Queen’s Speech announces ‘measures... to access vital communications data’

No detail is yet known. Although the BBC reports that the ‘proposed UK-wide legislation’ “has been published in draft form”, the relevant page on the parliamentary website says “Draft Bills 2012-13... No draft bills have been published.”

All that is officially known is the statement in the Queens Speech (used as a formal announcement of the government’s legislative intentions for the next year): “My government intends to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public subject to scrutiny of draft clauses.” From this alone we cannot yet tell whether this will be a new Bill, an amendment to an existing Act (such as the Regulation of Investigatory Powers Act), or an extension to The Data Retention (EC Directive) Regulations 2009.

The latter option is interesting since it already provides for much of what is required in the new proposal: that ISPs retain customers’ traffic data for 12 months. This in itself is controversial since it was introduced as a statutory instrument rather than as an Act of Parliament. Statutory instruments are ‘delegated’ legislation that are neither debated in the House of Commons nor contested by the House of Lords. Governments can therefore normally rely on their parliamentary majority to simply ‘nod’ through approval. The argument is that data retention is a delegated requirement of the EU; but it will be difficult to make the same argument for an extension to those existing regulations.

Law enforcement and intelligence agencies already have access to this retained data via court order. This implies that the primary intention of the new ‘measures’ is to allow the agencies unfettered access to traffic data (previous comments from government sources have stressed that communications content will not be involved – only communications traffic). In short, it can be assumed that agencies will be able to monitor, in real-time, without court order, all traffic data in the UK. That’s who is speaking to whom, when and (where possible) from where; who is emailing whom; and what websites everyone is visiting.

The argument usually put forward by government is that this is not an intrusion of privacy since the content of communications (what we actually say) will not be included. Civil liberties groups are concerned on many grounds. Will ‘function creep’, in the same way that more and more groups were protected by RIPA, and that almost any government criticism can be described as ‘terrorist’ activity within the anti-terrorist laws, allow increasing numbers of bureaucratic bodies to monitor UK phone and internet behavior? Do these measures effectively mean that everybody in the UK is a suspect? Will Big Data analytics be used to determine ‘suspicious’ behavior on a nationwide, continuous dragnet basis?

The fact is, nobody yet knows what will happen. The ICO, charged with protecting and enforcing privacy under the Data Protection Act, believes it will be a new Bill. He comments, “It remains our position that the case for this proposal still has to be made, and we shall expect to see strong and convincing safeguards and limitations to accompany the Bill.” The Guardian reported yesterday that the new measures will be introduced as a separate new Bill following “Nick Clegg's insistence that it must be accompanied by the ‘strongest possible safeguards’... Clegg has also promised that the internet-tracking proposal will not be ‘rammed through parliament’ and that open parliamentary hearings will be held to examine draft clauses of the legislation.”

What’s Hot on Infosecurity Magazine?