End User Regs surveillance & privacy

Draft Comms Data Bill written submissions #CCDP #commsdata

portcullisThe written evidence submitted to the Joint Select committee on the Draft Communications Data Bill amounts to 448 pages and is a surprisingly interesting read. Some of you may not have the inclination to plough through the whole lot so just for you I’m going to jot down  few choice bits in a number of posts over the next few days.

In case you didn’t remember the Draft Comms Data Bill is what was labelled the “snooper’s charter” and which caused an outcry a few months ago. There were 91 written submissions in response to the call for evidence. Trawling through them I’d say that 10 were supportive, 69 were out and out against the Bill with most of the remainder having some sort of reservation.

Those for included organisations such as the Home Office, HMRC (they want your money), The Serious Organised Crime Agency and the UK Border Agency. All quite understandable. The Local Government Agency was also supportive but complained that the scope needed to be extended to include them.

The 69 opposing submissions included many from private individuals and also the following organisations:

JANET, Just West Yorkshire, Liberty, LINX , The Newspaper Society, Open Rights Group, Society of Editors, Timico Ltd, The Tor Project, Wikimedia UK, Equality & Human Rights Commission, The Coalition for a Digital Economy, The Bar Council of England and Wales, Privacy International, Big Brother Watch, JUSTICE, The foundation for Information Policy Research.

Many large organisations take a supportive stance when it comes to helping to prevent crime. The larger UK ISPs have a technique whereby they make supportive  noises but take care to point out some of the problem areas and hope that these problem areas are enough to make a Bill go away, that’s assuming they don’t like what they see (for whatever reason – web blocking for example is something that doesn’t technically make sense but politicians keep bringing up the subject).

Twitter in particular made what I thought were some very telling points. I’ve lifted some of their stuff verbatim from their evidence.

Most governmental entities, including the US, have exerted great pressure on companies to minimize the collection of user data rather than increase it.

The particularly interesting thing about this point is that the Home Office is saying that all they are after is the same level of information already held by private organisations eg Facebook account details. I think there is a discussion to be had here – perhaps businesses should not be allowed to keep personal data. It’s a big subject.

An additional question is whether consideration was given during the drafting of the legislation to balancing the needs of national security and criminal investigation with public transparency about the extent of online surveillance. While the provisions in the draft bill authorise the Secretary of State to issue orders to compel communications operators to generate and store data, it envisages that this will be done in consultation with communications operators. However, there does not appear to be a process for disclosure to or input from the public on this issue. Nor does there appear to be any provision for user notification when requests for their personal data have been made by law enforcement.

This needs no elaboration other than the fact that if you are investigating a potential terrorist the last thing you want it to tell that person but it is a point well made. How else could you complain about wrongful invasion of privacy?

We are interested in hearing what consideration has been given to the precedent it may set internationally.  While it is one thing for a government which has incorporated the European Convention of Human Rights into domestic law to seek to assert authority over overseas companies, it would be of quite a different order for the government of a less democratic country to seek to exercise similar powers. In such a case however, there is a risk that the standing of the UK government and UK companies in resisting such data collection from its own companies could be significantly diluted. Indeed, many dissidents abroad, such as Michael Anti in China, count upon Western democracies to lead by example and to pressure their own governments to uphold essential Internet freedoms.

This one is a very strong point that I’m sure the likes of China, Syria etc would be pleased to make use of.

Finally, if companies like Twitter do not establish ready access to such data or generate data that British authorities believe is necessary, there is authorization in the bill for authorities to compel telecommunications operators to obtain that data. We may not be privy to such orders. We may not know when requests to obtain our user data are being made to other telecommunications operators. What is the mechanism for informing overseas companies that its data is being sought or collected? How do we reflect such lack of knowledge in our own Terms of Service with respect to our users, where we typically describe and are held accountable by regulators in the U.S. for the privacy and security features of our service?

You could just say tough bananas but you can see that companies could be caught between a rock and a hard place. The UK also needs to consider that it has to operate in a global market and can’t necessarily be seen to be creating problems in other countries.

Read the whole report here or wait for some more snippets from me (in the fullness of time, due course, soon, probably next week).

Bye for now…

Trefor Davies

By Trefor Davies

Liver of life, father of four, CTO of, writer, poet,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.