Security fears over UK 'snooper's charter'

UK.gov to spy on Joe Public, pass data overseas

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Human rights watchdog Privacy International (PI) will today warn a House of Lords conference that government proposals to stockpile details of all phone calls and Internet access made by the entire population of the UK will create grave dangers for both privacy and security.

A number of orders - called 'Statutory Instruments' - currently being considered by Parliament will create a legal basis for comprehensive surveillance of communications and establish a regime for warehousing acquired data - phone numbers and email addresses contacted, web sites visited, locations of mobile phones etc. - about every UK subject.

The regulations will allow an extensive list of public authorities access to records of individuals' telephone and Internet usage (under the Regulation of Investigatory Powers Act). This communications data will be available to government without any judicial oversight.

Not only does government want access to this information, but it also intends to oblige companies to keep personal data just in case it may be useful (under provisions of the Anti-Terrorism, Crime and Security Act).

This sensitive information, together with account and financial data, will eventually be available on request to investigation authorities in most other European countries, PI warns.

The potential for overseas countries to access this sensitive data comes about through a range of international treaties, such as the recent Council of Europe (CoE) Cybercrime Convention. The convention, signed by 37 countries so far, allows for "minimum standard mutual law enforcement assistance between nations".

Albania, Estonia and Croatia have already ratified the treaty, thus bringing it into legal force. The UK has signed the treaty, but no date has yet been set for its incorporation into British law.

Russia has been arguing in the G8 for a data retention regime, PI notes. If successful, it too would have access to UK data under the mutual assistance treaties.

Privacy International warns that the "low standard of evidence or authentication demanded for these transfers creates exceptional dangers to many ethnic and other groups in the UK". The conditions for sharing this information mean the intelligence could be about offences that are criminal only in the requesting country and not in the UK.

"In the G8, the CoE and under other mutual legal assistance agreements, there are no requirements for dual-criminality. In fact, the CoE convention on cybercrime dissuades governments from allowing for dual criminality before data is required to be shared," Privacy International argues.

"There are grounds for refusal, but they are limited," it adds.

Agents for overseas powers

Current procedures in the UK do not require dual-criminality when responding to requests from other countries. In fact, sometimes only very basic information is required to inform the UK officials of the purpose of the data to be transferred.

And the situation is set to get worse if plans to compel service providers to keep communications data for at least a year go ahead.

Provisions in the Regulation of Investigatory Powers Act (Part I, Chapter I, Section 5) allow for the "disclosure of interception and communications data" under mutual assistance agreement or for intelligence purposes.

So the passage of the current orders and the implementation of data retention would make data regarding UK subjects available to governments around the world with "little oversight or control", PI warns.

"This data will be made available without regard to dual-criminality, and it may in turn be kept by foreign governments as they see fit. Countries such as the US that do not have data retention schemes will benefit from the vast store of information available on UK citizens even when similar stores are not available on their own citizens."

PI's Director, Simon Davies, warned: "The governments plan to stockpile this massive amount of sensitive information poses a risk to a great many people. The proposals should be abandoned immediately.

"The proposals are ill-considered, unnecessary and unlawful," he added.

The government's proposals will be debated at a meeting (Wednesday, 5 November) in the House of Lords, organised by Privacy International and the Foundation for Information Policy Research. ®

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.