The UK Parliament is voting this week on a proposed bill related to retention and access to communications data. Open Rights Group’s Communications Director Pam Cowburn argues the bill should be stopped or at least limited to the end of this year and gives her 5 reasons why.
Last Thursday, the UK Government announced ’emergency’ legislation that would require ISPs and telecoms companies to keep records of our phone calls, texts and internet usage. The Data Retention and Investigatory Powers Bill (DRIP) will be rushed through parliament in less than a week, with MPs voting today and the Lords voting on Thursday.
The Bill allegedly replaces the Data Retention Regulations 2009. The legal basis of these regulations has been uncertain since the Court of Justice of the European Union (CJEU) after the CJEU found the EU Data Retention Directive 2006/24/EC to be invalid in April.
The government has had three months to deal with this ’emergency’. In addition, a number of clauses in DRIP are not concerned with restoring the Data Retention Regulations but with extending the reach of the Regulation of Investigatory Powers Act (RIPA) to US and foreign companies. These measures are controversial, not related to data retention and should be scrutinised properly, not rushed through.
The CJEU ruling was very clear: keeping everyone’s data in case they commit a crime seriously interferes with our right to privacy and our right to a private family life. The Government’s response to that ruling should not be to extend its surveillance powers. At the very least, the British public deserve proper parliamentary scrutiny and debate when so much is at stake.
Here are five arguments that the Government is using to justify DRIP – and the real reasons why the Bill shouldn’t be passed.
1. “This is an emergency”
The CJEU ruling was delivered on 8 April, 2014. The government has had 3 months to address the court’s findings. We believe that it is the threat of legal action by Open Rights Group and other organisations that has prompted this ‘emergency’ legislation – not the threat of terrorism or criminal activity. The government should not mislead us about the urgency of this legislation. Given its significance and the threat to our civil liberties, it should not be passed without proper parliamentary scrutiny.
After the CJEU ruling, Open Rights Group and other organisations contacted the Home Office to ask them if they would be asking internet service providers to stop retaining data. In May, the Home Office responded by saying that ISPs should continue to retain data. Last month, over 1,500 ORG supporters wrote to their ISPs asking them to stop keeping their data. They responded by saying that they were acting under the instructions of the Home Office.
2. “This is not an extension of powers, it’s restoring the status quo”
The Prime Minister said, “we are not introducing new powers or capabilities” but in fact DRIP does not just deal with Regulations that were made illegal by the CJEU ruling. Clauses 3 to 5 of the Bill make amendments to the Regulation of Investigatory Powers Act (RIPA). DRIP extends the government’s surveillance powers in two ways:
- It extends the territorial scope of RIPA – this means that the government can issue interception warrants for communications data to companies outside of the UK.
- It extends the definition of “telecommunications service” within RIPA. This will include webmail services such as Gmail. What isn’t clear is what other kinds of internet services are included.
3. “It’s the only way we can catch criminals”
We agree that the targeted retention of communications data can help the police to tackle serious crimes, such as terrorism and child abuse. However, the CJEU ruling outlined a low threshold for deciding to retain data. For example, if a serious crime is committed, data could be retained for a particular geographical region to support a criminal investigation. This means that the police could still retain data for specific investigations, rather than the blanket surveillance of all citizens.
The CJEU ruling was clear that blanket data retention interfered with our right to privacy and our right to a private family life. Other European countries, including Austria, Belgium, Bulgaria, Germany, Greece, Romania and Sweden, have rejected it. These countries continue to tackle serious crime without undermining their citizens’ civil liberties through blanket data retention.
4. “There is a sunset clause”
The Bill would expire on 31 December 2016. The government claims that this will ‘strengthen oversight and transparency’ but that date is two and a half years away. We believe that this date needs to be brought forward to 31 December 2014 and this can be amended or repealed very easily. If legislation is to be rushed through without debate, an earlier expiry date of 31 December 2014 would allow for public scrutiny over the next six months. This is a reasonable request even for those MPs who believe that this is an emergency situation.
5. “The Bill includes concessions that take into account the CJEU ruling”
DRIP ignores the main part of the CJEU ruling – that blanket data retention severely interferes with the fundamental rights to respect for private life and to the protection of personal data. The government has claimed that other aspects of the Bill will strengthen oversight and transparency. For example, they claim it will restrict the number of public bodies that can request communications data. Yet this concession does not appear in DRIP or the secondary legislation that will implement it. There has been no acknowledgment of the legal requirement to preserve UK citizens’ right to privacy.
This post is an extended version of one that originally appeared on the Open Rights Group blog on 14 July. It gives the views of the author, and does not represent the position of the LSE Media Policy Project blog, nor of the London School of Economics.