Home Secretary Theresa May launched the draft Communications Data Bill yesterday with an interview on the Radio 4 Today programme. She has also written a foreword to the Bill arguing why we need it.
I have already written arguments against why we should implement this act. All of my previous points remain and I will restate the two most important aspects here.
- Firstly what is being proposed represents a serious threat to our privacy as a nation. The government wants to collect personal information about our private web browsing, phoning, email, tweeting, Facebook and all other internet related communications. They then want to store this information “securely” for one year so that it can be accessed buy anyone granted permission by senior police officers.
I refer you to last week’s LinkedIn password debacle where 6.5 million passwords being securely held on a server were stolen and published on a Russian website. The next time this could be details of websites you visit. It would happen if this Bill moved into law. Guaranteed.
- Secondly the proposed measures will not catch those who the police et al are trying to catch. If you are hell bent on crime you will easily find ways of going undetected on the web.
Here I refer you to the recent court orders for ISPs to block access to Pirate Bay. One of my most visited blog posts this year and certainly high up on the list of search terms covers how to bypass these blocks. The same will be true with criminals looking for anonymity.
I’ve been thinking of whether there is a middle ground here where ISPs collect data on specified targets rather than everyone and subject to court orders. This could work though opponents will argue that once the capability has been put in place it will be abused. My second point above would also apply so the effort might be futile and money spent wasted (it would probably cost almost the same as if we were collecting all the data).
On balance we all need to oppose this Bill. Email your MP with a link to this post.
7 replies on “Draft Communications Data Bill – a summing up of why it is wrong”
“The next time this could be details of websites you visit. It would happen if this Bill moved into law. Guaranteed.”
Playing devil’s advocate on this for a moment as I still agree with your point. On the other hand ISPs are already required to hold basic logs of their customers’ activity, but does anybody actually know of any occasion where this data has been hacked / stolen and posted into the public domain? Data leaked from a public agency / random business is one thing but this would be stored by ISPs, which are normally pretty good when it comes to understanding networks and security.
ISPs aren’t required to store website visited info. Otherwise I don’t have any statistics. Once it is law someone will make the effort to hack in.
Mark – yes the data has been compromised in the past, but since its not very high level there is no real need for people to actively go after it.
The level of data that the new Bill is proposing however would be useful for mining for behavioural analysis (or the government wouldn’t be asking for it) which is kinda ironic considering they’ve implemented the cookie directive to stop people being able to get this data…
The data from the new Bill is now being shipped to the government for “filtering” i.e. it seems the bill is asking ISPs to collect the data, send to the government for safe keeping and then they’ll do the processing later if they deem it necessary (the wording on the bill is very good at hiding this).
Add to this that the government are requesting the power to dictate how the data is collected (down to the choice of hardware) and you’re pushing towards a combination of personal data and large government IT projects and we all know where that ends up (yes on two CD’s in the back of a cab, a USB stick dropped in the street or a laptop on a train – and thats before anyone tries to go after the data)
James – Would like to know more about how the data is being “shipped to the government for ‘filtering'”? That would imply some form of central government database again that has been hotly refuted by TM. Is this all data or just that which the government / security services make a request for? Which part of the bill does it crop up in?
See part 2 14/15/16 about “Filtering”
The description given in the guidance says:
“Clauses 14 to 16 and Schedule 1 enable the Secretary of State to establish, maintain and
operate filtering arrangements for the purpose of facilitating the obtaining of communications
data by relevant public authorities, and assisting the designated senior officer to determine
whether the tests for granting an authorisation are met. These filtering arrangements may be
operated directly by the Secretary of State or by a body designated by order.”
The wording is very vague and the intent might be something completely different from an interpretation that allows a requesting body to request all data so it can filter it for whatever it is they are looking for. Since there are no restrictions other that some thinking its okay there is too much room (in the bill as it stands) for people to use that to harvest everything and process at will.
They are going to say “we might as well have the lot” because it will be easy for them to do so.
At this stage I’d be more inclined to think that the last clause could simply demonstrate a huge technical misunderstand of how the technology will work, on the government’s part. But then again with something so extensive you can never be too careful.