The government has today published the Communications Data Bill, which will give police access to communications data for the purposes of tackling crime.
Communications data includes information such as what websites individuals have visited, and who they emailed, but not the actual content of exchanges. The government wants to update existing data laws to enable police access to communications data generated by new technologies such as VoIP (voice over IP) service Skype.
Home secretary Theresa May said: “Communications data saves lives. It is a vital tool for the police to catch criminals and to protect children. If we stand by as technology changes, we will leave police officers fighting crime with one hand tied behind their backs.
“Checking communication records, not content, is a crucial part of day-to-day policing and the fingerprinting of the modern age – we are determined to ensure its continued availability in cracking down crime.”
According to the Home Office, the legislation will require communication service providers, when requested to do so, to retain and store communications records that they might not already keep.
Analysts have previously pointed out that this could raise concerns about data storage capabilities and infrastructure costs for telcos, possibly opening the door for big data technologies.
However, the government said that communication service providers (CSP) “will be reimbursed for any costs of complying” with the new legislation.
“Obligations will not be placed on every CSP and will only be imposed after detailed discussion and ministerial sign-off,” the Home Office said.
Furthermore, CSPS will be able to appeal to a technical advisory board if they feel that that imposed requirements are “unnecessarily onerous”.
Existing data regulations in the UK, such as the Data Retention Directive, already allow intelligence officers to access historic communications data held by ISPs (Internet Service Providers), telcos and social media platforms, while the Regulation of Investigatory Powers Act 2000 (RIPA) allows access to real-time communications data on a one-off basis.
The new bill will continue to allow police access to communications data, but only in the context of a specific investigation. It will replace the communications data provisions of RIPA.
While the existing data laws allow public bodies, including councils, to access communications data, the new bill will be limited to just four bodies – the police, the Serious Organised Crime Agency (SOCA) or the National Crime Agency (NCA), the intelligence agencies and Her Majesty’s Revenue and Customs (HMRC).
Other bodies will only be granted access if the UK parliament agrees that their use is essential to tackling crime and protecting the public.
The Interception of Communications Commissioner will continue to independently oversee the acquisition of communications data by public authorities, and will also oversee the collection of communications data by communication service providers.
Among the safeguards proposed by the bill, all communications data retained by the CSPs will be destroyed after the 12-month retention period, unless required for legal proceedings.
Meanwhile, the communications industry will be responsible for ensuring that retained data is protected against loss, unlawful destruction and unauthorised access. This will be overseen by the Information Commissioner’s Office (ICO).
However, the ICO has pointed out that it will need extra resources to carry out this extra responsibility.
“If the Information Commissioner is to be in a position to ensure compliance with the Data Protection Act (DPA), in respect of security of retained personal information and its destruction after 12 months, the ICO will need appropriately enhanced powers and the necessary additional resources,” an ICO spokesperson said.
In addition, the Intelligence and Security Committee (ISC) said that it has started its own investigation into the communications data bill to ensure that the proposed safeguards are robust enough to protect personal privacy.
“We will take evidence and examine the rationale behind the proposals and how rigorous the safeguards are to ensure the privacy of individuals,” said Sir Malcolm Rifkind MP, chairman of the ISC.
The bill will now be subject to pre-legislative scrutiny by a parliamentary joint committee.