfightinginternationalterrorism. 14.SeriousCrimeonly. 15.Muchtoolong. 17.Yes.AwarrantsignedbyanindependentJudge notonesignedbytheHomeSecretaryoranyother politicianorseniorWhitehallbureaucrat whichcanbechallengedinCourtifnecessaryshouldbe requiredforallCommunicationsDatasnooping,includingthePoliceandIntelligenceAgencies. 18.No. 19.No. 20.No. 21.FailuretoadheretotheCodeofPracticeshouldnotamounttoanoffence. 22,23,24,25and26aretechnicalquestionswhicharedifficulttoanswer. 25.HoweasywillitbeforindividualsororganisationstocircumventthemeasuresinthedraftBill?isan interestingquestion.Onewouldhavetohaveintenttocircumventpolicingbythismethodandperhaps technologytogetaroundsuchmethods,oraprivatetelephonynetwork.Seriousfraudstersandterrorists wouldbequitelikelytopaytoaccesssuchmethodsofavoidingtheircommunicationsbeingpoliced.It becomeseasytoforecastthatwhiletheimplementationofthisschemewouldcostmuch,thesecurity serviceswouldbechasingthosegroupsworkingofftheradar. Iamnoexpertontheseissues.Thereissuchconfusionsurroundingtechnology,communicationsdata andstatesurveillancepowers.Ithinkthatbroadeningtherangeofcollectionofcommunicationsdataisa costlyandbackwardsstep. August2012
446
Andy Wrigley
Safeguards Thedraftbilldoesnotappeartoadequatelyprotectthepublic: 1. Wehaverecentexamplesofcorruptpoliceofficersleakingpersonalinformation;andnotquiteso recentcasesofsecurityservicepersonnelobtainingandusinginformationillegallybecauseoftheirown politicalpersuasion.Likewisetelecomsworkershavebeenjailedforobtainingandusingpersonaldatain fraud. Thisbillwouldcreatehugesourcesofpersonaldata.TheGovernmenthasadutytoprotectourpersonal data.Evidenceshowsthatpersonaldataisaccessedillegally,socontrolslikeapprovalandwarrants willnotprotectus. i. Howwillyoupreventillegaluseofthisinformation? AsIseeit,youwouldhavetohavesoftwaremonitoringandrecordingaccess truepreventionis impossible .Tobereasonablyeffective,andmakecircumventionharder,monitoringwouldhavetobe locatedoneveryservergatheringandstoringthedata.Toreliablyalertonmisuse surelynecessary wouldrequireArtificialIntelligencecapabilitiesthatdon'tcurrentlyexist. ii. aresafeguardsthatreliablyprevent,oralertonillegaluse,tobeincludedinthedraft?Ifsowhat isthemechanismandhowmuchwillitcost? 2. Wecurrentlyhavefreedomofexpression.YoucannotguaranteethattheUKwillneverhavea totalitarianGovernment.I'msurethatintheeconomicdepressionofthe1920sthemajorityofItalians, Spanish,andGermansdidn'tanticipatetheirfuturefascistregimes.ImaginewhattheNaziscouldhave donewithaccesstostoredinformationoneveryonescorrespondenceandcontacts.Thesepowersare similartothoseemployedbyChinaandIranandwouldbeagifttoanyarmoftheUKGovernmentthat wishedtoabuseitsauthority. iii.HowcanyoupreventafuturetotalitarianGovernmentfromignoringoramendinglawstoaccessthe informationstoredasaresultoftheActe.g.toweedoutandimprisonpeopleforviewstheyexpressed privately? ShortofissuingallUKsubjectswithastoreddatadestructbuttonIcannotseehowthisabusecouldbe prevented. Youmayviewthisasasmallrisk.However,itspotentialimpact,andconsequences,onthepeopleyou represent,issogreatitcannotbeignored. Political/InternationalStanding 3. TheUKhasbeencriticalofChina'spolicytowardstheinternetanditscitizens.Afewmonthsago Isawthiscomment redraftbill intheChinesepressjustifyingtheirpolicies"theBritishgovernment hasfinallyrecognizedthatabalanceneedstobestruckbetweenfreedomandmonitoring". iv. Ifthisbillispassed,howwouldtheGovernmentandtheOppositionrespondtosuchcomments intheChinesepress? Effectiveness 4. AssomeonewhohasworkedinITandsecurityfor30yearsIconsidertheseproposalswillhave minimaladditionalimpactonpreventingorinvestigatingcrime/terrorism.Theterroristandcriminalswe needtobeafraidofwillbeabletocircumventtheinformationgathering.
447
5. Existinglawsalreadyallowmonitoringofsuspectssuchasterrorists.Existinglawswerealso sufficienttoquicklyidentifyandarresttheFacebookuserincitingariot,andalsothepersonwhotweeted abusetoTomDaley.Theywouldnothavebeenpreemptivelyidentifiedandarrestedbecauseofa CommunicationsDataAct. 6. Whenpassed,itmightaidinthearrestofasmallnumberofminorcriminals,butatthecost exposingyourvotersprivatedatatorisk,personalprivacy/freedom;andplaceusinthesamepolicestate campasChina,Iran,theUSSRandNazis. August2012

Formatted Written Evidence

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Formatted Written Evidence

Diunggah oleh

Hak Cipta:

Format Tersedia

House of Lords House of Commons Joint Committee on Draft Communications Data Bill

Draft Communications Data Bill

The Joint Committee on the Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Nic Wisttreich Ben Woodling Andy Wrigley

443 444 446

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

2DraftCommunicationsDataBillprivacyimpactassessment PDF 3CommunicationsDataBillkeybackgroundinformation PDF 4StrategicDefenceandSecurityReview

Draft Communications Data Bill

6FreedomofInformationrequesttoRoyalMailabouttheCommunicationsDataBill. http://www.whatdotheyknow.com/request/119538/response/295611/attach/html/3/Allonby%20 120712.pdf.html

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Streetofficialshopethehitechsystemwillcrackdownonthe1.4millionmotoristswhodrive withoutinsurance ByMartinFricker,DailyMail12Mar2012

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Acpo ,saidthe proposalswerenotappropriateinafreecountry. http://www.telegraph.co.uk/news/uknews/lawandorder/9183641/Newsnoopingpowers couldbeillegalhumanrightswatchdogwarns.html

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

The Bar Council of England and Wales

Draft Communications Data Bill

2009 1AC908 http://www.publications.parliament.uk/pa/ld200809/ldjudgmt/jd090311/mce1.htm

Draft Communications Data Bill

Draft Communications Data Bill

35http://www.legislation.gov.uk/uksi/2010/461/introduction/made 36http://www.legislation.gov.uk/uksi/2010/123/introduction/made 37http://www.legislation.gov.uk/uksi/2010/462/introduction/made

http://www.legislation.gov.uk/uksi/2010/463/introduction/made 38http://www.publications.parliament.uk/pa/ld201011/ldhansrd/text/111215 gc0001.htm#11121597000383

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

BCS, The Chartered Institute for IT

Notethelistoflegitimatepurposes wheretherighttononinterferenceisnotobligatory ,onpage 100ofthedraftBillandcopiedhereonpage7,underheadingSafeguards.Thelistisextensiveand appearstobewiderinscopethanthepurposestatedbyTheresaMayquotedabove.

HastheGovernmentmadeaconvincingcasefortheneedforthenewpowersproposedinthedraft Bill? TheInstitutedoesnotbelievethatthecaseisentirelyconvincing.Weareoftheopinionthatthereare inconsistenciesbetweenthestatedpurposeandproposal.

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

i Itisimportanttonotethatanysystem,evenwithchecksandbalances,isopentoabuse. ii Page99ofthedraftBillstates:Thepermittedpurposespursuethelegitimateaimssetoutin clause9 6 ,namely: a intheinterestsofnationalsecurity, b forthepurposeofpreventingordetectingcrimeorofpreventingdisorder,

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

TheInstitutehasnoviewontheoptionsbeyondthosealreadyexpressedintheresponsetoprevious questions. August2012

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill

Draft Communications Data Bill