Simone Halink is a legal expert at Bits of Freedom, the Dutch digital rights organization, focusing on privacy and communications freedom in the digital age. She studied law in Amsterdam and New York and worked as an attorney for a commercial Dutch law firm.
States are regularly failing to ensure that laws and regulations related to communications surveillance adhere to international human rights and thus to adequately protect communications privacy. International experts, including the Dutch digital rights organisation Bits of Freedom, have therefore drafted international principles that provide a framework to evaluate whether current or proposed communications surveillance laws and practices are consistent with human rights.
When applied to the Draft Communications Data Bill (CDB), the principles show that the bill is inconsistent with different aspects of human rights law as explained in chapter 2 of this publication. This contribution will focus on whether the CDB sufficiently enables individuals to fully understand the scope and application of communications surveillance laws, as embodied in the principles on ‘user notification’ and ‘transparency’.
The principle on ‘transparency’ requires States to be transparent about the use and scope of communications surveillance powers. This means that States must provide individuals with sufficient information to enable them to fully comprehend the scope, nature and application of the laws permitting communications surveillance. This principle also requires States to publish, at a minimum, aggregate information on the number of surveillance requests approved and rejected, and a disaggregation of the requests by service provider and by investigation and purpose.
The CDB falls short on both counts.
First, the use and scope of the CDB is unclear. The bill contains a very comprehensive power allowing the Secretary of State to make an Order requiring the communications operators to generate and retain communications data. The detail on what data is covered will be contained in notices beneath the legislation. This detail is currently kept secret to the general public. The fact that the government has given a very broad indication of the categories that will be covered by the CDB , does not solve this problem; it is insufficient to grasp the full meaning of the law.
Additionally, the UK government does not provide sufficient information on surveillance requests by law enforcement in general. Although the report of the UK Interception of Communications Commissioner contains some aggregate data, it does not provide sufficient data to evaluate the types of requests, the extent of each access request, the purpose of the requests, and the scrutiny applied to them. These flaws also extend to requests for communications data under the CDB.
The principle on ‘user notification’ requires individuals to be notified by default of a decision authorising the request for their communications data by law enforcement. Such notification must leave enough time and information to enable them to appeal the decision. A delay in notification should only be justified in exceptional circumstances.
The CDB is not consistent with this principle as a provision on user notification is absent.
The UK helped draft and sought to comply with different human rights instruments for over half a century. It can thus not afford to adopt legislation that is inconsistent with these laws. The UK government must therefore, amongst others, correct the above mentioned flaws.
When applied to the Draft Communications Data Bill, the principles show that the bill is inconsistent with different aspects of human rights law.
1. The principles are currently being finalised and will be published shortly. An earlier draft of the principles is available at http://www.necessaryandproportionate.net/
2. IP address subscriber details, data identifying which Internet services or websites are being accessed, and data from overseas communications operators.
3. See: http://www.intelligencecommissioners.com/sections.asp?sectionID=2&type=top