You can read the Wickipedia explanation of the Bill, it’s more easily digested than the actual text of the draft legislation.
Should we be worried? After all, we are told that only the guilty have anything to fear. But when people tell me I don’t have to be worried it usually suggests to me I should be very worried indeed.
Of course this sort of legislation isn’t new. The Interception of Communications Act 1985 gave police the right to intercept mail and phone calls providing they had a warrant authorised by the Secretary of State. That’s the Home Secretary to you and me. It was updated and amended in 2003 to bring it into line with the European Human Rights Act, but most of its provisions remained in place. The 1985 Act, however, was merely a successor to earlier Acts going back to the creation of the Penny Post and the invention of the telephone. The authorities have had the right to intercept our mail and our phone calls for over a century.
This new Bill simply brings us into the 21st century with regard to the retention of data for a specific period of time. A letter could be intercepted and copied, a phone call recorded, but data, once deleted, is very hard to recover.
The Bill doesn’t authorise anyone to have access to the actual content of the communications. The police may be allowed to know that you sent Auntie Gladys an e-mail on 1st October, but they wouldn’t be allowed to read the e-mail. For that they require separate the authorisation by the Home Secretary under existing legislation: The Regulation of Investigatory Powers Act (RIPA) 2000. So if someone wants to read your e-mails they already can, providing the Home Secretary has signed off a warrant for them to do so.
Some people are concerned about the fact that senior police officers, rather than a Judge or magistrate, will be able to authorise the accessing of the data stored under the terms of the new Bill while others are concerned about the security of the data. We are only just getting over the revelations about the hacking of Talk Talk’s customer database so I think people have a right to be worried about how securely this new data will be stored. The more there is of it the more attractive it will become to hackers and the harder they will work to gain access.
On the other hand, we hand over billions of items of data to be stored by these same providers, or their kin, and never bat an eyelid. We call it Cloud Storage. We are encouraged to back up our computers using cloud storage databases, never asking where the actual databases are, who owns them, who controls them and, most importantly, how secure they are. If anyone wants to know anything about me they will find out far more from my cloud storage data than they ever will from my e-mails or web browsing history.
Shami Chakrabarti, Director of Liberty, is a person whose views I respect very much. In a piece on BBC TV’s This Week programme (very late on a Thursday night, so I’m not surprised if you didn’t stay up for it) she made a good case for this legislation not to be enacted. However, she didn’t really present much of a case for the other side, which is poor journalism at the very least.
It is the government’s primary duty to protect its population and if we prevent the government from doing this we are effectively self-harming.
There is a price to be paid for security and it’s called invasion of privacy. Where does our right to privacy cross over to preventing the security services from doing what we want them to do? It's a tough question and everyone has their own answer. The trouble is, when a terrorist atrocity takes place, as it did in Paris last night, it's too late to say "Maybe we should have granted the authorities the powers they needed". This blog was actually written ahead of the Paris atrocity and I updated it today. A grim reminder that the world changes on a daily basis and you can't go back and change decisions after the event. I have no idea what laws the French have regarding data retention, but I'm pretty sure they'll be reviewing them over the next few months.
For my book “The Warriors: The Girl I Left Behind Me” I needed to get inside the head of the character of Youssef who had joined the Taliban, to try to understand why he might take the path he chose, so as to make him as realistic as possible for my readers. That meant me doing some research on some rather nasty Islamist websites.
Now, I have nothing to hide with regard to going onto those websites and I can produce my novel to prove my reasons for looking at them. However, presented in a negative light that information could be used against me. That data relating to those web searches wasn’t held by my ISP because the new legislation hasn’t yet come into force, but in the future it would be. It could result in my home being raided by the police, my computers being seized and a whole investigation being started into me and my family. At the end of it all the investigation would turn out to be fruitless, but in the meantime, for a period of possibly several years, my life would be turned upside down. It sounds paranoid, but just because you're paranoid it doesn't mean they're not out to get you.
Unlikely to happen? Look at the way Operation Yewtree has blighted the lives of some innocent people and then tell me that it won’t happen. Of course Yewtree has produced several convictions, but it has also damaged the lives and reputations of some innocent people along the way because the police had no case but went fishing anyway.
Let’s be realistic about the ability of anyone to actually use this data to snoop on us. We are talking about millions of e-mails sent and web pages browsed each day, billions every year. It would take a massive investment in staff hours just to examine a tiny fraction of those and it is staff hours that the police and security services just don’t have. It could only be done using automated tools and they are inanimate. They don’t know what they are looking at. They will only be able to look for the URLs and IP addresses of web pages or patterns of e-mails between e-mail addresses. Your e-mail to Auntie Gladys, or to anyone else for that matter, isn’t going to attract much attention. This is where the ‘only the guilty need fear’ argument holds most credibility.
The Bill also needs to have real teeth to make sure the data is held securely. The ISPs and other businesses that will hold it don’t really want to do it, it’s going to cost them money to do and that will affect profits. Will they really do their best to protect the data, especially if it’s going to cost them money to do so? I don’t think so. For that reason the penalties for breaches of data security must be so eye wateringly severe that the companies are forced to spend the money to keep our data secure. Petty fines, by which I mean fines of less than £1 million, won’t have any deterrence value. Fines that start at £1 million and which are unlimited, might just do the job.
In the meantime I think I had better start keeping far better records of my browsing so that when the police want to know why I Googled ‘untraceable poisons’ I’ll be able to prove it was for a murder thriller I was writing, and not because I wanted to bump off Mrs C.
Warning: This story contains adult content (that should boost my readership).
Don't forget, re_Tweets and the sharing of this blog are not only welcome but positively encouraged.