Tuesday, December 11, 2012

Joint Committee declare CDB unworkable

The Draft Communications Data Bill Joint Committee have issued their damning report on the Bill - "the draft Bill pays insufficient attention to the duty to respect the right to privacy"; “too sweeping”; goes “further than it need or should”; Government "have a duty to respect the right of citizens to go about their lawful activities, including their communications, without avoidable intrusions on their privacy."

The committee are particularly critical of the Henry VIII clause 1 of the Bill giving the Secretary of State a blank cheque to change the law how and when s/he feels like it, without any reference to parliament or any checks and balances. The Home Secretary has said we should trust her because she has no intention of using such powers e.g. to issue secret notices to communications service providers (CSPs) requiring them to retain and disclose potentially limitless categories of data. Why on earth would you want to put such powers on the statute books if you had no intention of using them? And even if that intent was sincere [sic] why would you give future governments such freedom to abuse such powers?

Report summary:
"It is the duty of Government to maintain the safety and security of citizens. This is not only in the public interest; it is in the interest of law-abiding members of the public. For this the law enforcement agencies must be given the tools they need. Reasonable access to some communications data is undoubtedly one of those tools. But the Government also have a duty to respect the right of citizens to go about their lawful activities, including their communications, without avoidable intrusions on their privacy. These duties have the potential to conflict.
More than a decade ago the Regulation of Investigatory Powers Act 2000—RIPA—set out the conditions which the law enforcement agencies and others have to satisfy if they wish to access communications data—the details about communications, but not their content. The Act specifies what data can be accessed, by whom, for what purposes, and subject to what conditions. Since 2000, however, methods of communicating have changed, and the volume of communications data potentially available to public authorities has increased very significantly. The draft Bill which we have been considering is the Government's endeavour to bring the law up to date.
We accept that there is a case for legislation which will provide the law enforcement agencies with some further access to communications data, but we believe that the draft Bill pays insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data. Clause 1 would give the Secretary of State sweeping powers to issue secret notices to communications service providers (CSPs) requiring them to retain and disclose potentially limitless categories of data. We have been told that she has no intention of using the powers in this way. Our main recommendation is therefore that her powers should be limited to those categories of data for which a case can now be made. If in future a case can be made for the power to be increased, this should not be done without effective Parliamentary scrutiny. We recommend the procedure for this.
The same procedure should apply if the power to request communications data is to be given to more authorities than the police, intelligence and security services, SOCA, HMRC, FSA and UKBA. If data is required for wider purposes than at present, this needs primary legislation.
We believe that the current safeguards on the authorisation of applications for access to data are working better than is often thought, but we make recommendations for improving them, and for strengthening the roles of the Interception of Communications Commissioner and the Information Commissioner. We suggest amending the definition of "communications data" which no longer meets current needs. We have looked at jurisdictional problems which will face overseas network providers in particular. We criticise the Government's estimates of the cost of the Bill and the benefits to be derived from it; some of the figures are fanciful and misleading.
We believe our recommendations would result in a Bill which would give the law enforcement agencies the essential tools they need to tackle serious crime and terrorism but at the same time limit the risk of intrusion into the privacy of the vast majority of honest citizens."
It's the top story in the Guardian and over at the BBC.

How can any government that supposedly opposed Nu Labour's appalling ID card scheme actually support this unconstrained federated mass surveillance? It would be hilarious if it was not so serious. Could I finally just emphasise the importance again of the evidence given by Ross Anderson, Peter Sommer, Caspar Bowden and Duncan Campbell and the Information Commissioner, Christopher Graham, to the Joint Committee. From the report it would appear that they have at least taken some of it on board.

Update: Pdf of full report available here. Best Storify analysis of a parliamentary report I've ever read here by Glyn Wintle () and Phil Booth (), plus
 "Bottom line #ccdp bill is over-reaching, poorly drafted, ill-defined, not based on evidence or proper consultation & misleadingly costed... in other words, a dangerous costly disaster waiting to happen."