Home Secretary should not be given carte blanche to order retention of any type of data under draft communications data bill, says joint committee.
The Joint Committee on the Draft Communications Bill has concluded that the draft Bill must be significantly narrowed, in its report published today. However, the joint Committee of MPs and Peers also recognises that more needs to be done to provide law enforcement and other agencies access to data they cannot currently obtain and so makes a range of constructive proposals to enable the Home Office to present a better Bill to Parliament.
The Joint Committee believes that if Clause 1 of the draft Bill - which, as currently drafted, gives the Home Secretary sweeping powers to order the retention of any kind of communications data by any communications service provider - is narrowed, and safeguards are put in place to ensure that any new powers are not abused, a new Bill could be introduced that would work. It would both allow the security services, law enforcement agencies and a few other public authorities access to the communications data they need to protect and serve UK citizens without trampling on the privacy of those citizens. This is something the current draft Bill does not achieve.
The Committee does not accept the Government’s assertions that keeping Clause 1 as wide as possible is necessary to ‘future-proof’ the Bill. Rather, it suggests a narrower power to allow the Secretary of State to order the retention of very specific types of communications data, for which a current need has been proven, along with the inclusion of a super-affirmative procedure which would allow Parliament to amend the Home Secretary’s powers if and when the need arose. In addition the number of public authorities able to access communications data should be narrowed and the definitions of communications data should be tightened.
In Chapter 8 of the Report, the Committee provides a framework for a better Bill. It also says that there must be much better consultation with industry, technical experts, civil liberties groups, public authorities and law enforcement bodies before a new Bill is introduced.
Lord Blencathra, Chair of the Joint Committee, said
There needs to be some substantial re-writing of the Bill before it is brought before Parliament as we feel that there is a case for legislation, but only if it strikes a better balance between the needs of law enforcement and other agencies and the right to privacy. There is a fine but crucial line between allowing our law enforcement and security agencies access to the information they need to protect the country and allowing our citizens to go about their daily business without a fear, however unjustified, that the state is monitoring their every move.
Whilst the Joint Committee realise that there are specific data types which are not currently available, and which would aid the work of law enforcement bodies and the security services, we are very concerned at how wide the scope of the Bill is in its current form.
Wecan see only three types of data that are not currently being collected which we know could aid the work of law enforcement and other agencies: data matching IP addresses to specific users, data showing which internet services a user has accessed and data from overseas communications providers providing services in the UK. A new Bill should also be drafted in such a way as to give Parliament the opportunity to vote on issues such as whether CSPs should have to collect subscriber data relating to IP addresses and data showing which internet services a user has accessed.
The breadth of the draft Bill as it stands appears to be overkill and is much wider than the specific needs identified by the law enforcement agencies. We urge the Government to reconsider its zeal to future-proof legislation and concentrate on getting the immediate necessities right. We are confident that the safeguards already in the draft Bill, together with our recommendations to strengthen those safeguards, will do just that."
The Joint Committee's other recommendations include that:
proper consultation should take place before any revised proposals are bought forward; fewer public authorities should be able to access communications data;
the Bill should include new definitions of communications data, that are narrower in scope, draw a clearer line between data and content and will stand the test of time; the current internal authorisation process for accessing communications data should be strengthen and enshrined in primary legislation, a specialist, centralised service should be established;
the Interception of Communications Commissioner should scrutinise more closely the use of communications data, his annual reports should be more thorough and he should have more resources at his disposal. He should have a special role in supervising the operation of the new Request Filter which is essentially a federated database of all UK citizens' communications data;
wilful or reckless misuse of communications data becomes a specific offence that is punishable, where appropriate, by a prison term; and
the costs of implementing the draft Bill are likely to be significant, the current estimates are not robust and a new cost benefit analysis must be published at the same time as any redrafted Bill, based on the Committee's recommendations for wider consultation and narrower powers of the Bill.