Document

Download Report

Transcript Document

Communications Data Consultations on access and a Code of Practice for voluntary retention

Simon Watkin Home Office

Policy Development - Access

• Any access to communications data by public authorities is an intrusion into someone’s privacy - and must satisfy ECHR principles of necessity and proportionality.

“The Government believes it is time to put in place a statutory framework for authorising access to communications data … to regulate access … by

investigating bodies.” Consultation Paper, June 1999 • Part I Chapter II, Regulation of Investigatory Powers Act 2000. Not in force ……. yet.

Policy Development - Access

• • • Relevant public authorities listed in the Act • Additional Public Authorities Order

“A widespread extension of the powers of the state to snoop on its citizens ...”

Daily Telegraph, June 2002

“The proposals were intended to provide protection and regulation of the access to data.… when you are in a hole you should stop digging and having a full consultation on the issues raised seems the best way to do it.”

Home Secretary, June 2002

Revised Proposals

• Consultation paper

“Access to communications data - respecting privacy and protecting the public from crime”

published 11 March 2003 • Explains public authorities’ functions to prevent and detect crime • Explains how communications data is used by public authorities now and with what outcomes • Presents revised proposals for restrictions and safeguards.

Safeguards

• Specifying persons designated to seek access • Accreditation of individuals through single points of contact (SPOCs) • Compliance with RIPA statutory Code of Practice • Oversight by the Interception of Communications Commissioner • Sanctions for the abuse of powers to access communications under RIPA • Restricting access by purpose (and function?) and by type of data

Further safeguards - The “Double Lock”

• Potential additional safeguards –

judicial authorisation

– – –

prior approval by an independent third party requiring the police to conduct investigations certification scheme for public authorities

Policy Development Retention

• Anti-Terrorism, Crime & Security Act 2001 • Voluntary -v- mandatory • Path open to deliver mandate if necessary –

generally

– –

description specified particular provider(s)

• Must specify maximum period for retention • Purpose for retention matching RIPA purpose for access

Policy Development Retention

• Sunset clause for mandate –

ability to issue mandatory direction ceases to have effect 2 years from passing of Act (13 Dec. 2003)

– –

can be extended must be introduced before original sunset clause comes into effect

• Gives options for delivery • Allows discussion with Industry to continue

Parliamentary Changes

• Retention

“for the purpose of safeguarding national security”

or crime related to that • Parliament decides that retention is appropriate, provided –

consultation with Information Commissioner & Industry first

followed by public consultation

• Took a year to complete this initial consultation phase. Excessive?

Issues that have emerged

• All Party Internet Group Report recommendations • “Legacy legislation” • Multi-agency SPOCs • Definition of communications data types • “Predictive fishing” • Subject access requests • Openness and transparency of oversight • State of the “technology war”

Issues that have emerged

• Bespoke systems required. Increase of costs • Industry hesitant to volunteer –

Information Commissioner’s advice

– –

Possibility of data protection prosecution potentially a public authority under Human Rights Law

Loss to competitors

• Would prefer to be mandated than to volunteer

Issues that have emerged

• All Parliamentary Internet Group • Timed to precede public consultation –

call for Home Office to drop all retention plans

– – – –

ignores law enforcement/agencies case call for negotiations on data preservation EU-wide discussion to dismantle retention regimes EU-law enforcement recommendation is for retention and, in specific cases, preservation not preservation alone

Industry presented behind closed doors & came out with high figures

Possible ways forward

• Industry willing to reveal true retention costs. Not so ‘scary’ after all • Work of Technical Group consisting of Industry, agency, independent and Home Office members • Data protection issues resolved by s. 28 DPA certification for national security • Government to stand with Industry on any human rights challenge • CSP’s giving clear indication of what is actually held • Need to develop route for retention for all crime to resolve disparity concerns

Striking the right balance

• How should Government strike the delicate balance between respect for the privacy of the individual and protecting the public from crime?

“We need a much broader public debate ….”

- Home Secretary, June 2002 • Chapter 4 of the access consultation paper describes the challenge for Government, asks what are the public’s privacy concerns are and invites views on the need for a wider review.

Consultation

• Consultation process • http://www.homeoffice.gov.uk/ripa/part1/consult.htm

• http://www.homeoffice.gov.uk/docs/comsdatacontacts.html

• Responses by 3 June • Next steps