The dangers of data snooping – Angela Patrick

Civil liberties and the coalition have been happily filling the political pages this week. The damning conclusion of the Joint Committee on Human Rights that there is no evidence to justify expanding closed proceedings (expertly dissected by Rosalind English earlier in the week) vied for column inches with leaks that the Government planned to introduce “real time” monitoring of how we use the internet in the interests of national security.

These latter “snooping” proposals echo the ill-fated Communications Data Bill 2008, proposed by the Labour Government. After cross-party condemnation and criticism from the Information Commissioner’s Office and others, that Bill was withdrawn, with Home Office officials sent back to the drawing board.

After meeting similar condemnation in the press and online this week, and reservations expressed by the Deputy Prime Minister; it appears we can expect a draft Communications Data Bill to be resurrected in the Queen’s Speech.

The draft Communications Data Bill: What’s likely to be on the table?

There is very little information about the substance of the Government’s proposals in the public domain. Liberal Democrat MPs and others have criticised this lack of public information provided on the direction of travel. The plan seems to be to expand the Government’s capability to access communications data connected to e-mail and internet use, providing for “real time” monitoring of activity and requiring internet service providers to install new hardware to improve storage of information and facilitate Government access.

Both the Prime Minister and the Home Office blame advancing technology for gaps in the existing law on surveillance, which they argue make the detection and prevention of crime more difficult. It has been suggested that criminals are moving away from the use of mobile phones to Skype and other web-based forms of communication, and that current law has failed to keep up. The Deputy Prime Minister has accepted that the existing rules may need to be changed to “keep pace with technology”.

The Home Secretary argues “new technology can also be abused by criminals, paedophiles and terrorists who want to cover their tracks and keep their communication secret”. She adds “there are no plans for any big Government database. No one is going to be looking through ordinary people’s e-mails or Facebook posts. Only suspected terrorists will be investigated”. Both the Prime Minister and the Deputy Prime Minister have been quick to issue assurances that plans will not apply to the substance of what we say online or in e-mails. In order to secure access to that material, a “warrant” would still be necessary.

What’s the problem?

Late last year, JUSTICE published its own call for the modernisation of surveillance in the UK, including the controls on communications data. In Freedom from Suspicion, we call for operation for wholesale reform of the Regulation of Investigatory Powers Act 2000 (“RIPA”), to improve transparency and accountability and to ensure a proportionate balance is struck between the need for legitimate surveillance and the individual right to privacy.

Reviewing the criticism of the previous proposals to expand communications data surveillance, it would appear to apply equally to recent leaks:

  • The Government rightly makes the distinction between “communications” and “communications data”. Traditionally this distinction was simple and easy to understand: a letter was communication; the information on the envelope, communications data. However, expanding technology means that communications data related to digital communication is increasingly more complex, provides more information about individuals and difficult to detach from the substance of any exchange. Even if the two can technically be separated, which has been called into question, as the Information Commissioner has cautioned, “you can tell an awful lot about some people’s circumstances from the people they are talking to and the websites they visit” (Freedom from Suspicion, paragraphs 182 – 186)
  • The Home Secretary and the Prime Minister assure us that the Government will only use expanded powers for the limited investigation of legitimate threats. However, the arrangements for the storage of information about where we go and what we do on the web engage our right to respect for privacy. That the Government may not wish to access this material doesn’t automatically render that storage proportionate and necessary. Expanding the arrangements for storage must be justified. Whether Government access to that information can be justified, and if so, what safeguards are appropriate is a distinct issue. As the Information Commissioner has warned, expanding powers to access everyone’s information creates a “step-change” in the relationship between the State and the individual. Is this change justifiable? When the Government may be looking for the proverbial needle in a haystack, will expanding the haystack actually be counterproductive? Freedom from Suspicion, paragraphs 172 – 181
  • The existing powers which public authorities have to access communications data are extremely broad, and accompanied by very few safeguards. If any public authority seeks communications data now, they must persuade a colleague in their organisation that they believe it is necessary to act (RIPA, Section 22). The Protection of Freedoms Act will require local councils to check with a judge, but other bodies, including for example, the Charity Commission, the Food Standards Agency and the Pensions Regulator, remain free from scrutiny Freedom from Suspicion, paragraphs 149 – 171).

Unfortunately, the leaked plans fail to address the underlying failings inherent in RIPA. At the heart of JUSTICE’s concerns is a simple question: shouldn’t most surveillance – including communications data requests – be subject to prior judicial oversight?

A panoply of problems with RIPA continue to surface; over the past year we’ve seen phone hacking, the problems caused by inadequately controlled undercover agents and the potential collapse of the Mark Duggan inquest due to the bar on the admissibility of intercept evidence (Freedom from Suspicion, paragraphs 9-10, 129-139).

Before the Government asks for new powers of surveillance, it should get its house in order.

Where next?

The early leaks testing public and political opinion illustrate that opposition to these proposals is at least as strong as in 2008. We share the many concerns expressed that proposals echoing the Communications Data Bill 2008 would potentially impinge on individual privacy and have a chilling effect on the right to free expression (see JUSTICE’s response to the 2009 consultation).

That the Government appears to have downgraded from a Bill to a draft Bill is welcome. Consultation on a draft Bill – and an opportunity for pre-legislative scrutiny by Parliament – will provide an opportunity for a rational conversation about the regulation of surveillance and modernisation, to re-examine whether existing powers are fair, proportionate and accompanied by adequate safeguards.

If, as expected, any consultation is focused on expanding information available to Government, the cynical criticism that the (draft) Communications Data Bill is yet another power grab by the Security Agencies will be hard to avoid.

Angela Patrick is Director of Human Rights Policy at JUSTICE

Sign up to free human rights updates by email, Facebook, Twitter or RSS

Related posts:

6 thoughts on “The dangers of data snooping – Angela Patrick

  1. I recall that the increased powers given to the Police and other state agencies to combat terrorism and serious organised crime did not stop those agencies from using those powers for purposes other than those for which they were intended. I suggest that any increase in State surveillance powers, whatever the putative justification, is nothing other than a “land grab”.

    National Security is an elastic term and we should be mindful of Orwell’s work on Language and Politics when we hear governments using that expression, (or as one wag put it, “Patriotism is the last refuge of a scoundrel”) . An industrial strike called by a major trade union in a key industry could easily be presented by an unscrupulous government as a threat to National Security and provide justification to invoke draconian surveillance and other measures.

  2. One local authority in order to ‘save money’ ceased to provide their employee with monthly statements of salary and deductions. Instead, they require their employees to ‘log in’ to the local authority website to read their pay slips. In doing so, the local authority has the IP and email address of each of their employees with the ability to apply their RIPA powers of surveillance. A useful tool if you happen to be engaged in a dispute with them. The ability to remotely activate the camera on your PC or laptop is an equally useful window into your home. Every time you use the internet to disclose your voting registration information required by law. Every time you use the internet to renew your car tax with DVLA or order a repeat prescription from your GP, you hand over the current ‘key’ to open the door into your life and the ability to ‘farm’ the information held electronically on your PC or laptop.

    If you believe that the current powers of entry into your home without a warrant by a myriad of ‘officials’ is excessive, then imagine what can be achieved by 24/7 surveillance in the absence of your knowledge or consent.

    The most effective method of ‘normalising’ the ‘abnormal’ is the tranquillising drug of gradualism! As O’Brien said to Winston Smith during the interrogation of the latter in Orwell’s ’1984′: “Everyone will learn to love Big Brother because eventually there will be no one left who can remember a time when he did not exist”!

  3. “The Government rightly makes the distinction between “communications” and “communications data”. Traditionally this distinction was simple and easy to understand: a letter was communication; the information on the envelope, communications data. However, expanding technology means that communications data related to digital communication is increasingly more complex, provides more information about individuals and difficult to detach from the substance of any exchange. Even if the two can technically be separated, which has been called into question, as the Information Commissioner has cautioned, “you can tell an awful lot about some people’s circumstances from the people they are talking to and the websites they visit” (Freedom from Suspicion, paragraphs 182 – 186)”

    I wonder whether the Durant v FSA case of 2003, heard in the Court of Appeal, might shed some light in relation to the above excerpt. In that case, the C of A decided on a very narrow definition of personal data so that a transaction in which an individual had participated was not held to be personal data. Extending this idea to internet communication, might a similar argument apply, that is, a record of the fact that I emailed so-and-so on a particular date does not constitute my personal data and hence does not engage DPA 1998, or Article 8 HRA (to which DPA is intended to give effect)?.

    At the time of the Durant judgement, I recall the European Data Protectorate to be concerned at the narrow definition given to personal data by the Court of Appeal. Unfortunately, the EU did not in the end challenge the C of A’s interpretation in the European Court.

    However, if records of internet communications between persons, even when those records are detached from the contents of the exchanges, are deemed to be personal data then, as a (possibly mischievous) aside, could data subjects, en masse and by way of protest, serve DPA Section 7 Subject Access Requests on the ISP data controllers so as to impose an unsustainable burden on them and possibly to make the legislation unworkable?

    One final point. The RSA encryption algorithm is thought to be practically, although not theoretically, uncrackable. I would imagine that serious high end criminals and terrorists would invest in RSA and that GCHQ and other State agencies would gain no advantage from the proposed legislation as a consequence. Ironical really, when it was GCHQ that conceived the algorithm in the first place independently of the American academics who simultaneously conceived, developed and marketed it!

    So given that high end serious criminals and terrorists can shield themselves from State surveillance by adopting RSA whose internet communications would remain for the State to intercept? Why, the likes of ordinary people, who may use the internet for legitimate business or social purposes! Just as with the anti-money laundering regulations, such legislation is likely to be used against small time miscreants, or the general population as a tool of oppression. All at great cost too! And the country is supposed to be broke?

    Gawd, give me strength!

  4. The essential question that remains unanswered in all of this debate is “Why?”
    Why are these powers actually necessary?
    We are told they are necessary to counteract the actions of terrorists and criminals. But, surely, these are two wholly different categories? Is it not incorrect and inappropriate to conflate the two categories together? Should they not be treated differently?
    In the case of anti-criminal strategy, these proposed measures should be strictly dealt with separately from anti-terrorism or anti-espionage activities.
    During World War Two, the state was given additional powers to combat anti-terrorism and anti-espionage activities by hostile powers but the essential difference was that these powers were only ever meant to be temporary, not permanent. That is the essence of the state being granted dictatorial powers at a time of grave national threat, as in war time.
    The current proposals appear to envisage such new powers being granted to the state on an indefinite basis, which – I believe – is wrong. Any proposed legislation should be subject to annual review and annual renewal, so that once it is no longer considered necessary any more, the whole edifice of state surveillance can be swept away.
    What is unedifying is when we see serious state powers being used wrongly by local government officers to snoop on people for months on end after they have applied for school places for their children.
    There is also the question of state competence in keeping our personal data protected. The record – to date – does not exactly inspire one with confidence, does it?
    Surely, it should be incumbent upon the state authorities to have to prove the necessity of exercising any such powers. The very least this should involve is having any such powers being placed under the scrutiny of a hopefully sceptical judge. Ultimately, it must be the case that long-established English ideas of liberty and freedom demand the cessation of state snooping on all our lives. The day must come when such powers and technologies are brought to heel and ended.

  5. There is an old addage that says one must not trust anyone, particularly in an age of the internet and communication freedom, the higher up the ladder they are the more suspect they become. It is trite law that one must plant seeds on fertile grounds foremost so that one day they bear fruit and bear witness to iife for all to see. Like wise authorities snooping is nothing new but a warning in the midst of the Olympic threat.

    However, the dangers inherent in this proposed piece of legislation is the complete autonomy and a blanket slate to probe any material irrespective of its content or meaning, privacy or otherwise. This would just alert suspects to create new and more sophisticated means of communicae, language usage so that only they are able to interpret and disect, but to the untrained or unwitting eye it is nothing more than an interaction.

    To those who say done nothing, nothing to hide I say is that true the other way round, that is would the same agencies with snooping powers be prepared if they themselves became the object of the snoop. i suspect this is a real prospect if the legislation ever got through. My preferred option is for the agencies to think this through and lean on a corsaire, corsaire et dium option for the center ground is everything, the core, the heart of the conundrum.

  6. The immense cost of all this surveillance is hardly ever mentioned. Some £2 billion was mentioned in the media for this expansion of State powers. Is it not amazing just how much money there is when it suits government to increase its powers?

    The whole area of surveillance ought to be thoroughly reviewed with a view to (a) limiting it to serious crime investigation only and (b) limiting the number of bodies which may undertake surveillance.

    Any permitted surveillance should be brought under professional judicial control – (compare with PACE 1984 requirements).

Comments are closed.