Original URL: https://www.theregister.co.uk/2014/07/10/overseas_tech_firms_concern_about_legal_uncertainty_around_uk_surveillance_powers_forces_emergency_law/

UK's emergency data slurp: IT giants panicked over 'legal uncertainty'

PM says rushed-through DRIP law will 'plug holes' in existing legislation

By Kelly Fiveash

Posted in Business, 10th July 2014 12:09 GMT

The UK government secured the backing of the country's main political parties today to rush an emergency Data Retention and Investigation Powers Bill (DRIP) through Parliament just seven days before MPs break for summer recess.

It comes after communications providers and telcos who operate in Britain but have headquarters based overseas, expressed deep concern about Blighty's existing powers, which require the firms to log telephone calls and internet activity of their subscribers for up to a year.

In April, the European Court of Justice ruled that the Data Retention Directive was "invalid" for failing to have adequate privacy safeguards in place.

Three months on, the Tory-led Coalition government has confirmed that emergency legislation needs to be enacted to "plug holes" in existing powers and to help address that uncertainty for communications companies, Prime Minister David Cameron said this morning during a press conference in Downing Street.

He was flanked by Deputy Prime Minister Nick Clegg, who repeatedly stressed that the proposed law was not a rehash of Home Secretary Theresa May's hated Communications Data Bill.

The politicos said that the country's current Regulation of Investigatory Powers Act 2000 (RIPA) already had the necessary safeguards in place to address the privacy flaws found in the European Union's Data Retention Directive.

May told MPs in the House of Commons that the UK needed primary legislation to allow for tech and telco outfits to continue to retain data on their subscribers so that police and spooks could access the information where criminal or terrorist activity is suspected.

She said that it was "a narrow and limited response to a set of specific challenges that we face."

The Home Sec added: "I am not proposing a Communications Data Bill ... no coalition consensus for those proposals were reached," May said. "We will have to return to them after the General Election."

The EU's shredded Data Retention Directive may not have had the necessary safeguards in place, May said before adding that the ruling "did not take into account the strict domestic laws" already in place. "RIPA was designed to comply with human rights," she told MPs.

May said that the planned law would "enhance the UK's legal safeguards and address the criticisms of the EU court".

LibDem leader Clegg, whose party is the junior member of the coalition, said that the "ECJ case struck down the [data retention] directive" and added that "it didn't have all the checks and balances in place." The DPM said the government planned to "fill that legal vacuum," by bringing in emergency legislation with a sunset clause.

"Crucially we've inserted a poison pill," Clegg added. "We're not placing anything permanently on the statute book."

Cameron said that the law, which will be rushed through Parliament next week, would not lead to any changes to RIPA, but instead would deal with a specific legal problem some companies had been flagging up about data retention.

The recent ECJ ruling means those companies can now "relatively rapidly" kill the information they retain on subscribers, the PM said.

A review of existing surveillance and interception laws in the UK will be carried out by a joint parliamentary committee after the next election.

Clegg promised that "civil liberties would be properly considered" under the new law and claimed that Brits will "know more than ever before" about what access the police and spooks have to our online data.

Shadow Home Secretary Yvette Cooper told MPs that the Labour Party - which during the previous government brought the EU Data Retention Directive into the UK - supported emergency law.

But she questioned why it had taken the government so long to act following the April ruling. Cooper warned that there was a lack of time for proper debate to take place in Parliament.

DRIP's drip effect: should the rushed legislation be welcomed by us Brits?

LibDem MP Julian Huppert, who was a vocal critic of May's Communications Data Bill push, said that the emergency law was necessary to address the EU court's decision on the Data Retention Directive.

"We need legislation to allow communications data to be available, but not to store more than is already allowed. And in this post-Snowden world, we need to move towards keeping less, and finding better and more proportionate ways to do so," Huppert said, in a letter to fellow politicos within his own party.

"We need to completely rewrite the law in this area. But that cannot be done quickly. We have to get it right, which will take a lot of work from many experts."

The MP added:

I think it is right to agree to a stop-gap. A piece of legislation that can be passed quickly, but crucially will automatically expire at the end of 2016, giving time to write something better, and the certainty of knowing it will not just become entrenched.

And in this stop-gap legislation, we should agree to no more than was previously allowed.

But not everyone agreed with Huppert's assurances. Eric King of Privacy International questioned the government's motives.

Other critics agreed that the coalition was flouting EU law by pushing through emergency legislation.

But the initial reaction from ISPs in the UK was to gently welcome the plan.

Nicholas Lansman, who is secretary general of lobby group ISPA, said:

ISPA supports proposals that give ISPs more clarity after the Data Retention Directive ruling, however it is vital that any new Bill has enough parliamentary time to be fully scrutinised. We also call on government to consider previous industry concerns over the Communications Data Bill when devising new legislation.

The Register asked Google, Twitter and Facebook to comment on this story, but none of the US data-slurping giants had got back to us at time of writing.

The Institute of Engineering and Technology said that "hasty legislation has often proved to be badly flawed".

It added:

In principle, the proposals are important for national security and law enforcement. It is essential that any intrusion into a citizen's private affairs is minimal, proportionate to the benefits to society as a whole, and properly controlled and supervised.

Britain's data watchdog, information commissioner Christopher Graham, warned that the right balance was needed between the needs of the country's security bods and an individual's privacy.

"The data retention powers the government is looking to replace were withdrawn by the European Court of Justice precisely because the Court felt that balance hadn’t been struck, and so any new law will need very careful thought," he said.

"I’ll be particularly keen to see what safeguards will be in place for the personal data that will be retained. Under the current law the ICO has a supervisory role in relation to the communications data required to be retained for longer by service providers," Graham added.

"If these safeguards are to be replicated in the new law we need to ensure that our role is clear with the independence, powers and resources we require to carry it out."

The government's freshly published DRIP bill can be scrutinised here (PDF). ®