SA Mathieson 

What David did next

After the furore over data protection last year, SA Mathieson explores the government's designs on our movements in the digital world
  
  


Last June, the home secretary, David Blunkett, came a cropper over which government officials could have access to information about our communications.

His proposals would have given access to detailed data on your communications to an array of organisations - including local authorities and the Post Office. Such data would previously only have been released to the police, customs, the Inland Revenue and MI5.

To cap it all, the proposal also included the Information Commissioner's office: the body that is meant to protect privacy was apparently getting the right to invade it.

The story caught fire, and the legislation (adding to the Regulation of Investigatory Powers Act, or Ripa) was named the Snooper's Charter. Blunkett backed down: as he writes in the introduction to the revised plans, now open to public consultation: "I admitted that we got it wrong and said that we would have to think again."

This consultation does not cover the contents of phone calls, emails and the like, but information about them, known as "communications data". The Home Office estimates that this kind of data is requested 600,000 times a year - it admits there are no precise figures. Parliament's All-Party Internet Group (Apig) estimates that a million requests are made to telephone companies alone.

"Currently, there is no explicit oversight," says a Home Office spokesperson. "Ripa will establish explicit oversight for communications data."

The Home Office says that when a version of the secondary legislation is finally in force, access to communications data will be regulated by the interception commissioner, who can publish exact figures.

Such access will only be allowed under Ripa. An investigator will apply to a senior officer using a documented process, saying what data they want, why they need it and why this is reasonable.

If approved, it will go to the organisation's single point of contact ("Spoc"), someone trained in the nature of communications data. If the Spoc approves, he or she will contact the telephone or internet service provider. This already happens in police forces.

If a rogue official abuses such data, he or she can already be fined and could be sacked. But the Home Office is considering a recommendation in a January report from Apig, suggesting an explicit criminal penalty.

The consultation paper lists every kind of public body that wants access, and why. Many already get this data by asking telephone companies and internet service providers.

The police and security services make 96% of communications data requests. But local authorities make about 17,000 requests a year for trading standards, environmental health, housing benefit and planning. These are mostly for subscriber details, getting a name and address from a phone number or email account.

Royal Mail Group applied for subscriber data and itemised telephone records 418 times in its 2001-2 financial year, while investigating theft of mail or benefits by staff, and robberies from postal workers.

As for the Information Commissioner's Office, it applied for subscriber and itemised records 88 times in the 12 months to last September. It uses this to investigate invasions of privacy, such as unlawful selling of personal information.

Human rights group Liberty says all these requests should be approved by a judge. The Home Office document argues that this would be "inappropriate and burdensome".

Ian Brown, director of the Foundation for Information Policy Research (FIPR), says that subscriber information access (at least 90% of all requests) could be internally authorised by major users, but believes that requests for other kinds of data, as well as all applications from organisations that only make a few, should go through a judge.

Overall, privacy groups gave the access paper a guarded welcome. The same is not true of its sister consultation on retention of communications data.

The retention consultation paper contains a draft of this voluntary code. At the moment, communications data can only be held for business reasons - keeping it for longer is illegal under data protection law.

This produces big disparities. ISPs don't charge by the email, so delete email records within weeks. But BT, which charges largely by the call, keeps billing data for seven years.

Some investigators want several years' retention. The consultation paper includes examples in which the police asked for communications data after it would have been deleted under the draft code - a point not lost on privacy campaigners. "When they get these powers through, they will point to these examples and say, we need it for just a bit longer," says Ian Brown.

The retention periods are roughly in line with phone company practice: among the mobile networks, only Orange says it keeps such data for less than a year. But Richard Clayton, treasurer of FIPR and an industry expert, says ISPs keep email data for up to three months, and some don't keep web activity logs.

The costs of retention would vary, but AOL says it would cost $40 million to set-up such a system (£26 million), followed by $14m a year to run it. Apig says the industry might need in excess of £100m.

"Our members want to help government achieve its aims," says the ISP Association (Ispa). "At the same time, they don't want to go bankrupt. The Home Office should be paying for this."

Then there's the issue of legality. The law says communications data can only be kept for national security, but the Home Office says if it's there, it makes sense to use it for fighting crime.

However, this is open to legal challenge. The ISPs and telephone companies may therefore prefer a mandatory code, so they will not be liable. "Once a scheme became mandatory, the legal position would become understood," says Ispa.

The Home Office seems genuinely interested in gathering the public's views on all this. The consultation papers are available online (see links), and you can then email your comments to commsdata@ homeoffice.gsi.gov.uk until June 3. These may be published unless you ask otherwise.

You can't say you haven't been asked.

Useful links

Home Office consultation on access: www.homeoffice.gov.uk/ripa/part1/consult.htm

Home Office consultation on retention: www.homeoffice.gov.uk/docs/comsdatacontacts.html

All-Party Internet Group:
www.apig.org.uk

Interception Commissioner's latest report:
www.official-documents.co.uk/document/deps/hc/hc1243/1243.pdf

· The consultations will be discussed at Scrambling for Safety at the London School of Economics on Wednesday 14 May. www.fipr.org

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*