Hey UK.gov – cute tweaks to snoop regime. Your EU law reading needs work

Privacy bods rip into attempts to make Investigatory Powers Act legal

The government's attempt to bring the UK's data retention regime in line with European Union laws have been slammed by privacy campaigners, which has accused politicians of trying to avoid making necessary changes.

A landmark ruling from the Court of Justice of the European Union deemed indiscriminate data retention illegal, forcing the UK government to set out a series of tweaks to the controversial Investigatory Powers Act.

These included a proposal for a new independent body that authorises access to surveillance data – rather than the public authorities themselves – and plans to lower the bar for what constitutes "serious crime".

However, in its response (PDF) to the proposed changes, privacy campaign group Big Brother Watch said that the government's interpretations of the judgment are flawed and called for them to be reconsidered.

Among these are the government's interpretation of the Watson judgment – after Labour deputy leader Tom Watson who brought the case – as applying to traffic (or events) data, not subscriber (or entity) data, which Big Brother Watch said was "evidently wrong".

The campaign group also disagreed with the government's assertion that the UK's existing data retention regime isn't "general and indiscriminate" – which is the basis for the CJEU's first ruling.

"The government appears to be seeking to evade the effect of the ruling," the group said, arguing that the UK's regime "is plainly general and indiscriminate, as it captures the data of millions of people who are of no intelligence interest."

Despite this view, the government did propose adding a list of factors for the secretary of state to consider when issuing a data retention notice to a telco.

web snoop

UK.gov admits Investigatory Powers Act illegal under EU law


But this include a consideration of whether to restrict the notice to a geography or exclude groups of people, which Big Brother Watch said "demonstrates that the default position will be to issue mass data retention notices that are not restricted".

The group also takes umbrage at the government's position that the judgment in Watson does not apply to activities of the UK's intelligence agencies, even when data is sought in relation to crime.

This view is "particularly objectionable and demonstrates an open disregard" for the ruling, the group said.

"The adoption of this proposal would mean that a significant amount of communications data sought in the UK would be retained and accessed in absence of the mandatory safeguards required by law, and would remain accessible via self-authorisation within the Agencies."

Big Brother Watch also expressed disappointment that the proposed Office of Communications Data Authorisations – which will sign off on communications data requests – would not be a judicial body.

And it warned the creation of the office might mean an "unwelcome rollback" on safeguards that limit councils' use of investigatory powers.

Existing laws require a magistrate's approval for local authorities' use of IPA powers, the response said, but the new proposals would remove this check.

"We are concerned that this marks a return to a purely administrative request and authorisation procedure by which local authorities can be empowered with intrusive investigatory powers," it said.

Elsewhere in its consultation response, Big Brother Watch warned against lowering the threshold of serious crime to being that an adult should be "capable" of being imprisoned for six months.

This "extremely watered-down definition" would render it "almost meaningless" in practice, the response said.

Liberty director Martha Spurrier was similarly unimpressed with this proposal when the consultation was launched, saying it "fails to propose the robust system of independent oversight that is so vital to protect our rights". ®

Similar topics

Other stories you might like

  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has darted the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading
  • Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

    Expect flight delays and diversions, US Federal Aviation Administation warns

    The new 5G C-band wireless broadband service expected to rollout on 5 January 2022 in the US will disrupt local radio signals and make it difficult for airplanes to land safely in harsh weather conditions, according to the Federal Aviation Administration.

    Pilots rely on radio altimeter readings to figure out when and where an aircraft should carry out a series of operations to prepare for touchdown. But the upcoming 5G C-band service beaming from cell towers threatens to interfere with these signals, the FAA warned in two reports.

    Flights may have to be delayed or restricted at certain airports as the new broadband service comes into effect next year. The change could affect some 6,834 airplanes and 1,828 helicopters. The cost to operators is expected to be $580,890.

    Continue reading
  • Canadian charged with running ransomware attack on US state of Alaska

    Cross-border op nabbed our man, boast cops and prosecutors

    A Canadian man is accused of masterminding ransomware attacks that caused "damage" to systems belonging to the US state of Alaska.

    A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time. US prosecutors [PDF] claimed he carried out "cyber related offences" – including a specific 2018 attack on a computer in Alaska.

    The Canadian Broadcasting Corporation reported that Philbert was charged after a 23 month investigation "that also involved the [Royal Canadian Mounted Police, federal enforcers], the FBI and Europol."

    Continue reading

Biting the hand that feeds IT © 1998–2021