Emergency data retention measures are likely to break European human rights laws, a joint Parliamentary committee said on Friday.
The measures are contained in the Anti-Terrorism, Crime and Security Bill, now before Parliament. A Code of Practice connected to the bill obliges Internet Service Providers (ISPs) to retain communications data for law enforcement purposes. But this may be incompatible with the European Convention on Human Rights (ECHR), said the House of Lords and House of Commons Joint Committee on Human Rights. The committee said safeguards are needed to prevent the government from compiling a stockpile of communications data on innocent citizens.
"We consider that measures should be put in place to ensure that the Code of Practice and any directions are compatible with the right to respect for private and family life, home and correspondence under Article 8 of the ECHR, and that those measures should be specified, so far as practicable, on the face of the legislation," the Committee concluded.
The Home Office has included a provision within the Anti-Terrorism, Crime and Security Bill for communications data to be retained by service providers under a voluntary Code of Practice. Intelligence gathered will include an individual's geographical location determined through their mobile phone; the sender and recipient information from emails; a complete log of a person's Internet sessions, including their IP address; and the address of all Web sites they have visited.
In its second report on the emergency Bill, the human rights committee warned of the potential for voluntary Codes to be abused. The data retention measure will not be subject to any parliamentary scrutiny, and will not be published as a public document. "We also have in mind that a Code of Practice may be used as evidence in courts and tribunals, and that a direction given by a Secretary of State may give rise to legal obligations," stated the committee report.
Legal and policy experts are sceptical of the government's decision to exclude data retention measures from the antiterrorist legislation. "A Code of Practice is changeable and will not be worded in statute, making it more difficult for an ISP to take a demand that is not in accordance with the Code to court," said Robin Bynoe, partner at city law firm Charles Russell. "We have two acts -- the Regulation of Investigatory Powers Act and the Data Protection Act -- if the government wants to take more powers, it should amend these acts and put (the amendment) through Parliament."
An addendum has been included in the Bill to ensure that if the voluntary scheme proves ineffective, the Secretary of State can force communications service providers to retain data. "This is a very murky set of procedures," said Caspar Bowden, director of the NGO Foundation for Information Policy Research. "The Code won't provide any guidance about proportionality, or any indication of how the powers of RIPA will apply... We won't know if the government is sticking to the rules. We won't see how much of the broad powers they are using in practice."
See the Internet News Section for full coverage.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Telecoms forum.