UK's 'Patriot Act' Web monitoring law could face European veto

UK's 'Patriot Act' Web monitoring law could face European veto

Summary: New plans by the UK government to monitor all Web and phone traffic, set to be announced at the weekend, could be shot down by the European Commission.


Controversial new British legislation could allow the UK's electronics intelligence agency GCHQ access in real-time data of phone calls, emails, social networks, and Web traffic by all UK residents.

The UK is already the most surveilled country in the world, with number plate recognition systems, ISP deep-packet inspection, and a surveillance camera seemingly on every corner. These proposals would propel the UK into the lacking privacy realms of China, Burma, and Russia.

But it already faces the possibility of stiff opposition at a European level unless safeguards are put into place that limits the scope of that monitoring.

Though yet to be announced in the Queen's speech, set for around May, which dictates the UK government's legislative agenda for the year, it would allow the widespread monitoring of citizens' activity --- despite current UK laws making such actions only available by court-ordered search warrants.

Likened to the U.S.' Patriot Act, it would grant the UK government access to personal data of ordinary citizens, despite the government's defence that only certain people will be actively investigated.

Data collected would include the time a call, email, or website was visited, the duration of which, and which websites or phone numbers were called. Details of the sender and recipient of emails, such as IP addresses, would also be collected. Everything scrap of data will be stored by ISPs, but not all of this data will be made available to GCHQ without a court order or Home Secretary-sanctioned authority.

But the European Commission could block or significantly water down plans to push forward with the new law, citing reasons that new European data protection and privacy laws could conflict with the UK's privacy-invading plans.

UK Home Secretary Theresa May said "ordinary people" had nothing to fear from the proposed laws, while claiming that similar data helped convict Ian Huntley, one of the UK's most wanted child killers, and helped smash a child abuse ring in Lincolnshire, east England.

"Such data has been used in every security service terrorism investigation and 95 per cent of serious organised crime investigations over the last ten years," she said. "Only suspected terrorists, paedophiles or serious criminals will be investigated."

But critics note that ultimately, anyone can be a suspected 'anything'. Even Conservative government backbenchers are heavily criticising the move by their own political party, which when in opposition three years ago, were highly critical of similar plans brought out by the Labour government.

Deputy prime minister Nick Clegg backtracked on plans to rush the laws unlike previous statements from May. "We aren't simply going to ram some legislation through Parliament." He said the proposals would be published in draft form first, before heading to Parliament, to enable as many people as possible to review the proposed law.

A senior Home Office source speaking to the BBC said the proposed laws "absolutely will not be dropped or even delayed", but how it reaches Parliament is still under discussion.

Speaking to Out-Law, data protection law specialist Kathryn Wynn said that the plans would strengthen existing laws, but would make access to data easier and faster.

Under current UK law, there needs to be "reasonable grounds" to intercept communications data without a warrant. The new Web snooping laws would effectively negate this safeguarding process. Historical communications data is available to law enforcement as it is held for six months to two years under Europe's Data Retention Directive by mobile networks, and phone and broadband companies.

"However, the UK Government will need to take account of privacy when drafting any new law. It has already had to change UK laws on the interception of communications after the Commission challenged its compatibility with EU privacy laws," Wynn said.

Last year, the Commission raised a case to the highest court in Europe, the European Court of Justice, saying that the UK does not have adequate data protection and privacy laws to protect Internet users.

A European Commission spokesperson said that the UK government's plan "would potentially be incompatible", adding that the draft Web monitoring law could leave the plans in danger of being in conflict with existing and upcoming European law.

"The Commission's own research last year into information privacy concluded that there was a lack of proper regulatory oversight and too much conflicting legislation, all of which fails to provide adequate protection for citizens and their private information.

We found that the way the government and its agencies collect, use and store personal data is not respecting people's right to privacy. However, because of the complexity of the current laws, obligations are unclear and authorities may be unaware they are breaking the law."

Europe is already on the way in collecting feedback on the upcoming Data Protection Regulation, which seeks to update and modernise the data protection and privacy laws across the 27 member states of the European Union, whilst protecting to some extent from third-country law.

From a logistical point of view, for GCHQ to actively monitor every call log, text message, email and every shred of Web traffic data could force the intelligence agency into "information overload". That said, if the U.S.' National Security Agency can do it, surely the Brits can too.

Image credit: CNET.


Topics: Government US, Browser, Government

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sorry but the European Commission is toothless

    Just like US agencies routinely ignore their own laws, it's entirely likely that GCHQ and the Home Office will do the same to any "limitations" presented by the EU. With the infrastructure in place and the telecoms and ISPs actively cooperating, the snoops can pretty much do what they want. If they find something interesting, it's easy for them to go back and "officially" request the data that they've already got with no mention of the prior access. Since the data retention requirements means that the data is still there, it's an easy dodge.
    terry flores
  • This was in a movie.

    This is starting to sound a lot like the back story to V for Vendetta. We all saw the movie, we know where it leads.
  • sad really

    Very liberal countries that are known for camera's on every street corner and little regard for individual privacy are going to VETO a
    UK invasion of privacy act because it goes too far...
  • BS

    Governments will continue to use terrorists as justification for taking away your rights. History repeats.
  • Nice

    And to add insult to injury, the people have to pay for their own surveillance with their taxes.
  • test