Communications Bill Creates Dangerous Database

The political challenges to our digital rights are now coming in waves. With ACTA at a decision-point in the European Parliament and the TPP secret treaty drawing in more nations for unscrutinised deal-making against the interests of their citizens, the UK faces two new threats to those rights.

The first is familiar enough. In the name of "defeating internet trolls", the Defamation Bill is being modified to include provisions that incent service providers to betray their customers' privacy and trust in return for legal immunity.

While amending libel law, something that's undoubtedly needed in the UK, the Bill has what seems to be a hurriedly-inserted clause allowing someone claiming they have been libelled to request the identity of a customer from a service provider without any kind of court interaction as a precondition.  The service provider can either choose to comply, and be immune from libel prosecution, or comply 'voluntarily' and risk being a party to a libel suit.

Such a lax approach risks providing bullies - in the form of individuals or companies - with an easy way to go fishing for information to support other chilling effects. As Simon Whitten says in his good article on the subject,

"Unamended, the bill clearly does more harm than good for internet users. While the conditional immunity of website operators should serve to reduce the pressure for content to be taken down unreasonably, it does so by simply passing the threat of frivolous legal action from hosting companies and website owners onto the individual user who's even less prepared to deal with it and in doing so puts their private information at risk."

The second is far more insidious and complex. The new draft Communications Data Bill - otherwise known as the "Snoopers' Charter" - has already been much discussed. It arises from the concern of the UK's enforcement agencies that communications over the Internet provide a channel for illegal activity that can't easily be intercepted. But rather than just asking for powers to engage in court-reviewed interception, they have pressed their masters, first in the Labour government in 2008-9 and now in the current government, to provide them with new resources.

The new draft Bill is very far reaching, including also the existing powers of the police to monitor the postal mail but now updated to potentially allow them - and pretty much every agency of government and, according to section 9(7), anyone else at the government's discretion without disclosure or review, any agency not already so empowered - to monitor all your internet usage.

Yes, all of it. And not just transiently either. ISPs can be asked to store and keep all your internet communications, without any cause for suspicion, disclosure or judicial review, for as long as 12 months just in case it comes in handy. This is not focussed wire-tapping; this is storing the communications of every citizen to enable future evidence-gathering.

There's talk of safeguards over access to this information, although there's no detail of them. I get the sense the government and their agencies would actually like us to worry about this more. But it is exceptionally important to note that the data the new law controls access to is not currently gathered by most ISPs, but rather is transient. This Bill for the first time creates a database (distributed initially, but you can bet that it will eventually be automatically centralised for efficiency) that persists long after the fact, just in case an authority - any authority - may need it for almost any purpose.

If we only argue about how access to the newly-created database is controlled, even if we're successful at getting strong controls placed on access the database has still been created. That means that the bar has been lowered and future legislation can simply treat it as a resource to be exploited. As barrister Francis Davey comments in his excellent "first look" at the bill,

"It is almost impossible to have a sane debate about this sort of law because, as always, the government are likely to say "but we will only use our powers for good". What is more the bill, if passed, won't do anything particularly bad itself that badness is merely a potential badness that allows for misuse of the power at a later date. Again governments will swear on their mothers' that they will only pass just and sensible secondary legislation".

Thus, the draft Communications Data Bill is of great concern, not primarily because it lacks controls over who can access private data - these will be added - but because it creates a privacy-destroying surveillance resource which is certain to be abused in the future - both by government agencies and by illegal intruders. If these issues interest you, consider taking the campaign training that's being offered by the Open Rights Group around the country over the next few weeks. I'm told it's filling up fast, so don't delay.

Copyright © 2012 IDG Communications, Inc.

8 highly useful Slack bots for teams
Shop Tech Products at Amazon