Chapter Five Part VI

Peter Sommer is currently a Visiting Professor at De Montfort University and a Visiting Reader at the Open University. Before that he was for 17 years at the London School of Economics, ending up as a Visiting Professor. His research interests and publications include cyber security, cyberwarfare and the reliability of digital evidence. His main income comes from acting as an expert witness, for both prosecution and defence interests in criminal cases and in civil proceedings.

Surveillance laws are not about absolutes, but finding a balance between protecting individuals, organisations, the community and the state; limiting intrusions into people’s lives to what is necessary and proportionate to the circumstances; cost; and an understanding of the range of threats.

In the end the only proper place for determining where that balance should be struck is Parliament, as the vehicle for democracy. Policing, and for that matter the activities of the security and intelligence agencies, in a country like the United Kingdom operate on the basis of consent. Without that consent law enforcement becomes much more difficult, expensive and potentially oppressive.

Elsewhere this publication shows just how far the landscape of surveillance technology has changed, and with it that balance. But there has been no recent rounded public discussion; the Communications Data Bill was presented as a minor technical amendment to existing law to “maintain capability”. One has to go back to the early 1980s and the reviews leading to the Police and Criminal Evidence Act, 1984, designed to overcome obvious defects in the previous “judges rules” and to 2000 for the Regulation of Investigatory Powers Act which deals with electronic and human surveillance.

Commissions, Royal or otherwise, can sometimes seem a convenient political delay tool but, given the vast changes in surveillance technology and types of threat, surely some form of considered review would greatly enhance public debate – and lead to a complete overhaul of surveillance legislation written in language which reflects current technological realities?

As well as fact and evidence gathering, here are some obvious items for its agenda:

  • Should we base electronic surveillance law on whether something is “communications data” or “content”, always supposing we think that a distinction can be made? Would it be better to use levels of intrusion measured against suspected activity? This is the approach taken elsewhere in RIPA with “directed” and “intrusive” surveillance for physical watching of individuals. Can we also include laws about direct computer intrusion and undercover work?
  • Material acquired by interception of data in transmission continues to be inadmissible and can only be used for intelligence purposes. It is a bizarre English law anomaly, is there any basis for its continuance?
  • Is it right that surveillance authorisations are variously made by senior law enforcement officers and politicians as opposed to judges? What impact does this have when seeking assistance from overseas entities, as is becoming increasingly significant? Can we convert the assessment features of the current SPOC regime so that it directly assists a judge rather than being a law enforcement function?
  • Do we really need to retain data about the electronic activities of the whole population against the possibility that a small fraction may be of future use in an investigation? Can we devise an order against targeted individuals whose data would be retained but only subsequently released when there was a proven need? But we would need to identify criteria for targeting these people in the first place.
  • Strong plausible oversight is essential to giving public confidence to any surveillance regime. How do we move from the current sample auditing of requests for access to single streams of evidence to a position where a Commissioner tests for necessity and proportionality the entire process, including the linking and combining into databases of multiple streams of evidence? And should not the Commissioner have the power and resources to carry out no-notice inspections?

And the Commission, needs some permanence, as the surveillance landscape will continue to shift.

Read more