Despite (and because of) a European ruling that found previous data retention measures were too invasive.
Image: Shutterstock/Frederic Legrand
Today the UK announced controversial emergency laws that will continue to force internet and communications companies to keep usage and location data on their customers for up to a year, and hand it over to law enforcement when requested.
The government claims this new law is necessary "for protecting national security and preventing serious crime," including fighting terrorist threats such as those presented by events in Iraq and Syria. In the announcement, Prime Minister David Cameron said that, "As events in Iraq and Syria demonstrate, now is not the time to be scaling back on our ability to keep our people safe." Last month, the Home Secretary Theresa May said that the UK needed more surveillance powers to counter the threat of British jihadists in Syria, which she said is “real and it is deadly.”
The law is being pushed through with urgency because of a European Court ruling in April that said existing measures invaded privacy. The government argues that if it doesn’t run the new law through quickly, "our law enforcement and intelligence agencies will lose sight of data that is crucial for protecting national security and preventing serious crime, and lose track of some dangerous individuals as a result."
But this haste has fuelled concerns that the policy has been fast-tracked to avoid debate, and that it will infringe upon the privacy and civil liberties of the UK’s citizens, as data will be retained even if no crime has been committed. Its introduction comes hot on the heels of the 'Snoopers' Charter', another more powerful law that was proposed in 2012 but not passed, largely due to political pressure after the Snowden revelations.
The emergency Data Retention and Investigation Powers Bill, to be introduced next Monday, will “enable agencies to maintain existing capabilities,” and will automatically expire at the end of 2016, at which point it may or may not be renewed.
The move is a response to a judgment by the Court of Justice of the European Union that ruled the EU Data Retention Directive unlawful. This was a piece of legislation introduced after the Madrid 2004 and London 2005 terrorist attacks, and it required communications providers to keep the traffic and location records (but not content) of their customers for up to two years. It was deemed to be “illegal and invalid,” because it was seen as disproportionate in relation to individuals' right to privacy.
Under the European ruling, that meant that the UK's law using this directive also risked a court challenge, so the government either had to change their law or stop using the surveillance method. The UK law required companies to hold onto the data for 12 months, according to Open Rights Group.
Today, the UK is essentially just keeping those powers up and running. But they’re also making some changes. In a rather surprising move from the usually tight-lipped office, the bill will introduce new oversight methods, including the establishment of a Privacy and Civil Liberties Oversight Board. The government will also publish annual transparency reports, “making more information publicly available than ever before on the way that surveillance powers operate.”
In a tweet this morning, the UK Prime Minister David Cameron said that the powers were necessary “to help keep us safe from those who would harm UK citizens.” This isn't just terrorists, according to details in the legislation. The government emphasises how these powers are important to combat everything from murder to sexual exploitation, drug crimes, door step fraud (a crime where someone, typically a senior citizen, is scammed by people coming to their house), and locating vulnerable individuals.
“Were these powers lost,” the release reads, “it would be harder or impossible to effectively investigate a range of crimes.”
As for the controversy, there are worries that this law has been rushed through Parliament in an opaque fashion, not giving politicians enough time to consider it thoughtfully. Tom Watson, a Labour politician, criticised how it was being rolled out in a post on Medium, and said that “nobody has had the chance to debate and question” the law.
Civil liberties groups—echoing what the European court ruled around this sort of surveillance—are concerned that this law will infringe the human rights of UK citizens.
Jim Killock, Executive Director of Open Rights Group, said in an email that he is worried about this setting a trend in UK law making, where politicians ignore rulings made by other courts and run with their own. "Not only will the proposed legislation infringe our right to privacy, it will also set a dangerous precedent where the government simply re-legislates every time it disagrees with a decision by the CJEU (Court of Justice of the European Union)," he wrote. "The ruling still stands and these new plans may actually increase the amount of our personal data that is retained by ISPs, further infringing on our right to privacy."
Emma Carr from Big Brother Watch also criticised the rushed bill. “It is a basic principle of a free society that you don't monitor people who are not under suspicion. Considering the snoopers' charter has already been rejected by the public as well as by the highest court in Europe, it is essential that the government does not rush head-first into creating new legislation,” she told the Guardian.
Overall, it seems that not much on the ground will change. This law will allow law enforcement to continue what they have been doing anyway since 2006—which is precisely the problem the bill's detractors have with it. While a high European Court sees this sort of surveillance as very troubling for civil liberties, the UK seems determined to continue exercising its data retention powers.