Monday, 18 June 2012

Daft - sorry Draft Communication Data Bill

Do you feel afraid? - that tomorrow some terrorist may blow you up, or some criminals may nick your money or that your children are in danger?

It seems Teresa May, Home Secretary wants to us all to think so. In her forward to the  Draft Communication Data Bill she says [....]we need to ensure that the police and intelligence agencies continue to have the tools they need to do the job we ask of them: investigating crime and terrorism, protecting the vulnerable and bringing criminals to justice.....

She continues to reassure us [.....]Without action there is a serious and growing risk that crimes enabled by email and the internet will go undetected and unpunished, that the vulnerable will not be protected and that terrorists and criminals will not be caught and prosecuted. No responsible Government could allow such a situation to develop unaddressed.....

And in order to catch these dangerous persons they need:

54(6) For the purposes of this section it is necessary to obtain communications data for a permitted purpose if it is necessary to do so—
(a) in the interests of national security,
(b) for the purpose of preventing or detecting crime or of preventing disorder,
(c) for the purpose of preventing or detecting any conduct in respect of which a penalty may be imposed under section 123 or 129 of the Financial Services and Markets Act 2000 (civil penalties for market abuse),
(d) in the interests of the economic well-being of the United Kingdom,
(e) in the interests of public safety,
(f) for the purpose of protecting public health,
(g) for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department,
(h) for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health,
(i) to assist investigations into alleged miscarriages of justice, or
(j) where a person (“P”) has died or is unable to identify themselves because of a physical or mental condition [(i)...(ii)....]

In explanatory notes in the draft bill they say:

There are a number of features of internet based communications which have an impact on the acquisition of communications data by public authorities:

  • The technology which is used to operate internet and mobile services, and collaboration between numerous companies may mean that communications data regarding a single communication is no longer retained in a single place. This fragmentation of data makes it difficult to obtain and aggregate all of the communications data a public authority may need to answer a specific question.
  • Companies who provide internet communication services do not always require authenticated identity information, making it more difficult to identify the genuine user of a communication service. Moreover, a range of technologies are available which attempt to anonymise both the location and the identity of service users.
  • Numerous mobile communication devices can be used to access Internet communication services while on the move, making it more difficult to establish from where a communication was made.
  • There are a vast range of global internet communication services. It is very easy to communicate simultaneously using multiple services and move quickly to new services.

There are three broad consequences of these technical trends.
  • As dependence on internet-based communications data increases, there is a risk that the utility of data may decline: it becomes harder to obtain key facts about a communications event.
  • Obtaining communications data may require greater data analysis. For example, when the police need the details of the registered user of an email address, if the information cannot be obtained from the email service provider, it may be necessary to investigate more widely. Use data from the email service provider may be matched with Use and Subscriber records held by other internet companies.
  • Unless otherwise regulated systems to analyse data may lead to the acquisition by public authorities of more data to identify key facts around a communication, with the potential risk of more collateral intrusion into privacy.
To do this a search of many databases will require a filtering process:

This Bill provides for arrangements to address these issues through a filtering process, described in these explanatory notes as a Request Filter. The purpose of this Request Filter will be to:
  • inform a public authority of the communications data which is available to resolve a specific enquiry; and enable that authority to judge whether in that context the request for data remains necessary and proportionate;
  • obtain, process and filter communications data needed to resolve more complex requests so that only data (specified in the authorisation) which identifies the key facts about a communication is passed to a public authority; and
  • protect privacy and minimise necessary interference with the rights of telecommunications users by processing the data without human intervention, and destroying any communications data irrelevant to the investigation.

In other words the Home Secretary will run a scheme what will allow an automated search of numerous databases for key events, for example whom has 'ip address' being communicating with. Now apparently because it's automated, and the databases are not held centrally its not similar to the idea of a central database proposed by Labour when in government before. But as some say 'cloud computing' is in effect a central database although held in separate data centers linked together, the ability to carry out a filtering process for "who, how, when and where” questions aren't that much different I suggest to a central database.

A quick thought is that once the automated filter process has been carried out, the results must be destroyed, does this means there is no record of the search having been carried out? - rather convenient that you could say....

And not forgetting the Home Secretary provide[s] for Part 1 to apply to public postal operators and public postal services as it applies to telecommunications operators and telecommunications services.

I'm not sure how much use eavesdropping on public postal services would be, and anyhows should you make such provision; that you say you have no plans to enact, in primary legislation?- after all to get around this provision all the bad people need to do is send the post by private courier...

No doubt the legislation will be amended as it goes through the due process at parliament, with many sections amended or removed. But for me as it stands its scope is far to wide, and it's powers far to complex, not forgetting those whom say it is technically unfeasible.

Maybe we who question the need for this snoopers charter are 'conspiracy theory' nuts, but I remain to be convinced that this is really about international terrorism or serious crimes, but more to do with catching the local benefits cheat and fraudsters....and for this we all need to come under suspicion?

Note: Text in italics are from the Draft Communication Data Bill

1 comment:

kp said...

I think it is wrong too. Yet another attack on the privacy of the private individual. We should resist.