The Intelligence and Security Committee (ISC) has released the findings of its investigation into the impact of the government’s planned ‘data-snooping bill’, warning that while new legislation is necessary, the government must provide increased detail to satisfy parliament and the public..
The draft of the controversial Communications Bill was published in June last year, and has since suffered heavy criticism from a parliamentary committee, large private companies and privacy experts.
Much of the concern centres on perceptions that it gives too much discretion to the Home Secretary and places unrealistic and harsh requirements on Communication Service Providers (CSPs).
As the bill stands, it would give police access to communications data for the purposes of tackling serious crime.
Communications data includes information such as which websites individuals have visited, and who they have emailed, but not the actual content of exchanges. The government wants to update existing data laws to enable police to access communications data generated by new technologies such as VoIP (voice over IP) service Skype.
The Draft Bill also plans to require communication service providers, when requested to do so, to retain and store communications records that they might not already keep.
The ISC recognises that the government’s approach is accurate, in that it can’t update the current RIPA act to cover new emerging technologies, and it cannot expand current investigatory powers available to the government. Therefore, it says that new legislation is required.
“We have examined the possibility of expanding the user of other investigatory tools to offset the decline in availability of communications data, and also whether a voluntary approach might work: neither offers a solution, and indeed the CSPs themselves have said that they must have a legal foundation to retain data,” reads the report.
“Whilst legislation is not a perfect solution, we believe it is the best available option.”
The Home Office’s argument for introducing the bill centres on a ‘capability gap’ it is experiencing, due to the increased use of mobile technologies and internet services, which are harder than traditional fixed telephone networks to monitor. It claims that their capability to effectively monitor necessary communications data is some 25 percent less than it has been previously, and this gap is set to increase.
This capability gap forms the basis for its argument to keep the definitions of the bill broad – so that it can take into consideration new technologies as they emerge, without the need to introduce more new legislation in the future.
However, the ISC’s concern is that the Home Office hasn’t been clear – up until now – about what monitoring is currently covered under this capability gap. The Home Office claims that this will give terrorists an advantage when considering which technologies to use at the moment to form attacks.
The ISC, however, has managed to gather some further detail of where the Home Office is struggling to collect data, and it is unsurprising that it centres on internet monitoring.
“We recognise that the draft bill is deliberately broad in order both to permit futureproofing of the legislation against technological change and not to reveal gaps in operational capability. However, this is causing considerable concern for the CSPs, and also parliament and the public,” said ISC.
“We therefore welcome the decision by the Home Office to make public information on the three core elements of the gap: subscriber details showing who is using an Internet Protocol address; identifying which internet services or websites are being accessed; and data from overseas CSPs.”
The ISC has said that the Home Office should consider whether there is ‘any room for manoeuvre’ on whether increased detail could be provided on the face of the bill as to what government hopes to be able to monitor, as this will instil greater confidence in the bill’s critics.
It also said that the Home Office needs to properly consult with the CSPs, something it claims the government is yet to do, about the practical implementation of the bill (how data will be stored) and also the way in which the data is used and the safeguards that will be put in place.