Government plans to give police access to data on all UK citizens' web and postal communications have met with criticism from MPs, ISPs and civil liberties groups.
The Communications Data Bill, laid before parliament on Thursday,
will see content service providers being forced to data including the time and duration of a communication, the number
or email address of the originator and recipient, and the location of
the device from which the communication was made.
Opposition is growing to the Communications Data Bill. Image credit: Shutterstock
The Internet Service Providers Association (ISPA) said that it had concerns about how proportionate it would be to capture data on all web communications.
"ISPA has concerns about the new powers to require network operators to capture and retain third party communications data," the trade body said in a statement on Friday. "These concerns include the scope and proportionality, privacy and data protection implications and the technical feasibility."
Liberal MP Julian Huppert also has concerns that Bill effectively gives the Home Office carte blanche to order communications services providers (CSPs) to install equipment that can examine not only metadata, but also the content of web communications, told ZDNet UK on Thursday.
"Essentially, [the bill] says that the secretary of state can, by order, do anything she wants to do. That's just far too broad," said Huppert. "Currently it could go as far as black boxes, DPI [deep packet inspection] on everything, everywhere. There is nothing on the face of the bill which constrains that."
According to the MP, the element of the bill known as Clause One, which says the secretary of state must ensure communications data can be obtained from telecommunications operators, does not have the appropriate privacy safeguards.
"The surrounding text suggests that the government wouldn't use the full
powers if it was enabled, but that frankly isn't good enough, because
that means a government could change its mind — the next government may
be more authoritarian. I think it will strain what the government is
allowed to do, and things that we consider to be acceptable."
Cambridge University security expert Richard Clayton also highlighted that the bill could be used to allow data-mining, saying it "appears to be the first law written from a sales brochure [on data-mining]", he told ZDNet on Friday.
Data-mining looks for patterns in huge datasets — for example, to build up an intelligence picture of an individual or group of people. The law will allow the authorities to go to organisations and request disparate IP addresses and timestamps for people who have accessed a certain webpage, for example, said Clayton. This data can then be compared with a list of all data-flows in the UK to narrow down suspect activity.
"It seems to me that to set up the mechanics for a police state, then to rely on convention not to run society in that way, is a poor way of proceeding," he said.
Clayton is not the only one with concerns about the ability of the bill to facilitate data-mining. "This is blanket retention of potentially all our communications on the internet," Liberty policy officer Rachel Robinson told a public meeting at the Houses of Parliament on Thursday. "Liberty is incredibly concerned about provision for the processing of data in the bill. This is something we didn't know we were getting, it looks like what we're going to have here is express provision for data-mining."