The Government has proposed a new law that would expand the kinds of information that qualifies as 'communications data'.
James Brokenshire, Minister for Crime and Security at the Home Office, said that existing legislation allows foreign authorities to request help in obtaining UK-based evidence, including communications data.
"Any country is able to request assistance from the Secretary of State for the Home Department in obtaining evidence located within the UK, including communications data," Brokenshire said in a written answer to a Parliamentary question. "Such requests are considered under the Crime (International Co-operation) Act 2003."
"Public authorities in the United Kingdom can also receive direct requests for assistance in obtaining communications data from their counterparts in other countries. On receipt of such requests the United Kingdom public authority may consider seeking the acquisition and disclosure of the requested data under the provisions of the ... Regulations of Investigatory [Powers Act] 2000. The United Kingdom public authority must be satisfied that the request complies with United Kingdom human rights legislation," he said.
Under the Crime (International Co-operation) Act foreign prosecutors, judges and other international authorities can make a "request for assistance in obtaining evidence" from within the UK.
The Home Secretary has the power to "nominate a court" to receive the evidence if the foreign authorities' request is "made in connection" with ongoing criminal proceedings or investigations being conducted outside of the UK, among other possible purposes. In general there must be at least "reasonable grounds for suspecting" that an offence has been committed abroad, or investigations or proceedings into whether an offence has been committed must have commenced, in order for the foreign authorities' requests to be legitimate.
Currently communications data includes information about the timing and duration of telephone calls, the email address communications are sent to as well as the location of the person initiating the communications. It does not include the content of those communications.
The Government has though recently published a draft Communications Data Bill which, if enacted, would reform the type of information that 'communications data' refers to and establish a new regime for the surveillance of that data. The Bill was drafted after UK intelligence officials complained that existing laws failed to provide adequate powers of surveillance.
Under the Bill the Home Secretary could issue an order forcing any business that transmits "communications by any means involving the use of electrical or electro-magnetic energy" to store communications data in the form of "traffic data, use data or subscriber data" relevant to communications sent over their networks, including by email or the internet generally for up to a year. The data does not include the content of those communications.
Business caught by the proposed legislation must disclose information "without undue delay" to law enforcement bodies and other listed public authorities that ask for it. Those bodies can only request the information if it is to be used for a "permitted purpose" and if "designated senior officers" at those bodies believe it is "necessary to obtain the data" and that the action is "proportionate to what is sought to be achieved."
The 'permitted purposes' include where it is in the interests of national security, where the purpose is for the prevention or detection of crime, to prevent disorder and where it is in the interests of the economic well-being of the United Kingdom or in the interests of public safety, among others.
'Subscriber data' includes information such as the names and addresses of individual users of communication services. 'Use data' relates to how those individuals have utilised those services and may include itemised phone call records or connections to internet services, the duration of calls and the amount of data they have downloaded online. 'Traffic data' is information associated to communications, such as the physical location of mobile devices and the destination of received communications that are transmitted.
The Bill contains a number of "safeguards", including requirements that collected communications data is deleted after a year in storage.
Law enforcement bodies currently have the power to access historic communications data held by telecoms firms under the EU's Data Retention Directive. Law enforcement bodies in the UK also already have the power to intercept individuals' communications in certain circumstances and can order telecoms providers to hand over communications data to enable them to do that.
A newly published Parliamentary briefing paper (8-page / 186KB PDF) contains a summary of some responses to the Government's draft Communications Data Bill proposals. The document revealed support for the plans from police and intelligence agencies, but criticism from civil liberty campaigners and the Internet Service Providers Association (ISPA).
Jonathan Evans, director general of Mi5, said that the plans were "a necessary and proportionate measure to ensure that crimes, including terrorist crimes, can be prevented, detected and punished." He added that it would be "extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities while the law enforcement and security agencies were not permitted to keep pace with those same technological changes."
However, campaign group Liberty said the plans amount to "mass, blanket, surveillance of the population outsourced to the private sector" and that the practical implementation of the proposals would result in "a highly intrusive form of surveillance which currently requires a Home Secretary’s warrant to be issued on the basis of a suspicion of crime."