Lords to consider data retention objections

The House of Lords will on Monday consider amendments to anti-terror legislation that reject government plans to stockpile communications and traffic data for non-terrorist as well as terrorist investigations.

Section 11 of the Anti-terrorism, Crime and Security Bill (ATCS) is set to include a voluntary Code of Practice for communications providers. This will exempt communications providers from data protection laws so they can retain traffic data for cases involving national security. But civil rights groups say the definitions are too broad, and if left unchanged could allow authorities to collect vast amounts of personal data on people suspected of minor crimes, and introduce mass domestic surveillance into the UK.

This section of the Bill received a critical response from the Earl of Northesk in its second reading in the House of Lords on Tuesday, and will now face close scrutiny in Monday's committee stage.

Earl Northesk is supporting six amendments to the Bill that have been tabled by the Foundation for Information Policy Research (FIPR) -- a non-governmental think tank that opposes the retention of communications data for use in minor criminal investigations. Earl Northesk represents the Conservatives, and Lord Andrew Philips of Sudberry, representing the Liberal Democrats, is also supporting the ammendments.

"Monday is the time when the Lords put on their thumbscrews," said Caspar Bowden, director of the FIPR. "Unless the government makes some concessions, they will probably vote against the Bill at its report stage. The Lords like to find some headline subject to show that they are prepared to do some damage, but a lot of in-house trading takes place behind the lines."

Traffic data collected under the voluntary Code of Practice would provide a "complete map of a person's private life" according to the FIPR. Records will include an individual's geographical location determined through their mobile phone, the "sender" and "recipient" information from emails, a complete log of a person's Internet sessions including their IP address, and the address of all Web sites visited.

Speaking in the Lords on Tuesday, Earl Northesk said: "To my mind that is an inadequate fig leaf to justify the broad and imprecise scope of the data retention measures before us today. What cannot be disputed is that the power already exists." When the Regulation of Investigatory Powers Act (RIPA) part I, chapter II comes into force, ISPs can be required to retain traffic data, and must disclose, on the authority of a police superintendent, all IP addresses of those subscribers downloading from any newsgroup, without a warrant. This part of RIPA was due to come into force before Christmas, but the date now looks likely to be sometime in 2002.

In its existing form, the ATCS Bill now going through government makes no requirement for the Code of Practice to be published. The FIPR, together with the opposition parties, will on Monday be calling for a published Code of Practice, to ensure the fair treatment of all ISPs under the anti-terrorist requirements. The think tank will also present an amendment that requires the Code to be approved by Parliament. "Each of the amendments is surgical in its affect," said Bowden.

Despite reassurances by the home secretary that intelligence gathered under this Code would be restricted to terrorist investigations, the Home Office has now confirmed that data will also be made available for criminal investigations. Earl Northesk voiced his objection to this in the second reading, and said, "the data retention regime promoted in the Bill will effectively transform our communications infrastructure -- or may do so -- into a form of mass domestic surveillance. That represents an unwanted invasion of privacy."

The FIPR has also tabled an amendment to restrict the purpose for retaining data under ATCS to "counterterrorism" rather than "national security", a definition which it argues is too broad. The NGO also aims to tighten up the definition of "communication providers" under the Code to only cover public communication providers. This would prevent all Web-based email services from being caught by the Bill.

Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Surveillance News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet news forum.

Let the editors know what you think in the Mailroom. And read other letters.