Draft Communications Data Bill

Last updated

The Draft Communications Data Bill (nicknamed the Snoopers' Charter or Snooper's Charter [1] ) was draft legislation proposed by then Home Secretary Theresa May in the United Kingdom which would require Internet service providers and mobile phone companies to maintain records of each user's internet browsing activity (including social media), email correspondence, voice calls, internet gaming, and mobile phone messaging services and store the records for 12 months. Retention of email and telephone contact data for this time is already required by the Data Retention Regulations 2014. [2] The anticipated cost was £1.8 billion.

Contents

May originally expected the bill to be introduced in the 2012–13 legislative session, carried over to the following session, and enacted as law in 2014. [3] However, the former Deputy Prime Minister Nick Clegg withdrew his support for this bill in April 2013, [4] saying "a law which means there would be a record kept of every website you visit, who you communicate with on social media sites ... it is certainly not going to happen with Liberal Democrats in government", [5] and his Liberal Democrat party blocked it from being reintroduced during the 2010-2015 Parliament. [6] Shortly after the Conservative victory in May 2015, May vowed to introduce the Communications Data Bill in the next parliament. [7] In November 2015, May announced a new Investigatory Powers Bill similar to the Draft Communications Data Bill, although with more limited powers and additional oversight. [8] [9]

History

Intercept Modernisation

The powers and intent of the Bill were preceded by plans under the last Labour administration to improve access to communications traffic data, under the Interception Modernisation Programme. [10] The plans did not become a firm legislative proposal and were strongly opposed by both Conservative and Liberal Democrat opposition parties.[ citation needed ] [11]

The new coalition agreement in 2010 committed to ending the storing of email and Internet records "without good reason". The IMP was not entirely abandoned however, and the Home Office under the new coalition committed to examining the problem of access to communications data under the Communications Capabilities Development Programme. [12] [13] [14]

Queen's Speech

The government announced its intention to legislate in order to "maintain capability" of law enforcement access to communications traffic data in 2012. [15]

Joint Committee

As the result of public reaction to the proposed Bill and internal Liberal Democrat opposition to the Bill, Nick Clegg asked for the Bill to be referred to a Joint Committee to scrutinise the proposal. The Committee reported in December 2012. [16]

Counter Terrorism Bill 2015

In 2015 a cross-party group of lords — Tom King, Baron King of Bridgwater, former Conservative Defence Secretary; Ian Blair, Baron Blair of Boughton, former Commissioner of Police of the Metropolis and crossbench peer; Alex Carlile, Baron Carlile of Berriew, former Independent Reviewer of counter-terrorism legislation and Lib Dem peer; and Alan West, Baron West of Spithead, former Labour Minister for Security and Counter-Terrorism — attempted to add the text of the Communications Data Bill to the Counter-Terrorism and Security Bill, which became the Counter-Terrorism and Security Act 2015. [17] [18] However this was dropped before going to a vote due to opposition. [19]

Powers

The bill would amend the Regulation of Investigatory Powers Act 2000.

Data collection

The bill would create a wide-ranging power to compel any 'communications service provider' to collect and retain additional information about their users. Current data retention obligations require ISPs to retain data collected for business purposes for longer than normal. Under the new bill, any organisation that interacts with users and produces or transmits electronic communications could be compelled to collect and retain information about them, even if it is entirely irrelevant to their business needs.[ citation needed ] [20]

Deep Packet Inspection

One technique that may be used to collect user data could be Deep Packet Inspection.

According to Office for Security and Counter-Terrorism Charles Farr, formerly of MI6, so-called "black boxes" – DPI – probes are not the "central plank" of the 2012 Communications Data Bill. The boxes would be used when communications service providers refuse to submit data, but he anticipated that most would maintain data about users in unencrypted form from which contact information could readily be separated from content. This would circumvent SSL encryption during transmission. He said that the DPI boxes were already "used as a matter of course" by ISPs. [21] The Mastering the Internet system was described in 2009 by The Register and The Sunday Times as the replacement for scrapped plans for a single central database, involving thousands of DPI "black boxes" at ISPs in association with the GCHQ base in Cheltenham, funded out of a Single Intelligence Account budget of £1.6 bn, including a £200m contract with Lockheed Martin and a contract with BAE Systems Detica. [22] In 2008 the black box infrastructure was operated by Detica, which had been expected to win additional contracts for its proposed expansion in the Communications Data Bill 2008. [23]

Filtering arrangements

The bill creates arrangements to interrogate and match data from different data sources. The justification is that only relevant data would be returned, thus improving personal privacy. Additionally, police cite problems matching data from for instance different cell phone masts.

However, the bill has been said to provide the legislative basis for a "giant database" that would allow "quite complicated questions" about "communications behaviors and patterns" which could become a "honeypot for casual hackers, blackmailers, criminals large and small from around the world, and foreign states", as Lord Strasburger described it, as the bill was scrutinised by the Joint Committee of MPs and peers. [3] [24]

The BBC reported that the Home Office stressed that the bill was intended for targeted surveillance rather than "fishing expeditions", but quoted opponent Nick Pickles, director of Big Brother Watch: "The filtering provisions are so broadly worded and so poorly drafted that it could allow mining of all the data collected, without any requirement for personal information, which is the very definition of a fishing trip."

Open Rights Group campaigner Jim Killock told the BBC that officials 'would be able to build up a complex map of individuals' communications by examining records of "their mobile phone, their normal phone, their work email, their Facebook account and so on",' which 'could compromise journalistic sources, deter whistleblowers and increase the risk of personal details being hacked'. [25] The human rights organization Liberty also called for rejection of what is being called the "Snoopers' Charter". [26]

Changes to oversight

The bill would change the authorisations given to police officers under RIPA. Instead of individual data requests being granted by a senior officer, the senior officer would grant powers once a month to investigating officers to conduct data requests on a topic they were investigating.

Additional changes to the role of Interception of Communications Commissioner and Information Commissioner are argued to improve oversight to the current arrangements under RIPA.

Justification

Cory Doctorow talks at the Open Rights Group event ORGCon 2012 about the bill

The basic justification is that communications traffic data is needed for investigations into serious crime, but access is declining. The Home Office cites that they expect access to decline from about 80% to around 60% of traffic data over the next decade if no action is taken. They also state, however, that the quantity of traffic data available is expected to grow by around 1000% in the same decade.

May stated that police made urgent requests for communications data in 30,000 cases last year and between 25% and 40% of them had resulted in lives being saved. She said that "There is a limited scope for the data we want to have access to. We have been very clear about that at every stage. The police would have to make a clear case for requesting access to data when there was an investigation that required it.... The aim of this is to ensure our law enforcement agencies can carry on having access to the data they find so necessary operationally in terms of investigation, catching criminals and saving lives" [24]

Though the bill had been mentioned in the context of terrorism and child sexual abuse, the powers could be used against minor crimes such as fly tipping. [27]

Reactions

A survey by YouGov, commissioned by Big Brother Watch, found that 71% of Britons "did not trust that the data will be kept secure", and half described the proposal as "bad value for the money" as opposed to 12% calling it "good value". At the RSA Conference Europe 2012, Jimmy Wales said the bill "will force many relatively small companies to hang on to data that they would not otherwise retain, which puts the data at risk". [28] Wales told MPs that Wikipedia would take action to hinder monitoring of users' interests by encrypting all communication to the UK by default if UK ISPs are mandated to track which pages on the site are visited. [29]

Speaking at the launch of the World Wide Web Foundation's Web Index Tim Berners-Lee (inventor of the World Wide Web) talking about the bill stated "In Britain, like in the US, there has been a series of Bills that would give government very strong powers to, for example, collect data. I am worried about that." He added, "If the UK introduces draconian legislation that allows the Government to block websites or to snoop on people, which decreases privacy, in future indexes they may find themselves farther down the list". [30]

Controversy

There are several main areas of controversy.

Patient and doctor private communication

As of November 2015, no ISP has announced or made public how they will handle and store information securely.

Physical limitations

From costs to how to power the machines, there are incredibly tough technical issues facing ISPs and some they might not be able to overcome. The sheer volume of data will push hardware software and network technologies beyond their design.

ISPs to retain logs for 12 months

The bill proposed that the obligation imposed on ISP providers to retain data about their clients online activities is vastly expanded. [31] The current legislation allows ISP providers to retain information on clients for business purposes with a maximum time limit of 12 months. The proposed legislation will oblige communication service providers (CSPs) to retain a variety of information for 12 months and make this information available to state authorities upon request. The UK Internet Services Providers' Association (ISPA) have issued a statement raising concerns about the impact on the competitiveness of UK CSPs as it creates a less attractive and more onerous environment in which companies have to work. [32] The ISPA also question whether there is a need to expand the scope of data retention requirements and requested a more detailed explanation of what, in practice, will be required of them. [32]

Weakening encryption

Former UK Prime Minister David Cameron openly expressed a desire for encryption to be weakened or encrypted data to be easily accessible to legal forces in order to tackle terrorism and crime. This viewpoint has been widely addressed as uninformed and greatly dangerous to the privacy and information of the general public because of the dangers that this initiative would entail. [33]

A ban on encryption would result in all information stored online to be openly visible to anyone, this information would include data such as bank details that might be input on online shopping websites, addresses, personal details as well as private messages sent on messaging services such as iMessage and WhatsApp that all use encryption in order to protect the identity and information of their users.

The encryption measures currently in place work on the basis that no third party would be able to access the data and banning this practice would mean that it would open not only to the government but also to anyone interested because encryption measures are not set to be sensitive to certain access requests, they are fully protective of all data stored under those measures.

Experts have made it clear that weakening or banning encryption would be extremely dangerous and damaging to the safety of the economic Internet environment and could have great repercussion on the information stored online and how it is used. [34]

Oversight

The UK is unusual in the arrangement that Ministers sign off on warrants when the inspection of bulk collected data is requested by the security services. Just under 3 thousand warrants were requested and authorized in 2014 by the Secretary of State. Typically, in most democracies, independent judges decide and sign off police warrants in the cases where surveillance is of an intrusive nature. [35] Recently published Independent Review of Terrorism Legislation calls for UK to adopt the judicial authorisation as it is practised by other developed democracies. [36]

There is a concern that No 10 will disregard the request for the reform of the oversight and the call for independent judges handling the sign off in the cases of highly intrusive surveillance. [37]

Costs

Costs have been estimated at £1.8bn over the next ten years. However the basis of the calculations used to reach this figure have not been made public. [38]

See also

Related Research Articles

<span class="mw-page-title-main">Regulation of Investigatory Powers Act 2000</span> United Kingdom legislation

The Regulation of Investigatory Powers Act 2000 is an Act of the Parliament of the United Kingdom, regulating the powers of public bodies to carry out surveillance and investigation, and covering the interception of communications. It was introduced by the Tony Blair Labour government ostensibly to take account of technological change such as the growth of the Internet and strong encryption.

<span class="mw-page-title-main">Mass surveillance</span> Intricate surveillance of an entire or a substantial fraction of a population

Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is often distinguished from targeted surveillance.

Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.

Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements. Although sometimes interchangeable, it is not to be confused with the Data Protection Act 1998.

Internet censorship in the United Kingdom is conducted under a variety of laws, judicial processes, administrative regulations and voluntary arrangements. It is achieved by blocking access to sites as well as the use of laws that criminalise publication or possession of certain types of material. These include English defamation law, the Copyright law of the United Kingdom, regulations against incitement to terrorism and child pornography.

The Internet in Zimbabwe has seen rapid expansion in recent years. The Internet country code top-level domain is .zw. In 2009, the Mugabe-Tsvangirai Government of National Unity established a Ministry of Information and Communications Technology to focus on ICT growth and development.

An Internet kill switch is a countermeasure concept of activating a single shut off mechanism for all Internet traffic.

The Protecting Children from Internet Pornographers Act of 2011 was a United States bill designed with the stated intention of increasing enforcement of laws related to the prosecution of child pornography and child sexual exploitation offenses. Representative Lamar Smith (R-Texas), sponsor of H.R. 1981, stated that, "When investigators develop leads that might result in saving a child or apprehending a pedophile, their efforts should not be frustrated because vital records were destroyed simply because there was no requirement to retain them."

The Protecting Children from Internet Predators Act was a proposed amendment to the Criminal Code introduced by the Conservative government of Stephen Harper on February 14, 2012, during the 41st Canadian Parliament.

<span class="mw-page-title-main">Mass surveillance in the United Kingdom</span>

The use of electronic surveillance by the United Kingdom grew from the development of signal intelligence and pioneering code breaking during World War II. In the post-war period, the Government Communications Headquarters (GCHQ) was formed and participated in programmes such as the Five Eyes collaboration of English-speaking nations. This focused on intercepting electronic communications, with substantial increases in surveillance capabilities over time. A series of media reports in 2013 revealed bulk collection and surveillance capabilities, including collection and sharing collaborations between GCHQ and the United States' National Security Agency. These were commonly described by the media and civil liberties groups as mass surveillance. Similar capabilities exist in other countries, including western European countries.

Mass surveillance in Australia takes place in several network media, including telephone, internet, and other communications networks, financial systems, vehicle and transit networks, international travel, utilities, and government schemes and services including those asking citizens to report on themselves or other citizens.

<span class="mw-page-title-main">Data Retention and Investigatory Powers Act 2014</span> United Kingdom legislation

The Data Retention and Investigatory Powers Act 2014 was an Act of the Parliament of the United Kingdom, repealed in 2016. It received Royal Assent on 17 July 2014, after being introduced on 14 July 2014. The purpose of the legislation was to allow security services to continue to have access to phone and internet records of individuals following a previous repeal of these rights by the Court of Justice of the European Union. The act was criticised by some Members of Parliament for the speed at which the act was passed through parliament, by some groups as being an infringement of privacy.

The UK encryption ban was a pledge by former British prime minister David Cameron to ban online messaging applications that offer end-to-end encryption, such as WhatsApp, iMessage, and Snapchat, under a nationwide surveillance plan. Cameron's proposal was in response to the services which allow users to communicate without providing the UK security services access to their messages, which in turn could allegedly allow suspected terrorists a safe means of communication.

<span class="mw-page-title-main">Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015</span> Act of the Parliament of Australia

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015(Cth) is an Act of the Parliament of Australia that amends the Telecommunications (Interception and Access) Act 1979 (original Act) and the Telecommunications Act 1997 to introduce a statutory obligation for Australian telecommunication service providers (TSPs) to retain, for a period of two years, particular types of telecommunications data (metadata) and introduces certain reforms to the regimes applying to the access of stored communications and telecommunications data under the original Act.

<span class="mw-page-title-main">Investigatory Powers Act 2016</span> United Kingdom legislation

The Investigatory Powers Act 2016 is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016. Its different parts came into force on various dates from 30 December 2016. The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police. It also claims to improve the safeguards on the exercise of those powers.

The modern capabilities and legal framework for mass surveillance in the United Kingdom developed under successive governments of the United Kingdom since the late 20th century.

Targeted surveillance is a form of surveillance, such as wiretapping, that is directed towards specific persons of interest, and is distinguishable from mass surveillance. Both untargeted and targeted surveillance is routinely accused of treating innocent people as suspects in ways that are unfair, of violating human rights, international treaties and conventions as well as national laws, and of failing to pursue security effectively.

The Special Envoy on Intelligence and Law Enforcement Data Sharing is a British creation of the diplomatic corps at Cabinet level to report on, and facilitate dialogue between the executive branch of government and technology firms, often global in nature, that provide service in the internet realm.

Human rightsandencryption are often viewed as interlinked. Encryption can be a technology that helps implement basic human rights. In the digital age, the freedom of speech has become more controversial; however, from a human rights perspective, there is a growing awareness that encryption is essential for a free, open, and trustworthy Internet.

<span class="mw-page-title-main">Internet censorship and surveillance in Oceania</span>

This list of Internet censorship and surveillance in Oceania provides information on the types and levels of Internet censorship and surveillance that is occurring in countries in Oceania.

References

  1. Walker, Claire (2009). "Data retention in the UK: Pragmatic and proportionate, or a step too far?". Computer Law & Security Review. 25 (4): 325–334. doi:10.1016/j.clsr.2009.05.008. ISSN   0267-3649.
  2. UK Parliament (30 July 2014). "UK Statutory Instrument No. 2042".
  3. 1 2 Alan Travis (31 October 2012). "MPs call communications data bill 'honeypot for hackers and criminals'". The Guardian. London.
  4. "Nick Clegg 'Kills Off Snooper's Charter'". TechWeek Europe. 25 April 2013. Archived from the original on 12 May 2013. Retrieved 3 May 2013.
  5. Cecil, Nicholas (25 April 2013). "Clegg blocks snoopers' charter and scorns efforts to deport Qatada". London Evening Standard . p. 2.
  6. Press Association (23 November 2014). "Theresa May moves to give police powers to identify internet users". The Guardian.
  7. "Theresa May to revive her 'snooper's charter' now Lib Dem brakes are off". The Guardian. 9 May 2015. Retrieved 23 May 2015.
  8. "Theresa May says 'contentious' parts of web surveillance plan dropped". BBC. 1 November 2015. Retrieved 9 November 2015.
  9. "Britain to present new watered down surveillance bill". Reuters. 1 November 2015. Archived from the original on 7 March 2016. Retrieved 10 November 2015.
  10. Danby, Grahame (6 January 2009). "Draft Communications Data Bill". House of Commons Library. Retrieved 16 July 2016.
  11. Ward, Philip (16 October 2021). "Communications Data: The 2012 draft Bill and recent developments".
  12. Alex Deane (20 October 2010). "A U-turn on reversing the surveillance state". New Statesman. Retrieved 15 February 2016.
  13. Strategic Defence and Security Review Archived 2011-06-11 at the Wayback Machine
  14. Stewart Mitchell (20 February 2012). "Anger over mass web surveillance plans". PC Pro.
  15. Queen's Speech 2012 at-a-glance: Bill-by-bill, 10 May 2012
  16. "Joint Select Committee: Draft Communications Data Bill". Parliament. 11 December 2012. Retrieved 11 November 2015.
  17. Patrick Wintour (22 January 2015). "'Snooper's charter': four Lords in bid to pass changed version before election". The Guardian . Retrieved 19 October 2015.
  18. "Net firms condemn revival of 'snoopers' charter'". BBC News. 23 January 2015.
  19. "'Snoopers' charter' revival dropped by peers". BBC News. 2 February 2015.
  20. Chivers, William. "Resisting digital surveillance reform: The arguments and tactics of communications service providers". Surveillance and Society 17.
  21. Kelly Fiveash (11 July 2012). "Top spook: ISP black boxes NOT key to UK's web-snoop plan". The Register.
  22. Christopher Williams (3 May 2009). "Jacqui's secret plan to 'Master the Internet':'Climb down' on central database was 'a sideshow'". The Register.
  23. Christopher Williams (8 October 2008). "Spy chiefs plot £12bn IT spree for comms überdatabase:Black boxes to keep Black's firm in the black". The Register.
  24. 1 2 Warwick Ashford (1 November 2012). "Parliamentary committee joins criticism of draft communications data bill". Computerweekly.com. Computer Weekly.
  25. Brian Wheeler (19 July 2012). "Communications Data Bill creates 'a virtual giant database'". BBC.
  26. "Liberty urges government to reject Snoopers' Charter". Pink News. 8 November 2012.
  27. Tom Whitehead (21 November 2012). "Use stronger snooping powers against fly tipping, watchdog urges". The Telegraph. London.
  28. Warwick Ashford. "Most UK citizens do not support draft Data Communications Bill, survey shows". Computerweekly.com. Computer Weekly.
  29. Kate Solomon (6 September 2012). "Jimmy Wales promises to encrypt Wikipedia against snooping bill". Tech Radar.
  30. Lucy Kinder (6 September 2012). "Sir Tim Berners-Lee accuses government of 'draconian' internet snooping". The Telegraph. London.
  31. Withnall, Adam (10 May 2015). "Snoopers' Charter: Theresa May's plan to push ahead with Communications Data Bill sparks online campaign for internet freedom". The Independent. London. Retrieved 17 July 2015.
  32. 1 2 ISPA. "ISPA response to joint Committee on the draft Communications Data Bill" (PDF). Internet Services Providers’ Association. Retrieved 17 July 2015.
  33. James Ball (13 January 2015). "Cameron wants to ban encryption – he can say goodbye to digital Britain". The Guardian. Retrieved 15 February 2016.
  34. http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=8 [ bare URL PDF ]
  35. Griffin, Andrew (11 June 2015). "Scrap UK Spying Laws". The Independent. London. Retrieved 17 July 2015.
  36. "A Question Of Trust - The Independent Review of Terrorism Legislation" (PDF). Retrieved 17 July 2015.
  37. Sparrow, Andrew (11 June 2015). "No 10 hints it will ignore David Anderson's Report Recommendations". The Guardian. Retrieved 17 July 2015.
  38. Hart, Spencer (13 January 2015). "What is the 'snoopers' charter' and how could it affect you if it becomes law?". Digital SPy. Hearst Magazines. Retrieved 17 July 2015.