The ‘Snooper’s Charter’ in its various iterations has been an ongoing cause for concern for Entanet and the industry as a whole for several years now and, as we move ever closer towards its seemingly inevitable implementation as the Investigatory Powers Bill (IPB), we decided to have a chat with ISPA’s Secretary General, Nicholas Lansman to find out his concerns for industry and what he thinks the committee scrutinising the Bill should be focusing on.
Parliament is currently scrutinising the Draft Investigatory Powers Bill, which aims to ‘consolidate existing legislation and ensure the powers in the Bill are fit for the digital age’.
Whilst ISPA welcomes a new Bill to replace the outdated legislation governing this area, there are specific concerns from ISPA, Entanet and industry around the lack of clarity in the Bill, its costs and what exactly will be expected of ISPs.
A Joint Committee of MPs and Lords held nine evidence sessions (including with ISPA) and is expected to report on the Bill this month (February), just three months after being introduced. Despite the Prime Minister describing this as the most important Bill currently going through Parliament, ISPA is concerned that there has not been enough time to scrutinise it, raising questions as to whether a Bill so important will receive the level of scrutiny it truly deserves.
The text of the Bill has a number of things industry needs clarity on and ISPA will be hoping for recommendations for changes in the following areas:
Internet Connection Records
One of the key issues for ISPs are ICRs (a whole new term), which are not currently retained or held by service providers for business purposes, and depending on how the Bill is interpreted, will require service providers to produce and retain large volumes of new data sets. The Bill does not provide a clear definition of ICRs, making it difficult to assess what counts as an ‘ICR’ or not and what impact the collection of this data may have on businesses and consumers. The Home Office published further information on ICRs, which has shed more light on the types of data, but there remains uncertainty and the Committee should press for a list of data that could fall within an ICR.
When Home Office officials and the Home Secretary appeared in front of the Joint Committee, MPs asked questions about the provision which allows the Home Secretary to remove electronic protection from data and what this might mean for encryption. Protecting encryption is a key issue for the technology industry which relies on it to keep online transactions secure and keep trust in online services. The Home Office has repeatedly said it has no plans to ban encryption, but still wants ISPs to give information in a ‘readable’ format, which is difficult for those who use end-to-end encryption and prompted fears about making a ‘back door’. This is something that wider industry will be hoping for clarification on.
Whilst the Home Office has made repeated assertions that all the cost recovery figures included in the Bill have been estimated together with service providers, all of the ISPs that have appeared in front of the Committee, including ISPA, have repeatedly said the £174m proposed in the Bill to cover the costs is far too small and unrealistic, with BT saying their costs alone would take up the ‘lion’s share’ of that figure. At present, the Draft Bill only guarantees that the contribution of the Government to a provider’s costs cannot be zero, but it is important to enshrine full cost recovery on the face of the Bill. The current draft would enable a future Government to cut its contribution to costs which puts providers at a commercial disadvantage. Costs met by the authorities also help prevent ‘fishing expeditions’, so cost recovery is an important safeguard on security services using investigatory powers.
A sticking point for the previous Draft Communications Data Bill, the request filter effectively creates a single distributed database of communications data retained by UK CSPs. This database not only allows for simple searches but also complex profiling queries. With such a powerful tool, Government must ensure that the request filter is built in such a way that it provides reliable results, but is subject to appropriate proportionality tests. ISPA wants to be sure that this highly intrusive power is properly safeguarded and this will need to take into account that the request filter interferes with the privacy of all people whose data is considered as part of a query and not just those whose data is included in a result.
The Bill extends the definition of a ‘Communication Service Provider’ to include private networks. ISPA has raised concerns that there is a danger that powers could fall on smaller providers including Entanet resellers who may have never been asked to hand over data before. ISPA has called for clarity on this point and will be hoping the Committee does the same in its report.
The Digital Economy
ISPA is worried that the new legislation could undermine trust in online services and put people off investing in the UK. US based operators said they lost business in the wake of the Snowden revelations and we have emphasised the need for legislation to be mindful of the digital economy, a key part of the UK PLC. ISPA urges Government to take this into account when setting new legislation.
So what next? The Joint Committee is due to report its findings and make recommendations on February 11th and the Government will respond in March, after which the Bill will be debated and voted upon in parliament. Home Office Minister John Hayes MP has alluded to the fact Government is expecting very few changes to the Bill as it stands once it passes through the Houses. Whether this is due to a wide consensus on the need for the Bill or due to the fact the Bill will have a limited time to be scrutinised, is definitely up for debate.
- Parliament.uk: Draft Regulation of Investigatory Powers (Interception of Communications: Code of practice) Order 2015
We share ISPA’s concerns and are particularly disappointed by the short timescale that scrutiny of this Bill is being given. MPs are agreeing that this is a highly important Bill yet it appears to be rushed through in a matter of a few months with minimal industry input yet again.
Somewhat reassuring is the fact that the Science and Technology Committee which has also published its report into this Bill seems to agree with and share ISPAs concerns, raising the same points.
We hope the Joint Committee will at least listen to ISPA and the Science and Technology Committee’s findings and put forward a suggestions for further clarification and discussion.
Have your say!
Do you share ISPA’s concerns or do you have further issues with the current draft Bill that you think need further scrutiny? Share your thoughts by leaving us a comment below and we can pass your concerns on to ISPA.
- Entanet Opinion: Guest Blog: What’s next for communications data law?
- Entanet Opinion: Shhh… Don’t talk about the new Snooper’s Charter – but, here are the latest updates!
- Entanet Opinion: What’s new in the Snooper’s Charter 3.0?
- Entanet Opinion: Has the High Court put a dampener on future snooping plans?
Rate our article...