Julian Huppert MP writes… Safeguards to control state surveillance

Stories came out yesterday, leaked as ever from some unknown source, which have led to justifiable outrage about proposals to capture all our online communications. We all know that one shouldn’t entirely trust what is in newspapers, especially when the security services are involved and there is a palpable lack of detailed announcements, but liberals everywhere are rightly anxious.

I’m extremely concerned about the extension of state surveillance, and have fought hard to stop it. Since I first got wind of the proposals in 2010, I’ve had a series of meetings with industry experts and others about it. I asked the Prime Minister about it in October 2010 and, while the details remain cloaked, I have some idea of what might be proposed.

Communication Service Providers (CSPs such as your mobile phone operator or your internet provider) are already required to keep information about your communications for 12 months – who you ring, which domain name you visit, but not the content of the call or text. This can then be accessed by the police and security services using RIPA – and by others, in some cases with even less safeguards than RIPA!

Labour tried to take this already illiberal position further, with a massive project called the Intercept Modernisation Programme – this would have stored all of this information and more in a huge central database, so the police and security services could access it easily and at any time. The policy was a dream to totalitarian control freaks; a nightmare for anyone who cares about freedom.

This project is dead. We and others fought hard to stop it, joined by the ISP industry itself. And there are no plans to re-enact this scheme – the PM confirmed to me that ‘We are not considering a central Government database to store all communications information’. If there was such a proposal I would oppose it to the last.

But that still leaves the existing CSP-specific databases they are required by law to have. What the Government does with these databases is absolutely critical and a great concern. The Coalition Agreement is expressly clear on this point. ‘We will end the storage of internet and email records without good reason’.

What’s a ‘good reason’ for keeping them? The security services insist they have good reason for keeping lots of things, but frankly, I’ve never found the argument ‘we know but we can’t tell you’ very persuasive. Especially when it is overused by the same people to argue for every power they want, from 90-day detention to control orders to the existence of WMDs in Iraq.

Unfortunately, we are bound by the EU data retention directive so unwinding the existing system is unlikely to happen, despite our continued calls for reform at the EU level. But the security services push ever on, and the Home Secretary appears to trust them. And now they are pushing for a supposedly ‘modest’ increase in powers.

I haven’t seen the details of these proposals – not for want of asking – but it’s clear to me that what we want is more safeguards, not more powers for the state to keep data. We have already killed off some of the obviously illiberal proposals that have been floating around. The idea that if you send or receive an encrypted message you should be legally required to give the state the key is completely gone.

And some of the suggestions floating around of what might happen are simply wrong – to quote Nick Clegg: ‘I am totally opposed, totally opposed to the idea of Governments reading people’s emails at will or creating a totally new central Government database. The point is we’re not doing any of that and I wouldn’t allow us to do any of that. I’m totally opposed as a Liberal Democrat and as someone who believes in people’s privacy and civil liberties.’

I’ve asked for both the Home Secretary and the Head of the Office of Security and Counter-Terrorism, Charles Farr, to be called publicly in front of the Home Affairs Select Committee (on which I serve) to explain what is and is not proposed, so that we can all see what they are actually proposing. I’m delighted that the Chair, Keith Vaz, has agreed to try to arrange this as soon as we can.

What I would like to see is strong safeguards – better than we currently have under RIPA and other legislation. It is currently far too easy for people – eg at DWP – to access communications data, and this has to stop.

The Home Office wants to have access to information about not just who we text but who we tweet, who we skype to as well as who we ring. Now, this may seem to be no more objectionable than the current position but, technically, it is a complete mess. Your Internet Service Provider doesn’t have a clue who you facebook, and doesn’t want to either.

No expert I’ve ever spoken to can see how this could possibly be done without great expense and without allowing access to the actual message that was sent – which is not legal without a warrant from the Home Secretary.

Together with the excellent Dr Jenny Woods, we therefore wrote an amendment to my civil liberties policy at the last conference, spelling out what we want to see – the Liberal Democrat requirements for any proposals – strengthened safeguards, ensuring no ‘accidental’ interception of data, and trying to change the underpinning EU data directive. It says that we back the right to privacy by:

a) ensuring that there shall be no interception of telephone calls, SMS messages, social media, internet or any other communications without named, specific and time-limited warrants;

b) guaranteeing that any communications data kept by service providers in accordance with the EU Data Retention Directive are kept securely by the service providers, and that they be only released to government bodies with strict and strengthened safeguards;

c) ensuring that service providers are not mandated by law to collect communications data by any method that would also provide access to content information, unless specifically authorised by a warrant;

d) ensuring that service providers are not mandated by law to collect third-party communications data for non-business purposes by any method;

e) renegotiating the EU Data Retention Directive and changing how it is implemented into UK law, to provide a better balance towards privacy.’

There still may not be a Bill at all in the Queen’s speech. That would be my preference. But if there is one, it must be one that increases the current safeguards not that just feeds the powers of the state. Strong safeguards are critical, they are the very essence of our civil liberties and no liberal can support any state surveillance without them.

Liberals everywhere must watch this space with caution.

* Julian Huppert was the Liberal Democrat MP for Cambridge from 2010-15

Read more by or more about , , , , , , , or .
This entry was posted in Op-eds.


  • John Richardson 2nd Apr '12 - 5:18pm

    So to be clear: the idea is to have my ISP log every private message I send on, say, Facebook? The ISP will have a box that pretends to be Facebook and will act as a relay between myself and the real Facebook page. This in order to overcome the SSL encryption. It will then decrypt and scan all data along the connection looking for private messages. When it finds one it sends the name of the recipient, the subject, and the time stamp to the old bill and then encrypts and stores the contents on the ISP server for 1 year in case they want to follow up. Rinse and repeat for every communications site out there. Technically possible I suppose but sounds very expensive and will require extensive ongoing maintenance and for Facebook etc to agree not to deliberately foil it, which they could do trivially. Technical and cost issues aside the idea they think they have the right to do this at all is pretty chilling!

  • If you do question the Home Secretary or Charles Farr, I hope you’ll ask what their proposals will cost.

  • Andrew Suffield 2nd Apr '12 - 5:37pm

    If it’s an already illiberal position at present, then the liberal thing is not simply to regulate how they use it but to retrench the powers they already have. That’s what the Freedom Bill was supposed to be about as far as i am concerned.

    Yes. This is why the Freedom Bill, which is still working its way through parliament in a blaze of media silence, contains Part 2 Chapter 2, which changes the communications intercept and surveillance bits of RIPA to require judicial oversight (a form of warrant) where they did not previously do so.

    Where’s your problem?

  • Stuart Mitchell 2nd Apr '12 - 5:39pm

    “…this would have stored all of this information and more in a huge central database, so the police and security services could access it easily and at any time. The policy was a dream to totalitarian control freaks; a nightmare for anyone who cares about freedom. This project is dead. We and others fought hard to stop it.”

    That sounds like desperation. If, as reported, the government is to give its spooks access to this information on demand and in real-time, then what difference does it make whether the data resides on a government server or some server elsewhere?

  • Jonathan Hunt 2nd Apr '12 - 5:47pm

    IF the measures as leaked go through, then we can no longer call ourselves Liberal Democrats. Freedom, liberty and human and civil rights and liberaties are at the very core of our beings.

    Give in to the terrorist-obsessed in both Labour and Tory paries and we are finished. we have done without the imposition of these draconian powers, and we are still here. give in, and we shall be living a political lie.

    We do not need them and we must do everything to defeat any proposals by the vested interests of the securicrats.

  • “Yes. This is why the Freedom Bill, which is still working its way through parliament in a blaze of media silence, contains Part 2 Chapter 2, which changes the communications intercept and surveillance bits of RIPA to require judicial oversight (a form of warrant) where they did not previously do so.”

    I think you’ll find that it’s only local authorities who will be subject to judicial oversight. Other public authorities will be unaffected.

  • Andrew Suffield 2nd Apr '12 - 6:28pm

    The regulation contained within the Freedom Bill for RIPA does the bear minimum. For instance it only covers the use of RIPA by local authorities.

    Source? I was looking at the text of the bill from about a month ago, and I saw no such limitation – the changes applied to all uses of RIPA for communications intercept and surveillance purposes.

  • Stuart Mitchell 2nd Apr '12 - 7:02pm

    See Part 2, Chapter 2, Section 5, and also the “explanatory notes” document for the bill.

  • Paul Murray 2nd Apr '12 - 7:10pm

    On this evening’s BBC news the Home Office is reported as using the word “robust” to describe the security for RIPA. A quick google search suggests that SPoC’s just use a PIN based system. I’m sure that can’t be right. My bank stopped using several years ago because it’s so feeble. Please tell me that access to details of where I went today (Runnymede – to see the Magna Carta monument) aren’t available to anyone who happens to correctly guess a PIN number?

    Today we have learned that some vast number of credit card details have been stolen in New York from the databases of a payment services provider called Global Payments (the company acknowledges the security breach on their website). Gartner suggest that the breach was caused by the security methodology used by Global Payments (http://blogs.gartner.com/avivah-litan/2012/03/30/new-credit-card-data-breach-revealed/). The security system uses knowledge-based authentication to be used to access sensitive personal financial information.

    As an IT consultant who has spent 25 years working in this area,experience has left me with not a shred of confidence in self-described “robust” security. Every week I read the technical details of alarming IT security vulnerabilities – the range of exploit vectors is only matched by the inventiveness of the attackers. The only way to avoid theft of online data is to not have it online at all.


  • Keith Browning 2nd Apr '12 - 7:25pm

    If we changed our foreign policy and stopped behaving like world policeman and supporters of just one side in the Middle East, we wouldn’t need all this counter-terrorism and security nonsense.

  • “Instead of collecting information about every person in this country’s internet use, we believe that an alternative approach, based on targeting, warrants from law enforcement agencies and other safeguards is a better approach.”

    Anybody remember this? I seem to remember reading it …(now where was it?) ….. oh yes a Lib Dem Manifesto.
    Not that anything in that document seems to matter much these days

    ex lib dem voter

  • Andrew Suffield 2nd Apr '12 - 7:41pm

    See Part 2, Chapter 2, Section 5

    In the version I have, section 5 lays out the additional requirements that a judge must verify for some authorities, in addition to the standard tests that the intercept is for an appropriate purpose and is proportional to the scale of the problem, which are that the person making the request from local authorities or other persons designated by the Secretary of State are properly authorised and are complying with additional regulations which the Secretary may make.

    It does not exempt bodies other than local authorities from the basic tests of being for an appropriate purpose and proportionality. Nothing exempts them from needing judicial review.

    and also the “explanatory notes” document for the bill.

    You are referring to a document from last October, which would appear to be an inaccurate description of the bill as currently amended, although I don’t know what changed or when. This legislation is viciously complex so it’s possible I’ve missed something, but the Freedom Bill as written appears to apply the judicial tests to everybody. It definitely covers the police. I’ve no idea about GHCQ.

  • Stuart Mitchell 3rd Apr '12 - 8:12am

    I’m not convinced. If chapter 2 applies to everybody, then why do sections 5 and 6 go to such lengths defining “relevant persons” who are officers of local authorities? Those sections would be entirely superfluous if the new law applied to everybody the same.

    Yes, I was referring to the explanatory notes from October, but I’ve skimmed through the various amendments published since and I can’t see anything which extends the scope.

    The Bill’s web page sums up chapter 2 thus:

    “introduces a code of practice for surveillance camera systems and provides for judicial approval of certain surveillance activities by local authorities.”

  • Andrew Suffield 3rd Apr '12 - 10:38am

    Ah, figured it out. This is a “staged commencement” deal. The rules are written up so that they can apply to anybody, but only activate immediately for local authorities. Secondary legislation will be needed to switch them on for other bodies. The rationale behind doing it this way is that they want to see how well the judicial oversight works before applying it to the other groups.

    So, we need to get the bill passed and then make sure the secondary legislation goes through.

  • Paul McKeown 3rd Apr '12 - 6:05pm

    Keep fighting, Julian, don’t give up.

  • mike cobley 4th Apr '12 - 1:01pm

    It is both amusing and depressing to read discussions about the potential omnipresence of state surveillance without any mention of either the surveillance desires of the corporate sector or the no-holds-barred policy of intelligence organistations in the USA. The proposals for expansion of surveillance coverage in the UK as mooted pale in comparison with the data-mining capabilities already available to the CIA/NSA/etc, not to mention the gigantic server facility being built for the NSA in Utah specifically to scan and monitor all electronic communications of every kind. When Nick Clegg voices his opposition to government having such an ability, I presume it does not extend to the government in Washington.

  • Richard Neill 7th Apr '12 - 11:57am

    Well done fighting this.

    It occurs to me that none of the movements that have given humanity freedom over the years (eg Magna Carta, American Independence, The Suffragettes, The White Rose, Solidarity,) would have succeeded, had the government of the day had access to as much power as ours already does, let alone the amount of surveillance it wants to get.

    One thing I would still ask: we should unilaterally withdraw from the EU data-retention directive .
    [one way to do this while still remaining within the letter of the law might be to require service providers to keep the data encrypted, but not to have any requirement that they keep the key.; another would be to treat failure to comply with the DRD similar to how sunday trading was: ISPs pay a nominal £1 fine every time they are prosecuted for non-compliance]

Post a Comment

Lib Dem Voice welcomes comments from everyone but we ask you to be polite, to be on topic and to be who you say you are. You can read our comments policy in full here. Please respect it and all readers of the site.

To have your photo next to your comment please signup your email address with Gravatar.

Your email is never published. Required fields are marked *

Please complete the name of this site, Liberal Democrat ...?


Recent Comments

  • Mary ReidMary Reid
    @Graham Jeffs - yes, I am fortunate to be living in a target seat, although I was campaigning for about 20 years before we won it. It's a long game. My point...
  • Alex Macfie
    The mistake made by Clegg & co wasn't going into coalition, it was the way they did it, going in too quickly and conducting it as a "love-in" rather than a ...
  • Mark
    I wouldn't normally encourage people to spend time reading Conservative Home website, but this article is well worth a read: https://conservativehome.com/2024/...
  • David Garlick
    Given in his speech his dismissal of action of climate change, so appropriate that the climate chose to give him a good soaking. A drip being dripped on....
  • Peter Martin
    @ Steve, "Might it help.if our party were to assertively oppose Neoliberal socio-economics...." Of course it would. It's unlikely any establishm...