160 likes | 172 Views
Explore the evolution of policies regarding access to communications data and data retention, including safeguards, proposed changes, and industry concerns.
E N D
Communications Data Consultations on access and a Code of Practice for voluntary retention Simon Watkin Home Office
Policy Development - Access • Any access to communications data by public authorities is an intrusion into someone’s privacy - and must satisfy ECHR principles of necessity and proportionality. • “The Government believes it is time to put in place a statutory framework for authorising access to communications data … to regulate access … by investigating bodies.”Consultation Paper, June 1999 • Part I Chapter II, Regulation of Investigatory Powers Act 2000. Not in force ……. yet.
Policy Development - Access • Relevant public authorities listed in the Act • Additional Public Authorities Order • “A widespread extension of the powers of the state to snoop on its citizens ...” Daily Telegraph, June 2002 • “The proposals were intended to provide protection and regulation of the access to data.… when you are in a hole you should stop digging and having a full consultation on the issues raised seems the best way to do it.” Home Secretary, June 2002
Revised Proposals • Consultation paper “Access to communications data - respecting privacy and protecting the public from crime” published 11 March 2003 • Explains public authorities’ functions to prevent and detect crime • Explains how communications data is used by public authorities now and with what outcomes • Presents revised proposals for restrictions and safeguards.
Safeguards • Specifying persons designated to seek access • Accreditation of individuals through single points of contact (SPOCs) • Compliance with RIPA statutory Code of Practice • Oversight by the Interception of Communications Commissioner • Sanctions for the abuse of powers to access communications under RIPA • Restricting access by purpose (and function?) and by type of data
Further safeguards - The “Double Lock” • Potential additional safeguards • judicial authorisation • prior approval by an independent third party • requiring the police to conduct investigations • certification scheme for public authorities
Policy Development - Retention • Anti-Terrorism, Crime & Security Act 2001 • Voluntary -v- mandatory • Path open to deliver mandate if necessary • generally • description specified • particular provider(s) • Must specify maximum period for retention • Purpose for retention matching RIPA purpose for access
Policy Development - Retention • Sunset clause for mandate • ability to issue mandatory direction ceases to have effect 2 years from passing of Act (13 Dec. 2003) • can be extended • must be introduced before original sunset clause comes into effect • Gives options for delivery • Allows discussion with Industry to continue
Parliamentary Changes • Retention “for the purpose of safeguarding national security” or crime related to that • Parliament decides that retention is appropriate, provided • consultation with Information Commissioner & Industry first • followed by public consultation • Took a year to complete this initial consultation phase. Excessive?
Issues that have emerged • All Party Internet Group Report recommendations • “Legacy legislation” • Multi-agency SPOCs • Definition of communications data types • “Predictive fishing” • Subject access requests • Openness and transparency of oversight • State of the “technology war”
Issues that have emerged • Bespoke systems required. Increase of costs • Industry hesitant to volunteer • Information Commissioner’s advice • Possibility of data protection prosecution • potentially a public authority under Human Rights Law • Loss to competitors • Would prefer to be mandated than to volunteer
Issues that have emerged • All Parliamentary Internet Group • Timed to precede public consultation • call for Home Office to drop all retention plans • ignores law enforcement/agencies case • call for negotiations on data preservation • EU-wide discussion to dismantle retention regimes • EU-law enforcement recommendation is for retention and, in specific cases, preservation not preservation alone • Industry presented behind closed doors & came out with high figures
Possible ways forward • Industry willing to reveal true retention costs. Not so ‘scary’ after all • Work of Technical Group consisting of Industry, agency, independent and Home Office members • Data protection issues resolved by s. 28 DPA certification for national security • Government to stand with Industry on any human rights challenge • CSP’s giving clear indication of what is actually held • Need to develop route for retention for all crime to resolve disparity concerns
Striking the right balance • How should Government strike the delicate balance between respect for the privacy of the individual and protecting the public from crime? • “We need a much broader public debate ….” - Home Secretary, June 2002 • Chapter 4 of the access consultation paper describes the challenge for Government, asks what are the public’s privacy concerns are and invites views on the need for a wider review.
Consultation • Consultation process • http://www.homeoffice.gov.uk/ripa/part1/consult.htm • http://www.homeoffice.gov.uk/docs/comsdatacontacts.html • Responses by 3 June • Next steps