Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Cameron wants new 'comprehensive' communications surveillance laws

UK law enforcement agencies will be given new "comprehensive" powers to monitor communications and access data associated with those communications if David Cameron is still prime minister after this year's UK general election, he has said.14 Jan 2015

Cameron said that new legislation would relate to powers of surveillance over the contents of communications, as well as powers to access so-called 'communications data', which is information that details who the sender and recipients of communications are, their respective locations and the time of those communications, for example.

Cameron said the underlying principle of the new legislation would be that there should not be a method of communication terrorists can use to avoid surveillance by the UK intelligence and security agencies.

"In our country, do we want to allow a means of communication between people which even in extremis, with a signed warrant from the home secretary personally, that we cannot read? Up until now, governments of this country have said 'no, we must not have such a means of communication'," Cameron said. "That is why, in extremis, it has been possible to read someone's letter … [or] to listen in to someone's telephone call. That is why the same applies with mobile communications."

"Let me stress again, this cannot happen unless the home secretary personally signs a warrant. We have a better system for safeguarding this very intrusive power than probably any other country I can think. But the question remains are we going to allow a means of communication where it simply isn't possible to do that and my answer to that question is no we must not," he said.

Cameron said the recent terrorist attacks in Paris had "once again demonstrated the scale of the terrorist threat that we face" and the need to ensure the UK intelligence and security agencies and the police have "robust powers" at their disposal to "keep our people safe". He said it is "absolutely right for a modern, liberal democracy" to have powers relating to communications surveillance.

The existing UK legal framework on the interception of communications, the retention of communications data and powers of access to that data is set out under the Regulation of Investigatory Powers Act (RIPA) and the Data Retention and Investigatory Powers (DRIP) Act. The DRIP Act was only enacted last year and was the UK government's response to a ruling by the Court of Justice of the EU (CJEU) that the EU's Data Retention Directive, from which UK data retention laws had been drawn, was invalid on privacy grounds.

"We legislated very recent on communications data but we said this legislation would fall away automatically in 2016," Cameron said. "There is a very good reason for that because I think the next government … will have to legislate again in 2016. If I am prime minister I will make sure it is a comprehensive piece of legislation that makes sure we do not allow terrorists safe space to communicate with each other. That is the key principle. Do we allow safe spaces for them to talk to each other? I say no we don't and we should legislate accordingly, and if I'm leading the government that is what you'll get."

However, Cameron's plans were attacked by civil liberties groups.

Jim Killock, executive director of the Open Rights Group said: "Having the power to undermine encryption will have consequences for everyone’s personal security. It could affect not only our personal communications but also the security of sensitive information such as bank records, making us all more vulnerable to criminal attacks."

Liberty's director of policy Isabella Sankey said that "nothing about the Paris attacks points to a need for more blanket surveillance powers" and said that mass surveillance "doesn't work".

"Surveillance per se is not wrong," Sankey said. "It’s the vital task of the government and security agencies to protect life through targeted and effective monitoring… Instead of political posturing over new powers that would undermine all our freedoms, we need the agencies to focus on improving their internal systems for prioritisation. Invading the privacy of suspected terrorists is justified. Invading the privacy of every single person in the UK is not."

Cameron's plans to stiffen surveillance laws with a new Communications Data Bill had to be shelved after a number of privacy concerns were raised.

However, the Counter-Terrorism and Security Bill currently passing through parliament would, if introduced, extend data retention obligations currently faced by public telecommunications operators to new classes of information. Telecoms companies operating in the UK would be required to retain 'relevant internet data' as well as communications data, under the Bill.

In a new report on the Bill, however, the UK parliament's Joint Committee on Human Rights said that it is concerned about whether UK's surveillance laws "satisfy all of the requirements" of the CJEU's judgment in relation to the now defunct Data Retention Directive.

"We draw to parliament's attention, however, our concern as to whether UK law as a whole, including the Regulation of Investigatory Powers Act, the DRIP Act, and all relevant codes of practice, satisfy all of the requirements set out in the judgment of the Court of Justice of the European Union (CJEU) in the Digital Rights Ireland case," the committee's report said.

"The CJEU in that case held that indiscriminate or 'blanket' retention of communications data is incompatible with the right to respect for privacy and the right to protection of personal data, and compatibility with those rights depends on the adequacy of all the relevant safeguards taken in the round," it said.

The European Parliament's Legal Services unit has said that, in light of the CJEU's ruling, EU countries must ensure that any national data retention laws they implement comply with the EU's e-Privacy Directive. The opinion is not binding, however.