Lessons from history for UK Home Sec Theresa May's Investigatory Powers Bill

The Anti-Terrorism, Crime and Security Act 2001

Following the terrorist attacks on the World Trade Towers and the Pentagon of 11 September, the US government rushed through the controversial USA PATRIOT Act. It was criticised in its entirety for its suppression of civil liberties in lieu of expanding the State's security abilities, but it was Title II of the act, covering “Enhanced Surveillance Procedures” that came to be particularly criticised for allowing an unimaginable level of domestic snooping.

Similar legislation was passed in other countries around the world, but in Britain many of the powers contained in the PATRIOT Act to intercept domestic communications were already available under RIPA. The government therefore passed The Anti-Terrorism, Crime and Security Act 2001, Part 11 of which introduced the provision for ISPs to retain their customers' communications data - albeit on a voluntary basis - while also following data protection legislation.

Ben Emmerson QC said in an advice note to the former Information Commissioner in 2012 (summary here, PDF) that the Act’s data retention provision, alongside Section 22 of RIPA, could provide for potentially unlawful collateral use - that data retained voluntarily under the Act was not necessarily legally accessible for some of the more trivial snooping justifications allowed under RIPA.

Part 11 of the Act would be repealed by The Investigatory Powers Bill, consolidating its voluntary rules, and obligations under other legislative instruments, regarding the “retention of communications data”, into a new regime for authorising and safeguarding data retention by intermediaries.

EU Data Retention Directive 2006

A plenary session on retention of telecommunications data was held in the UK following terrorist attacks in Madrid and in London and during the UK's presidency of the European Council.

Hosted by Labour's third Home Secretary, Charles Clarke, the plenary session was attended by Justice and Home Affairs ministers from across the EU who took the opportunity to agree on an EU-wide Directive on data retention.

The European Council subsequently adopted a Directive that obliged member states to pass laws on the mandatory retention of telecommunications data for between six months and two years, for the stated purpose of allowing police and intelligence agencies to query those records. It would be implemented in the UK through The Data Retention (EC Directive) Regulations 2009.

The 2009 Regulations “overlapped to a large degree with the voluntary code [from the 2001 Act] but were more limited, and certainly didn't include web activity data,” according to technology law expert and partner at Bird & Bird, Graham Smith .

The Directive met with a familiar downfall. In response to a case brought by Digital Rights Ireland, the Directive was annulled in its entirety on 8 April 2014, when the Grand Chamber of the Court of Justice of the European Union (notably a separate body from the ECtHR) judged that it seriously infringed upon Human Rights.

Communications Data Bill 2008 & the Interception Modernisation Programme

It was Labour’s fifth Home Secretary, Jacqui Smith – nicknamed “Jackboot Jacqui” – who put forward the Interception Modernisation Programme (IMP) that became a Communications Data Bill in 2008.

The IMP proposed a central warehouse of communications data including web-browsing activity. Ultimately, no legislation was brought forward.

Although no snooping legislation would be passed during the Labour Government's last two years in power, the IMP remained active. It was lead by Charles Farr, a civil servant and former spook whose role in the development of security and surveillance law had made him a bête noire among civil liberties advocates.

Paul Bernal, law lecturer at the University of East Anglia and author of Internet Privacy Rights: Rights to Protect Autonomy, described the 2008 Bill as: “A classic moment in authoritarian history.” It was a moment, he told The Reg, when the government began to think of “using the internet as a control mechanism rather than a freedom mechanism,” and as a means “to monitor everything that's going on and use that information for social control.”

The 2008 Bill ultimately failed, Bernal noted because: “They didn't present it well, and it seemed creepy.”

Communications Data Bill 2012

While the IMP would be cancelled by the coalition government, Farr would remain a presence in the corridors of Whitehall through leading its successor initiative, the Communications Capabilities Development Programme (CCDP). And in May 2012, the CCDP's work produced what would be the coalition government's attempt at a Snoopers' Charter: the Communications Data Bill 2012.

The 2012 Bill formally introduced an obligation on ISPs to retain logs of their clients' web-browsing activities for 12 months, and ensure those logs' availability for law enforcement and intelligence agencies upon request.

Then new Home Secretary, Theresa May, appeared to have had the legislation announced in the Queen's Speech, but it was rapidly retitled as a “draft” following public outcry and statements regarding its relationship with the previous Labour government's plans.

The draft Communications Data Bill published in June 2012 (PDF) almost immediately hurt the coalition government, with many Conservative and Liberal Democrats openly declaring their opposition to. Deputy Prime Minister, Nick Clegg, created a Joint Committee to provide pre-legislative scrutiny of the proposal.

The Joint Committee on the Draft Communications Data Bill published said (PDF) the Bill paid “insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data.”

Julian Huppert – the former MP for Cambridge and Joint Committee member – told us: “The bill, which I fought so hard to kill off, included requests for far more data to be retained about us. The Home Office wanted to have the power to collect information on every website we ever go to, and to make ISPs collect information on what you do on Facebook, Google or any other online provider.”

Clegg withdrew his support and the Liberal Democrats said they’d prevent the Bill from being introduced – the Data Retention Directive was annulled on 8 April 2014. This didn’t deadlock surveillance legislation, however.