Security fears over UK 'snooper's charter'

UK.gov to spy on Joe Public, pass data overseas

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Human rights watchdog Privacy International (PI) will today warn a House of Lords conference that government proposals to stockpile details of all phone calls and Internet access made by the entire population of the UK will create grave dangers for both privacy and security.

A number of orders - called 'Statutory Instruments' - currently being considered by Parliament will create a legal basis for comprehensive surveillance of communications and establish a regime for warehousing acquired data - phone numbers and email addresses contacted, web sites visited, locations of mobile phones etc. - about every UK subject.

The regulations will allow an extensive list of public authorities access to records of individuals' telephone and Internet usage (under the Regulation of Investigatory Powers Act). This communications data will be available to government without any judicial oversight.

Not only does government want access to this information, but it also intends to oblige companies to keep personal data just in case it may be useful (under provisions of the Anti-Terrorism, Crime and Security Act).

This sensitive information, together with account and financial data, will eventually be available on request to investigation authorities in most other European countries, PI warns.

The potential for overseas countries to access this sensitive data comes about through a range of international treaties, such as the recent Council of Europe (CoE) Cybercrime Convention. The convention, signed by 37 countries so far, allows for "minimum standard mutual law enforcement assistance between nations".

Albania, Estonia and Croatia have already ratified the treaty, thus bringing it into legal force. The UK has signed the treaty, but no date has yet been set for its incorporation into British law.

Russia has been arguing in the G8 for a data retention regime, PI notes. If successful, it too would have access to UK data under the mutual assistance treaties.

Privacy International warns that the "low standard of evidence or authentication demanded for these transfers creates exceptional dangers to many ethnic and other groups in the UK". The conditions for sharing this information mean the intelligence could be about offences that are criminal only in the requesting country and not in the UK.

"In the G8, the CoE and under other mutual legal assistance agreements, there are no requirements for dual-criminality. In fact, the CoE convention on cybercrime dissuades governments from allowing for dual criminality before data is required to be shared," Privacy International argues.

"There are grounds for refusal, but they are limited," it adds.

Agents for overseas powers

Current procedures in the UK do not require dual-criminality when responding to requests from other countries. In fact, sometimes only very basic information is required to inform the UK officials of the purpose of the data to be transferred.

And the situation is set to get worse if plans to compel service providers to keep communications data for at least a year go ahead.

Provisions in the Regulation of Investigatory Powers Act (Part I, Chapter I, Section 5) allow for the "disclosure of interception and communications data" under mutual assistance agreement or for intelligence purposes.

So the passage of the current orders and the implementation of data retention would make data regarding UK subjects available to governments around the world with "little oversight or control", PI warns.

"This data will be made available without regard to dual-criminality, and it may in turn be kept by foreign governments as they see fit. Countries such as the US that do not have data retention schemes will benefit from the vast store of information available on UK citizens even when similar stores are not available on their own citizens."

PI's Director, Simon Davies, warned: "The governments plan to stockpile this massive amount of sensitive information poses a risk to a great many people. The proposals should be abandoned immediately.

"The proposals are ill-considered, unnecessary and unlawful," he added.

The government's proposals will be debated at a meeting (Wednesday, 5 November) in the House of Lords, organised by Privacy International and the Foundation for Information Policy Research. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story


Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.