The government published a draft version of the controversial Communications Data Bill which, if brought into force, will require internet service providers (ISPs) to retain the records of every phone call, email and website visit in the UK. David Cook, cyber crime solicitor at Pannone, says the Bill represents a significant increase in the already copious UK surveillance powers, and warns real criminals will use already available methods to hide their online activities.

On 14 June 2012 the government published a draft Communications Data Bill which aims to update the current legislation that allows public bodies – including the intelligence and security Agencies and the police – to access information relating to communications data. The Bill will now be subject to pre-legislative scrutiny by a Joint Committee of Parliament.

Home Secretary,Theresa May, unveiled the new Communications Bill to a torrent of accusations that she had sculpted a “snoopers’ charter”. It is clear that the content of the draft legislation has alarmed both ends of the spectrum and concerns have been raised by consumers, internet service providers and civil rights groups alike. The Information Commissioner’s Office has also now confirmed that it will submit representations to the Joint Parliamentary Committee.

What does the Communications Data Bill aim to do?

The point of the Bill has been to remedy perceived lacunae in current legislation and to now cover forms of communication that had not been considered previously. Such “new” forms of communication include voice-over internet protocol, chat and social networks.

The Bill also seeks to widen the statutory data retention powers further. The Bill affects the type of data that must be retained by internet service providers and amends Pt II of the Regulation of Investigatory Powers Act2000(“RIPA”). RIPA itself has always been a highly controversial piece of legislation which, amongst other things, allows mass surveillance of communications and certain public bodies to monitor people’s internet activities. However, the proposed changes seek to allow the authorities to retain more data and to now retain information regarding exactly who is talking to whom, when, and where in theUK. It is suggested that this dragnet approach is in the interests of national security. 

The communications data that the Bill seeks to retain includes not only names and addresses but both:

  1. Information used to transmit the communication, including the address on an envelope or the location of a phone; and
  2. Itemised records of connections to internet services and phone records.

What are the concerns?

The Home Office has sought to alleviate concerns by stating that the information retained will only be regarding the sender and recipient of a piece of communication such as an email, text, or instant message, rather than the content of the communication itself. But this displays a rather facile knowledge of web based communications, given that data and content is practically inseparable. It appears that internet service providers (“ISPs”) will have to utilise controversial methods, such as deep packet inspection, to analyse every byte that passes through them, and then filter out the unwanted material, retaining the rest.

The rather onerous obligations therefore fall to the ISPs. RIPA already compels them to log details about email communications and retain that information for 12 months. However, the draft Bill seeks to now compel them to also retain a massive amount of additional information such as instant messages, Twitter messages, Facebook messages and messages on gaming platforms. They have to retain these messages whether the communication method is public or not. For example, data regarding publicly published Tweets will have to be retained, but so will data regarding private direct messages between users. It is also significant that while RIPA only affects public bodies, the draft Bill gives the Home Secretary powers to compel all telecommunications operators, including private ones, to collect information about any communication made over its networks, and to retain it for 12 months.

Any civil liberties issues?

The aim of the government seems pretty clear, to retain details of all communications by the public, irrespective of the communications method or the body that holds the information. The civil liberties issues are fairly similar to those voiced in respect of the now all pervasive CCTV systems, which can track and record your movements, whether dishonest or legitimate. The response to such concerns, as they will be to the draft Bill, is that, “If you have nothing to hide, then what is the problem?” However, the concerns over CCTV monitoring must pale into insignificance when compared to potential legislation which will allow all internet activity to be monitored. The promises that the Bill targets the “who” rather than the “what” seems rather ill founded given the clear difficulties in separating the data and, either way, represents a significant increase in the already copiousUKsurveillance powers.

What impact will this proposed legislation have on criminals?

The result of this, as with other proposed legislation, is that the real criminals will use already available methods to hide their online activities, such as DarkNet services, and such methods will clearly now will now be developed further and made even more difficult to trace. The outcome will be that wrongdoers will hide further underground, leaving the only people whose data is to be pushed and pulled and retained in servers just waiting to be hacked and leaked, will be the innocent public. In that regard, it would be difficult to see the mischief that the Bill seeks to remedy.

(This article was first published by LexisNexis news)