EMERGENCY POWERS ALLOW MASS-SURVEILLANCE FOR NON-TERRORIST
forward | 18.10.2001 13:46
forwarded from original author, new powers revealed for mass-surveillance of non-terrorist investigations, data reveling who you talk to & what you read...
Subject: FIPR Release 16/10/2001: EMERGENCY POWERS ALLOW
> >MASS-SURVEILLANCE
> > FOR NON-TERRORIST INVESTIGATIONS
> >
> >Press release: FOR IMMEDIATE USE : 16th October 2001
> >
EMERGENCY POWERS ALLOW MASS-SURVEILLANCE FOR NON-TERRORIST
INVESTIGATIONS
Home Office undecided whether ISP data retention to be
voluntary or compulsory
Data revealing who you talk to, what you read, where you
are, collected for "national security"
Data can be trawled for public order, minor crimes, tax,
health and safety
E-Commerce to bear open-ended storage and data-protection
compliance costs
As part of an emergency package of anti-terrorism measures,
Home Secretary David Blunkett announced yesterday (Note 3)
that Internet Service Providers would be "enabled" to retain
logs detailing the online activity of their customers (but NOT the contents of communications).
Data protection legislation (Note 4) currently protects
electronic privacy by prohibiting blanket storage by ISPs of
logs recording such details as websites browsed, To and From
addresses of e-mails, and which 'newsgroup' articles are read
by a subscriber. Other "communications data", such as the
telephone number used to dial-up the Internet, may be kept so long as it is relevant to billing or fraud control.
Although Mr.Blunkett's use of the word "enable" (rather than
"require") implied that compliance will be at the ISP's
discretion, the lead official told FIPR that retention may be made compulsory, enforced through civil law. The same source
said a ministerial certificate will assert "national security"
exemptions (Note 5) so that ISPs and telephone companies will
not be in breach of European Directives. The government will
only specify later exactly what data may be collected and for
how long in a Code of Practice in consultation with ISPs.
No new legislation is necessary for police and intelligence
agencies to collect the data once it is recorded by ISPs and
telephone companies. The Regulation of Investigatory Powers
(RIP) Act 2000 (Note 5) allows records to be obtained for
broad purposes including tax, health and safety, public order
offences and minor crime. Although "communications data"
provides a complete map of private life, revealing who you
talk to, what you read, and where you go, the authorities can
rubber-stamp compilation and trawling of large and detailed
databases. In contrast, inspection of the contents of a single
e-mail requires a warrant from a Secretary of State, and a
search for documents requires a court order.
Bulk requests can be made on groups or the history of an
individual and kept by police and intelligence agencies
indefinitely under data protection exemptions. This includes
the exact co-ordinates of your geographic location - which
3rd-generation mobiles produce continuously whilst the phone
is switched on.
Computerised 'traffic analysis' (tracing links between
individuals) is a powerful new form of mass-surveillance, but
is only efficient at keeping tabs on the law-abiding.
Professional terrorists know how to cover their tracks - for
example throw-away use of pre-paid mobile phones. Reports of
the modus operandi of the September 11th terrorists indicate
they used Web-based e-mail from public terminals. Clearly it
is not persuasive to argue for privacy to be sacrificed in the
name of fighting terrorism if the measures would not in fact
be effective.
A leaked report from the National Criminal Intelligence
Servcie last year revealed that police and security agencies
are nevertheless pressing for a mandatory data retention law
to warehouse the traffic data of the entire population for
several years (
http://cryptome.org/ncis-carnivore.htm).
Blunkett's proposals amount to blanket 'dataveillance' for
non-terrorist investigations, using the the tragic events of
Sep 11 as justification.
Providers of e-commerce authentication services could be
affected as well as ISPs and telcos. Anyone offering
"provision of access to, and of facilities for making use
of...the transmission of communications" [RIP
S.22(4) & S.1 defs] could face extra costs of providing
suitable storage devices and media, and full compliance with
data protection legislation.
Quotes
======
Caspar Bowden, director of Internet think-tank FIPR
(Foundation for Information Policy Research) commented:
"Sensitive data revealing what you read, where you are, and
who you talk to online could be collected in the name of
national security. But Mr.Blunkett intends to allow access to this data for purposes nothing to do with fighting terrorism.
Minor crimes, public order and tax offences, attendance at
demonstrations, even 'health and safety' will be legitimate
reasons to siphon sensitive details of private life into
government databases to be retained indefinitely. This would
be in flagrant breach of the first and second Data Protection
Principles."
Contact for enquiries:
Caspar Bowden
Foundation for Information Policy Research
www.fipr.org
cb@fipr.org
+44(0)20 7354 2333
Notes for editors
-----------------
> >
> >1. The Foundation for Information Policy Research
> >(www.fipr.org), is a non-profit think-tank for Internet
> >policy, governed by an independent Board of Trustees with an
> >Advisory Council of experts.
> >
> >2. FIPR's analysis of the RIP Act (www.fipr.org/rip)
> >stimulated media debate, and led to amendments ensuring that
> >people who lose decryption keys or forget passwords are
> >presumed innocent until proven guilty, and prohibiting
> >detailed surveillance of web browsing without a full warrant.
> >
> >3. Home Office Press Release 15/10/2001: "BLUNKETT OUTLINES
> >FURTHER ANTI-TERRORIST MEASURES"
> >( http://wood.ccta.gov.uk/homeoffice/hopress.nsf/50e2456405b67f7
> d802566b3
> 006819dc/2a5fc6811dec4c7180256ae6004fa4d3?OpenDocument)
>
> 3. The Telecommunications Data Protection Directive 1996, implemented in
> UK law as SI 2093 (1999). The Office of the Information Commissioner
> (contact Iain Bourne) has stated that ISP blanket (i.e. for all
> subscribers) logging and retention of online Internet activity is
> prohibited. Logging of telephone numbers is permitted whilst relevant
> for billing or fraud control.
>
> 4. Section 32. of SI 2093 allows a certificate signed by a Minister of
> the Crown to over-ride the prohibition on blanket data retention for
> National Security purposes
> ( http://www.hmso.gov.uk/si/si1999/19992093.htm)
>
> 5. Regulation of Investigatory Powers Act 2000, Part.1 Chapter.2,
> Section 22 ( http://www.hmso.gov.uk/acts/acts2000/00023--c.htm#22). This
> Part is not yet in force and the relevant Code of Practice is open for
> consultation until November 2nd
> ( http://www.homeoffice.gov.uk/ripa/consultintro.htm)
>
> 6. Data Protection Act 1998, Schedule 1,
> ( http://www.hmso.gov.uk/acts/acts1998/80029--l.htm#sch1)
> >MASS-SURVEILLANCE
> > FOR NON-TERRORIST INVESTIGATIONS
> >
> >Press release: FOR IMMEDIATE USE : 16th October 2001
> >
EMERGENCY POWERS ALLOW MASS-SURVEILLANCE FOR NON-TERRORIST
INVESTIGATIONS
Home Office undecided whether ISP data retention to be
voluntary or compulsory
Data revealing who you talk to, what you read, where you
are, collected for "national security"
Data can be trawled for public order, minor crimes, tax,
health and safety
E-Commerce to bear open-ended storage and data-protection
compliance costs
As part of an emergency package of anti-terrorism measures,
Home Secretary David Blunkett announced yesterday (Note 3)
that Internet Service Providers would be "enabled" to retain
logs detailing the online activity of their customers (but NOT the contents of communications).
Data protection legislation (Note 4) currently protects
electronic privacy by prohibiting blanket storage by ISPs of
logs recording such details as websites browsed, To and From
addresses of e-mails, and which 'newsgroup' articles are read
by a subscriber. Other "communications data", such as the
telephone number used to dial-up the Internet, may be kept so long as it is relevant to billing or fraud control.
Although Mr.Blunkett's use of the word "enable" (rather than
"require") implied that compliance will be at the ISP's
discretion, the lead official told FIPR that retention may be made compulsory, enforced through civil law. The same source
said a ministerial certificate will assert "national security"
exemptions (Note 5) so that ISPs and telephone companies will
not be in breach of European Directives. The government will
only specify later exactly what data may be collected and for
how long in a Code of Practice in consultation with ISPs.
No new legislation is necessary for police and intelligence
agencies to collect the data once it is recorded by ISPs and
telephone companies. The Regulation of Investigatory Powers
(RIP) Act 2000 (Note 5) allows records to be obtained for
broad purposes including tax, health and safety, public order
offences and minor crime. Although "communications data"
provides a complete map of private life, revealing who you
talk to, what you read, and where you go, the authorities can
rubber-stamp compilation and trawling of large and detailed
databases. In contrast, inspection of the contents of a single
e-mail requires a warrant from a Secretary of State, and a
search for documents requires a court order.
Bulk requests can be made on groups or the history of an
individual and kept by police and intelligence agencies
indefinitely under data protection exemptions. This includes
the exact co-ordinates of your geographic location - which
3rd-generation mobiles produce continuously whilst the phone
is switched on.
Computerised 'traffic analysis' (tracing links between
individuals) is a powerful new form of mass-surveillance, but
is only efficient at keeping tabs on the law-abiding.
Professional terrorists know how to cover their tracks - for
example throw-away use of pre-paid mobile phones. Reports of
the modus operandi of the September 11th terrorists indicate
they used Web-based e-mail from public terminals. Clearly it
is not persuasive to argue for privacy to be sacrificed in the
name of fighting terrorism if the measures would not in fact
be effective.
A leaked report from the National Criminal Intelligence
Servcie last year revealed that police and security agencies
are nevertheless pressing for a mandatory data retention law
to warehouse the traffic data of the entire population for
several years (
http://cryptome.org/ncis-carnivore.htm). Blunkett's proposals amount to blanket 'dataveillance' for
non-terrorist investigations, using the the tragic events of
Sep 11 as justification.
Providers of e-commerce authentication services could be
affected as well as ISPs and telcos. Anyone offering
"provision of access to, and of facilities for making use
of...the transmission of communications" [RIP
S.22(4) & S.1 defs] could face extra costs of providing
suitable storage devices and media, and full compliance with
data protection legislation.
Quotes
======
Caspar Bowden, director of Internet think-tank FIPR
(Foundation for Information Policy Research) commented:
"Sensitive data revealing what you read, where you are, and
who you talk to online could be collected in the name of
national security. But Mr.Blunkett intends to allow access to this data for purposes nothing to do with fighting terrorism.
Minor crimes, public order and tax offences, attendance at
demonstrations, even 'health and safety' will be legitimate
reasons to siphon sensitive details of private life into
government databases to be retained indefinitely. This would
be in flagrant breach of the first and second Data Protection
Principles."
Contact for enquiries:
Caspar Bowden
Foundation for Information Policy Research
www.fipr.org
cb@fipr.org +44(0)20 7354 2333
Notes for editors
-----------------
> >
> >1. The Foundation for Information Policy Research
> >(www.fipr.org), is a non-profit think-tank for Internet
> >policy, governed by an independent Board of Trustees with an
> >Advisory Council of experts.
> >
> >2. FIPR's analysis of the RIP Act (www.fipr.org/rip)
> >stimulated media debate, and led to amendments ensuring that
> >people who lose decryption keys or forget passwords are
> >presumed innocent until proven guilty, and prohibiting
> >detailed surveillance of web browsing without a full warrant.
> >
> >3. Home Office Press Release 15/10/2001: "BLUNKETT OUTLINES
> >FURTHER ANTI-TERRORIST MEASURES"
> >(
http://wood.ccta.gov.uk/homeoffice/hopress.nsf/50e2456405b67f7 > d802566b3
> 006819dc/2a5fc6811dec4c7180256ae6004fa4d3?OpenDocument)
>
> 3. The Telecommunications Data Protection Directive 1996, implemented in
> UK law as SI 2093 (1999). The Office of the Information Commissioner
> (contact Iain Bourne) has stated that ISP blanket (i.e. for all
> subscribers) logging and retention of online Internet activity is
> prohibited. Logging of telephone numbers is permitted whilst relevant
> for billing or fraud control.
>
> 4. Section 32. of SI 2093 allows a certificate signed by a Minister of
> the Crown to over-ride the prohibition on blanket data retention for
> National Security purposes
> (
http://www.hmso.gov.uk/si/si1999/19992093.htm) >
> 5. Regulation of Investigatory Powers Act 2000, Part.1 Chapter.2,
> Section 22 (
http://www.hmso.gov.uk/acts/acts2000/00023--c.htm#22). This > Part is not yet in force and the relevant Code of Practice is open for
> consultation until November 2nd
> (
http://www.homeoffice.gov.uk/ripa/consultintro.htm) >
> 6. Data Protection Act 1998, Schedule 1,
> (
http://www.hmso.gov.uk/acts/acts1998/80029--l.htm#sch1)
forward
Comments
Display the following 2 comments