Presentation on theme: "Internet surveillance in the UK Ian Brown. Signals intelligence Everybody’s at it: Echelon Frenchelon Multinationals “We steal secrets with espionage,"— Presentation transcript:
Internet surveillance in the UK Ian Brown
Signals intelligence Everybody’s at it: Echelon Frenchelon Multinationals “We steal secrets with espionage, with communications, with reconnaissance satellites” – James Woolsey
Content surveillance Comms intercepts authorised by Secretaries of State under RIPA Agencies 1466 in 2002; 6 per day for Blunkett
Decryption powers S.49 notices from senior police, Customs etc. impose “disclosure requirements” that may usually be met by production of plaintext Keys may be demanded in special circumstances by chiefs of police, Customs commissioners, etc. Notices may prohibit “tipping-off” 2 and 5-year prison terms
Intelligence concerns “Law Enforcement is a protective shield for all the other governmental activities. You should use the right word - we're talking about foreign intelligence, that's what we're talking about - that's what all this is about. There is no question - that's what it is about. The Law enforcement is a smoke screen, because we all understand law enforcement, policemen, courts, this is something we see everyday in our life. And it's an important element, I'm not suggesting it's not relevant but it is a protective shield for what goes on behind that.” – David Herson, SOGIS
Anti-Terrorism, Crime and Security Act 2001 Introduced shortly after Sep. 11 th Contains provisions for data retention by Communications Service Providers Must be for purposes directly or indirectly related to national security
EU-related actions 2002/58/EC: “Member States may… adopt legislative measures providing for the retention of data for a limited period.” UK: “Nothing in these Regulations shall require a communications provider to do, or refrain from doing, anything (including the processing of data) if exemption from the requirement in question is required for the purpose of safeguarding national security.”
Codes of practice Home Office must first consult on voluntary code of practice Subscriber info, telephony data 12 months; SMS, data 6 months; Web activity 4 days Then mandatory code may be imposed Powers would have expired 13 Dec 2003 but were renewed Nov 2003
Real intentions? Most “business cases” given are well beyond current consultation timeframes Police continue to push for full URLs “There is great merit for having information about subscribers kept for five years and call information for two years” –John Abbot, NCIS
Regulation of Investigatory Powers Act 2000 “Communications data” obtained by self-authorised demand from police, Customs etc. Content requires warrant from government minister
Comms data access purposes in the interests of national security; for the purpose of preventing or detecting crime or of preventing disorder; in the interests of the economic well-being of the United Kingdom; in the interests of public safety; for the purpose of protecting public health; for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department; for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health.
“Snooper’s charter” The Department for Environment, Food and Rural Affairs. The Department of Health. The Home Office. The Department of Trade and Industry. The Department for Transport, Local Government and the Regions. The Department for Work and Pensions. The Department of Enterprise, Trade and Investment for Northern Ireland. Any local authority within the meaning of section 1 of the Local Government Act Any fire authority as defined in the Local Government (Best Value) Performance Indicators Order 2000 The Scottish Drug Enforcement Agency. The Scottish Environment Protection Agency. The United Kingdom Atomic Energy Authority Constabulary. A Universal Service Provider within the meaning of the Postal Services Act 2000 A council constituted under section 2 of the Local Government etc. (Scotland) Act A district council within the meaning of the Local Government Act (Northern Ireland) The Common Services Agency of the Scottish Health Service. The Northern Ireland Central Services Agency for the Health and Social Services. The Environment Agency. The Financial Services Authority. The Food Standards Agency. The Health and Safety Executive. The Information Commissioner. The Office of Fair Trading. The Postal Services Commission.
Information Commissioner view “service providers are entitled to rely heavily on the fact that the Secretary of State and Parliament will have concluded that the retention of communications data for the periods specified in the Code is necessary in order to safeguard national security.” BUT “the proposed regime will lead directly to disclosures under section 22 RIPA which are inconsistent with Parliament's intention in passing ATCSA, and thus arguably unlawful under Article 8”
ISP response No “compelling case” for retention ISPA could not “recommend to members that they voluntarily comply with the proposed code of practice”
Parliamentary response “We can reach no other conclusion than to recommend that the Home Office immediately drop their plans to introduce a voluntary scheme for data retention under ATCS.” “We recommend very strongly that the Government do not… impose a mandatory data retention scheme.” “We recommend that the Home Office enter into a dialogue with the CSP industry to develop an appropriate data preservation scheme to meet the needs of Law Enforcement.”
Home Office response “The Home Office do not consider that the fact that data is held by a communication service provider under the Code of Practice for national security purposes, and not for any other reason, should prevent the police or other public authorities having access to that data when they can demonstrate a proportionate need for it.” “In order to be able to implement what they want, we will have to retain the data, so that it can be accessed to test out whether the intelligence services are right in believing that it is relevant in tackling terrorists. That is how stupid the Liberal Democrats are.” –David Blunkett, Hansard
Remaining questions Can ECHR articles 8 (privacy), 6 (fair trial) and data retention and access be reconciled? Will costs be acceptable?