Drip, drip, drip; and the next thing you know, democracy has been washed away

by Maria on July 14, 2014

UK CT readers, please read this Open Rights Group myth-buster on the surveillance legislation the three main parties have stitched up behind closed doors, and plan to vote through as an emergency tomorrow. Is your MP planning to vote for it? If they are, ask them if they will support a (to be tabled this afternoon) amendment that will bring the sunset clause down to 6 months – surely enough time to fix the ’emergency’.

(More analysis from Paul Bernal here.)

(Email your MP here.)

What is DRIP?
The Data Retention Investigatory Powers Bill (DRIP) will require internet and phone companies to keep their customers’ communications data for up to a year. It is being rushed through parliament this week: MPs will vote on Tuesday and the Lords will vote on Thursday.

DRIP will replace the Data Retention (EC Directive) Regulations 2009. The legal basis of these regulations has been uncertain since the Court of Justice of the European Union (CJEU) after the CJEU found the EU Data Retention Directive 2006/24/EC to be invalid.
Legal wranglings aside, the ruling was very clear. Keeping everyone’s data in case they commit a crime seriously interferes with our right to privacy and our right to a private family life.

Additionally clauses 3-5 extend UK surveillance law – RIPA – to US and foreign companies. These measures are controversial, not related and there is no evidence that there is any reason for any rush.

Below are five arguments that the Government is using to justify its passing – and the real reason why it shouldn’t.

“This is an emergency”
The CJEU ruling was delivered on 8 April, 2014. The government has had three months to address the court’s findings. We believe that it is the threat of legal action by Open Rights Group and other organisations that has prompted this ‘emergency’ legislation – not the threat of terrorism or criminal activity. The government should not mislead us about the urgency of this legislation. Given its significance and the threat to our civil liberties, It should not be rushed through without proper parliamentary scrutiny.

Background: After the CJEU ruling, Open Rights Group and other organisations contacted the Home Office to ask them if they would be asking internet service providers to stop retaining data. In May, the Home Office responded by saying that ISPs should continue to retain data. Last month, over 1,500 ORG supporters wrote to their ISPs asking them to stop keeping their data. They responded by saying that they were acting under the instructions of the Home Office.

“This is not an extension of powers, it’s restoring the status quo”
The Prime Minister said, “we are not introducing new powers or capabilities” but in fact DRIP does not just deal with Regulations that were made illegal by the CJEU ruling. Clauses 3 to 5 of the Bill make amendments to the Regulation of Investigatory Powers Act (RIPA). DRIP extends the government’s surveillance powers in two ways:

It extends the territorial scope of RIPA – this means that the government can issue interception warrants for communciations data to companies outside of the UK.
It extends the definition of “telecommunications service” within RIPA. The effect of this is unclear, but it appears possible the new definition could include services such as Gmail.

“It’s the only way we can catch criminals”
We agree that the targeted retention of communications data can help the police to tackle serious crimes, such as terrorism and child abuse. However, the CJEU ruling outlined a low threshold for deciding to retain data. For example, if a serious crime if committed, data could be retained for a particular geographical region to support a criminal investigation. This means that the police could still retain data for specific investigations, rather than the blanket surveillance of all citizens.

The CJEU ruling was clear that blanket data retention interfered with our right to privacy and our right to a private family life. Other European countries, including Austria, Belgium, Bulgaria, Germany, Greece, Romania and Sweden, have rejected it. These countries continue to tackle serious crime without undermining their citizens’ civil liberties through blanket data retention.

“There is a sunset clause”
The Bill will expire on 31 December 2016. The government claims that this will ‘strengthen oversight and transparency’ but that is two and a half years away. Given that the Bill is to be rushed through parliament in a week, we believe that this date is too late to allow for proper parliamentary scrutiny. If legislation is to be rushed through without debate, an earlier expiry date of 31 December 2014 would allow for scrutiny in six months.

“The Bill includes concessions that take into account the CJEU ruling”
DRIP ignores the main part of the CJEU ruling – that blanket data retention severely interferes with the fundamental rights to respect for private life and to the protection of personal data. The government has claimed that other aspects of the Bill will strengthen oversight and transparency. For example, they claim it will restrict the number of public bodies that can request communications data. Yet this concession does not appear in DRIP or the secondary legislation that will implement it.



ifthethunderdontgetya™³²®© 07.14.14 at 1:44 pm

democracy has been washed away

She’s dead, Jim Maria.


Collin Street 07.14.14 at 1:59 pm

I’ve read reports that Jimmy Saville had access to certain information that he used essentially to blackmail himself into… the sorts of positions he wanted to be in.

No links, because I haven’t really been following it. But there’s certainly a lot of odd things happening in certain parts of the UK legal system.


Sasha Clarkson 07.14.14 at 6:23 pm

Thank you Maria – done!

I added “The Government is our servant, and servants should not snoop on their masters. On the other hand, you keep too many of your own secrets. For example, it is unacceptable that we can’t see the transcripts of the Bush-Blair conversations. Without accountability, democracy is a sham!”

I’m afraid that there is zero chance of my local Tory MP taking any notice of protests: I’m afraid he’s long on party loyalty and short on brains. It will put him to the annoyance of sending me a reply though!


Alex O'connor 07.14.14 at 11:40 pm

I am reminded of the BBC show The Last Enemy; we stand to lose far more from a pervasive security state than we ever do from extreme right tail event of terrorist violence.


ZM 07.15.14 at 7:56 am

Similar changes are being mooted in Australia (another 5 eyes member) in response to the ’emergency’ of jihadist fighters going to Syria. Both the major parties appear to support such changes, with Labor actually arguing the Liberal National coalition government is not extending enough authority to the secret agencies. There is a revision of the telecommunications interception and access act currently underway. Aus-US Joint Defense Facility Pine Gap in the Northern Territory has also been implicated in the recent drone assassinations of two Australians overseas, as well as reported US influence on Australian politics in the 1970s.







Maria 07.15.14 at 9:18 am

Thanks, Sasha. Well done! My MP is Tory wannabe Kate Hoey so I don’t hold out an awful lot of hope either. Still, we’ve got to do all we can.


Sasha Clarkson 07.15.14 at 10:03 am

When the law passes, perhaps the only way to fight it will be by trolling to make it unworkable?

Let’s face it, legal or not some of us are probably already on their intercept list. But how will they know which emails to read? Probably by using bots to detect keywords. So sabotage by regularly emailing an innocent photo to like-minded acquaintances, and add a suspicious postscript:

eg “Re Plan X: I will meet you by the third lion in Trafalgar Square at 11am tomorrow: I shall be wearing a yellow carnation. We will then proceed along Whitehall in the direction of Downing Street. Don’t forget the bomb detonators. In the name of our glorious martyrs we will take out the infidel capitalist running dog Cameron and send a signal to the faithful. Allahu Akhbar! (or even in Arabic: الله أكبر) #driptroll ”


Chris 07.15.14 at 3:13 pm

Sure, it might help prevent terrorism to have better surveillance. It would certainly be easier to prevent if we all lived naked in glass boxes with no locks on the doors.

I wonder how many terrorists are spawned by facist states?


Sasha Clarkson 07.15.14 at 5:40 pm

Of course the government got its way – but good news for you Maria: Kate Hoey voted against! I expect my farmer MP, Simon Hart, was one of the sheep.



Brett Dunbar 07.16.14 at 4:42 pm

@7 As I understand it the information is mainly used in retrospect to find out who a suspect who has come to police attention for other reasons was in contact with. So unless you actually blow something up, or do something else to make yourself the subject of legitimate suspicion, then no it is very unlikely that you will be investigated as there is no reason to look at it.

For this type of retrospective investigation to be useful substantially all of the data needs to be retained for a long period. The government had believed it had the powers to require retention under existing laws, the courts disagreed with this long-standing belief. This meant that the companies could choose to dispose of the data immediately. This legislation is therefore intended to enact powers, which the state had hitherto believed it already possessed, before any of the companies actually disposed of the data. As it involved enacting a legislation to place the status quo on a firm legal basis this didn’t appear to involve any changes in practice.

It is possible, indeed very likely, that it was the actions of the ORG to get ISPs not to retain data which prompted the rushed legislation. If the informal arrangement had been left in place then the ISPs might have retained data voluntarily following the Home Office request while parliament took due time to consider its response, placing a legal obligation on the ISPs to retain data means that they clearly aren’t liable if they refuse a request not to retain data.

Comments on this entry are closed.