my latest observations on the snooper’s charter
I have in the past been very vocal when it comes to the snooper’s charter. Especially when I was more active in the ISP industry. Having throttled back a bit I let others, the professionals, have their say and stuck to my own counsel.
Just received a summary of the comments from MPs in respect of the latest incarnation of the Bill from the ITSPA Secretariat. I’ve pasted it below with a few of my own observations.
Internet Connection Records
- Burnham said that whilst the Government’s position in the draft code of practice makes it clear that URLs are not communications data and therefore, by definition, cannot be included in ICRs, it would be more useful to have a single, clear definition of ICRs in one place in the Bill.
- Burnham stated that communications data should not be capable of being accessed to investigate any crime, regardless of how serious the offence is and the impact on victims.
- Member of the Public Bill Committee, Gavin Newlands MP, said that the measures in the Bill are not limited to internet access, email or telephony and include, explicitly, communication without human intervention. He added that the industry has indicated a willingness to work with the Government to help implement ICRs, but the trouble is that the industry does not know what ICRs are, and it seems Government still do not know either. He said that these powers were intrusive and needed to be properly defined.
- Member of three Committees which scrutinised the Bill, Matt Warman MP, said that people needed to be reminded that it was CSPs and not govt who would hold ICRs and govt would not be dipping into this information for any other purpose than to stop serious crime.
- Alistair Carmichael MP said that it was unacceptable at this stage of proceedings that there is still no proper clear definition of ICRs.
Tref writes: Government has no idea what it is talking about in respect of ICRs and is probably keeping things deliberately vague so that they can apply the “definition” to anything that suits them.
Matt Warman is also missing the point. It doesn’t matter who keeps the data – it will be hacked into and leaked. Also we hear all sorts of stories about RIPA requests from councils wanting evidence on relatively trivial “crimes”. The concern is that once the data was available all sorts of people would come out of the woodwork wanting to look at it.
- Member of the Public Bill and Joint Committee, Suella Fernandes MP, said that the UK wants world-class encryption and privacy, but also wants world-class security and citizens should trust the skill and restraint of the analysts, the cryptographers, the mathematicians and the codebreakers who safeguard security and have maintained confidence and discretion in relation to the secrets they have seen.
- Stephen Hammond MP said that encryption was hugely important to the digital economy and said it should not be undermined, however, he said he had faith in the security services that they would use restraint.
Tref writes: they are totally missing the point here. If encryption methods are designed to be hackable by government codebreakers then criminals and hostile foreign powers can do the same. You can’t have “world-class” encryption if it can be hacked.
- Newlands highlighted that owing to uncertainty about the extent and definition of ICRs and the extension of CSPs that will be affected by the proposed provision, the cost is difficult to estimate, but industry figures have said that they expect it to be anywhere between £1 billion and £3 billion. He said that it was not good enough that govt had not produced robust figures which could be examined whilst the Bill was being scrutinised.
Tref writes: they have no idea what the implementation of the Bill is likely to cost and are keeping quiet about it because the eventual figure is likely to be unpalatable.