Out-Law News | 17 Oct 2012 | 12:29 pm | 2 min. read
Information Commissioner Christopher Graham said that the "really scary people" whom the Government wants to track will be able to avoid detection by using small or foreign-based communication networks that allow communications they facilitate to be encrypted, according to a BBC report.
Graham also said that there are "important data protection principles at stake" under the Government's draft Communications Data Bill, including issues relation to data retention, deletion and unauthorised access to the information, the report said.
"There is a judgement to be made between the security community saying 'we have to have this stuff' and the civil liberties community which says this is a gross intrusion of privacy and of citizens' rights," Graham told Parliament's Joint Committee of MPs and Peers which is currently scrutinising the Bill that the Government published in June.
However, Sir Paul Kennedy, the UK's Interception of Communications Commissioner, told the Joint Committee that expansion of the UK intelligence community's surveillance powers was "essential," according to the BBC's report. He said that the police and intelligence services currently do not have access to all the information they need about terrorist and serious criminals' activities as a result of a limitation to their existing communications surveillance powers.
"We are unsighted in one section of the market and we are in a world which is still extremely volatile," Sir Paul said, according to the report. "Against this background, what is now being sought is not about the amount of information in the public domain but it is about requiring service providers to retain certain information - which can only be accessed in a proper way and when it is shown to be necessary and proportionate to access it."
The Government published the draft Communications Data Bill after police and intelligence agencies complained that existing laws providing powers of surveillance were insufficient to combat criminals' ever-advancing use of technology. However the proposals have been dubbed a 'snoopers' charter' by civil liberty campaigners and have also drawn criticism from the Internet Service Providers Association (ISPA). Last month micro-blogging service Twitter also detailed concerns about the proposals in the Bill.
Under the Bill the Home Secretary could issue an order forcing any business that transmits "communications by any means involving the use of electrical or electro-magnetic energy" to store communications data in the form of "traffic data, use data or subscriber data" relevant to communications sent over their networks, such as by email or the internet, generally for up to a year. The data does not include the content of those communications.
Business caught by the proposed legislation must disclose information "without undue delay" to law enforcement bodies and other listed public authorities that ask for it. Those bodies can only request the information if it is to be used for a "permitted purpose" and if "designated senior officers" at those bodies believe it is "necessary to obtain the data" and that the action is "proportionate to what is sought to be achieved."
The 'permitted purposes' include where it is in the interests of national security, where the purpose is for the prevention or detection of crime, to prevent disorder and where it is in the interests of the economic well-being of the United Kingdom or in the interests of public safety, among others.
'Subscriber data' includes information such as the names and addresses of individual users of communication services. 'Use data' relates to how those individuals have utilised those services and may include itemised phone call records or connections to internet services, the duration of calls and the amount of data they have downloaded online. 'Traffic data' is information associated to communications, such as the physical location of mobile devices and the destination of received communications that are transmitted.
The Bill contains a number of "safeguards", including requirements that collected communications data is deleted after a year in storage.