Wraps come off UK super-snooper draft plans

Attempt to log everyone who cares foiled by duff website

Intelligent flash storage arrays

Legislation relating to communications data will be yanked out of the existing Regulation of Investigatory Powers Act (RIPA) and brought under a new regulatory framework if the Home Office's plans to step up the monitoring of internet traffic passes through Parliament.

Home Secretary Theresa May unveiled her proposals for the UK's rehashed internet super-snoop law today, which immediately led to the Home Office's website collapsing.

At time of writing, the draft 117-page Communications Data Bill was unavailable online.

The Home Office proposed that the bill, which will now be scrutinised by a joint committee of MPs and peers as well as by the Intelligence and Security Committee (ISC), would "replace the dozens of currently available powers with a single piece of legislation".

The ISC said: "We will take evidence and examine the rationale behind the proposals and how rigorous the safeguards are to ensure the privacy of individuals.”

On RIPA, the Home Office said in its draft bill:

Law enforcement agencies – the police, the Serious and Organised Crime Agency and Her Majesty’s Revenue and Customs – account for the overwhelming majority of annual requests for access to communications data under the Regulation of Investigatory Powers Act ('RIPA') 2000.

They have access to the full range of communications data. Other authorities with investigative or public protection responsibilities are able to access communications data, but most do not have access to more sensitive forms of communications data, for example data regarding the location of a mobile phone.

Local authorities account for less than 0.5 per cent of total annual RIPA requests for communications data. Following the implementation of the Protection of Freedoms Act, they will only be able to access this data if approved by a magistrate.

Communications technologies and services are changing fast with more communications taking place on the internet using a wider range of services, including voice over internet, online gaming and instant messaging.

Communications data from these technologies is not as accessible as data from older communications systems like ‘fixed line’ telephones. Although some internet data is already stored by communication service providers, other data is neither generated nor obtained because providers have no business need for it.

This means that the police are finding it increasingly hard to use some types of communications data to investigate crime. To address this growing gap, the proposals set out here will require some communications service providers to obtain and store some communications data which they may have no business reason to collect at present.

Nothing in these proposals will authorise the interception of the content of a communication. Nor will it require the collection of all internet data, which would be neither feasible, necessary nor proportionate. We will extend existing safeguards regarding data retention, access and oversight. And we will remove other statutory powers with weaker safeguards under which communications data can currently be accessed by public authorities.

The proposed regime would replace Part 1 Chapter 2 of the RIPA and Part 11 of the Anti-Terrorism Crime and Security Act 2001. A move that would represent a major rejig of current surveillance law.

As The Register reported earlier, ISPs will be expected to retain communications data by logging every website visit, as well as any access made by its customers to email accounts, Facebook and difficult-to-tap tech like peer-to-peer communications such as Skype for a minimum of 12 months.

But the Home Office will foot the bill, which it estimates will cost at least £1.8bn over the course of 10 years.

It added: "Benefits from this investment are estimated to be £5bn – 6.2bn over the same period."

The £1.8bn figure is only marginally less than the one floated by the previous Labour government - prior to it abandoning its own Internet Modernisation Programme (IMP) in light of protests against such an unloved legislative overhaul.

ISPs will be able to appeal to a technical advisory board under dispute procedures if they complain that such requests for data are "unnecessarily onerous".

Secretary General of UK ISP trade group, ISPA, Nicholas Lansman told El Reg:

ISPA has concerns about the new powers to require network operators to capture and retain third party communications data. These concerns include the scope and proportionality, privacy and data protection implications and the technical feasibility.

Under the proposals, the police, the National Crime Agency, spooks and the taxman would be able to "apply for access" to such data, the Home Office said.

It added:

"Hundreds of public bodies – including local authorities – currently have access to communications data, but will not be covered by the new laws unless Parliament agrees their use is vital to tackling crime and protecting the public."

However, only a tiny number of comms data requests originate from local councils - so such a proposed change is likely to have a minimal impact. May confirmed this morning that 500,000 such requests from all British authorities are made each year. Arguably, that figure will balloon under any Communications Data Act.

The Home Secretary, in a canned statement, said:

Communications data saves lives. It is a vital tool for the police to catch criminals and to protect children.

If we stand by as technology changes we will leave police officers fighting crime with one hand tied behind their backs.

Checking communication records, not content, is a crucial part of day-to-day policing and the fingerprinting of the modern age – we are determined to ensure its continued availability in cracking down on crime.

The Information Commissioner's Office (ICO) "will keep under review the security and integrity of the communications data retained," the Home Office said.

The ICO noted such a move would be a burden placed upon its already swamped staff. It said:

If the Information Commissioner is to be in a position to ensure compliance with the Data Protection Act, in respect of security of retained personal information and its destruction after 12 months, the ICO will need appropriately enhanced powers and the necessary additional resources.

Clauses were added to the draft bill and confirmed in the Queen's Speech, following opposition to May's proposals from junior Coalition members, the LibDems. They include measures such as consultation requirements, data security and integrity, destruction of data and other safeguards.

LibDem MP Julian Huppert, who led his party's charge against May's initial plans, welcomed the opportunity to debate the draft bill out in the open, but he remains worried about certain aspects of the proposals.

"My immediate concern is Clause 1. As written, it gives the Secretary of State far too broad a power. It allows data collection exercises that are perfectly reasonable – but would also allow pervasive black boxes that would monitor every online information flow, an idea which is clearly unacceptable.

"This must be tightened up urgently. The accompanying text is much better – but I don’t think we should pass broad laws on a promise from government that they will never abuse them.

"This absolutely must be changed: it is unacceptable as it currently stands."

A copy of the draft bill isn't currently available via the Home Office website, which we're informed suffered some technical difficulties. Readers can get their mitts on it here [PDF]. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.