Tuesday, July 29, 2014

Response from MP on DRIPA

On the first Monday of her summer holidays and after the Data Retention and Investigatory Powers Act had become law with her support the previous week, my MP, Nicola Blackwood, responded to my notes to her expressing concerns about the then DRIP Bill. Copy of her response below which essentially repeats the Conservative Party line.
"Dear Mr Corrigan,
Thank you for your emails about the Data Retention and Investigatory Powers Act, which has now received Royal Assent, and for your telephone call to my office. My staff passed on your message, and I know this is a subject you feel strongly about.
 I do understand the concerns that have been raised with regard to this legislation, in particular that it has come before the House as emergency legislation, and I share your desire to ensure that people’s civil liberties are protected at all times. I have consistently said it is absolutely essential that powers to monitor communications are confined to what is entirely necessary and proportionate to protect our national security, and also to be accountable.
 To be clear, this legislation goes no further than regulations which are already in place. Rather, it brings clarity to existing law following a ruling of the European Court of Justice (ECJ) in April. The ECJ’s ruling would have struck down regulations that let internet and phone companies retain communications data for law enforcement purposes for 12 months, and therefore a clearer legal framework was needed to underpin companies’ cooperation with law enforcement and intelligence agencies to intercept the communications of serious organised criminals and terrorists. I understand that some companies had already made clear to the Government that they would be unable to work with the UK on this unless that law was consolidated and made clear.
 That is why the Act brings together our data retention regulations in primary legislation, where at present it is under secondary legislation, and enables agencies to maintain their existing capabilities. In addition, it makes clear that the requirements include companies based abroad, whose phone and internet services are used in the UK. These powers, already in place, are held through not only the data retention directive and regulations, but also in relation to lawful intercept provisions of the Regulation of Investigatory Powers Act (2000).
 As you may know, the Home Secretary, Rt Hon Theresa May MP, came before the Home Affairs Select Committee, of which I am a member, last week to discuss the provisions of the Act. The Government has stated that communications data and interception plays an important role in prosecuting cases of serious organised crime. Therefore, whilst before the Committee, I took the opportunity to ask the Home Secretary about this and she clarified that such data is used in 95% of cases that the Crown Prosecution Service deals with in relation to serious and organised crime; it has been used in all major counter-terrorism investigations over the last decade.
 Theresa May MP also explained that the Government had carefully considered how to respond to the ECJ ruling, and I was reassured by her clear statement that no more powers are being sought. I agree with the statement made by the Home Secretary that these powers are only to be used ‘with very carefully controlled access arrangements to ensure that any request is necessary and proportionate to the investigation that is taking place’. The existing EU directive, which was overturned by the ECJ, had meant that the period of data retention was an ‘absolute period’ of 12 months and there was no flexibility within this. By contrast, the new regulations will mean that data can only be held for a maximum of 12 months.
 Crucially, alongside the introduction of this legislation the Government is further strengthening the oversight of intelligence capabilities. Between now and 2016, the Government will review the Regulation of Investigatory Power Act (RIPA) to make recommendations to reform and update it- this has now been reaffirmed in the wording of the Act. Ministers are also establishing a Privacy and Civil Liberties Oversight Board which I understand will work to ensure civil liberties are properly considered when the Government sets counter-terrorism policy. I have received assurances from Ministers that the Government is also restricting the number of public bodies that can ask for communications data and will be publishing annual transparency reports. This will make more information publically available than ever before.
 The Home Affairs Committee expressed our view to the Home Secretary that we supported the Bill as a whole, and particularly welcomed Clause 6(3), or the ‘sunset provision’, which means that the legislation will ‘expire’ on 16th December 2016 and will therefore be repealed or renewed at this point. Further, on the day of the vote, the Government accepted new amendments to the Bill which bind us to six-monthly reviews of its operation by the Interception of Communications Commissioner.
 Ministers are mindful that without legislation, we face the prospect of a serious degradation in the ability of law enforcement and intelligence agencies to do their jobs. It is for the reasons detailed above, i.e. that the Act does not extend existing powers and that safeguards and oversight mechanisms are expanded, that I voted for it in the House of Commons last week. The ECJ ruling disbanded the existing EU directive on the basis that it lacked sufficient safeguards, allowing phone and internet companies to store data but did not establish how this data could be accessed or for what purposes. Whereas this new legislation makes clear that the legal framework in which companies must work within, and the circumstances in which this data can be used for vital law enforcement and for our national security.
 I have attached above a copy of the letter I received from Home Office Minister, James Brokenshire MP, which explains the Act in full. I do hope this response is helpful, and thank you, once again, for taking the time to contact me on this important issue.
 Kind regards
The letter from Security Minister James Brokenshire which Ms Blackwood attached to her response read -
LONDON SW1A 0AA 10th July 2014
 Dear Colleague,
It is the first duty of Government to protect the public and we are today introducing emergency legislation to ensure that our law enforcement and intelligence agencies have access to the tools they need to keep us safe.  Access to information relating to communications, subject to robust safeguards, is vital in the fight against crime and terrorism and has been used successfully for many years.

Communications data – the who, where, when and how of a communication but not its content – is a vital tool in the investigation of crime and safeguarding the public.  It has been used in 95% of serious and organised crime investigations handled by the Crown Prosecution Service and every major Security Service counter-terrorism investigation over the last decade.

The interception of the content of communications is of critical importance to the preservation of national security. Since 2010, the majority of the Security Service’s top priority UK counter-terrorism investigations have used intercept capabilities in some form to identify, understand or disrupt plots seeking to harm the UK and its citizens.  However, two recent developments have put these crucial capabilities at risk.  Without legislation, we face the real prospect of a serious degradation in the ability of law enforcement and intelligence agencies to do their jobs.

Firstly, the European Court of Justice judgment of 8 April declared the EU Data Retention Directive (2006) invalid.  This Directive required Member States in Europe to provide for a mandatory communications data retention framework covering certain data for the purpose of the investigation of serious crime.  Following the judgment, our domestic Data Retention (EC Directive) Regulations 2009, which transposed the Directive, remain in force.  However, we need to legislate to maintain an effective mandatory communications data retention framework, and to address the ruling unambiguously and immediately.

If companies could no longer be required to retain communications data, law enforcement’s capability to prevent and detect crime and protect the public would be severely degraded; many investigations would be delayed and some would cease entirely.

The second component of the Bill will put beyond doubt that companies providing communication services to customers in the UK must comply with lawful requests under the Regulation of Investigatory Powers Act 2000 irrespective of where those companies are located.    A number of overseas communication service providers have questioned whether they are required to comply with obligations under the Act in relation to the interception of communications.
 With the increasing globalisation of communications, any decrease in cooperation from overseas providers could have a devastating impact on national security.  If we lose visibility of what terrorists are saying to each other, we will lose the ability to understand and mitigate the threat that they pose.

This Bill will ensure that communications data continues to be available when it is needed.  Whilst most of the European Court’s criticisms are already addressed in UK law, the Bill will also respond to the judgment.  The European Court’s judgment did not take into account national laws on access to communications, and in particular the UK’s access regime with its robust safeguards.  Our communications data regime is internationally respected, and already addresses most of the criticisms made in the judgment.  However, we are introducing a number of new safeguards to respond to the judgment, such as enhancing our data retention notice regime, and formalising the requirements placed on communications companies to safeguard this crucial data.  We will also create a Code of Practice on Data Retention, which will put best-practice guidance on a statutory footing.  Furthermore, the Bill will also put beyond doubt the extra-territorial application of RIPA to ensure that companies, irrespective of where they are based, can comply with their obligations.

The legislation does not create any new powers, rights of access or obligations on communications companies beyond those that already exist. It does not seek to replicate the proposals that were included in the Draft Communications Data Bill, published in 2012. And it would sit aside the already robust regime RIPA provides to regulate access to retained data.

We must act now to ensure that the capability of our law enforcement and intelligence agencies to prevent and detect crime, protect the public and ensure national security does not rapidly and seriously diminish.  The need to act is made all the more pressing because the threats we face remain considerable, not least the collapse of Syria, the emergence of the Islamic State of Iraq and the Levant, organised crime that crosses national boundaries and the expanding scope of cybercrime.

All these threats and many more should remind us that the world is a dangerous place and the United Kingdom needs the capabilities to defend its interests and protect its citizens.

The proposals on communications data and investigatory powers which I have set out above are necessary to ensure that law enforcement and security agencies are able to continue making use of these essential tools. These provisions are not intended to fill the gap which we were looking to close with the draft communications data bill but to ensure that law enforcement can continue to access the material which they currently have access to.

I've responded briefly -
Dear Nicola,

Thanks for taking the time to send a response on the first day of your summer holidays. I can only repeat that for something as serious as an emergency law that requires blanket, indiscriminate communications data retention, targeted not at criminals but  the entire population, every single MP should take notice and make the requisite time to read the proposed legislation and associated documents.

It is incumbent upon MPs to understand what the laws that you are passing actually say, rather than what the party briefing or ministerial assurances might be telling you they say. When the time comes to apply the law, ministerial assurances are not worth the paper they are written on.

Without going through the process of matching each government assurance with contradictory evidence, something I suspect would be of little interest, I would like to draw your attention to one important misunderstanding. It seems increasingly to be the belief amongst MPs that blanket data collection and retention is acceptable in law and that the only concern should be the subsequent access to that data. Assertions to this effect are simply wrong.

The April European Court of Justice(ECJ) judgement restated the position clearly that mass indiscriminate data retention "constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter." (Para 34 of the decision). Article 7 of the Charter of Fundamental rights, as you know, guarantees everyone “the right to respect for his or her private and family life, home and communications”. The European Court of Human Rights (ECtHR) laid down the same prohibition of blanket retention in the S. and Marper v UK case in December 2008.

Please do not be misled into the erroneous belief that retention is acceptable and access is therefore the only problem. Underpinning any future regulatory framework in this area with such a fundamentally flawed assumption would be a big mistake on many levels. Both retention and access in and of themselves present serious article 7 and article 8 challenges, as the ECJ, the ECtHR and many other national courts have made clear.

Have a good holiday.



No comments: