Have you ever wondered, when making a call or using the internet, whether someone could be collecting a record of who, what, why, when, where and how? Maybe you have not given it a second thought, or you accept it’s a small price to pay for our security. Either way, the Government’s draft Investigatory Powers Bill, announced by the Home Secretary on 4 November 2015, would substantially change the way private communications data is held by internet service providers and accessed by the security services and police in the UK.
The collection of telephone and communications data is nothing new. In fact, the Home Secretary used the bill’s publication to officially acknowledge that the security services have been doing so since at least 2000. So how were the security services getting away with it for so long? Well, there exists a legal bypass under section 94 of the Telecommunications Act 1984. The section allows any Secretary of State to give “secret directions” to phone and web companies to hand over bulk communications data to the security services “in the interests of national security”. The Secretary of State is also required to inform parliament of these “secret directions”. However, this need not be done if it would be against the interests of national security. As a result, the security services were able to collect bulk telephone and communications data using section 94 “secret directions” and without parliament’s knowledge, instead of the subsequent Regulation of Investigatory Powers Act 2000 which brought independent oversight and regulation to communications. The scale of this mass surveillance by the security services was revealed in unauthorised disclosures by Edward Snowden in 2013 and has sparked debate on the balance between national security and information privacy.
Now that it’s all out in the open, the Government appears to have had a change of heart on the secret collection of phone and communications data. The draft Investigatory Powers Bill would write into law the authorities’ powers to intercept communications and gobble up everyone’s private data.
Measures of the bill include:
- Internet data will be retained for 12 months for access by police, security services and other public bodies. The details of the website visited but not specific pages would be stored by internet service providers.
- Gives powers for intelligence agencies to acquire information in bulk.
- Make provisions for intelligence agencies and the police to hack into and bug computers and phones. A new legal obligation would exist on ISPs to assist in operations to bypass encryption.
- A new “double lock” on ministerial authorisation of intercept warrants. Warrants for surveillance will be issued by ministers and approved by judges.
- Protections for sensitive professions such as journalism, doctors and law in the case of interception warrants involving privileged information.
- A new investigatory powers commissioner will oversee the new powers.
Should you be worried about all of this? If you are up to no good, then yes! But what about those of us who are law abiding and still value our information privacy, even in the wake of recent terror threats? The retention our internet activity for 12 months is of the most concern. While it does not relate to the internet content, which has to be authorised by a ministerial intercept warrant, the internet activity would be far more useful to the security services and the police. It would enable the authorities to build a character profile about the individual’s life. It would also be admissible and used as evidence in a court of law. Ok, it is accepted that such measures would be useful in identifying terrorists, paedophiles, and other dangerous criminals who pose a threat to our society. However, fundamental questions remain about the legality of bulk data collection, especially in light of recent judgements in the EU Court of Justice and European Court of Human Rights. Can the collection of our internet activity really be kept safe? Following recent high-profile attacks on Talk-Talk and Vodafone in 2015, many are justifiably concerned about phone/internet providers’ ability to keep our personal information secure.
The draft bill poses a threat to privileged communications between clients and lawyers. The Bar Council and Law Society have both called for the bill to fully protect client-lawyer communications because without it, the relationship of trust between client and lawyer could be seriously undermined. The draft bill does make mention of protections for sensitive professions such as law. However, there is concern that the proposed “double lock” on ministerial authorisation of intercept warrants could be sidestepped in many circumstances. The power given to the government to authorise interception in “urgent cases” could be used as a way to gain access to privileged communications without proper judicial oversight. The Law Society and Bar Council both argue that such oversight is necessary to ensure the evidence is properly examined and more likely to be accepted in serious cases. To its credit, the draft bill does seek to strengthen and tidy up the oversight and authorisation process for investigatory powers. However, it is crucial the bill fully protects client-lawyer communications which I am sure we all regard as an essential right in a country governed by the rule of law. I hope the government will listen to the concerns of those in the legal profession about this very important fact.
What happens next? I will be continuing to follow the progress of the draft bill as it makes its way through parliament. The Joint Committee on the draft Investigatory Powers Bill finished taking written and oral evidence in January 2016. It will have to be debated and then pass votes in both Houses of Parliament before receiving royal assent to become law.
9 February 2016