One issue raised in the document is the question of data retention by ISPs and telcos.
ATCSA was enacted in the aftermath of the September 11th terrorist atrocity. Part of the Act created powers to require the retention of communications data by telcos and ISPs on the grounds that these may be needed for the purpose of fighting terrorism.
Such data as are retained – subscriber details, billing data, e-mail logs, mobile phone location details – are now accessible to a range of public authorities for purposes unconnected with terrorism. This is as a result of Regulations passed under powers contained in another controversial law – the Regulation of Investigatory Powers Act of 2000, better known as RIPA.
Late last year, the Government presented a voluntary Code of Practice on the retention of communications data to ISPs and telcos in the hope that they would sign-up. But the Code was unpopular, largely because of industry concern that compliance with a voluntary Code – as opposed to a legal obligation – could breach human rights and data protection legislation.
In the course of the original debate on ATCSA the Government agreed to certain safeguards being incorporated into the legislation. One of these was a requirement for the Act to be subject to a complete review by a Privy Council Committee - the Newton Committee - with the report to be laid before Parliament within two years.
The Privy Councillors were also empowered to identify provisions of the Act that would cease to operate after six months of the laying of the report before Parliament, unless both Houses of Parliament had debated the report within that time.
On 18th December 2003, when the report was laid before Parliament, the Privy Councillors specified the entire Act as requiring debate – although stressing that this was not because the entire Act was unacceptable, but because of the speed in which the Act was originally passed.
As a result, the House of Commons is debating the report this week, with the House of Lords following suit next week. But the Government yesterday widened the debate by publishing a discussion paper entitled "Counter Terrorism Powers: Reconciling Security and Liberty in an Open Society," and inviting comments within the next six months.
Announcing the debate, Home Secretary David Blunkett commented:
"As Home Secretary, I am the custodian of civil liberties, but I do not own them. How we balance them with security is a matter for the country, not just for Government. The paper I am publishing on future terror laws today does not set out answers to the issues it raises, but aims to start a debate."
Included in the paper is an analysis of the Newton Committee recommendations, and the Government response to them. In summary these are:
Committee: Data retention legislation should be mainstream rather than incorporated in anti-terrorist legislation, and should be expanded to cover retention for prevention of crime not just protection of national security (so as to prevent disparity). Retention period should be set out in statute.
Government: is considering the use of mainstream legislation and may add the relevant ATCSA sections into RIPA. Agrees that data retention should be extended to cover general crime as well as national security.
Committee: a mainstream data retention regime would limit by statute the longest retention period that may be impose to a year, as is seen in other European countries. Access to the data to be subject to strict regulation, and properly enforced.
Government: would prefer the flexibility of defining data retention periods by statutory instrument rather than statute, which is a much slower process, and is happy that RIPA provides the strict regulation and enforcement processes necessary. While the Government agrees that one years' retention is sufficient for national security purposes it has not determined the appropriate length of retention for crime purposes – and would prefer both periods to be the same length.
Committee: there should be a unified oversight of the retention of and access to communications data, under the Information Commissioner.
Government: no. The current split between retention of data – Information Commissioner – and access to data – Interception Commissioner – is sufficient. The Information Commissioner is reactive and does not have powers to initiate investigations, unlike the Interception Commissioner. If the data retention provisions are transferred into RIPA then the Interception Commissioner will have unified oversight.
Committee: there should be a coherent legislative framework covering retention of and access to communications data.
Government: agrees. See above.
Committee: data preservation (where particular data is requested to be kept) is useful and should be regulated.
Government: agrees that it is useful but has no plans to regulate it – it is not a substitute for data retention.