ISPs and public believe Government data safeguards inadequate

OUT-LAW News, 17/11/2009

The internet access industry and members of the public have rejected the Government's plans to retain details of citizens' internet access, saying that safeguards for internet users' privacy were inadequate.

The Government conducted a consultation on its plans to which 54 organisations and 167 members of the public responded. Of the 221 submissions, 90 were in blanket opposition to the extension of the state's surveillance powers to include more details of what use was made of telecoms networks and when.

Of the remaining 131, just over a quarter said that they believed Government safeguards were good enough to protect internet users. Half said they were inadequate.

An interconnection facility that represents over 300 ISPs in matters of public policy, Linx, has published its full submission to the consultation. It says that the Government's proposal is not an attempt to "maintain" surveillance capability but to massively extend it, placing a burden on its members.

It also said that the proposed safeguards could not be said to be adequate because even current safeguards are problematic.

"The government’s proposal to extend the collection of communications data to incorporate so-called 'third-party' data would result in collection which is unprecedented both in volume and in the level of intrusion into personal privacy," said its submission.

"We are concerned by the Home Office’s inability to collect detailed information on the use of internet communications data under the current regime. This means that the Home Office appears to be unable to make an evidence-based assessment of the proportionality of the current regime as it applies to internet data (as it has turned out in practice), let alone to justify the proposed extension," it said. "This suggests that existing safeguards even for the current regime aren’t meeting even a basic minimum standard of protection, in that the Home Office cannot be sure of their proportionality in the round. Nothing in the current proposals would correct that short-coming."

That submission said that the existing Regulation of Investigatory Powers Act (RIPA) effectively strips individuals of their right to protest against surveillance.

"The existing RIPA regime is also open to criticism that it fails to provide adequate safeguards for the protection of individuals," it said. "It relies significantly upon the theoretical right of individuals to complain to the Regulatory Powers Tribunal about abuse; however this right is a nullity, a mere pretence and a sham, since individuals do not know when their data has been accessed."

"The safeguards indicated within the new proposals appear to constitute a continuation of the current, flawed safeguards, with almost no additional protection," the Linx submission said.

One member of the public responded to the consultation by saying: “I am deeply concerned that the government seems entirely happy for RIPA to allow everyone from the police to local authorities to access my communications data (everything from who I phone to what websites I look at) without a warrant or any judicial oversight”.

The non-profit organisation the Child Exploitation and Online Protection Centre backed the Government's plans, though, and said that its planned safeguards were sufficient.

Were additional levels of bureaucracy to be implemented, the ability to access communications data in a timely operational manner would be impeded and its value and use in investigations reduced," it said in its submission.

The Government said in its summary of the consultation responses that RIPA did contain enough protection of users' rights.

"RIPA contains strict safeguards which would make disproportionate and unnecessary ‘fishing expeditions’ unlawful," it said. "These safeguards mean that only applications for communications data which are related to specific investigations involving specific data will be capable of satisfying the tests of necessity, proportionality and legitimate aim. Broad enquiries which amount to no more than fishing expeditions attempting to uncover or predict crimes will fail the tests set out in RIPA and will remain unlawful."

The Government said that further independent oversight of the process would hinder its effectiveness.

"The value of independent oversight of the way in which public authorities access communications data under RIPA is not in question," it said. "The Government believes, however, that any requirement for authorisation by magistrates in relation to all acquisition of communications data could seriously impair the effectiveness of the techniques in question without bringing any real benefits in terms of protecting privacy."

"Magistrates are not best placed to apply the test of necessity and proportionality because they are not familiar with the operational parameters within which investigations are carried out. Nor would a system of authorisation by magistrates be compatible with the speed and flexibility which are frequently necessary to ensure that these techniques can be used effectively," it said.

See: The summary of responses (26-page / 360KB PDF)

Feedback | Printer-friendly page | Latest news | | All news feeds | Ask a lawyer