Feeds

RIPA changes in Freedoms Bill don't protect privacy enough

Changes bring neglible improvement in privacy protection

Build a business case: developing custom apps

Comment The “Protection of Freedoms Bill” has a wholly misleading title; the legislation simply does not do what it says on the tin. The CCTV provisions (see here) have more to do with efficient surveillance than privacy protection. We reviewed the Information Commissioner’s concerns about the use of personal data in DNA profiling or in vetting here.

For completeness, this article addresses the additional privacy protection afforded by the proposed changes to the Regulation of Investigatory Powers (RIPA) Act. Although welcome, they are really very inconsequential.

This is because the changes are limited to local authorities who hardly use RIPA powers; for other bodies (eg: those that report to the Home Office), RIPA is left unfettered. In addition, the changes do not stop local authorities using RIPA powers; instead of self-authorising their application, local authorities have to seek judicial authority to commence using them.

In other words, the changes have little impact on the real privacy issues surrounding RIPA. And the best way to demonstrate this minimal impact is to let the statistics published in the latest annual reports of the surveillance commissioner (PDF/696KB) and the interception of communications commissioner (PDF/315KB) speak for themselves.

The changes with respect to CHIS

In relation to CHIS (the recruitment of Covert Human Intelligence Sources), the surveillance commissioner states that "there were 5,320 CHIS recruited by law enforcement agencies during the year" while all "other public authorities recruited 229 CHIS" where "just over half of CHIS usage was by government departments". In other words, in relation to CHIS, local authorities have recruited a maximum of 115 CHIS (half of 229), and this represents just over 2 per cent of the total CHIS recruited (there are 5,549 CHIS recruited per year).

In fact, the commissioner reports "the light use of RIPA/RIP(S)A powers by local authorities is even more pronounced in relation to CHIS recruitment. Ninety-seven per cent recruited five or fewer and 86 per cent did not use CHIS". As there are about 440 local authorities in total, it follows that if 86 per cent do not use CHIS, then there are only 62 local authorities that do use CHIS (ie: 14 per cent of 440).

If there are 115 CHIS recruited by these 62 local authorities, then the Freedom Bill's requirement to seek judicial authority to use CHIS, is going to happen on average less than twice a year per authority. Compare this 2 per year statistic with the fact that "5,549 CHIS recruited in total per year".

The Freedom Bill’s CHIS changes have inconsequential impact on privacy protection because from each local authority’s perspective, they focus on 0.036 per cent of the total number of CHIS recruitment per year.

The changes with respect to directed surveillance

In relation to directed surveillance, the surveillance commissioner reports: "Law enforcement agencies granted 15,285 directed surveillance authorisations during 2009-2010." In relation to other public authorities, 8,477 directed surveillance authorisations were granted during the year, of which "50 per cent were by government departments". This means there are a total of 23,762 directed surveillance authorisations per year.

The surveillance commissioner also reports that "[g]enerally speaking, local authorities use RIPA/RIP(S)A powers sparingly, with over 50 per cent granting five or fewer directed surveillance authorisations during the reporting period. Some 16 per cent granted none at all".

So if we use these figures (and go through the same kind of analysis as for CHIS), then 84 per cent of local authorities (ie about 378 local authorities) use directed surveillance and the maximum number of directed surveillance authorisations by all local authorities per year is about 4,240 (half of 8,477).

Although you can argue that 18 per cent of the total number of directed surveillance operations are undertaken by local authorities as a whole, this figure is an over-simplistic statistic and does not provide a complete picture. For instance, it fails to take into account that there are 378 authorities undertaking such surveillance.

If you work out the average local authority's use of RIPA-directed surveillance powers (4,240 divided by 378), then you see that each authority commences 11.2 directed surveillance operations per year (1 per month would be above average). This one per month average for each authority can then be compared with the 1,980 authorisations per month (the total number of 23,762 authorisations per year divided by 12).

From the perspective of each local authority, therefore, the government is legislating with respect to an issue that represents 1 in 1,980 (or 0.05 per cent) of the total authorisations per month. This 0.05 per cent figure hardly represents a significant change in the level of privacy protection with directed surveillance.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
NBN Co claims 96 mbps download speeds for FTTN trial
Umina trial also delivers 30 mbps uploads, but exact rig used not revealed
True fact: 1 in 4 Brits are now TERRORISTS
YouGov poll reveals terrible truth about the enemy within
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?