Thursday, 28 January 2010

Balancing the rights of the police and the policed

When I'm asked to get involved with public policy debates about how long communication service providers should be required to retain information for which they no longer have any use for themselves, I often feel as though I’m being forced to choose between two competing interests. And when I look to the law for assistance, I find it’s a bit vague. Perhaps this is how the Attorney General felt when he was forced to provide a definite yes/no answer on the legality of starting a recent war.

I find it easier to know where to start looking for the rights of the policed, as the Human Rights Act helpfully sets out those rights. And it gives “human rights” to things that aren’t even human too – when the legislation refers to “natural or legal” persons, businesses prick their ears up (well, they would if they had ears), and occasionally assert their rights. And then, for individuals, the Data Protection Act kicks in and expands on some of these basic fundamental rights.

The trouble is, I find it really hard to know even where to start looking for the rights of the police. Is it the case that they have all the rights that have not been specifically granted to anyone else? If we had a written Constitution, it might be easier to know where to look. But as we haven’t, its not easy to find documents that properly set out the balance between the competing interests.

Why does this matter?

It matters when some people take advantage of their “human rights” to abuse the rights of others. I want to live in a fair, just and tolerant society. I don’t want my rights to be abused (or me to be harmed) by someone who unfairly hides behind a cloak of anonymity. That’s not cricket. All should be fair in love and war. And crime.

And I sometimes wonder whether the people who, over 50 years ago, drafted the principles that form the basis of our human rights legislation really would have settled on the same text if they were asked to create a set of principles that were fit for purpose for today. I think that they would accept that there was a need to revise some of them.

And I think this because the conditions, and threats, that existed 50 years ago have changed. Back in those days, European nations were extricating themselves from the disastrous consequences of war and the dangers appeared to come from oppressive regimes. Accordingly, the European Convention on Human Rights seems to be more concerned with setting out the rights of individuals, to empower them against the weight of a threatening central regime. But does that legislation adequately address the threats that people can face today – where threats can equally come from large companies, or from other people? And, more explicitly, does it give the state sufficient power to protect people from “Fred in the shed”. Or can “Fred” exploit a legal vacuum that appears to exist that makes it very hard for the State to keep enough information about him to prevent him from causing harm to anyone else?

Terrorism these days appears to be just as likely to be delivered by people like “Fred” than from oppressive regimes. And, thanks to the internet, people like Fred can equip themselves with the information necessary to cause outrage to many. So how should the internet be policed, so that people can be protected from Fred? Especially when many people appear to want security without lifting a finger themselves.

The internet isn’t mentioned anywhere within the European Convention on Human Rights – it didn’t exist when the Convention was drafted. This causes me problems when I try to work out what rights the police should have and what anonymity the policed ought to be able to expect as they use the internet.

If the Convention were to be redrafted today by, say, a set of German campaigners, I guess that they would be keen to reflect the recent data protection scandals in that country. They include incidents involving the illegal trade of address lists and bank account information. And some of the largest German companies in key industries, including transportation, finance, automotive, retail, and health care, have been accused of misbehaviour, say by monitoring the personal data and activities of their employees. Media coverage of these developments sparked widespread public interest among politicians, trade unions, and consumers on the mishandling of personal data, so in July 2009 various changes were made to the Bundesdatenschutzgesetz, Germany's Federal Data Protection Act. In essence, they tighten the controls and, in some cases, require information to be deleted so that it is no longer capable of being abused. But when that information is deleted, it also can’t be used for policing purposes.

If the Convention were to be redrafted today by, say, a set of British campaigners, I wonder what line would be taken. As far as Ian Walden, Professor of Information and Communications Law at Queen Mary College, is concerned, according to the Daily Telegraph (23 Jan 2010), the authorities have taken “advantage of the terrorist bombing in London” to erode civil liberties. He was responding to media reports that the police and security services were set to monitor every phone call, text message, email and website visit made by private citizens. The details would be stored for a year and will be available for monitoring by government bodies. Apparently, all telecoms companies and internet service providers will be required by law to keep a record of every customer’s personal communications, showing who they have contacted, when and where, as well as the websites they have visited.

Ian was quoted as saying that “The police clearly took advantage of the terrorist bombing in London to get an agenda, which has been around for years, pushed to the forefront”

“They would never have got Government support for data retention, which became a European issue, without the Madrid and London bombings.” The 2004 Madrid bombers [apparently] used one shared web based email account to make plans, rather than exchanging messages that could be intercepted. Their actions killed 191 people and wounded over 1,000.

“Concerns from civil liberty groups are we will lose the liberties that we thought we had without necessarily notifying us. Why does the data on all of us have to be retained in order to find out about those that are bad?”

Ian highlighted the danger of laws created to catch dangerous criminals later being manipulated to spy on millions on households, and reflected on the fact that local councils had been criticised for using anti-terrorism (RIPA) laws to snoop on residents suspected of littering and dog fouling offences.

“My concern is that its easy policy-making… if you say it’s against terrorism and it’s against child pornography then nobody is going to say no.”

Ian’s comments echo those made by Dame Stella Rimington, the former head of MI5, who last year accused ministers of interfering with people’s privacy and playing straight into the hands of terrorists, by creating a “police state”. Similar comments were made last year by Tory immigration spokesman Damian Green. He gained notoriety in November 2008 by being arrested, held for nine hours, and his homes and House of Commons office searched by police under anti-terrorism legislation, probing alleged Home Office leaks.

I’m not sure that I entirely share those comments. But it’s hard to know just where to draw the line.

In my next blog I’ll have a quick look at some of the Convention rights and freedoms and see if I can draw any conclusions as to how they might need to be tweaked to take account of the internet age we live in today.