All posts by Janani Krishnaswamy

Having completed an MA in International Relations at King's College London, Janani is currently pursuing a Research Internship at Demos while also pursuing a non-resident Internship at the Centre for Political-Military Analysis at Hudson Institute. Also holding an MA in Communication with Distinction from the University of Madras, she has been a technology journalist for nearly four years.

UK Data Bill: A Direction For Future Debate

In the present climate of uncertainty over privacy, creating proportional laws that strike the right balance between national security and liberty has become increasingly difficult.

[dhr]

privacy

[dhr]

Communication Data has always played a major role in police investigations in democracies across the globe. Knowledge of who spoke to whom, when, and how has played an important role in preventing, detecting, and averting crime. In the ever-changing technology landscape of today, online surveillance has become a major part of police investigations. However, in the present climate of uncertainty over privacy, creating proportional laws that strike the right balance between national security and liberty has become increasingly difficult.

Over the past few years, numerous efforts have been made by the government to enable easier and effective web snooping. Every now and then, the government attempts to increase the powers of law enforcement agencies in acquiring such data, however it is often put on hold in the face of heavy protest. The government’s efforts emerged again in April this year as the Draft Communication Data Bill, with renewed plans to order telecommunication companies to store online communication data (defined as subscriber, use and traffic data). It has yet again faced a severe blow from two Parliamentary Committees that undertook a brief pre-legislative scrutiny of the draft Bill, UK telecom players, Internet Service Providers (ISPs) and a whole range of foreign technology and media companies – most of whom have been consulted by the Committees. However, the Intelligence & Security Committee (ISC) also questions if the legislation will solve the problem of the present capability gap.

The Joint Committee report – which hit upon the three P’s: privacy, price and proportionality – has made several useful suggestions to the government on how and why the government should consider redrafting the bill. The report has been extremely critical in a) pinpointing the misleading price tag of £1.8 billion presented by the Home Office, b) clearly stating the lack of proportionality within the bill that would threaten privacy and free expression, and c) predominantly insisting that the language of the Bill needed an urgent update, reflecting upon the written evidence submitted by The Centre for the Analysis of Social Media at Demos. However, the damning verdict provided by the Joint Committee provides sufficient direction for future debate.

Following severe criticism from some MPs and peers, Prime Minister David Cameron has agreed to redraft the bill. If the government adopts a revision of definitions of communication data and if fewer agencies were authorized to access and use of such data, it is highly likely to help the government strike a balance between security and liberty. Further, putting the public at the heart of the Bill, the Committee realized the necessity to develop a new hierarchy of communication data, upgrade existing definitions and divide them into categories that suggest the level of intrusion of each type of communication data.

As the Home Office looks at ways to redraft, here are my suggestions for future debate:

The need to analyze implications of the bill for the general public

According to a recent Google Transparency Report, government surveillance across the world is on the rise, but the UK government has only made 1,425 requests for users’ data as opposed to US which has made 7,969 requests. However, the general public is unaware of what online surveillance there already is, and how such intelligence is used by law enforcement and security agencies. However, according to a recent survey by YouGov commissioned by Big Brother Watch, nearly 50% of Britons consider the bill to be bad value for money. It is essential therefore to engage in a data dialogue with the public in order to educate them and address their major concerns.

The need to understand public attitudes towards privacy and surveillance

While there are numerous studies on public attitudes towards data sharing, there is barely any full-fledged study evaluating public attitudes towards privacy and online surveillance in UK. While the above mentioned survey reveals that 71% of Britons are concerned over data-security, we are still unaware of public awareness of the surveillance, data protection and related confidence in the UK government.

The lack of clarity around Deep Packet Inspection (DPI)

Several governments and Internet Service Providers (ISPs) including United States, China, Iran, Russia and Kazakhstan are using DPI for a variety of reasons. ISPs in Ethiopia and Denmark have recently joined the list. While governments predominantly use DPI for censorship, ISPs use the technology to make Skype calls and YouTube videos play smoothly, stop viruses, dividing signal strengths and a variety of other reasons. In 2009, the US government in fact tried to introduce a privacy legislation to prohibit the use of DPI for behavioral advertising. Leaks from the UN International Telecommunications Union reveal Orwellian proposals towards implementing a DPI standard that will allow governments to snoop at a worldwide scale. As the argument about UK being the only democracy to be using such draconian measures fails, further investigation into the use and applicability of DPI becomes vital.

[hr]

Photo credit: striatic

Why Rewrite The Communication Data Bill?

The Communication Data bill has the potential to provide safety to individuals, albeit without putting their liberty at stake. A more nuanced approach by the government that aims to have more regulated surveillance can certainly win back public support.

[dhr]

surveillance security privacy communication[dhr]

If recorded and retained for a year, your communication data can disclose a more personal picture of you than the content of your communication in isolation.

An email without details of sender and receiver can barely give sufficient clues about your personal life; but details of who, where, when and how you communicate can certainly paint an extremely intimate picture of you. Yet this is the kind of data that the proposed Communication Data (CD) bill – often referred to as the ‘Snooper’s Charter’ – looks for.

If passed, the bill will give the government and intelligence agencies new powers to gather and retain communications data – across email, Facebook, Twitter, other social networking sites, online gaming and other forms of Internet communication – of the entire UK populous for a year or more. While the Regulation of Investigatory Powers Act (RIPA) of 2000 established a certain level of intrusiveness for gathering certain kinds of online communications data, the new bill seeks to provide more flexibility and greater powers to allow access to an unusual proportion of data being shared by the public with numerous telecommunication providers across the globe.

The bill will force technology companies to retain data that they would not otherwise hang on to for business benefit. It is expected to come up in the next Parliamentary session, among severe opposition from privacy groups. However, it is planned to reach the statute book only by 2014.

Right from the time RIPA was passed, privacy groups have always felt such powers hardly had much to do with tackling serious crime or terror. Instead they recognized that it allowed the police to unduly harass people and undermine their privacy concerns. However, the current Communication Data bill, which aims to give greater powers to access a wider range of data, has barely reflected a clear understanding of privacy concerns and the levels of intrusion that might arise from collecting different kinds of communication data.

Privacy is one the most contested issues in British Law. Outside Article 8 of ECHR, which offers an extremely general definition of privacy, there isn’t any clear legislation protecting the privacy concerns of the public. Though there hasn’t been any new law altering the nature of privacy in terms of contextual reference, ‘public’ attitudes towards privacy have altered over the years. There have been numerous circumstances when an individual’s privacy has been breached by government and other agencies. Yet even as recently as March 2012, a senior committee of MPs ruled that Britain does not need any privacy law.

In the current climate of active data-sharing, measuring the online privacy anxieties of the public has been extremely difficult. Even so, the current feverish environment surrounding the draft bill has barely allowed for a full-fledged analysis of public attitudes towards the bill. However, there is no substantial evidence to prove that the government has actively sought to understand public concerns, even in the days of RIPA.

Before I get into the problems of the draft bill, it’s certainly worth mentioning that I think we’re all, in one way or another, strong supporters of government’s surveillance methods in catching criminals. Our concerns emerge only when the government unduly seeks data and disproportionately miscalculates the data gathered. Ben Franklin’s words clearly reflect the current problem at hand: ‘They, who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.’

The Communication Data bill has the potential to provide safety to individuals, albeit without putting their liberty at stake. A more nuanced approach by the government that aims to have more regulated surveillance can certainly win back public support. Home Secretary Theresa May recently recognized the need to redraft certain parts of the bill during her evidence before the Joint Parliamentary Committee of peers and MPs. However, my central argument would be that the government should consider doing a great deal of re-writing to address the major concerns surrounding the bill – although only after gathering more evidence from the general public. The Joint Committee has taken great pains in seeking evidence from telecommunication providers, think tanks, privacy groups, and technology journalists; however what it lacks is a poll on public opinion on the bill itself. Here are a few reasons why the government should consider a revamp of the bill, to improve its chances of acceptance considerably.

The need for adopting a ‘Sliding Scale of Intrusion’ to reassure public: The Centre for the Analysis of Social Media at Demos recently submitted written evidence to the Joint Committee indicating the ‘potential harms the bill can pose, their seriousness, and how the government can better manage public’s privacy concerns.’ The central argument of the submission was that ‘the levels of intrusion and the resultant level of warranting, oversight and legitimate reasons with regard to RIPA are no longer legitimate with the draft Communication Data bill.’ As the bill seeks to collect and retain a diverse range of CD – which in some cases are private (for instance, geo-location), the government should consider taking a more ‘nuanced scale’ to reassure the public.

The lack of restriction on what can be snooped and how it can be used: The bill’s vaguely defined usage restrictions have a tendency to confuse the public at times. The bill defines the different kinds of communication data it seeks to collect – use, subscriber and traffic data. However, considering CD has a wider scope in the current digital environment filled with fast-changing technologies, the bill demands finer definitions, so the public is aware of the extent to which government intrudes into their privacy. A more transparent approach and a much regulated access by the government can definitely ensure that the UK doesn’t turn out to be the first ‘police state’ in the likes of China, Iran or Kazakhstan, that undertakes such draconian measures to gain access to CD.

The restrictions on which intelligence agencies or local bodies can access your data are vague: The two biggest problems with the CD bill, that are so far left unaddressed, are (a) the exact count of government agencies which will have access to the data, and if so who they might be and (b) how much of such personal data is likely to be shared with other governments for purposes of national security. While the government should consider including clauses that might allow easier ways to profile a likely agency that might be able to gain access, it should also simply follow the existing RIPA guideline: ‘the more serious the intrusion, the fewer agencies can do it, and for fewer purposes.’

Striking a balance between privacy and national security: Though the need of the hour is a wiser, narrower bill, it remains an intractable problem to create rules to ensure data-sharing in a trusted environment. Sharing public concerns can certainly help rebuild trust and resilience in communities. To ensure this, it is high-time the government engages the public to understand the different attitudes towards the draft bill.

[hr]

Photo Credit: Mike Licht, NotionsCapital.com