Yottabytes: Storage and Disaster Recovery

Jul 19 2015   2:27PM GMT

UK Court Abolishes Surveillance Act, But More On the Way

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
privacy
Security

Legislation that had allowed enforcement and intelligence agencies in the U.K. to force communications providers to store records of their customers’ activities has been shot down by the country’s highest court, but the government has nine months – til March 2016 — to rewrite the law to make it more palatable.

Plus, the UK has already put forth another bill that could be even worse.

The Data Retention and Investigatory Powers Act (DRIPA) had been challenged by Members of Parliament David Davis and Tom Watson on the grounds that it lacked sufficient privacy and data-protection safeguards, Politico writes. “This is the first time a British national court has struck down primary legislation in the country, and the first time that a member of parliament has brought a successful judicial review against the government,” the site adds.

What was wrong with the law? “The MPs complained that use of communications data was not limited to cases involving serious crime, that individual notices of data retention were kept secret, and that no provision was made for those under obligation of professional confidentiality, in particular lawyers and journalists,” writes the Guardian. “Nor, they argued, were there adequate safeguards against communications data leaving the EU.”

Critics also said it had been rushed through Parliament, which is what led to the unusual judicial challenge, the BBC writes. “Normally it would be scrutinized in Parliament, but the two MPs say that because the Data Retention and Investigatory Powers Act was rushed through in days, there was no time for proper parliamentary scrutiny and that this judicial review was their only option.” Legislation in the UK usually takes months to pass, but the government claimed it needed the bill right away to protect British citizens against terrorism.

The law governed gathering information about who suspects contact by telephone or email, according to the BBC, and allowed the data to be stored for up to a year. “This does not include content but does include the fact that calls and emails are made, by whom, to whom and how often,” the BBC writes.  “Some half a million requests are made each year for this data.”

As with similar laws in the U.S., DRIPA supporters said the law was important to save lives in cases such as kidnapping and potential suicides.

The UK bill followed a similar one for the European Union as a whole, which was invalidated by the Court of Justice of the European Union in April, 2014. “The court struck down the directive largely because of poor access controls, although it was also concerned that citizens were not being informed about who was holding their data, and that some of the data might unlawfully leave the EU,” Politico explains. The MPs also drew on a number of EU laws in their arguments against the law.

DRIPA wasn’t just an issue for residents of the UK. The law also had a clause making it clear that foreign firms holding data on U.K. citizens could also be served with a warrant to hand over information. Anyone providing a “communication service” to customers in the UK, regardless of where that service is provided from, needed to comply, writes Lexology. “This was previously considered to be a grey area, and this clarification has significant ramifications for those providing communication services in the U.K. from overseas,” Lexology adds.

Exactly how the law could be rewritten is now being discussed. It could include more time to allow proper scrutiny of the proposed measures, writes the Media Policy Project blog of the London School of Economics.

The UK government has already said it plans to appeal the ruling. “I do think there is a risk here of giving succour to the paranoid liberal bourgeoisie whose peculiar fears are placed ahead of the interests of the people,” Security Minister John Hayes reportedly told BBC Radio 4’s The World at One.

But Parliament is already slated to see next month another bill that could be even worse: the Investigatory Powers Bill, writes the Huffington Post. “Revealed during the Queen’s Speech as a replacement for the emergency bill, the Investigatory Powers Bill has potentially far greater reach than even DRIPA with some of the preliminary wording suggesting that if fully approved it would allow the Government powers to ban encrypted communications services such as WhatsApp, iMessage and Facebook Messenger,” the Post writes.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • dmccauslin
    This is a very touchy situation.  It is important to have information stored somewhere, in case something happens, and it can be investigated.  However, if it is too vague, you open yourself to a group (e.g. political party) obtaining data for a witch hunt.
    That being said, there needs to be a repository where true matters can be investigated, regardless of who they involve, e.g. the Royal Family demanding total immunity from investigation in the paedophilia case.
    Like with any topic, one can swing way to the right or left.  We need specifics with such laws.
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: