Feeds

RIPA changes in Freedoms Bill don't protect privacy enough

Changes bring neglible improvement in privacy protection

Remote control for virtualized desktops

The changes with respect to communications data

No local authority has the power to intercept a telephone call or any other form of communication during the course of its transmission, and the only change in the Freedoms Bill relates to local authority collection of communications data. (Communications data are those data that relate to who has called whom, when, for how long and from what location – but not the content of that communication.)

The interception commissioner’s annual report (PDF/315KB) notes that: "During the year ended 31 December, 2009, public authorities as a whole made 525,130 requests for communications data to communication service providers and internet service providers"(ie: there are 43,761 requests per month).

The commissioner then notes that that "during the period covered by this report, 131 local authorities notified me that they had made use of their powers to acquire communications data, and this is slightly more than last year". The commissioner records that local authorities made "a total of 1,756 requests ... for communications data and the vast majority were for basic subscriber information". So before we do any analysis, local authorities collectively only account for 0.33 per cent of the total number of requests for communications data.

If 131 local authorities make 1,756 requests per year, then this works out to a local authority average of 13.4 per year (ie: the average local authority is making just over one request per month – actual figure is 1.1). This figure of 1.1 per month should be compared with the 43,761 requests per month for all of the public sector.

From this we may deduce that from the perspective of each local authority, the provisions in the Freedom Bill will impact on 0.0025 per cent of the total of number of times communications data are used. In this case, to describe the enhanced privacy protection as "inconsequential" is really a gross overstatement of the improvement in protection.

Breaking down statistics

In each case, the analysis shows that each local authority represents 0.05 per cent or less of the actual RIPA activity; 99.95 per cent of RIPA activity is therefore unaffected. Quite simply, there is no significant change to privacy protection.

One cannot help but conclude that this part of the Freedoms Bill has focused on local authorities because it diverts attention from other areas of RIPA. Local authorities (thanks to Poole Council one suspects) are the new “sitting ducks” for government rhetoric.

However, two important questions are not being asked:

  • Why is it that judicial authority is required by a local authority, but not say, the other government departments that also infrequently use RIPA powers?
  • Why is it that the use of these powers are to become subject to judicial authority for just local authorities, when it would reassure the public that all RIPA powers exercised properly by any public authority, if all authorities were subject to judicial authority? After all, all RIPA powers are very invasive of individual privacy ...

When you look at the above, there is only one conclusion: the changes represent only a very thin veneer of additional privacy protection. Be grateful for small mercies, but recognise that they are very small indeed.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Remote control for virtualized desktops

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.