X
Government

UK's 'Patriot Act' Web monitoring law could face European veto

New plans by the UK government to monitor all Web and phone traffic, set to be announced at the weekend, could be shot down by the European Commission.
Written by Zack Whittaker, Contributor

Controversial new British legislation could allow the UK's electronics intelligence agency GCHQ access in real-time data of phone calls, emails, social networks, and Web traffic by all UK residents.

The UK is already the most surveilled country in the world, with number plate recognition systems, ISP deep-packet inspection, and a surveillance camera seemingly on every corner. These proposals would propel the UK into the lacking privacy realms of China, Burma, and Russia.

But it already faces the possibility of stiff opposition at a European level unless safeguards are put into place that limits the scope of that monitoring.

gchqcheltenhamlc-zaw2.jpg

Though yet to be announced in the Queen's speech, set for around May, which dictates the UK government's legislative agenda for the year, it would allow the widespread monitoring of citizens' activity --- despite current UK laws making such actions only available by court-ordered search warrants.

Likened to the U.S.' Patriot Act, it would grant the UK government access to personal data of ordinary citizens, despite the government's defence that only certain people will be actively investigated.

Data collected would include the time a call, email, or website was visited, the duration of which, and which websites or phone numbers were called. Details of the sender and recipient of emails, such as IP addresses, would also be collected. Everything scrap of data will be stored by ISPs, but not all of this data will be made available to GCHQ without a court order or Home Secretary-sanctioned authority.

But the European Commission could block or significantly water down plans to push forward with the new law, citing reasons that new European data protection and privacy laws could conflict with the UK's privacy-invading plans.

UK Home Secretary Theresa May said "ordinary people" had nothing to fear from the proposed laws, while claiming that similar data helped convict Ian Huntley, one of the UK's most wanted child killers, and helped smash a child abuse ring in Lincolnshire, east England.

"Such data has been used in every security service terrorism investigation and 95 per cent of serious organised crime investigations over the last ten years," she said. "Only suspected terrorists, paedophiles or serious criminals will be investigated."

But critics note that ultimately, anyone can be a suspected 'anything'. Even Conservative government backbenchers are heavily criticising the move by their own political party, which when in opposition three years ago, were highly critical of similar plans brought out by the Labour government.

Deputy prime minister Nick Clegg backtracked on plans to rush the laws unlike previous statements from May. "We aren't simply going to ram some legislation through Parliament." He said the proposals would be published in draft form first, before heading to Parliament, to enable as many people as possible to review the proposed law.

A senior Home Office source speaking to the BBC said the proposed laws "absolutely will not be dropped or even delayed", but how it reaches Parliament is still under discussion.

Speaking to Out-Law, data protection law specialist Kathryn Wynn said that the plans would strengthen existing laws, but would make access to data easier and faster.

Under current UK law, there needs to be "reasonable grounds" to intercept communications data without a warrant. The new Web snooping laws would effectively negate this safeguarding process. Historical communications data is available to law enforcement as it is held for six months to two years under Europe's Data Retention Directive by mobile networks, and phone and broadband companies.

"However, the UK Government will need to take account of privacy when drafting any new law. It has already had to change UK laws on the interception of communications after the Commission challenged its compatibility with EU privacy laws," Wynn said.

Last year, the Commission raised a case to the highest court in Europe, the European Court of Justice, saying that the UK does not have adequate data protection and privacy laws to protect Internet users.

A European Commission spokesperson said that the UK government's plan "would potentially be incompatible", adding that the draft Web monitoring law could leave the plans in danger of being in conflict with existing and upcoming European law.

"The Commission's own research last year into information privacy concluded that there was a lack of proper regulatory oversight and too much conflicting legislation, all of which fails to provide adequate protection for citizens and their private information.

We found that the way the government and its agencies collect, use and store personal data is not respecting people's right to privacy. However, because of the complexity of the current laws, obligations are unclear and authorities may be unaware they are breaking the law."

Europe is already on the way in collecting feedback on the upcoming Data Protection Regulation, which seeks to update and modernise the data protection and privacy laws across the 27 member states of the European Union, whilst protecting to some extent from third-country law.

From a logistical point of view, for GCHQ to actively monitor every call log, text message, email and every shred of Web traffic data could force the intelligence agency into "information overload". That said, if the U.S.' National Security Agency can do it, surely the Brits can too.

Image credit: CNET.

Related:

Editorial standards