Out-Law News 5 min. read
09 May 2012, 4:54 pm
The draft Communications Data Bill will include proposed changes to the way law enforcement bodies can currently access "communications data" under the EU's Data Retention Directive and the Regulation of Investigatory Powers Act (RIPA) in the UK.
"My Government intends to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public, subject to scrutiny of draft clauses," the Queen said.
Communications data includes information about the timing and duration of telephone calls, the email address communications are sent to as well as the location of the person initiating the communications. It does not include the content of those communications.
According to the Home Office's outline of what the draft Bill will contain, the new laws will provide "an updated framework for the collection, retention and acquisition of communications data which enables a flexible response to technological change".
Under the new laws communication service providers (CSPs) would have to "ensure communications data remains available to law enforcement and other authorised public authorities" subject to "strict safeguards".
The safeguards would include ensuring that CSPs delete communications data they store after a year as well as "measures to protect the data from unauthorised access or disclosure", according to the Home Office.
Under the draft Bill the role of the Interception of Communications Commissioner (IoCC) would be extended "to oversee the collection of communications data by [CSPs]". An independent 'Technical Advisory Board' would also provide CSPs with a means to consult on the "impact of obligations placed upon them". Individuals could also complain about alleged misuses of powers to "senior judicial figures" who would form an independent Investigatory Powers Tribunal. The Tribunal would "ensure that individuals have a proper avenue of complaint and independent investigation if they think the powers have been used unlawfully".
The Home Office also said that the Bill would remove "weaker safeguards" for accessing communications data that current exist under law.
The plans were heavily criticised by digital freedoms campaigners.
"This is a direct attack on the Coalition's promise to end the storage of email data without good reason," Jim Killock, executive director of the Open Rights Group, said. "Gaining access to your Facebook and Google data without court supervision is not preserving powers, it is a massive extension of the ability of a police officer to see what you are doing."
"It would be wide open to abuse, endangering whistleblowers and journalists' sources. The interception powers open a whole new can of worms. No law has ever previously claimed that people's communications data should be collected by third parties just in case. This data has never been previously collected. This Bill could mark the end of the government's reputation as a force for protecting our freedom and privacy. They should scrap it now," Killock said.
However, Charles Farr who is head of the Office for Security and Counter-Terrorism at the Home Office said the existing legal framework for obtaining communications data did not always work, according to a report by the Guardian newspaper.
"In some cases it is no longer possible to obtain data about the sender and recipient of an email," Farr said, according to the Guardian's report. "Communications data from internet-based services is not always available; for some internet-based services it is not generated, collected and stored by the internet service provider. Many service providers are based overseas."
"About 25% of requests for communication data by the police and agencies can no longer be met. This has a direct impact on the investigation of crime in this country and our ability to identify and then prosecute criminals and terrorists," he said.
Law enforcement bodies currently have the power to access historic communications data held by telecoms firms under the EU's Data Retention Directive. The Directive was established in 2006 to make it a requirement for telecoms companies to retain personal data for a period determined by national governments of between six months and two years. The Commission decided to regulate following terrorist attacks in Madrid in 2004 and London in 2005.
Telecoms firms are required to retain identifying details of phone calls and emails, such as the traffic and location, to help the police detect and investigate serious crimes, the Directive states. The details exclude the content of those communications.
Law enforcement bodies in the UK also already have the power to intercept individuals' communications in certain circumstances. RIPA enables law enforcement bodies to intercept communications by requiring telecoms providers to hand over certain information they hold.
Telecoms companies have a duty under RIPA to hand over communications data it has or could obtain about customers when asked to do so by police unless "it is not reasonably practicable" to do so. The Home Secretary can ask the courts to issue an injunction "or any other appropriate relief" against telecoms firms that fail to comply with their duty under RIPA. The type of injunction that courts can issue is not defined by RIPA. However, first the law enforcement bodies must obtain the Home Secretary's authorisation to intercept the communications.
Under RIPA the Home Secretary has to assess whether the request to intercept communications is necessary and proportionate in order to protect the UK's national security interests, prevent and detect terrorism and serious crime or to safeguard the UK's economic well-being.
Under the Act the Home Secretary must consider certain factors relating to the necessity and proportionality of any interception before authorising it, including "whether the information which it is thought necessary to obtain under the warrant could reasonably be obtained by other means".
The Act can be used by law enforcement agencies to force telecoms companies to hand over customers' details in order to tap phone, internet or email communications.
Last year the Government made changes to RIPA after the European Commission had referred the UK to the European Court of Justice (ECJ) over the claimed failings of UK law. The Commission had said that the privacy of internet users in the country was not being adequately protected.
Earlier this year the Commission reported that its concerns had been addressed after RIPA was amended to state that it is now generally only legal to intrude on private communications if you have a warrant or both the sender and recipient of information have given consent, even if it is done unintentionally. Under the old RIPA regime there only needed to be 'reasonable grounds' for believing that consent had been given to allow communications to be intercepted without a warrant.
Data protection law specialist Kathryn Wynn of Pinsent Masons, the law firm behind Out-Law.com, previously said that the Government could face further legal action over any attempts to widen the scope of communications data monitoring unless there were sufficient safeguards over privacy.
Wynn also said that internet service providers (ISPs) and social media networks could face technological challenges in complying with real time access requests and that UK intelligence agency GCHQ would face "information overload" unless real time access was suitably focused.
"Whether it is feasible or not to access real time communications data without the content of those communications being disclosed depends on whether there is the technology available to deliver that information quickly – otherwise ISPs will struggle to comply through no fault of their own," Wynn said.
"Given the enormous number of transactions involved there is also the danger that GCHQ will suffer from information overload, trying to sift through millions of calls, emails, texts and web visits to find what they are looking for in real time, rather than analysing patterns in historic data instead.”
Under the Human Rights Act individuals are guaranteed the right to privacy surrounding their communications other than if a public authority, such as the police, believe it necessary to interfere with that right "in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others".
The previous Labour Government dropped previously abandoned plans to create a controversial database which would have stored details of web use, emails and phone calls made by people in the UK on privacy grounds in 2009.
