Saturday 16 June 2012

My initial view of the draft Communications Data Bill


In my experience, some of the most pressing political issues of the day aren’t debated rationally. The big decisions are often taken on a tide of emotion, rather than a dispassionate analysis of the supporting arguments advanced by the proponents and detractors. Why? Because they are taken by people in the public eye who are mindful of the political consequences of the decisions they are required to take. And when an election is around the corner, politicians are generally not that keen on promoting causes that will result in their own political demise.

I think we can apply this analysis to the current debate around communications data. How can the State save lives, prevent crime and maintain public order, while at the same time not snoop on the private lives of innocent people? The big beasts will be rolled out from each side, while the politicians will review the Government’s proposals with one eye on their own electoral futures. It’s not an edifying thought.

I can appreciate both sides of the argument – and I can see holes in the cases that each side are advancing, too. And I want to hear the counter arguments for these holes before I really make my mind up.

I can absolutely appreciate the genuine desire of the law enforcement community to fight crime, using all legal powers at its disposal. But I do not understand, then, why is appears to be the case that law enforcement officials in other EC Member States appear not to rely so much on communications data. If we are to believe a recent press article, the Czech police manage quite well despite the severe constraints on the types of communications data they are allowed to use.

It was reported that, in March 2011, the Czech constitutional court decided that operators did not need to store traffic and location data about customers' electronic communications, leaving the police to rely on data kept for other purposes, such as billing. Yet, amazingly, according to information requested by privacy protection watchdog Luridicum Remedium from the Special Tasks Department of the Czech police, the Czech Republic detected an increase in the crime detection rate from 37.55 percent to 38.54 percent, despite a 10-fold drop in the number of requests for information.

I can also appreciate the genuine sense of outrage, felt by many opponents of the Government’s proposals, that the huge increase in the types of internet records that are to be required to be retained represent an illegitimate and disproportionate grab by the State for the soul of every British citizen.

But if these opponents, or their families, had been closer to recent terrorist outrages, or had been personally affected by awful crimes that might have been able to have been prevented, I wonder how greatly their outrage would be muted.

I expect a considerable debate to occur about the purposes for which communications data can be obtained by an investigator. After all, there are a range of “good reasons” why an investigator might need it which are not at all connected to criminal behaviour. For example, a vulnerable person may have gone missing, and their next-of-kin will want them located. Or someone may die in the street (of natural causes) and there are no forms of identification on the body - but there is a mobile phone. So how else will a policeman contact their family? Or, a public authority may want to track someone who owes them money, and all they have to go on is a mobile phone number.

Whatever the purposes are set out on the face of the legislation, we can expect the list to be reviewed in due course. And possibly extended – by Statutory Instruments that won’t attract anything like the sort of publicity (or public scrutiny) than this Bill will get. It’s happened before. And hardly anyone complained (or probably noticed). Get over it.

Public confidence over the Bill may be affected by a quirk of data protection law, which means that individuals whose personal data have been disclosed to public officials exercising statutory powers to obtain it have no right to be told that their information has been so disclosed. (In technical terms, there is an exemption to the Subject Access Right for such disclosures.) So, if you don't know what or whether any information about you has been disclosed, how will you satisfy yourself that no improper disclosures have occurred?

It would be deeply ironic if citizens only realised that something inappropriate had occurred when a police force contacted them to apologise for the fact that, due to a data breach, the police had managed to lose the personal information the citizen didn't know had been disclosed to the police in the first place.

In the end, I expect the issue is going to turn on the extent to which British citizens will trust those who will be accountable for ensuring that the new system, however it is designed, is not abused. And this could be a hard sell. To a large extent, public confidence could be affected by other (unrelated) charges of official misbehaviour. Or public confidence could be affected by an apparent unwillingness by the relevant overseers to make themselves known, accessible, and appreciated, by the British public.

I also expect that the issue is going to turn on the extent to which (a very much smaller number of) British citizens will trust those who are designing and operating the magic internet filters that will evidently make sense of all these encrypted internet communication records. These are the records which have not previously been kept by traditional internet and mobile providers, but which apparently will furnish investigators with precisely the right answer to their queries, using just the right amount of internet data, and guaranteeing that absolutely everything not required will be securely destroyed.

I don’t know who these designers are, and I don’t know how (or if) these magic filters actually work. Hopefully, unlike the magic equipment used by Penn & Teller, Derren Browne, and Paul Daniels, technical experts that British citizens trust will be invited to give them a thorough investigation, rather than a cursory glance, and confirm that they only do what they are supposed to do. Perhaps British citizens would feel better if these magic filters were also certified by national luminaries such as J K Rowling, Stephen Fry, and Cheryl from Bucks Fizz.

Finally, we should not forget the elephant in the room. We are talking, after all, about technology. And when it works, I expect that every Government (of every persuasion) will take every step to ensure that these technologies are embedded in the communications infrastructure of every State.

But, at least we Brits will be able to feel secure in the knowledge that, in our magnificent country, our public servants and our national Governments will take a greater pride in observing principles of decency and fundamental human rights than will be the case in many places elsewhere.


Source:
http://www.pcworld.com/businesscenter/article/257225/czechs_consider_reintroducing_eu_data_retention_rules.html

.