The Draft Communications Data Bill is released but is widely panned by MPs and privacy experts
The Draft Communications Data Bill was committed to formal pre-legislative scrutiny today, but it is already facing stern opposition from MPs, privacy groups and those concerned about the cost of the proposed law’s provisions.
Plans for a draft bill for the so-called ‘Snooper’s Charter’ were announced during the Queen’s Speech in May.
The bill proposes storing all communications data, excluding content, so that police and GCHQ can use comms information about who contacts whom over Internet services, without a warrant. Current regulations require law enforcement to gain permission before getting hold of comms data.
Home Office ministers and home secretary Theresa May have defended the bill, saying it was designed to help protect UK citizens. “It seems to me that we need to take a step back and look at the kinds of things are we trying to do. We are trying to protect people from harm and yes we must be alive to the civil liberties questions,” minister for policing and criminal justice Nick Herbert told TechWeekEurope.
Time for a scrap
Yet the argument that the laws would help lock up terrorists and paedophiles has not washed with many who see them as a major infringement on citizens’ privacy.
Privacy groups and politicians met at parliament today, in a briefing led by Julian Huppert MP, who said there will be a “genuine discussion” over the draft bill, as it heads to a select committee for debate. “This will be changed in time for a later draft,” he said. “There are some limited safeguards that need to go a lot further.”
In particular, Huppert has taken umbrage at clause one in the draft bill, which says the Secretary of State can ask for an order that would “ensure or otherwise facilitate the availability of communications data from telecommunications operators so that it can be obtained by relevant public authorities”.
Huppert believes this would allow the government to ask for any data it wanted from comms providers, which he feels is “far too broad”.
“The Home Office needs to demonstrate that the data that they will take will be useful enough to be worth all the damage it will cause,” Huppert told TechWeekEurope. “So far they haven’t shown that.”
There remains plenty of contention about whether web based companies such as Google and Facebook will be deemed as communications providers alongside telecoms firms like BT and Virgin, and the government is under pressure to clarify who it can take data from. The fact that Facebook and Google don’t store data in the UK makes things even less clear, Huppert said.
For such companies, turning on HTTPS by default would make things much more difficult for the government, as it would have to have the capability to carry out fast, effective and widespread brute force attacks on encrypted information. Twitter already runs SSL by default on all users’ communications over its platform, whereas Facebook does not. Google turns it on by default in certain areas, such as in Docs and Gmail.
Privacy groups get angry
Privacy groups are furious that the government has not listened to the complaints put forward by campaigners and technical experts. In particular, it was believed the proposed black boxes, in which data will be stored and dissected at comms providers before being then sent off to law enforcement, would not make it into the bill. But from reading the draft, Eric King from Privacy International, said it appeared those boxes would still be in the bill.
“It seems that not a lot has changed. We still have this position where the nation’s Internet is going to be under surveillance. We think this will include black boxes,” King said.
He also believes there are “no clear guidelines between what is content and what is traffic.”
Indeed, many believe the laws are technically unworkable too, as splitting content from comms data is very tricky to do and the government has not explained how it is to do this. For instance, if someone visits a particular URL, it may show what kind of data is being viewed.
On the other hand, avoiding detection on the web is very simple, using measures to hide an IP, such as a VPN, or similar service. “This is so easily bypassed it is laughable,” said Tory MP David Davis. “The ministers taking this through have no idea how daft this is.”
“This has been driven by people who are willingly naive about the technical issues,” added Nick Pickles, director of the Big Brother Watch. “This is indiscriminate surveillance of everybody.”
As for the cost of implementing the changes required by the bill, the Home Office told the Guardian it would have to spend at least £1.8 billion. Huppert said he had no idea how such an accurate figure came about, given there was so little information on the specifics of how any potential Act would be enforced.
But there was a sense of optimism in parliament today that the laws would be defeated during the coming hearings or in courts if the Bill became an Act.
Huppert said he was certain the bill would not pass a second hearing in the state it was currently in. Jim Killock, executive director of the Open Rights Group, said it would either be defeated in the upcoming hearings or in the courts, if an Act were passed.
As for what happens now, the draft will be discussed by a 12-person select committee before another statement is made about the bill later this year, which could mark the point it becomes an official bill. David Davis revealed that David Maclean has been appointed to chair the committee. Davis said he had reservations about how right wing Maclean was.
Are you a privacy pro? Try our quiz!