Technically-aware people throughout the UK should be thankful that the non-partisan Joint Select Committee of the houses of Lords and Commons investigating the draft Communications Data Bill have asked almost all the right questions and found it seriously wanting. It's overkill, creates dangerous unsupervised powers and was created without proper consultation.
In their report, published at midnight, they make it clear that a Bill to adjust the monitoring of communications by law enforcement and (counter-)espionage organisations can be justified. But the draft offered to Parliament by Charles Farr on behalf of MI6, GCHQ and other agencies -- and supported with considerably less enthusiasm by the police and others -- is almost derisively inappropriate. They note it's almost unchanged for what was submitted - and dismissed - under Labour.
Here's my own rapid digest of highlights of the (substantial) document. The report found:
- that Farr and the Home Office had failed to adequately consult with either the companies who would have to implement the Bill or with civil society organisations, while substantially stretching the truth claiming to have done so;
- that the way the draft Bill empowers the Home Secretary to vary the scope and purpose of the powers created by the bill, without oversight or review, verges on the rule-by-decree powers of an autocrat;
- that the Home Office actually knows what specific new powers are operationally necessary but has instead opted for this immense power-grab to save the inconvenience of political scrutiny next time they want more powers;
- that the definition of "communications data" is just lifted unthinkingly from the Regulation of Investigatory Powers Act (RIPA) without regard for the way the nature of online communications has changed in the decade since it became law, resulting a dangerously vague and over-broad definition;
- that the mechanisms for accessing the data collected - the so-called Review Filter - are defined too loosely to safeguard the public;
- that the costs associated with implementation of the bill - close to the £2bn that has just been cut from the Home Office budget - are almost certainly a seriously under-estimate, especially if the cost of disposal of the collected data is allowed for;
- that access to the data seems too freely available;
- that the public do not trust the bill as a result of these and other issues.
Far from being the partisan showdown moral-panic-meisters of tabloids like The Sun would have us believe, the report is full of constructive proposals for how to make the draft bill fit for purpose. These include:
- requiring consultation to take place with experts from both service providers and civil society to adequately define "Communications Data" so it doesn't "accidentally" include content as well as meta-data
- requiring consultation with service providers over true costs, together with inclusion of a meaningful budget
- defining a transparent yet lightweight mechanism for new technologies and needs to be included in the scope of the Bill by the Home Secretary without primary legislation, so the rule-by-decree is eliminated
For my tastes, their recommendation overlooked things. While they mention data mining, they fail to observe that with such a large body of data, the content of messages, no matter how well defined separately from "communications data", can probably still be deduced heuristically. I would have preferred them to have requested the addition of intent-based controls, along the lines of "'communications data' can only be analysed to deduce information which would otherwise be considered 'content' with a warrant".
Given the track record of the Home Office for actively scorning both service providers and civil society bodies, I would also have liked to see a statement along the lines of "no consultation, no Bill". But I'm pleasantly surprised by the level tone, the depth of insight and the non-partisan voice of the report.
The unthinking voices of moral panic will inevitably bay for blood in the name of catching of the paedophiles and terrorists. They will do so, conveniently, at a time when they are trying to have us minimise another, justified moral panic over the same unthinking tabloid voices scorn for the rights and privacy of individuals as they stomp over ordinary lives in pursuit if the next juicy story. But the non-partisan Joint Committee -- who published the report unanimously -- was right to find the Bill wanting and Theresa May's Home Office must heed their thoughtful recommendations or should expect the scorn of technical minds across the UK.