Digital Privacy

Snooper’s Charter: a Bill without a proposal

Yesterday’s hearings on the proposed Communications Data Bill provided for some hilarity, as Professor Glees laid into the “civil liberties lobby” and made quite outrageous claims for the need for increased surveillance to reduce criminality.

He made a very weak case. Which seems comforting: but Professor Glees is not the government, nor Charles Farr.

The signs are that the Home Office is gearing up to bolster their arguments, starting with calls to gather evidence for the “business case” for new data gathering, mentioned by the police in their evidence session.

While constructing the business case after you propose legislation ought to worry the committee, for us, the lack of detail surrounding the proposals is highly worrying. Julian Huppert today said that he was declined access to draft orders, which would contain more information. Big Brother Watch were declined information about the costs and analysis breakdowns, which we have also requested.

How is committee meant to scrutinize a proposal that has not been properly published?

The committee’s debate has been encouraging. We have managed to advance the idea of notification of people after they have been investigated; the need for independent supervision has also been properly discussed. Most commentators have assumed that the scheme will aim at creating data mining capabilities.

The questions over capability, data mining and the consequences of collection are harder to articulate. We reminded the Committee about China hacking Google via police back doors; and Vodaphone Greece being hacked via law enforcement back doors by an unknown government.

Data, once created, poses a risk. It is interesting to criminal gangs and foreign governments, as well as law enforcement. Law enforcement is not entitled to put the whole population at risk because of its own needs, especially when these can be met in other ways.

Hopefully the risks will be discussed in more detail in the technical sessions, now planned for 4 September.

However, all of us worried by this Bill do need to know more about what this supposed reduction of data really is about. Is it law enforcement having investigatory problems, and lacking expertis in finding the relevant data? Is it that some companies have good data minimization policies? We need to know, in order to help the Committee understand the real options available.