Security fears over UK 'snooper's charter'
UK.gov to spy on Joe Public, pass data overseas
Human rights watchdog Privacy International (PI) will today warn a House of Lords conference that government proposals to stockpile details of all phone calls and Internet access made by the entire population of the UK will create grave dangers for both privacy and security.
A number of orders - called 'Statutory Instruments' - currently being considered by Parliament will create a legal basis for comprehensive surveillance of communications and establish a regime for warehousing acquired data - phone numbers and email addresses contacted, web sites visited, locations of mobile phones etc. - about every UK subject.
The regulations will allow an extensive list of public authorities access to records of individuals' telephone and Internet usage (under the Regulation of Investigatory Powers Act). This communications data will be available to government without any judicial oversight.
Not only does government want access to this information, but it also intends to oblige companies to keep personal data just in case it may be useful (under provisions of the Anti-Terrorism, Crime and Security Act).
This sensitive information, together with account and financial data, will eventually be available on request to investigation authorities in most other European countries, PI warns.
The potential for overseas countries to access this sensitive data comes about through a range of international treaties, such as the recent Council of Europe (CoE) Cybercrime Convention. The convention, signed by 37 countries so far, allows for "minimum standard mutual law enforcement assistance between nations".
Albania, Estonia and Croatia have already ratified the treaty, thus bringing it into legal force. The UK has signed the treaty, but no date has yet been set for its incorporation into British law.
Russia has been arguing in the G8 for a data retention regime, PI notes. If successful, it too would have access to UK data under the mutual assistance treaties.
Privacy International warns that the "low standard of evidence or authentication demanded for these transfers creates exceptional dangers to many ethnic and other groups in the UK". The conditions for sharing this information mean the intelligence could be about offences that are criminal only in the requesting country and not in the UK.
"In the G8, the CoE and under other mutual legal assistance agreements, there are no requirements for dual-criminality. In fact, the CoE convention on cybercrime dissuades governments from allowing for dual criminality before data is required to be shared," Privacy International argues.
"There are grounds for refusal, but they are limited," it adds.
Agents for overseas powers
Current procedures in the UK do not require dual-criminality when responding to requests from other countries. In fact, sometimes only very basic information is required to inform the UK officials of the purpose of the data to be transferred.
And the situation is set to get worse if plans to compel service providers to keep communications data for at least a year go ahead.
Provisions in the Regulation of Investigatory Powers Act (Part I, Chapter I, Section 5) allow for the "disclosure of interception and communications data" under mutual assistance agreement or for intelligence purposes.
So the passage of the current orders and the implementation of data retention would make data regarding UK subjects available to governments around the world with "little oversight or control", PI warns.
"This data will be made available without regard to dual-criminality, and it may in turn be kept by foreign governments as they see fit. Countries such as the US that do not have data retention schemes will benefit from the vast store of information available on UK citizens even when similar stores are not available on their own citizens."
PI's Director, Simon Davies, warned: "The governments plan to stockpile this massive amount of sensitive information poses a risk to a great many people. The proposals should be abandoned immediately.
"The proposals are ill-considered, unnecessary and unlawful," he added.
The government's proposals will be debated at a meeting (Wednesday, 5 November) in the House of Lords, organised by Privacy International and the Foundation for Information Policy Research. ®
Sponsored: Global DDoS threat landscape report