This is major victory for ORG, although one with dangers. The government has conceded that independent authorisation is necessary for communications data requests, but refused to budge on retained data and is pushing ahead with the “Request Filter”.
Adding independent authorisation for communications data requests will make the police more effective, as corruption and abuse will be harder. It will improve operational effectiveness, even if less data is used during investigations and trust in the police should improve.
Nevertheless the government has disregarded many key elements of the judgment
It isn't going to reduce the amount of data retained
It won't notify people whose data is used during investigations
It won't keep data within the EU, instead it will continue to transfer it, presumably specifically to the USA
The Home Office has opted for a ‘six month sentence’ definition of ‘serious crime’ rather than the Lords’ definition of crimes capable of sentences of at least one year.
These are clear evasions and abrogations of the judgment. The mission of the Home Office is to uphold the rule of law. By failing to do what the courts tell them, the Home Office is undermining the very essence of the rule of law.
If the Home Office won't do what the highest courts tell it to do, why should anybody else? By picking and choosing the laws they are willing to care about, they are playing with fire.
The Home Office thinks it is playing a long game, hoping that courts will adjust their views over time, and that we will all get used to privacy being an increasingly theoretical idea. The truth is that privacy becomes a more necessary principle everyday, in the surveillance economy. We are all in need of greater privacy, so will find ourselves valuing it more.
Nevertheless, the Home Office were always going to find it hardest to concede changes to data retention. We had the right to expect something, even as window dressing, so making no changes at all is pretty audacious. But not in a good way.
ORG, Liberty, BBW, Privacy International and English PEN met Home Office officials today, at precisely the point that the draft changes were released. Which perhaps did not aid matters, as it can only be interpreted as a ploy to keep us away from journalists and kill the story.
The Home Office’s staff that were there did make a very good point about communications data, they said that without communications data, they would have to rely on more intrusive surveillance techniques.
Quite so, and exactly right. All the NGOs present at the meeting were entirely ready to see suspects placed under targeted surveillance measures, rather than having the population at large kept under tabs through retained communications data.
The world has trade offs, and we would suggest that this is a good one.
One final point that the Home Office decided to ignore was the need to notify people whose data has been accessed. The Home Office claimed that this is done in limited circumstances, so no change is needed.
This is another missed opportunity to improve police performance. Notification has the potential to reduce police abuse, and help people spot rotten apples, as the victim will find out when someone is pursuing a campaign of harassment against them or their community. Independent authorisation will help of course, but may not always spot the abuse that an individual will understand to be unfair
Safeguards are suggested for a reason. They are not simply a nicety to satisfy civil liberties campaigners: they are needed to avoid abuse and thereby make the police a better, more trusted, less corruptible, and more effective organisation.
There was one final surprise. The Code of Practice covers the operation of the “Request Filter”. Yet again we are told that this police search engine is a privacy safeguard. We will now run through the code in fine detail to see if any such safeguards are there. On a first glance, there are not.
If the Home Office genuinely believe the Request Filter is a benign tool, they must rewrite this section to make abundantly clear that it is not a mini version of X-Keyscore (the NSA / GCHQ’S tool to trawl their databases of people linked to their email and web visits) and does not operate as a facility to link and search the vast quantities of retained and collected communications data.