Since the Investigatory Powers Act (2016) went into force last December, there have been a series of questions raised around individual privacy in the age of data retention and personal information breaches in the interest of “national security.” Along with the passing of this act was the decision of the European Court of Justice (ECJ) in December 2016 which ruled that the powers invested within the UK’s surveillance legislation were too wide and did not comply with EU law.
For the past year, the UK government has been unclear what it would do in response to this ruling until last moth. On 30 November, it was announced that the government would undertake a consultation on “further safeguards” potentially transferring the mandate of the Investigatory Powers Act (IPA) to a new independent body to authorise communications data requests. Under the direction of Security Minister, Ben Wallace, noted the importance of government access to communications data for the purposes of counter-terrorism and criminal investigations for serious matters such as paedophilia linking to its case studies on this subject. Yet, in the same document, the government insisted that this judgment does not apply to the retention or acquisition of data for national security purposes since it maintains that “national security is outside of the scope of EU law.” This would potentially exempt MI5, MI6 and GCHQ.
Amber Rudd announced the changes to the new Investigatory Powers Act last week in response to the successful legal claim brought by Labour MP Tom Watson. Privacy has become a most essential principle in everyday life with the rising encroachment into our private lives, extremely common in the current surveillance economy, cyber security and the privacy of personal information is more and more valued today than at any time throughout history. Today the Internet user faces security breeches on both sides of the equation. First, there is rampant online fraud which spans the range of everything from identity theft, illicit access to bank information, phishing websites which extract personal details from Google Doc links online applications for loans, credit cards, and gaming platforms, and has even permeated social media. Then on the other side, you have the IPA which proposes stealth government intervention into everyone’s private data, personal correspondence, and what amounts to one of the most extreme surveillance laws ever passed in a democracy.
In addressing the safeguards requested of the IPA, also known as the Snoopers’ Charter, new provisions include, but are not limited to, the following:
-the introduction of independent authorisation of communications data requests by a new body, known as the Office for Communications Data Authorisations, under the Investigatory Powers Commissioner Lord Justice Fulford;
-restricting the use of communications data to investigations into serious crime;
additional safeguards which must be taken into account before a Data Retention Notice can be given to a telecommunications or postal operator;
-clarification of the circumstances in which notification of those whose communications data has been accessed can occur;
-mandatory guidance on the protection of retained data in line with European data protection standards
This consultation, headed by Ben Wallace, will last seven weeks closing on 18 January 2018 and with the government proposal seeking to amend the IPA by secondary legislation made under section 2(2) of the European Communities Act 1972.
Under the proposals referenced in the government’s consultation document, a surveillance watchdog called the Office for Communications Data Authorisations (OCDA) would be established. Under these plans, the police and other agencies will need the approval from this body before tapping phone and Internet records. Also, access to data would be limited to “serious crimes” punishable by prison sentences of at least six months (ie. crimes of terrorism, violence, privacy breaches, significant financial gain, or those which are committed by a government agency or company). The information requested by the authorities would be limited to: who made a communication, when, where, and through which medium (ie. mobile or computer, social media or SMS). These requests do not include the subject of the communication which must be authorised separately and is legally mandated by interception laws requiring ministerial authorisation. Short of content details, data under the proposed reforms will be procured through “retention notices” sent to third-party service providers. Restrictions may be imposed on the scope of applications, meaning that investigators would have to stipulate specific services and types of data set within a strict time frame.
In response to the proposed changes announced by Amber Rudd, Open Rights Group and Liberty maintain that these measures do not go far enough. Tom Watson, represented by Liberty in their 2016 legal challenge to the IPA, states: “The current legislation fails to protect people’s fundamental rights or respect the rule of law…I will be asking the court to go further, because today’s proposals from the Home Office are still flawed.” A major bone of contention is how the government frames “serious crime” as Martha Spurrier, Director of Liberty, calls these proposed changes a “cop-out” claiming the government “fails to propose the robust system of independent oversight that is so vital to protect our rights and ignores other critical changes demanded by the court.” Spurrier goes on to call this law, “window dressing for indiscriminate surveillance of the public.”
Definitions of terms like “serious crime” are purposefully vague such that the “Request Filter,” ostensibly a powerful tool for the police to investigate retained data from search engine requests, could be a potential tool of abuse which, according to Jim Killock, Executive Director of Open Rights Group warns that this law “will remain an incredibly intrusive surveillance power, unparalleled in democratic countries.”
Now with the impending formation of the Office for Communications Data Authorisations, we are supposed to be relieved that the UK Government has finally accepted that the original draft of the IPA was inconsistent with EU law because law enforcement did not need to obtain independent permission to access communications data and because collecting communication metadata was no longer the preserve of those investigating serious crimes. The primary measures proposed by the government to keep up with EU law only superficially address the concerns raised by Liberty and Open Rights Group and they show a cynical disregard for certain classes of abuse.
For instance, one of the “concessions” the government has made is eliding any public scrutiny or media debate is that now it has proposed to scrap data collection related to taxes or the regulation of financial markets. The Conservative-led Government has already amassed a reputation for being in the pockets of financial elites to in include the fact that the Tories are bankrolled by hedge fund managers with Labour making the claim in 2015 that 27 of the 59 wealthiest fund managers donated more than £19m to Tory coffers and they continue to pocket nest for the wealthiest in the country today. There is clearly a political trap door established for Britain’s elite classes within even the latest Draft Code of Practice from just a few weeks ago.
So while it looks like the British government has conceded to changes imposed the ECJ, they have actually sweetened the deal for the country’s elite classes while superficially setting out more rigorous limitations on data mining through the employment of vague terminology. In a country where the division of wealth is going from bad to worse, the British people should be very worried about what the IPA means for their personal data and privacy. However, they should be equally concerned about how the IPA can be used to shield the wealthy from scrutiny and even help the elite bypass their responsibility to observe the law.