The so-called 'snooper's charter' has run into serious trouble, with a parliamentary committee calling it 'overkill' and urging significant amendments, and deputy prime minister Nick Clegg also calling for a fundamental rethink.
The Communications Data Bill, laid before the UK Parliament in June, would give the home secretary powers to demand data about any person's communications, whether they be over mobile phones, email, Facebook or any other service — the bill supposedly refers only to data that can be supplied by ISPs and other telecoms operators, but the wording of the bill even takes into account postal services.
The bill calls for data about communications to be served up — timing, who contacted who and other details — rather than the contents of the communications themselves. However, it immediately ran into opposition from civil liberties groups, ISPs, MPs and the information commissioner.
Now the opposition is greater still. In its report on Tuesday, a joint committee set up to examine the bill said its scope needed narrowing, because the version put forward by the government would give the home secretary "carte blanche" to order any data she wants, with no meaningful safeguards.
"There needs to be some substantial rewriting of the bill before it is brought before Parliament as we feel that there is a case for legislation, but only if it strikes a better balance between the needs of law enforcement and other agencies and the right to privacy," committee chair Lord Blencathra said.
"There is a fine but crucial line between allowing our law enforcement and security agencies access to the information they need to protect the country and allowing our citizens to go about their daily business without a fear, however unjustified, that the state is monitoring their every move."
The deputy prime minister responded to the report by saying the coalition government "needs to have a fundamental rethink about this legislation".
"We cannot proceed with this bill and we have to go back to the drawing board," Clegg said. "We need to reflect properly on the criticisms that the committee have made, while also consulting much more widely with business and other interested groups."
The committee's main problem with the bill (PDF) was the wording of its first clause, which would allow the home secretary to demand any communications data. The second clause supposedly adds safeguards, but in reality it only requires the home secretary to consult with regulators before ordering the surrender of data — it does not give anyone the power to stop her.
Here, the committee said the home secretary should need parliamentary approval for any orders she issues.
"There is a reasonable fear that this legislation will cost considerably more than the current estimates" - Report
However, this was not the only complaint. For one thing, the committee severely criticised the methodology behind the bill's justification: that 25 percent of communications data required by investigators is currently unavailable, due to new technology.
"We are of the strong view that the 25-percent data gap is an unhelpful and potentially misleading figure," the report read. "There has not been a 25-percent degradation in the overall quantity of communications data available; in fact quite the opposite."
"Technological advances and mass uptake of internet services since RIPA was passed in 2000, including social networking sites, means that there has been, and will continue to be, a huge increase in the overall amount of communications data which is generated and is potentially available to public authorities."
The committee also laid into the government's costing for the scheme. The estimate of £1.8bn over 10 years was "not robust", it said, because it was "prepared without consultation with the telecommunications industry on which they largely depend, and they project forward 10 years to a time where the communications landscape may be very different".
"Given successive governments' poor records of bringing IT projects in on budget, and the general lack of detail about how the powers under the bill will be used, there is a reasonable fear that this legislation will cost considerably more than the current estimates," the committee noted.
The committee also said a revised bill should have tighter definitions of types of communications data, as well as of the 'content' that cannot be requested. It also called for stricter limitations on which public authorities should have access to the data.
However, some civil liberties activists expressed dissatisfaction with the committee's acceptance of the bill's overall justification.
"The influential parliamentary committee describes Home Office evidence in numerous places as 'misleading' or 'fanciful and misleading', but its report accepts untested the motivating idea that the surveillance we already have is not too much, and not enough," No2ID said in a statement. "Large sections encourage the expansion of data-sharing.
"The core of the bill is a proposal to make access to more information about everyone's communications and internet use easier for a huge range of official purposes. By putting spy equipment into every significant communications loop, supervised not by a judge but by secret software, the ambition is to be able to collate a dossier on any citizen and his contacts at the push of a button."