In February 2012, the coalition government announced plans to require communications service providers (everyone from ISPs to social networks) to intercept and collect everybody’s communications data just in case it's needed later in an investigation. This Communications Capabilities Development Programme, led to the announcement in the Queen's Speech in May 2012 of the draft Communications Data Bill.
You can download our short briefing (pdf), or see our response to the Joint Committee call for evidence for more detail. Below is some background on what is happening, and information about what you can do to help.
Rumours that the Home Office wanted to implement a similar programme, then called the Interception Modernisation Programme, surfaced in 2008. In 2009 the Labour government released a consultation paper. The proposals were dropped after significant public opposition. (You can read the joiunt ORG and FIPR response to this consultation here.)
In forming the coalition government in 2010, the Conservatives and Liberal Democrats (who in 2009 called IMP "incompatible with a free country") promised "to end the storage of Internet and email records without good reason". Now, less than two years later, they propose to adopt exactly the policy they opposed then by reinstating the Interception Modernisation Programme with only one key change: the name. The Coalition Government have claimed that the proposals are different because information will be stored by CSPs rather than a single, centralised database controlled by government. But Labour, before dropping the proposals entirely, also dropped plans for a centralised database.
For this programme to go ahead, legislation is needed - the draft Communications Data Bill. Now is the time to stop it.
What the draft Bill proposes
The Home Office argue that the programme gives law enforcement the same ability to track whom you are contacting on your computer or smartphone (over email, Skype, instant messaging, social networks) that they had with earlier forms of communications (checking your telephone bill). Until now, under EU data retention rules, ISPs had to keep records of when you went online and when you used the ISP’s email system.
These new proposals would likely also require communications service providers also to collect third-party data transiting their networks which, until now, has seldom been monitored, let alone recorded for twelve months on the off-chance it will be useful. ISPs can do this, at a price, by installing "black boxes" on their networks that use a relatively new technology called deep packet inspection (DPI) that reconstructs the web pages you are viewing. A regime like this is surveillance – wiretapping – of the whole population by default without any court's consideration of whether it is appropriate in a particular case.
The data to be intercepted and stored would include websites visited, the names of email, instant messaging correspondents, or lists of social networking "friends", and the time, size, and length of Internet phone calls. While the content of messages is not supposed to be included, the 2009 LSE report (PDF) on the last set of proposals notes that the separation of communications data and content is no longer straightforward. We will have to trust that the systems for picking out communications data (the names of correspondents, dates, and times) from systems like Hotmail or Facebook, will ignore the rest of the content.
The price of deploying these systems will run into billions and the technical feasibility of operating at scale is uncertain. The Home Office officially estimated the cost of the original Interception Modernisation Programme at £2 billion over ten years, and the Coaltion have argued that the Communications Data Bill proposals would cost £1.8bn. However, the Home Office refuse to disclose how they calculated the costs and benefits (claiming this would put national security at risk). An independent LSE study observed that off-the-record briefings of £12 billion were "quite realistic". Even a scaled-down version would still be a substantial sum to be spending to gain uncertain benefits in a time of recession and austerity.
Lacking any implementation details, it's not clear what the technical burden on CSPs will be in today's world of constantly changing and multiplying internet services or how distant companies offering services to UK consumers will be forced to comply. However, the increasing use of encryption will mean that much of the intercepted data is unreadable. In addition, the black box software will have to be updated frequently as commonly used sites like Facebook or Gmail are tweaked and redesigned.
"the proposal is essentially to find more needles by building bigger haystacks"
Experience shows that surveillance technologies are subject to function creep. Once the system is in place, even if the original purpose is limited to the most serious crimes, demand to extend access to those investigating minor offences will grow. Data collection continues to expand: first came legal access to data collected in the ordinary course of business, then a requirement to retain that data, now the government is seeking access to third-party data. Under any reasonable understanding of human rights, interception and surveillance should be targeted at those suspected of crimes, not at the general population. Finally, the programme is likely to be extremely expensive.
What is happening now?
The draft Bill has now been scrutinised by a Joint Committee of MPs and peers. This has involved oral evidence sessions, in two of which ORG Executive Director Jim Killock gave evidence, and a call for written evidence. Transcripts of the oral evidence and the written submissions are available at the Joint Committee's website. The final report was highly critical of the Bill as presented. The Prime Minister has announced that the recommendations of the the committee will be examined, and that the Bill will be rewritten.
The next step for the proposed legislation is now back in the hands of the Home Office.
What you can do:
- Join ORG and help us continue to campaign and lobby against this and other damaging internet laws.