Balancing privacy and security

We recently discussed the hastily brought in DRIP (Data Retention and Investigatory Powers Act) and our dismay at the lack of consultation, debate and scrutiny this new law faced despite its impact on every UK citizen’s privacy. Now that the dust has settled and further information has emerged, let’s inspect the new law more closely and discuss its impact… [caption id="attachment_106" align="alignleft" width="128"]Neil Watson, Head of Service[/caption] What is DRIP and why is it needed? Following the ECJ’s ruling back in April that existing EU laws governing data retention were invalid due to their lack of safeguards to protect citizens privacy, our Government (in their infinite wisdom) rushed through a so called “emergency” law called DRIP. DRIP ensures that communications providers are still legally required to collect and store data and provide this data to our police and security services when necessary. The Government argued that, without DRIP, communications providers would have been forced to ‘delete’ such data in compliance with existing data protection laws and therefore the security services and police would have lost access to this information permanently with suggested serious repercussions in the fight against terrorism and serious crime. We will never really know just how accurate this perceived risk is as they will, of course, never release that information but Teresa May would lead us to believe that 95% of all serious crime cases have used retained data and surveillance activities as evidence in prosecution.

• Gov.uk: Communications data and interception

Time for a judicial review Sounds reasonable?! Well yes, it potentially would if the new law had been scrutinised and debated through the proper channels. After all, DRIP affects the privacy of every UK citizen, but that wasn’t the case and we weren’t the only ones angered by the seemingly underhanded actions of the three main political parties who worked together in private to draft and introduce this controversial law in what seems like record breaking haste. A number of civil liberties groups including Liberty and ORG are working with backbench MPs Tom Watson and David Davis to launch a judicial appeal to review the manner in which DRIP was passed. Davis said DRIP was "driven through the House of Commons with ridiculous and unnecessary haste to meet a completely artificial emergency". The ECJ made their ruling back in April yet the Government took 3 months to act on this ‘emergency’ legislation, bringing it into law on July 17^th.

• The Guardian: Drip surveillance law faces legal challenge by MPs

Liberty has issued a ‘letter before claim’ that means the Government can either concede that the Act is incompatible and publish a replacement or they can continue to court. However we are unlikely to see any further developments on this until early 2015. Lack of consultation The main issue for us is the lack of consultation. We were originally involved in discussions concerning the Communications Data Bill where we were promised consultations with technical experts, industry, law enforcement bodies, public authorities and civil liberties groups before re-drafted legislation was introduced. Instead, we have witnessed a hastily drafted Bill pushed through into law with little to no parliamentary scrutiny, let alone industry input. The only saving grace is the sunset clause, which means the legislation ceases to have effect from the end of 2016. We can only hope that its replacement or redrafting at this stage will be better thought out and involve more consultation than the current version, although it surely can’t be any worse, can it? We don’t dispute the need for data retention in the fight against terrorism and serious crime and we comply with all legally backed requests for such information. We also understand that ensuring our safety and security whilst protecting our fundamental human right to privacy is a very tricky balancing act and one that appears to be becoming increasingly difficult as we conduct more and more of our lives online and through telecommunications. However, it’s because this is so important and has such a fundamental impact that we are dismayed by the Government’s lack of debate on this issue and bewildered by their actions to introduce this law. We’d like to say we hope they will learn from this, but previous experience of the DEA’s implementation makes us think otherwise. UPDATED: 9th December 2014 Yesterday the High Court granted permission for a Judicial Review of the controversial DRIP Act. The case will now proceed to a ‘substantive hearing’ where further evidence will be presented. Whether or not this will have any impact on the existing and any potential future laws is yet to be seen but it’s a step in the right direction.

• ISPReview.co.uk: UK Data Retention and Investigatory Powers Act Faces Judicial Review
• ORG Website: Press release: Permission granted for judicial review of DRIPA

Have your say! Do you think the implementation of DRIP was acceptable in order to deal with the ‘emergency’ of the situation? Do you think protecting our security outweighs our right to privacy? Or do you think more debate and consultation should have been held? Whatever your opinions are on this subject please share them with us below by leaving us a comment. Related articles

• Entanet Opinion: The emergency data bill – trampling on the rights of citizens
• Entanet Opinion: Is it the end of the road for data retention?

Further information

• ISPReview.co.uk: UK MPs Consider Judicial Review of DRIP Internet Snooping Act
• The Guardian: UK's Drip law: cynical, misleading and an affront to democracy
• The Guardian: Open Rights Group attempts to block Drip legislation in court
• Parliament.UK: Data Retention and Investigatory Powers Act 2014

[cookiecontrol1] [subscribe2]