Government wants network operators to continue storing metadata, despite EU court ruling
The UK government will formally announce plans to extend data retention and surveillance laws in the UK today, amidst fears police would soon be cut off from accessing information thanks to a court decision in Europe.
It will allow the government to continue to force internet service providers to store metadata on customers – including who is calling who, from where and when – for 12 months, so police and intelligence agencies can access it when needed.
It’s believed Labour will agree to the additional rules and that they will be approved next week.
Surveillance laws need to stay, says UK government
The move from the Home Office has come in response to a ruling in the European Court of Justice (CJEU) that said such storage of metadata was not necessary and infringed on people’s privacy.
The government now fears telecoms firms will delete the information, making the job of law enforcement and intelligence bodies that much harder.
Reports suggest Labour accepted the deal with the provision that the Regulation of Investigatory Powers Act (RIPA), which privacy experts believe is overreaching in its surveillance allowances, will be reviewed.
A Privacy and Civil Liberties Oversight Board will also be introduced. Annual government transparency reports on how the powers are used have also been put on the table.
The new laws would not amount to a new Snooper’s Charter – officially called the Communications Data Bill – but privacy advocates are still concerned about the government’s decision to push through the rules behind closed doors and their potential for giving intelligence agents the chance to draw up detailed profiles of citizens. Snooper’s Charter would have made it far easier for police to access the stored data through a filter resembling a search engine.
The issue has become more pertinent since the Edward Snowden leaks revealed GCHQ was hoovering up people’s information by tapping internet cables running in and out of the UK, and the CJEU decision.
Privacy vs. security
“The government knows that since the CJEU ruling, there is no legal basis for making Internet service providers retain our data so it is using the threat of terrorism as an excuse for getting this law passed. The government has had since April to address the CJEU ruling but it is only now that organisations such as the Open Rights Group are threatening legal action that this has become an ‘emergency’,” said Open Rights Group executive director Jim Killock.
“Not only will the proposed legislation infringe our right to privacy, it will also set a dangerous precedent where the government simply re-legislates every time it disagrees with a decision by the CJEU. The ruling still stands and these new plans may actually increase the amount of our personal data that is retained by ISPs, further infringing on our right to privacy.
“Blanket surveillance needs to end. That is what the court has said.”
Yet Professor Alan Woodward, a security expert from the computing department at the University of Surrey, said the provisions of the emergency law should actually lead to improvements for UK citizens’ privacy.
“I don’t think this will change anything. I believe it is purely in order to protect the abilities the law enforcement and security services have today following the ruling from the EU that the new EU directive on data retention was unacceptable,” Woodward told TechWeekEurope.
“If anything, the new law will be a good thing as it will formally introduce safeguards such as an oversight body and the RIPA review. Possibly the biggest safeguard is the commitment to publish transparency reports. I would hope that all of this oils be seen as a positive step by people from all parts of the privacy debate.”
Are you a pedant on privacy? Try our quiz!