As police and security service surveillance powers are rushed through parliament, the UK government is being criticised for mishandling data retention legislation that forces internet firms to store key communication information. It’s a strong reminder of the challenges governments have in creating effective digital regulation, and both marketers and their corporations can learn from these mistakes.
Under the new laws, MI5 and the police are allowed to read people’s emails and listen to people’s mobile phone conversations under emergency laws.
The UK Prime Minister David Cameron said the measures were needed to “maintain powers to help keep us safe from those who would harm UK citizens”, which was essential given the threat from unrest in Syria and Iraq.
Internet firms and other companies will now be required to store data on “who contacted whom and when” for 12 months.
However, Cameron conceded that the measures would only be temporary and the public would be given access to details of warrants requested for the first time.
The data has already been used for controversial measures, such as councils using surveillance powers to catch people putting their rubbish out on the wrong day. Organisations like the Royal Mail had access to the phone records of every citizen in the UK for the last year without their consent.
Under plans detailed in the Data Retention and Investigation Powers Bill:
• Firms will have to retain phone and email detail for 12 months.
• The number of public bodies allowed to request phone and email details will be limited – Royal Mail, pensions bodies and charities no longer given access.
• Councils will be banned from asking for information directly from internet and phone providers.
• A senior diplomat will oversee how information requests can be shared with other countries.
• There will be an annual transparency report on the warrants issued and why.
• There will be a review of the Regulation of Investigatory Powers Act, which allows councils to snoop on people.
• All powers are only temporary and will stop at the end of 2016.
When asked if the measures were simply “state-sponsored phone and email hacking”, Cameron said the public should be more worried if the Government did not introduce the new legislation.
The Prime Minister said: “I am simply not prepared to be a prime minister who has to address the people after a terrorist incident and explain that I could have done more to prevent it.”
And he stressed the powers, which have the backing of Labour, were the same as had been operating under the EU directive until it had been struck out, and which had helped to prevent terror plots.
He said: “It is the first duty of government to protect our national security and to act quickly when that security is compromised. As events in Iraq and Syria demonstrate, now is not the time to be scaling back on our ability to keep our people safe.
“The ability to access information about communications and intercept the communications of dangerous individuals is essential to fight the threat from criminals and terrorists targeting the UK.”
What’s it about?
The legislation focuses on how internet and telecom providers store communication data for potential future access by security services. The types of data range from the logs of your email traffic to the cellphone calls people make in the UK and cover the information about the communication such as the sender, recipient and duration, rather than the content of the communication.
“Society’s attitudes to data and its retention have shifted massively during the last 10 years”, explains Danny Meadows-Klue, one of the pioneers of the UK internet industry, and a government advisor brought in to help improve the first draft of the Regulation of Investigatory Powers Act (RIPA) in 2003.
Why the controversy?
“In a digital society, there is clearly a need for limited access to communications data by specific investigatory authorities, for specific purposes”, explains Meadows-Klue. “What’s essential is having the right governance in place to constitutionally prevent misuse or scope-creep.”
“What we’re seeing in this latest data retention legislation has been a shambles, with ministers rushing through powers at the last minute to prevent the collapse of existing investigations. This has been fully understood since the changes that triggered it were announced in Europe back in April, and yet all the government has achieved is short term knee-jerk reactions to extend existing approaches with no significant review. Legislation changes happen rarely, and this was the opportunity to update, and future-proof in a fast-changing environment. Striking the balance between protection of individual civil liberties and protection of society as a whole will remain one of the toughest moral challenges governments face for the next two decades, and we need politicians who can lead this debate, not follow.”
How does this work internationally?
Within Europe, other governments are now also rushing through sweeping powers, but for major security threats and international organised crime, Europe is only is small piece of the picture. “In today’s world of cross-border criminality and terrorism threats, international cooperation is essential”, explains Meadows-Klue. “Yet the treaties for overseas data exchange remain archaic, and this update to UK legislation could have been used as a landmark moment to unlock faster international cooperation.”
Small concessions to the critics
Frantic deals in the lobbies of Westminster have only given small concessions to improve the legislation. These include:
• The creation of a new Privacy and Civil Liberties Oversight Board to scrutinise the impact of the law on privacy and civil liberties
• The appointment of a senior former diplomat to lead discussions with the US government and internet firms to establish a new international agreement for sharing data between legal jurisdictions
• Termination clause ensuring these powers expire at the end of 2016
• A wider review of the powers needed by government during the next parliament