We knew it was coming, and here it is: the Communications Data Bill (.<a href=http://www.official-documents.gov.uk/document/cm83/8359/8359.pdf>pdf.). First the good news:
we are submitting the Bill to formal pre-legislative scrutiny by a Joint Committee of both Houses. The Intelligence and Security Committee will in parallel conduct an inquiry into the proposals. We will consider very carefully the reports by the Joint Committee, and the Intelligence and Security Committee before introducing the Bill in Parliament later in the session.
One hopes that the public’s views might also be considered somewhere in there. The other good news is the format in which it is being published:
This document contains a draft Communications Data Bill and Explanatory notes related to the Government’s proposals to update the framework for ensuring the availability of communications data and the regulatory regime governing how public authorities obtain this data.
The draft Bill appears on the right-hand page of a double-page spread, with the notes on the left: this is very handy, and I commend those whose idea it was. It’s really a much more open and useful way of introducing important legislation than has been typical in the past: let’s hope it becomes the norm.
Now for the bad news: the Bill itself is awful. I’ve only skimmed through it so far, which means there will probably be details that I’ve missed, but it seems to be based on a number of really dangerous – and daft – ideas.
For example trying to store all “communications data” about our Internet usage. That’s supposed to be things like routeing information, and not content, but I can’t (yet) find how this will apply to Web pages. Because if you give the full URL of a Web page, you have effectively provided all the content it contains, so the distinction between “communications data” and content would be meaningless.
You might think that using HTTPS connections to sites will get around this, but a <a href=https://www.privacyinternational.org/press-releases/uk-governments-unprecedented-mass-surveillance-plans-going-ahead>cryptic comment from the Director of the Office for Security and Counter-Terrorism Charles Farr that the scheme will be able to deal with encrypted connections seems to dash that hope. It certainly raises lots of questions.
For example, does this mean that companies like Google will be forced to decrypt everything so that the UK government can slurp up the data? Does it mean that SSL certificates are compromised? Does it mean that the UK government thinks it can hack HTTPS streams? None of these possibilities is good for the UK Internet or the people and companies who use it.
Similarly, we need to know much more about how the “black boxes” that ISPs will apparently be forced to install. For example, how will these black boxes be secured, since they will contain so much personal information about all of us? Will UK police and security services have real-time access to all the data? Related problems include the possibility that links to such black boxes can be hacked – nothing is impossible – or, much more likely, that police officers will be bribed to access stuff without authorisation (just think what the Leveson enquiry has revealed on this front.) Basically, this is a privacy disaster waiting to happen.
The draft Bill not only has these dangerous elements, it has some really daft ones. As David Meyer <a href=https://twitter.com/superglaze/status/213322973141151744>pointed out on Twitter, it seems that the Bill applies not just to the Internet and mobile phones, but to postal services too (Section 25):
Part 1 [the main requirements to log communications data] applies to public postal operators and public postal services as it applies to telecommunications operators and telecommunications services.
where “communications data” as applied to letters and postcards includes:
postal data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of a postal service by means of which it is being or may be transmitted
I think this gives a hint at how delusional and disproportionate this Bill is: it really wants to let the UK government capture data every time we communicate. Once I’ve had a chance to read it more fully, and as more details emerge of the government’s plans, I’ll report again.
In the meantime, I strongly recommend you start <a href=http://www.writetothem.com/>writing to your MP to tell them that this kind of total surveillance is totally unacceptable for any society that wants to call itself civilised or free. In particular, we need to give the lie to bullying claims that only "<a href=http://www.guardian.co.uk/technology/2012/jun/14/snoopers-charte-proposal-tory-row>conspiracy theorists" would dare object to having fundamental freedoms stripped from us in this way.