Feeds

RIPA changes in Freedoms Bill don't protect privacy enough

Changes bring neglible improvement in privacy protection

Security for virtualized datacentres

The changes with respect to communications data

No local authority has the power to intercept a telephone call or any other form of communication during the course of its transmission, and the only change in the Freedoms Bill relates to local authority collection of communications data. (Communications data are those data that relate to who has called whom, when, for how long and from what location – but not the content of that communication.)

The interception commissioner’s annual report (PDF/315KB) notes that: "During the year ended 31 December, 2009, public authorities as a whole made 525,130 requests for communications data to communication service providers and internet service providers"(ie: there are 43,761 requests per month).

The commissioner then notes that that "during the period covered by this report, 131 local authorities notified me that they had made use of their powers to acquire communications data, and this is slightly more than last year". The commissioner records that local authorities made "a total of 1,756 requests ... for communications data and the vast majority were for basic subscriber information". So before we do any analysis, local authorities collectively only account for 0.33 per cent of the total number of requests for communications data.

If 131 local authorities make 1,756 requests per year, then this works out to a local authority average of 13.4 per year (ie: the average local authority is making just over one request per month – actual figure is 1.1). This figure of 1.1 per month should be compared with the 43,761 requests per month for all of the public sector.

From this we may deduce that from the perspective of each local authority, the provisions in the Freedom Bill will impact on 0.0025 per cent of the total of number of times communications data are used. In this case, to describe the enhanced privacy protection as "inconsequential" is really a gross overstatement of the improvement in protection.

Breaking down statistics

In each case, the analysis shows that each local authority represents 0.05 per cent or less of the actual RIPA activity; 99.95 per cent of RIPA activity is therefore unaffected. Quite simply, there is no significant change to privacy protection.

One cannot help but conclude that this part of the Freedoms Bill has focused on local authorities because it diverts attention from other areas of RIPA. Local authorities (thanks to Poole Council one suspects) are the new “sitting ducks” for government rhetoric.

However, two important questions are not being asked:

  • Why is it that judicial authority is required by a local authority, but not say, the other government departments that also infrequently use RIPA powers?
  • Why is it that the use of these powers are to become subject to judicial authority for just local authorities, when it would reassure the public that all RIPA powers exercised properly by any public authority, if all authorities were subject to judicial authority? After all, all RIPA powers are very invasive of individual privacy ...

When you look at the above, there is only one conclusion: the changes represent only a very thin veneer of additional privacy protection. Be grateful for small mercies, but recognise that they are very small indeed.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.