UK Snoopers’ Charter Draws Sharp Critique from Global Advocates
The United Kingdom’s draft Communications Data Bill, more commonly known as the Snoopers’ Charter, has drawn a sharp critique from the Global Network Initiative (GNI). In a submission to the UK Parliament’s Communications Data Bill Joint Scrutiny Committee, the organization outlined serious concerns with the proposed legislation, which would expand governmental powers to access the online communications of all UK citizens.
GNI is a coalition of companies, civil society organizations (including EFF), investors and academics working collaboratively to advance freedom of expression and privacy in the Information Communications and Technology (ICT) sector.
One major problem is that the UK Snoopers' Charter contains a provision requiring the generation of data specifically and only for law enforcement access, making it even more extreme than the highly problematic EU Data Retention Directive, which EFF is working to repeal. From the GNI submission:
The bill broadens the collection and retention of new data on anyone in the UK using communications services. This includes requirements to generate data—not required for business purposes and not routinely collected by providers—specifically and only for the purpose of law enforcement access. This provision goes beyond the existing requirements under the Regulatory and Investigatory Powers Act (RIPA) and the EU’s Data Retention Directive.
Furthermore, not only would the Snoopers’ Charter further erode the privacy rights of its UK citizens, GNI pointed out, it could set a negative precedent that would give authoritarian regimes a model to point to when seeking to justify surveilling their own citizens. Such an outcome could have grave consequences for human rights.
This … could set a powerful precedent for repressive regimes to follow when seeking to justify surveillance on their own populations. Regimes attempt to claim legitimacy for their actions when they are able to point to similar requirements, even if only in the form of policy statements or draft legislation, in leading democratic nations. An example of exactly this type of reaction came from China in response to statements made in Parliament by the Prime Minister David Cameron in the days following the riots in 2011 around the need to consider placing limits on social networks and allowing greater government access to user communications in certain circumstances.
And while the draft Communications Data Bill seeks to require providers to store communications data, rather than content, of users’ communications, GNI pointed out that such a distinction isn’t always so clear-cut. What's more is that in some cases, access to communications data can be just as privacy-invasive.
Technological advances are also blurring the distinction between communications data and content that is at the heart of this Bill. For example, the URL for a web address can provide considerable access to information about the type of content the user is viewing. Stakeholders must be reassured that communications data could be reliably extracted without also disclosing content. Taken alongside the expanded scope of data collection for anyone using communications services in the UK this must be considered when assessing the proportionality of the proposals.
GNI also flagged problems with the bill’s assertion of jurisdiction over communications service providers based outside the UK, in cases where UK-based users access the services.
The draft Bill could provide unintended justification for actions by other governments. … Even if other jurisdictions do not enact similar or contrary laws, UK citizens’ data could still be at jeopardy. Once other governments become aware of the storage of this additional communications data, law enforcement entities in other jurisdictions will seek to obtain it as well. If ICT companies are required to obtain and retain communications data for UK residents law enforcement entities in other jurisdictions could have a legitimate claim to seek access to it. Non-UK law enforcement entities may either try to obtain it through UK law enforcement or by exerting pressure on companies to release the data without UK cooperation.
Finally, GNI highlighted the specific problems with a reserve power proposed in the bill, which would empower the UK Home Secretary to require UK providers to capture and retain data (specifically and only for law enforcement purposes) in cases where the requirements were unable to be imposed on a non-UK provider.
Setting aside the technical challenges of whether this can be done ... this requirement could have the effect of increasing pressure on non-UK providers to cooperate with law enforcement in informal, voluntary agreements. In contrast, GNI’s Implementation Guidelines commit companies to encourage governments to be “specific, transparent and consistent in the demands, laws, and regulations” they issue.
EFF remains deeply concerned about the UK Snoopers Charter and will continue working in tandem with privacy advocates in the UK to challenge this privacy-invasive legislation.
Recent DeepLinks Posts
May 22, 2015
May 22, 2015
May 22, 2015
May 22, 2015
May 22, 2015
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Defending Digital Voices
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2015 Copyright Review Process
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games