FIPR Press Release - Home Office in two minds on snooping

FOR IMMEDIATE USE : 11 March 2003

In June 2002 the Foundation for Information Policy Research (FIPR) was the first to draw attention to the Government's totally disproportionate proposals for access to communications data (records of email senders and receivers, phone numbers called or web pages visited). The Home Office apparently intended for every Whitehall or Town Hall bureaucrat to have access to this highly sensitive data. They now admit this was "not proportionate" and have set out schemes for limiting the type of data that might be accessed and the controls that might be applied.

FIPR's view is that some government agencies may have a case for accessing details of the owner of a phone number or email address, though not perhaps as many agencies as the Home Office suggest. Do Town Hall planning departments really need such powers to check up on preservation orders? What is vital are genuine internal controls to prevent misuse and also oversight by a properly funded regime that is independent of each agency. The Home Office needs to work a little harder on this aspect, and they will need to come forward with proposals for criminal offences for abuse of the system.

The case they make for allowing further access to communications data (itemised bills, geographic locations of mobile phones, web access records or email correspondents) is far weaker. The Home Office has managed to cobble together a limited number of anecdotes on cases where this has been required, but few agencies have any actual figures. Nevertheless, the picture that emerges is that this type of data is very seldom needed. The agencies will not build expertise and will not be in a position to use this data effectively. They will be far better off tapping police expertise in joint operations.

Ian Brown, Director of FIPR, commented: "The Home Office now seems to understand the problems we pointed out with their legislation last summer. They haven't quite got their new proposals right, but this seems to be a genuine consultation and we look forward to helping them improve their plans."

In contrast, the consultation on a voluntary code of practice for data retention (storing communications data on all users) is entirely disingenuous. The Home Office have not addressed the concerns expressed by the Information Commissioner, the communications industry or indeed by the parliamentary All-Party Internet Group (APIG), who published a critical report earlier this year. Companies will be breaking the law by retaining data for anti-terrorist purposes and then making it available for access for other purposes, whether they be criminal investigations or for civil lawsuits.

The Home Office seem to be avoiding the issue of cost, yet the communications industry are quoting enormous figures for data retention, well in excess of the funds that the Treasury has put aside. The examples given in the consultation (the "business case" for spending the money) fill less than half a page, and are mainly telephone examples, with no Internet involvement. The document is so poorly researched that many examples involve elapsed times that are in excess of the data retention periods actually being proposed!

Ian Brown commented: "The data retention consultation is a sham. The Home Office have failed to address any of the well-known substantive issues and are merely going through the motions so that they can come back with a compulsory scheme. Their problem is that the compulsory scheme will also be unlawful, will also be incredibly expensive and, on their own evidence, will fail to help with their problems. The Home Office needs to drop data retention and start again, perhaps with a targeted preservation scheme such as seems to be successful in the USA."

Contacts for enquiries:

Notes for editors

1. The Foundation for Information Policy Research (www.fipr.org), was founded in 1998 as a non-profit think-tank for Internet and Information Technology policy, governed by an independent Board of Trustees with an Advisory Council of experts.
2. In early summer 2002 the Home Office brought forward an obscure Statutory Instrument, whose effect was to dramatically widen the range of public authorities that could access communications data, apparently permitting a parish council to force a mobile phone company to provide a minute by minute log of location data without so much as a warrant. On the 10th June, FIPR was the first organisation to draw attention to its ramifications. The original press release can be viewed at:
   http://www.fipr.org/press/020610snooping.html
3. Within days the story was front page news and the leader columns were condemning the Government's plans. On the 18th June the Home Secretary David Blunkett admitted that the Home Office had "blundered" over what had become dubbed the "Snooper's Charter".
4. Blunkett promised "calmer and lengthy" discussion of the issues and it is that consultation which was finally announced today. The consultation document can be found at:
   http://www.homeoffice.gov.uk/ripa/part1/consult.htm
5. The second consultation is on a voluntary Code of Practice for data retention by "communications service providers" (telephone, mobile and Internet companies). This is brought forward under Part XI of the Anti-Terrorism Crime and Security Act 2001 (ATCS). If the voluntary code fails then the Home Secretary can bring forward a compulsory scheme. This consultation is at:
   http://www.homeoffice.gov.uk/oicd/antiterrorism/consult.htm
6. The House of Lords amended ATCS, by a very substantial majority, from the original Government proposals for blanket retention. Data retention was only to be permitted for reasons of national security and investigation of terrorism. In the 15 months since the "emergency" legislation was passed the Home Office have been trying to create a workable scheme. One major difficulty has been that the retained data can also be accessed for other reasons, such as by the police for criminal investigations and for use in civil lawsuits. Legal advice given to the Information Commissioner has been that this "disparity" problem will prevent a data retention regime from being "human rights compliant".
7. The consultation sets out clearly what is agreed to be lawful, retention of data per se and access for investigation of terrorists and for reasons of national security. However, it does not properly address the "disparity" issue and in #11.8 sets out a view of access which is totally at odds with the intention of Parliament.
8. The debate has also brought up significant concerns about the expense of a retention scheme and its cost effectiveness. The consultation ignores the first issue and presents only a handful of examples of cases where data retention would have been useful in investigating terrorism. However, the technical details are unconvincing and inconsistent.
9. A more detailed account of the complex issues surrounding the legality of the ATCS regime can be found in paragraphs #126-#142 of the "All Party Internet Group" (APIG) report of January 2003. The cost issues are addressed in #143-#157.
   http://www.apig.org.uk/APIGreport.pdf
10. Data Preservation is the jargon term for a scheme whereby Law Enforcement request a provider to preserve data from around the time of a crime so that it will be available later on if it is needed. This scheme operates in the USA and in 2001, upon request by the authorities, the UK industry operated a voluntary scheme to preserve the data they held for the period just before the "9/11" attacks.