Out-Law / Your Daily Need-To-Know

ICO asks Home Office for information needed to form view about legitimacy of Communications Data Bill FOI request refusal

Out-Law News | 22 Apr 2013 | 5:28 pm | 3 min. read

The Information Commissioner's Office (ICO) has asked the Home Office to provide it with some information about proposed reforms to UK surveillance laws so as to help the watchdog decide whether the Government department has to disclose the information more widely.

On 11 April the ICO issued the 'Information Notice' to the Home Office in relation to a complaint the watchdog is looking into regarding the department's refusal to disclose information about the Communications Data Bill under freedom of information (FOI) legislation.

Conservative MP Dominic Raab has requested that the Home Office publish details of the advice the Government received regarding the "design, cost and risks" of a new filtering system which would be created under the proposed new Bill, according to a report by the Daily Telegraph.

However, the Home Office has refused to disclose the information, claiming that the information is exempt from disclosure under FOI laws. The FOI Act enables public bodies to withhold information supplied to it on the grounds of "safeguarding national security".

Raab has complained about the Home Office's non-disclosure of the information to the ICO and the watchdog has now given the Home Office 30 days from 11 April to provide it with information it needs to determine whether the department's withholding of the information is legitimate.

"We have issued an Information Notice to the Home Office requesting details relating to the Communications Data Bill," a spokesperson for the ICO told Out-Law.com. "The notice is in connection with an ongoing freedom of information complaint currently being handled by our office. The Home Office now has 30 working days to provide our office with the details we have requested. We will then examine the material before deciding whether the information requested by the complainant should be disclosed."

Under the FOI Act, public bodies can be obliged to hand over information that the ICO "reasonably requires" to determine whether the bodies need to disclose information under the terms of the Act. Public bodies that refuse to comply with an Information Notice can be subject to legal action if the ICO informs the High Court, or Court of Session in Scotland, of that failure to comply.

In those circumstances the court can "inquire into the matter and, after hearing any witness who may be produced against or on behalf of the public authority, and after hearing any statement that may be offered in defence, deal with the authority as if it had committed a contempt of court".

The draft Communications Data Bill was published in June last year in a bid by the Home Office to plug a gap identified by the UK's intelligence services in the powers they currently have to use 'communications data' to combat terrorism and serious crime. Communications data is a term that refers to information associated with communications, such as the time of communications, the location in which communications are initiated and received as well as the phone numbers or IP addresses of those communicating. It does not refer to the contents of those communications.

Under the Bill businesses that transmit "communications by any means involving the use of electrical or electro-magnetic energy" would be obliged to retain 'communications data' and hand it over to law enforcement bodies, or other designated public authorities, subject to certain procedures and safeguards, in order to protect the UK's national security and prevent or detect crime, among other 'permitted purposes'.

The Bill would provide the Home Secretary with the power to use a 'request filter' to find information contained in "fragmented communications data" where it was "both necessary and proportionate" to do so.

The 'request filter' would "inform a public authority of the communications data which is available to resolve a specific enquiry; and enable that authority to judge whether in that context the request for data remains necessary and proportionate". It would also "obtain, process and filter communications data needed to resolve more complex requests so that only data (specified in the authorisation) which identifies the key facts about a communication is passed to a public authority", according to the draft Bill.

Businesses, including Twitter, as well as privacy groups have raised their concerns about the proposed Bill, with Big Brother Watch among the campaign bodies to accuse some major telecoms firms of acting "in a conspiracy of silence" with the Home Office over the proposals, according to a report by TechWeek.

Last year academic Dr Julian Richards, co-director of Buckingham University's centre for security and intelligence studies, told a committee of MPs and Peers that the 'request filter' would operate in a similar way to searching through a database.

"By using this filter mechanism it will look and feel the same as if there was a great big database behind the scenes that you could dip into to pull the particular information you want," he said. Dr Richards said it would be more accurate to describe the 'request filter' as a search engine.

In the US new legislation is also proposed to help law enforcement bodies combat security threats. The Cyber Intelligence Sharing and Protection Act (CISPA) would require businesses to share customers' personal data when sought by government agencies in a bid to combat threats to cyber security. CISPA was passed by the House of Representatives last week but also needs the backing of the US Senate in order to become law.

Privacy campaigners have been vocal in their complaints about the CISPA regime, which would enable law enforcement bodies to search through the data they receive from businesses without having to obtain a warrant, according to a report by Computing.co.uk.