Ubiquitous personal communication technologies are here to stay. Because of exponentially falling data storage costs, two contrasting states of society can be envisaged. The default will be either that individuals determine whether and when their history is recorded, subject to exceptions, or data will exist about everyone all the time. This is the policy choice between data retention and preservation, and it is a sharp dichotomy.
Over two decades the UK has been in the vanguard of a core group of five European countries seeking systematic Internet surveillance. A blanket retention regime gives law-enforcement an “Internet Tardis” to go back in time and find out retrospectively what anyone was thinking about, whom they were talking to, and where they were. The dichotomy between retention and preservation is really about whether we want to give government such a “time machine” to scrutinize everyone’s past behaviour without prior reason.
In contrast, targeted data preservation would likely mean that data is recorded only about 1% of individuals for whom there is some prior lawful justification. William Binney, who used to design such systems for the US National Security Agency (and has now become a whistleblower) and other independent technical experts agree this is sufficient to fight crime and terrorism effectively, when used intelligently. However, security bureaucracies oppose preservation because they would be obliged to select targets, and they fear having to account for those decisions retrospectively.
The UK passed the first Internet retention laws with ATCSA 2001, and used its EU Presidency to enact the Data Retention Directive. The Communications Data Bill will set in stone the doctrine that all metadata in current and future services may be retained. Location data has special privacy risks. It can easily be correlated with other data. For example, Internet and mobile usage patterns reveal sensitive data, such as one’s political and intimate life.
The Home Office has had the Olympic chutzpah to call the apparatus for data-mining all this information a “Filter”, and to justify it in the name of human rights. It claimed that by connecting up a virtual database (to hunt for arbitrary patterns of suspicion in all the data), they wouldn’t have to build a new central database. But the point is the untrammelled power to hunt through every private life with the tools of military intelligence.
This is a fork in the road, and these are the reasons why this Bill posed the most dangerous long-term threat to a free society ever proposed by a democratic government, and is right to reject in its entirety. It ought to be obvious that continuously recording the pattern of interactions of every online social relationship, and analyzing them with the “Filter”, is simply tyrannical.
The following elements are a basis for discussion for an alternative policy for preservation which respects human rights and provide proportionate and effective means for law-enforcement:
- Quick-response preservation on persons who have been identified as facing a real and immediate serious threat, and designated vulnerable groups.
- Convicts of specified crimes released on license must register their means of electronic communication for data preservation during a prescribed period.
- Case-by-case judicial authorization for preservation, targeted at those reasonably believed to be engaged in criminal activities (with emergency procedures). Similar reforms should be made for prior judicial approval of interception warrants. Targets should be notified afterwards of preservation and/or interception where suspicions prove unfounded (unless there are compelling reasons not to do so).
- A centre for analysis of preserved data, intended to investigate links between criminal groups, and generate new targets for preservation (subject to judicial authorization)
- Replace the current three Commissioners with a unified Surveillance Commission, reporting to Parliament, with multi-skilled investigators including human rights and computer experts, credibly able to detect and deter abuse, corruption, and insider attacks.
- A fixed ceiling on the number of interception warrants, and a larger ceiling for targets of communications data preservation, which could only be altered by Parliament.
* Caspar Bowden is an independent advocate for information privacy rights. He was an expert adviser to Opposition parties in the House of Lords for five bills, and author of the first paper on communications data retention and the most comprehensive online resource on RIPA. From 2002-2011 he was Chief Privacy Adviser to Microsoft in 40 countries, and from 1998-2002 was Director of the Foundation for Information Policy Research