“Anybody who is against this bill is putting politics before people’s lives....
It’s a question of whose side you’re on.”
Rt Hon Theresa May MP, Sun, December 2012
This statement from the Home Secretary, made in December 2012, tells us a lot about the approach that her Department has taken to the development of surveillance policy. It also helps to explain why the draft Communications Data Bill (CDB) poses such a disproportionate risk to our privacy.
The Home Office have often framed the debate over the CDB in ‘them and us’ terms. But if this really does just come down to picking sides, it is odd that both of the Parliamentary committees tasked with examining the draft Bill – the Joint Committee on the draft Communications Data Bill and the Intelligence and Security Committee – reached such critical conclusions.
Both committees noticed that there are more questions to ask when considering surveillance law than whether you are on the side of criminals. They include what current capability gaps there are, what new information will be gathered and from whom, how intrusive the information is, how any technological solutions will work, and what authorisations for access to data should be required.
But at no time have the Government attempted to seriously address those questions openly. The Home Office instead wrote the Communications Data Bill in isolation.
In its report, the Joint Committee examining the CDB lamented that there was no consultation, no proper definition of the problem and no adequate explanation of, – or evidence for – the Home Office’s proposed solution. The Bill appeared built to withstand public scrutiny, rather than be informed by it.
The result is, perhaps unsurprisingly, a draft Bill that the Committee concluded pays “insufficient attention to the duty to respect the right to privacy, and goes further than it need or should.” The CDB would lead to the collection of far too much information, about far too many people – effectively everyone – and would allow far too many people access to it.
This situation could have been avoided. This report demonstrates that surveillance policy makers have options, many of which are a lot less intrusive than the powers proposed by the CDB, and that civil society is open to meaningful engagement about surveillance laws in the digital age. It is written for a general audience by leading experts, academics and representatives of a number of civil society groups. The articles in this publication serve as an example of the sort of conversations that would be possible through a proper public debate about what information should be collected and who should have access to it.
The opening two chapters put the CDB in historical and legal context.
In chapter one, Duncan Campbell sets out the history of the tension between state surveillance and efforts to protect individuals’ privacy. He explains why the draft Communications Data Bill is “the latest chapter in the history of British state surveillance.” He also tells the parallel story of efforts to keep surveillance powers in check, including the 1972 Royal Commission on Privacy which “set out 10 principles of data protection that later underpinned data protection statutes in Europe and the UK.”
In chapter two Angela Patrick, Director of Human Rights Policy at JUSTICE, gives an overview of the current settlement between the law, surveillance and the protection of privacy. She looks at how the draft Communications Data Bill could exacerbate problems with existing surveillance law, for example relating to oversight and complexity. She highlights that the overriding difference between the draft CDB and the existing law is the move “away from the presumption that for limited purposes, the State may access data already retained or reasonably obtainable by service providers...Instead, it creates a statutory basis for the generation, collection and retention of data about us all.”
In chapter three, Richard Clayton outlines in detail key surveillance technologies, showing what information about us is available and how the technology to gather and access it works. He outlines how the ‘filter’ – a key part of the CDB proposals – will work. By correlating information from multiple sources, he explains how the filter can answer complex queries. For example, he suggests that “the source of an embarrassing leak could be identified by cross-correlating records to pick out exactly who in Whitehall sent out an email whose reception by a journalist triggered an immediate call to the relevant newspaper editor.”
Peter Sommer, in chapter four, argues that while surveillance law “is about balancing competing objectives”, a number factors inhibit “sensible and balanced discussion”. They include the pace of technological change, the demands of the law enforcement community, the level of technical and legal expertise required to understand how best to respond, and the fear of getting it wrong.
Chapter five features contributions from a range of experts setting out how more privacy-friendly surveillance policy could work.
For example, Caspar Bowden suggests how ‘data preservation’ policies could work to limit whose data is collected. Sam Smith from Privacy International argues that more could be done to help law enforcement make better use of what information is already available. Rachel Robinson from Liberty recommends lifting the ban on the use of intercept evidence in court, and Peter Sommer calls for a Royal Commission into surveillance laws in the digital age.
In our conclusion we draw together these contributions and make some recommendations for future surveillance policy making.