Feeds

Tories fear legal dodge over comms überdatabase

Euro data law comes into force on Monday

Intelligent flash storage arrays

Laws mandating a massive central database of email, web browsing, telephone and social networking data may already have been passed without proper scrutiny by MPs, according to the Conservatives.

The Home Office is due to publish its delayed consultation on the Interception Modernisation Programme (IMP) "shortly".

In a Lords debate on privacy on Thursday, however, shadow security minister Baroness Neville-Jones asked whether the European rules obliging data retention by ISPs, which come into force on Monday, could be used to legitimise a centralised system or a prototype. UK law was brought into line with the EU data retention directive by statutory instrument, so it was not debated by either house of Parliament.

"The Government have not been able to satisfy these benches that last week's statutory instrument did not create a vehicle through which the interception modernisation programme could be carried into practice without further primary legislation," Neville-Jones said.

Leaked plans for a central warehouse of data detailing who contacts whom, when and where have been described as a potential personal data "hellhouse" by recently-retired Director of Public Prosecutions Sir Ken Macdonald. The government says it has not settled on a system.

When the government first announced its intention for laws mandating the Interception Modernisation Programme early last year, it said they would be bundled with the EU laws in a single piece of primary legislation, the Communications Data Bill. Primary legislation requires the approval of MPs.

The plan was changed last summer, with the EU laws brought in separately, ostensibly to meet Brussels' compliance deadline.

Neville-Jones said: "The draft Queen's Speech led us to believe that primary legislation would be forthcoming and that the powers contained in the [statutory instrument] would be transposed in a bill of primary legislation.

"Instead, the [statutory instrument] has been transposed separately, and against the background of the Home Secretary having cast doubt in a recent speech on the need for primary legislation."

In October, during a speech at the Institute for Public Policy Research, Jacqui Smith discussed IMP publicly for the first time. "The changes we need to make may require legislation," she said. "The safeguards we will want to put in place certainly will. And we may need legislation to test what a solution will look like."

Responding for the government yesterday, Ministry of Justice minister Lord Bach declined to directly address Neville-Jones' concern over whether IMP could go ahead without further legislation or Parliamentary scrutiny. "There has been, we believe, widespread misrepresentation of our plans for future communications data retention," he said.

"Since those plans have not been finalised, I cannot say that there will be a prototype, as plans will be confirmed only after the consultation."

A Home Office spokesman declined to say whether primary legislation will be brought forward, or whether the EU data retention directive could be used as a legal mandate. "We will be going into consultation shortly and options will be put," he said, saying Smith's speech in October explained the government's position.

Register sources have indicated a prototype communications data collection system is proposed, with funding of almost £1bn already secured from the counter-terror budget, allocated during 2007's Comprehensive Spending Review. BT and Vodafone have been lined up as cooperative fixed line and mobile operators to provide the first data, our sources say.

Professor Richard Clayton of Cambridge University's computer lab said the EU data retention laws were unlikely to offer legal cover for the massive network of deep packet inspection (DPI) equipment that ubiquitous communications data collection would require. "It's clear that being forced to fit DPI equipment would go well beyond what the directive envisages," he said. ®

Internet Security Threat Report 2014

More from The Register

next story
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.