This is what one contributor to Data Protetcion and Privacy Practice wrote
with respect to the RIP Bill and access to "traffic data"
C
SOAPBOX
Every issue we let a reader or guest columnist get onto the "Soapbox"; in
this issue, another of our resident columnists, "Oleum" vents the occasional
sulphurous comment in the direction of Part I, Chapter II of the Regulation
of Investigatory Powers Bill (RIP Bill) now passing through Parliament.
The RIP Bill, which applies to any form of communication between two people,
has to perform a difficult balancing act. On the one hand, the Bill gives the
police and national security operatives access to the content of a
communication for a host of good reasons (e.g. detection of serious crime),
on the other hand the Bill has to offer reassurance to the public that the
invasions of privacy which are deemed necessary are not excessive, and that
powers used are exercised with due restraint with proper attention being paid
to safeguards for individuals.
A privacy issue has arisen because the Government has taken the decision (in
Part I, Chapter II) that there is a difference between the content of a
communication message and the fact that a communication has been made; the
RIP Bill defines "communications data" therefore only in relation to contact
and specifically excludes content. This means that, if an approved agency
wants to listen in on what you are saying they must obtain a warrant (with
safeguards applying with respect to this procedure); however, if they only
want to know to whom you are saying it, then they don't.
This subtle difference overlooks the fact that the making of a contact often
gives great detail with respect to the content; for instance if callers make
phone calls to take-away pizza parlours, they are unlikely to be asking how
much is in their bank accounts.
This distinction has also been subject to a critical statement from the Data
Protection Commissioner. In her "Response Of The Data Protection Commissioner
To The Government's Regulation Of Investigatory Powers Bill - A Briefing For
Parliamentarians" she says: "The Commissioner questions the distinction made
in the Bill between the requirements for gaining access to data contained
within an intercepted communication and those for gaining access to other
communications data such as traffic and billing information. Both sets of
data provide insight into the private lives of individuals and should
therefore be subject to equivalent controls and safeguards." She concludes
therefore that, in her view, "access to traffic and billing data should also
be made subject to prior judicial scrutiny, so that consideration could be
given to Article 8 of the European Convention on Human Rights".
The mechanism proposed in the Bill is also surprising. If a body is
authorised by the Secretary of State and if there are grounds associated with
national security, crime, public health, "preventing disorder", "in the
interests of public safety", "assessing or collecting any tax, duty, levy or
other imposition, contribution or charge payable to a government department"
or with "any purpose _specified by an order" made by the Secretary of State,
then communications data can be demanded. It is a legal duty for a
telecommunications or postal operator to provide these data. It is noteworthy
that if the order making power is used, that it is not subject to
Parliamentary approval.
The only statutory constraint placed on the body making the demand for
communications data is that it has to consider its "proportionality" - a
clear reference to consideration of Article 8 of the human rights matters?
This, in effect, is nothing new - the Human Rights Act 1998 will apply when
the RIP Bill becomes law - with the result that there is no independent check
on self authorising bodies unless, by happenstance, an irregularity is
unearthed AFTER (probably long-after) the event.
There is no mechanism whereby requests could be considered independently
BEFORE communications data are obtained. This is especially important when a
telecommunications or postal operator thinks the demand a trifle excessive;
for instance one which comes from an Intervention Board in relation to
"black market milk."
Yes - "black market milk" - its not a mistake. The RIP Bill is not only about
drugs, terrorism, national security, crime and the usual list of serious
matters usually emphasised by Home Office Ministers; its also about more
mundane things like "milk" and "eggs" and rural England (but more of that
later)
In fact, the Government has provided a list of bodies who can seek a warrant
for surveillance purposes. Since the grounds for seeking a warrant for
surveillance are the same as seeking access to communications data, it
follows that those listed for surveillance are very likely to be able to
demand communications data. Home Office Ministers confirm that as well as the
Security Services and Police, there is the "Medical Devices Agency", the
"Medicine Control Agency", "NHS Hospitals", "NHS Estates", "NHS Fraud",
"Local Authorities", "Food Standards Agency" the "Intervention Board for
Agricultural Produce", the "Sea Fisheries Inspectorate", the "Egg
Inspectorate", the "Coal Health Care Unit" the "Royal Pharmaceutical
Society", and the "Farming & Rural Conservation Agency".
In addition, where safeguards are provided by the Bill (for other warrant
aspects of the RIP Bill), it is very dispersed, and there is a surfeit of
Commissioners who can deal with a complaint. There is an "Interception of
Communications Commissioner" or "Covert Investigations Commissioner", or
"Security Service Act Commissioner" or "Intelligence Services Act
Commissioner" or any "Surveillance Commissioner". Note that there is no
explicit statutory role for the one Commissioner which other
telecommunications legislation provides to be solely responsible for privacy
matters; namely the Data Protection Commissioner.
In summary, in relation to communications data, the RIP Bill places the
immense challenges faced by the police on the same level as officials from
the worthy Egg Inspectorate or from bodies worried about milk and fish quotas
- surely this is, how shall I put it, "a bit wide of the mark".
There will also be between two and three thousand officials from several
hundred bodies (400+ Local Authorities, 40+ police forces, 100+ hospitals
etc) who will be able to self authorise themselves to obtain communications
data relation to mobile phones, analogue phones, interactive TV, fax machine,
post; in fact every single communications media you or I make. The fact that
these data can be obtained without any effective independent check beforehand
is little short of outrageous.
Oleum
-----Original Message-----
From: MIME :[log in to unmask]
Sent: 12 June 2000 19:53
To: [log in to unmask]
Subject: police access to traffic data
Dear Colleagues,
The Polish parliament just passed a new Telecom Law, which allows the police
to collect from telecom operators traffic data without any warrant or court
order. Is this also a case in the UK? What is the data protection aspect of
such disclousure?
Kind regards,
Andrzej Adamski
Chair of Criminal Law & Criminal Policy
Nicholas Copernicus University
Torun, Poland
<< File: ENVELOPE.TXT >>
******************** E-mail confidentiality notice ********************
This message is intended for the addressee only. It is private,
confidential and may be covered by legal professional privilege or
other legal or attorney/client privilege. If you have received this
message in error, please notify us and remove it from your system.
If you require assistance, please contact our London PC Support
department (telephone +44 (0) 20 7490 6949).
Masons is an international law firm with offices in London, Bristol,
Edinburgh, Glasgow, Leeds, Manchester, Brussels, Dublin, Hong Kong,
Guangzhou and Singapore.
Further information about the firm and a list of partners is
available for inspection at 30 Aylesbury Street, London EC1R OER
or from our Web site at www.masons.com
***********************************************************************
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
