11 Jun 2015

Snooper’s charter: landmark report released on surveillance

A “comprehensive and comprehensible” new law on security services’ powers to monitor online communications must be drawn up “from scratch”, an influential terrorism watchdog says.

David Anderson QC called for a “clean slate” in the approach to intrusive powers used by authorities to combat terrorism and serious crime, saying the current framework is “fragmented” and “obscure”.

In a landmark 300-page report, the independent reviewer of terrorism legislation said a “comprehensive and comprehensible” new law was needed to replace “the multitude of current powers”.

The report, commissioned when the government rushed through laws to maintain intelligence capabilities last year, recommended that:

  • A new measure be introduced requiring the authorisation of a judge for all warrants for interception, which allow services to view the content of a suspect’s communication, limiting the role of the Home Secretary in this process to selected instances
  • The definition of communications data – currently described as the who, when and how but not the content of an email or phone call – should be “reviewed, clarified and brought up to date” and supervision of its use should be improved
  • The power to force providers to retain communications data for a period of time should be maintained. That capacity could be “enhanced” to include records of user interaction, but only after a rigorous assessment
  • Security and intelligence agencies should be allowed to continue practising “bulk collection” of intercepted material but “strict additional safeguards” should be introduced
  • In relation to encrypted communications, “no go areas” for intelligence and law enforcement should be “minimised” but requests for encryption keys should be covered by a law-based system

Mr Anderson said: “Modern communications can be used by the unscrupulous for purposes ranging from cyber-attack, terrorism and espionage to fraud, kidnap and child sexual exploitation.

“A successful response to these threats depends on entrusting public bodies with the powers they need to identify and follow suspects in a borderless online world. But trust requires verification.”

The report, titled A Question Of Trust, concluded that the Regulation of Investigatory Powers Act, which was introduced 15 years ago to govern surveillance techniques, has been “patched up so many times as to make it incomprehensible to all but a tiny band of initiates”.

It added: “A multitude of alternative powers, some of them with statutory safeguards, confuse the picture further. This state of affairs is undemocratic, unnecessary and – in the long run – intolerable.”

Speaking after its publication today, Mr Anderson said: “Each intrusive power must be shown to be necessary, clearly spelled out in law, limited in accordance with international human rights standards and subject to demanding and visible safeguards.

“The current law is fragmented, obscure, under constant challenge and variable in the protections that it affords the innocent. It is time for a clean slate.”

He said the report aims to help Parliament achieve a “world-class” framework for the regulation of “strong and vital powers”.

What is communications data?

It is the who, when, where and how of electronic communications such as phone calls and emails – but not their contents.

What is it used for and by whom?

Communications data has played a “significant role” in every security service counter-terrorism operation over the last decade, Theresa May said last year. It is also used by police investigating serious crime and is seen as particularly useful in proving or disproving alibis and tying suspects to a crime scene.

Has not the government already tried and failed to extend those powers?

Yes. The Communications Data Bill would have extended the requirement for companies to retain phone and email data to include records of browsing activity, social media use and internet gaming, among other things. But it was shelved amid discord with the Liberal Democrats during the last parliament. Emergency legislation – the Data Retention and Investigation Powers Act (Dripa) – was passed last year to maintain the status quo.

So spies and police can not actually read criminals’ emails or listen to phone calls?

Yes they can. Legal intercepts involve police or security agencies listening to a specific suspect’s calls or viewing content of emails. They currently require a warrant signed by the Home Secretary in every case, and are overseen by the Interception of Communications Commissioner.

Do services carry out mass surveillance?

This claim has repeatedly been made by civil liberties groups and privacy campaigners in the aftermath of revelations about intelligence practices made by former National Security Agency (NSA) worker Edward Snowden.

But reports by watchdogs have found that authorities do not carry out indiscriminate and random surveillance of law-abiding citizens.

In February the parliamentary Intelligence and Security Committee said agencies do not have the “legal authority, the resources, the technical capability, or the desire to intercept every communication of British citizens, or of the internet as a whole: GCHQ are not reading the emails of everyone in the UK”.