Following the tragic events in Paris earlier this month, the Government has once again called for enhanced surveillance capabilities for the intelligence services, which would mean further data retention from ISPs and telecoms providers. This is far from the first time this has been suggested, so we ask: Is the controversial ‘Snooper’s charter’ inevitable in one form or another?
[caption id="attachment_135" align="alignleft" width="128"]Paul Heritage-Redpath, Product Manager
What is the ‘Snooper’s Charter’?
The original ‘Snooper’s charter’ or ‘Communications Data Bill’ was drafted by the Home Secretary, Theresa May to increase the amount of data ISPs and telecoms providers record and store and provide greater access to this information for the intelligence services and police to help them combat terrorism and serious crime. Due to concerns over cost, privacy and security of the sheer amount of data involved, the draft Bill was blocked by Nick Clegg and the Liberal Democrats earlier this year. However, this wasn’t the first attempt by Government to increase the collection of and access to data for the security services. The previous Government had tried to implement the Interception Modernisation Programme (IMP) which was also opposed by the Lib Dems (and the Conservatives). It wasn’t completely abandoned though and seemed to reappear under the guise of the Communications Capabilities Development Programme.
Is it inevitable?
Despite ongoing resistance from privacy advocates and the majority of the Internet industry, pressure is continually mounting on the Government to aid the security services on this matter. With an election looming, it seems increasingly likely that the security and intelligence services, at least, will be given increased access to data and this is likely to mean ISPs and other providers will be required to collect and store more information to support this. We don’t have any details as yet - it’s all just big talk and pre-election promises at this stage.
As a guide though, initially the ‘Snooper’s charter’ (Communications Data Bill) proposed recording details (but not the content) of each user’s Internet browsing activity (including social media), emails, voice calls, Internet gaming and mobile phone messaging and storing this information for at least 12 months.
Is it necessary?
In fairness, only the security services and the Government truly know the answer to that question, although there has been some criticism of the fact that the latest suspects were already known to the agencies and which then begs the question - are they able to effectively process the immense amounts of data they already
have access to and would adding more to this just cause more harm than good?
Meanwhile, the German MEP Jan Philipp Albrecht, who heads the Parliament’s overhaul of EU data protection laws is quoted saying: “EU home affairs ministers are demanding Big Brother measures entailing blanket data retention without justification.” and: “This approach is a distraction from the actual measures needed to deal with security and terrorist threats and provides a false sense of security for citizens, at the expense of their civil liberties.”
Despite these concerns the Head of MI5, Andrew Parker, insisted in his latest speech (reportedly written before last week’s Paris attacks) that further co-operation between the agencies and the industry is needed and that this additional information is required. He echoes similar calls from the Head of GCHQ, Robert Hannigan, late last year who requested a ‘deal’ between industry and the security agencies.
Nicholas Lansman, ISPA Secretary General, has stated:
“As calls are made for new wide-ranging internet surveillance powers following the horrific events in Paris, ISPA is concerned that politicians are taking the easy way out by demanding greater surveillance powers without explaining how they can effectively help to prevent future terrorist incidents and without giving proper consideration to valid concerns about civil liberties and the impact on business in the UK.
It has been reported that those responsible for the terrorist attacks were known to the security services. Existing legislation already allows for suspects’ communications to be intercepted via a warrant, and the retention of communications data, which is already being retained in the UK, would also have been available to the intelligence services and the police under the existing RIPA process. While the draft Communications Data Bill would have provided access to broader data set, it is questionable whether it would have helped to prevent the incidents in Paris and the industry and UK citizens should be provided with a clear justification for why the Bill is needed now…
…ISPA accepts that the communications landscape is changing but an independent, Government-commissioned review is being led by David Anderson QC into investigatory powers. This is the sort of considered and informed process, listening and involving the various stakeholders, that we hope will inform and develop policy in this area. The review is set to report before the election and we are concerned that politicians have pre-judged the review and will ignore its conclusions.”
Prime Minister, David Cameron, added further fire to the debate recently by stating:
“In our country, do we want to allow a means of communication between people that even in extremis, with a signed warrant from the home secretary personally, that we cannot read? Up until now, governments have said no, we must not.
That is why, in extremis, it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications. We have a better process for safeguarding this very intrusive power than probably any other country I can think of.
But the question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not. The first duty of any government is to keep our country safe. The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe.
The powers that I believe we need, whether on communications data, or on the content of communications, I feel very comfortable these are absolutely right for a modern, liberal democracy.”
This has sparked a debate as to whether or not he means he wants to ‘ban’ all encryption, a ludicrous idea due to its extensive use in ‘innocent’ and essential online transactions to help businesses operate safely and protect against fraud (e.g. secure trading and credit card security). Realistically, it’s unlikely that is what he actually meant (after all, conservatives.com uses encryption to handle donations) but once again a politician’s ambiguity is spreading concern. He more likely just wants to snoop on the content of all of your communications and read any encrypted content, so that’s Ok then?!
“Restricting the use of encryption and encrypted communication, as suggested by the Prime Minister, further risks undermining the UK’s status as a good and safe place to do business. In the wake of an increasing number of cyber-attacks and Government initiatives to raise the awareness of cyber risks, encryption is widely accepted as a key measure to do business safely online. Business, individuals and governments around the world rely on encryption to carry out everyday tasks and services, forcing companies to weaken encryption measures would weaken protection against cyber criminals, foreign intelligence agencies and others.”
Let’s hope any further legislation is introduced following proper industry scrutiny for once and not in some pre-election vote boosting ‘back-door loop-hole’ as previous experience (i.e. the DEA) has demonstrated. We can only hope!
Have your say!
Do you think tougher data retention laws are inevitable? Do you think the Government is right to grant such powers to the intelligence and security services? Do you think additional data will help or hinder the fight against terrorism and serious crime? Are you concerned that such legislation will be hastily pushed through without proper consideration? Let us know your views by leaving us a comment below.