Feeds

RIPA changes in Freedoms Bill don't protect privacy enough

Changes bring neglible improvement in privacy protection

Internet Security Threat Report 2014

The changes with respect to communications data

No local authority has the power to intercept a telephone call or any other form of communication during the course of its transmission, and the only change in the Freedoms Bill relates to local authority collection of communications data. (Communications data are those data that relate to who has called whom, when, for how long and from what location – but not the content of that communication.)

The interception commissioner’s annual report (PDF/315KB) notes that: "During the year ended 31 December, 2009, public authorities as a whole made 525,130 requests for communications data to communication service providers and internet service providers"(ie: there are 43,761 requests per month).

The commissioner then notes that that "during the period covered by this report, 131 local authorities notified me that they had made use of their powers to acquire communications data, and this is slightly more than last year". The commissioner records that local authorities made "a total of 1,756 requests ... for communications data and the vast majority were for basic subscriber information". So before we do any analysis, local authorities collectively only account for 0.33 per cent of the total number of requests for communications data.

If 131 local authorities make 1,756 requests per year, then this works out to a local authority average of 13.4 per year (ie: the average local authority is making just over one request per month – actual figure is 1.1). This figure of 1.1 per month should be compared with the 43,761 requests per month for all of the public sector.

From this we may deduce that from the perspective of each local authority, the provisions in the Freedom Bill will impact on 0.0025 per cent of the total of number of times communications data are used. In this case, to describe the enhanced privacy protection as "inconsequential" is really a gross overstatement of the improvement in protection.

Breaking down statistics

In each case, the analysis shows that each local authority represents 0.05 per cent or less of the actual RIPA activity; 99.95 per cent of RIPA activity is therefore unaffected. Quite simply, there is no significant change to privacy protection.

One cannot help but conclude that this part of the Freedoms Bill has focused on local authorities because it diverts attention from other areas of RIPA. Local authorities (thanks to Poole Council one suspects) are the new “sitting ducks” for government rhetoric.

However, two important questions are not being asked:

  • Why is it that judicial authority is required by a local authority, but not say, the other government departments that also infrequently use RIPA powers?
  • Why is it that the use of these powers are to become subject to judicial authority for just local authorities, when it would reassure the public that all RIPA powers exercised properly by any public authority, if all authorities were subject to judicial authority? After all, all RIPA powers are very invasive of individual privacy ...

When you look at the above, there is only one conclusion: the changes represent only a very thin veneer of additional privacy protection. Be grateful for small mercies, but recognise that they are very small indeed.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.