Add Comment
CCDP response from MP
This topic was created by JetSetJim.
CCDP response from MP
At the beginning of April, I wrote a moan to my MP regarding the CCDP legislation as an additional voice to add to http://www.theregister.co.uk/2012/04/20/panel_of_experts_attack_net_snooping_plan/. Well, I finally got a response, quoted verbatim here:
"Dear [JetSetJim],
Thank you for your email of 6 April regarding the above. I am very sorry for the delay in replying to you.
Whilst I very much understand your concern on this matter, I can assure you that the Government and I are committed to maintaining national security and protecting the public in the face of changing circumstances, whilst continuing to protect civil liberties.
Communications data - information such as who called whom and at what time - is vital to law enforcement, especially when dealing with organised crime gangs, paedophile rings and terrorist groups. It has played a role in every major Security Service counter-terrorism operation and in 95 per cent of all serious organised crime investigations. But communications technology is changing fast, and criminals and terrorists are increasingly moving away from landline and mobile telephones to communications on the internet, including voice over internet services, like Skype, and instant messaging services. The Government estimates that it are[sic] now only able to access some 75% of the total communications data generated in this country, compared with 90% in 2006.
Given the pace of technological change, our future capability is very uncertain. That is why, in the Government's Strategic Defence and Security Review, it said it would "introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain data and to intercept communications within the appropriate legal framework." It also made it clear that in seeking to ensure our law enforcement agencies continue to retain capabilities to protect us from harm, civil liberties would be respected and protected.
The Government therefore proposes to require internet companies to collect and store certain additional information, like who an individual has contacted and when, which they may not collect at present. The information will show the context, but not the content, of communications. So we will have for internet-based communications what we already have for mobile and landline telephone calls. The data will be available only to designated senior officers, on a case-by-case basis, authorised under the Regulation of Investigatory Powers Act, and the process will be overseen by the Interception of Communications Commissioner. It will be available only if it is necessary and proportionate to a criminal investigation. It should be noted that the police and other agencies will have no new powers or capabilities to intercept and read emails or telephone calls and existing arrangements for interception will not be changed. No increase in the amount of interception is envisaged as a result of this.
Unlike the previous Government's proposals, there will be no government database and the data recorded will be strictly limited and regulated and will be destroyed after a year. The police and Security Service will not be able to intercept the content of calls and emails, except as now when it is necessary and proportionate as part of an investigation relating to serious crime or national security, and only when they have obtained a warrant signed by a Secretary of State.
Nonetheless, the Communications Data Bill will be subject to full Parliamentary scrutiny and in advance of that, given your obvious expertise in this area, I have forwarded a copy of your email to James Brokenshire MP, Minister at the Home Office, so that he is aware of your concerns on this issue and to ask that he takes them into consideration.
I will of course keep you informed of any information I receive from the Home Office on this issue.
Yours sincerely, etc..."
So, a re-hash of the "it's to catch paedo's and terrorists, honest", but how best to reply?
Reply
First up, it is good to see part of our democracy working.
There is the issue of the more data, the more will leak. We have seen many incidents of civil servants "surfing" personal tax data and that is
This guy will have been briefed on the problem by highly credible people in the various security services, but they are not the problem. At a recent Real Time Club dinner we had the head of the covert surveillance unit at Scotland Yard and she’s someone I’d trust to handle the data. But there are literally hundreds of thousands of police, ISP staff and of course now “outsourced” police support.
Already we see civil servants being disciplined for “surfing” tax and other records afor fun and profit and of course once these records exist dodgy journalists and other bad people will get hold of them.
There are specialist sites visited by Jews, Moslems, people with HIV, women who've been raped pretty much any group that some nutter might want to harass. Correlate that with the ISP's address records as this law will require and bad things will happen., not may but will.
There are also Tory-specific sites as well and it may shock you to learn that some people wish members of the government harm and you may recall how the hotel bill of a husband of a minister in the last Labour government was found to have bought a legal porn film.
The people briefing him will say there will be safeguards, but they are the people running organisations who already have this problem with their staff, not because they are incompetent or that all civil servants are malign, but if you have that many people with that much opportunity then some will yield to temptation.
The Wikleaks affair was caused by the fact that so many people in the USA have security clearance to get their jobs that even a good background check will still let in people who will do stuff their employers wish they would not. I recall seeing that over 6 million Americans have clearance, in a set that large you have at least one of anything. In the UK we’d have not only the security services who are a small group who’ve been checked as people not just for criminal records and the police but local government. We’ve already seen them abuse terrorist powers over rubbish collection and school places, would your MP be happy that his local Labour council could access his records ?
Also Sinn Fein have councillors, think of that whenever you think local government powers are a good thing.
The key here is oversight and restriction and the best way to get that is cost.
If they can demand ISPs to do work for them for nothing then of course every criminal case will involve every suspect and person of interest getting a request. If however it cost real money for an ISP tracking demand then there would be far fewer and if each was charged at (say) £1,000 then a rouge officer or civil servant would be spotted very quickly.
Re: Reply
Nice points to make. In reference to the "would he be happy if local Labour council rummaged in his privates", we're in the lovely situation where there are no labour councillors (I know, the point is still valid!).
I did neglect to mention in my original letter the astounding success that RIPA has had in not being abused by local councils...
First test of any legal power...
I believe that a good sanity check for any law is whether you want that power to be used by a political party that you don't like.
Your MP may trust his own party, certainly he is obliged to say so. But one day there will be another Labour government, indeed by the time this law gets through, we will be on the edge of the next election season.
This applies in the opposite direction of course, Labour, which bills itself as a party of liberal values gave the right wing party a whole pile of powers that former Tory leaders like Thatcher (widely regarded as being right of centre) never even asked for.
I believe that the time when we get a BNP local council is coming, we already have Sinn Fein.
"Criminal activity" is an interesting term of course, as local councils and RIPA demonstrated, by necessity it is suspected criminality, so it's not just criminals, it's people who are near them including people who put their rubbish in the wrong bin.
First test of any legal power...
I believe that a good sanity check for any law is whether you want that power to be used by a political party that you don't like.
Your MP may trust his own party, certainly he is obliged to say so. But one day there will be another Labour government, indeed by the time this law gets through, we will be on the edge of the next election season.
This applies in the opposite direction of course, Labour, which bills itself as a party of liberal values gave the right wing party a whole pile of powers that former Tory leaders like Thatcher (widely regarded as being right of centre) never even asked for.
I believe that the time when we get a BNP local council is coming, we already have Sinn Fein.
"Criminal activity" is an interesting term of course, as local councils and RIPA demonstrated, by necessity it is suspected criminality, so it's not just criminals, it's people who are near them including people who put their rubbish in the wrong bin.
Also I question whether the data is actually all that good.
Do ISPs have the ability to deliver the data with enough reliability that it's actually useful ?
Not only will it be at least slightly wrong, it will be incomplete, how will they cope with messaging systems on forums (like this one) or World of Warcraft ?
Re: First test of any legal power...
I got another letter, this time from James Brokenshire, replying to my MP's forwarding of my email:
From: James Brokenshire MP
Parliamentary undersecretary for crime and security
Dear [JetSetJim's MP]
Thank you for your letter of <Early May> on behalf of [JetSetJim] about who wrote to you to express concern about proposals for the collection and retention of communications data. I am sorry for my delay in reply.
Communications data is the information, or the 'who, when and where' of a communication. It includes the time and duration of a communication, the number or email address of the originator and recipient, and sometimes the location of the device from which the communication was made. It does not include the 'what' - i.e. the content of any communication. Communications data is held by the communications industry. The police and others can access communications data if they demonstrate that access is necessary and proportionate. Access is on a case-by-case basis and is subject to independent oversight. The police can get access to communications data only where it is connected to a specific investigation or operation.
Communications data is used by the police and the security agencies in the investigation of all types of crime, including terrorism. It enables the police to build a picture of the activities, contacts and whereabouts of a person who is under investigation. It can be used as evidence in court. Communications data has played a role in 95 per cent of all serious organised crime investigations and every major Security Service counter-terrorism operation over the past decade.
Comprehensive safeguards exist for access to communications data. It is primarily regulated by the Regulation of Investigatory Powers Act (RIPA), which places strict rules on when, and by whom, this data can be obtained. The Interception of Communications Commissioner, Sir Paul Kennedy, provides independent oversight of the acquisition of communications data. He provides a published annual report to the Prime Minister.
New communications technologies are generating communications data in different ways. Not all this data is currently retained by communications/internet service providers, as they may have no business interest in doing so; the police and others are therefore unable to get access to it. This has a direct impact on the investigation of crime in this country, and on our ability to prosecute criminals and terrorists.
It is the first duty of the Government to protect the public. In the Queen's Speech on 9 May the Government announced its intention to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards, subject to scrutiny of a draft Bill.
The draft Communications Data Bill was published on 14 June, ahead of pre-legislative scrutiny by a joint committee of both Houses. The Intelligence and Security Committee will be conducting its own, independent, inquiry into the draft Communications Data Bill, as this is an area that impacts on the work of the intelligence agencies. Further information on the proposed Bill (including the impact and privacy impact assessments to accompany legislation) can be found here: http://www.homeoffice.gov.uk/counter-terrorism/communications-data/index.html.
The proposed legislation will help to ensure the police can stay a step ahead of the criminals. But it will not:
a - enable unfettered access by the police to data about everyone's communications
b - provide the police and others with powers to intercept and read your emails, phone calls or check your contacts list
c - create a single government database containing your emails and phone calls to which the police and agencies can get unlimited and unregulated access
d - weaken current safeguards or checks in place to protect communications data
e - allow local authorities greater powers.
We wish to maintain a capability, not increase it.
Your constituent suggests that the Communications Capabilities Development programme is a re-branded Interception Modernisation Programme (IMP). There are significant differences between this programme and the programme develoiped by the last Government. We are not proposing a single Government database to store all communications data to which the police would then have access as also mentioned above.
The IMP included plans for the widespread deployment across hte UK networks of technical probe equipment to collect large volumes of data from third parties (eg webmail, social media). Under this programme, the emphasis is to work with industry to determine the best solution on a case by case basis, examining services used by people under investigation by the police or other authorised agencies. Probes would only be used when this approach did not provide the communications data required. Any communications data collected by such probes would, as with other data, be stored by the industry.
The proposed legislation is entirely consistent with work required to deal with encryption. The purpose of this legislation is to facilitate closer co-operation and collaboration with CSPs in the UK and overseas and enable us to get access, where required, to data which is essential for the police and others. Collaboration and access to data are also essential if we are to manage the challenge of encryption.
But techniques for dealing with encryption are sensitive, and disclosure of them can help criminals - including terrorists - evade detection. Because of this, we do not, as a matter of course, talk openly about methods.
Finally regarding costs, our current estimates are that the economic costs of this programme over ten years from 2011 could be up to £1.8 billion. Over ten years, we assess that this work will give measureable benefits of approximately £5-6 billion. This includes conservative estimates of direct financial benefits (assets siezed, revenue lost, etc). There are also benefits to which it is difficult to ascribe a financial value, for examnple seizures of drugs, disruption and prosecution of terrorists and improvements in operational efficiency.
An investment of £1.8 billion over ten years, or approximately £180 million a year, amounts to just 1.3 per cent of the current annual £14 billion policing budget.
Yours sincerely,
James Brokenshire
------------------
In summary - "it's not IMP cos we're getting ISPs to do it for us instead, although it may still boil down to DPI probes to get at this info". I think I may FOI the estimates, though, as they've shaved £200m off the IMP cost...
