Home Office officials tell a Parliamentary Committee why they want our communications data
Home Office officials defended the Communications Data Bill they helped draft in earnest yesterday, during the opening hearing of the government inquiry into the proposed legislation.
The Joint Select Committee, a collection of six MPs and six peers charged with scrutinising the bill before it goes to Parliament, met for the first time on Tuesday afternoon to start the process of examining the contentious aspects of the proposed legislation, including its impact on privacy and its tricky technical aspects.
In its current form, the bill proposes to store all UK citizens’ communications data, including who contacted who, when and from where, but omitting the content of the conversations.
Cracking crooks’ workarounds
Director general of the Office for Security and Counter Terrorism in the Home Office, Charles Farr, told the Joint Committee that the proposed powers would give authorities access to 85 percent of the data they needed to carry out their work effectively.
Farr said he was confident that law enforcement would be able to get pst certain “workarounds” suspects might use to avoid being tracked, such as VPNs or other encryption-based technologies. He did not give specifics about how it would do so, however.
“I am satisfied with the techniques which are being developed,” he added. “Many workarounds can be defeated.
“We are not proposing this legislation will cover 100 percent of the communications environment… [but we are confident] that by 2018 we can stem the communications gap… and get 85 percent of what we need.”
Black boxes for foreigners only?
The government will not be installing black boxes at all UK ISPs to separate content from communications data, as had been speculated. TechWeekEurope was recently told the Home Office was distancing itself from that idea, which was believed to be a core part of the original plans.
Farr claimed that black boxes, or deep packet inspection technologies, were “not the cornerstone of this programme” nor “the central plank of it”. They will only be used in cases where an overseas communications provider was unwilling to work with the government on supplying requested information. In those cases, black boxes would be installed at the UK ISP the foreign provider is running through.
Farr promised that the black boxes would be checked by the government to ensure they did not reveal content, but did not say what technology would be used for separating the comms data from the content.
Despite a lack of detail on what technology would be used to separate content from communications data, Richard Alcock, director of the communications capability directorate at the Home Office, said it was “very easy” to do.
The Joint Committee also asked about the bill’s apparent allowance for police to require ISPs to store comms data for an indefinite period of time, rather than the 12 months currently stipulated under RIPA. Farr defended that aspect of the bill, saying it was essential data was “retained until court proceedings take place”.
Comms data will include all websites that a user visits, according to the Home Office. A Home Office spokesperson subsequently told TechWeekEurope that it would only be visits to a certain website that would be tracked (e.g. http://www.techweekeurope.co.uk) rather than visits to all subsequent web pages on that site (e.g. http://www.techweekeurope.co.uk/news/snoopers-charter-black-boxes-77206). That should allay some fears around what content web page URLs could reveal.
Serious crimes vs non-serious crimes
The Home Office officials also faced questions over what kinds of crimes the bill would cover, and were asked whether they would consider changing the bill so it specified when communications data could be accessed by police. Under the current proposals, it appears law enforcement would be able to acquire comms data for any crime, right down to small offences such as using a mobile phone whilst driving.
The fact that there is no single definition of ‘serious crime’ in codified British law has made matters even trickier. Peter Hill, head of the unit for pursue policy and the strategy unit in the Home Office, said that it may be wise to allow for applications for data even in apparently less serious crimes.
“You would have to find a way of managing that investigative process whereby you start with a less serious crime and end up with a very serious crime. That’s not to say it couldn’t be done,” he added.
Four bodies will be able to apply for access to comms data under the proposals, including the police, the National Crime Agency (NCA), the intelligence agencies and HM Revenue and Customs. A senior officer will have to sign off applications, but no warrant will be needed.
Are you a privacy pro? Try our quiz!