UK police to lose data snooping powers


UK police forces are to be stripped of their powers to self-authorise access to phone records and web browsing history following a slew of government proposals that attempt to bring the controversial Snooper's Charter law in line with a European Court ruling.

The 250,000 requests per year from police agencies and investigating public bodies to access personal communications data will now only be permitted in cases that potentially carry prison sentences of six months or more.

However, digital rights groups say the proposals do not go far enough, and that the government's new definition of what qualifies as serious crime is "absurdly broad".

The rule changes come almost a year after Labour MP Tom Watson successfully won a case challenging the legality of core parts of the Data Retention and Investigatory Powers Act (DRIPA), a predecessor to the Investigatory Powers Act.

The High Court initially ruled in favour of Watson's case in 2015, but a Government appeal meant the case was eventually sent to the European Court of Justice in 2016. The ECJ upheld the original ruling, adding that the "general and indiscriminate retention" of data "cannot be considered justified within a democratic society".

It also added that the mass harvesting of data can only be deemed lawful if it's underpinned by stringent safeguards or independent oversight, and can only be accepted as part of investigations into serious crime and terrorism.

Currently, superintendents, inspectors, or similarly high ranking officials in the Department of Work and Pensions and Revenue and Customs are able to self-authorise data harvesting requests.

The new proposals dictate that communication requests will now be authorised by the newly created Office for Communications Data Authorisation, overseen by the investigatory powers commissioner Lord Justice Fulford. Those requests will also only be granted to cases that carry prison terms of at least six months, although it will remain at twelve months for the tracking of personal web history.

Agencies will also be unable to collect data for the purposes of public health reports or as part of the process for the collection of taxes. The government said that it will institute guidance on the protection of any held data in accordance with EU data protection protocols.

However, the UK's spy agencies will be outside the scope of the new proposals, as the government argued that the ECJ ruling on Tom Watson's case did not relate to the "retention or acquisition" of data by these agencies as "national security is outside the scope of EU law".

Security Minister Ben Wallace said that the collection of communications data is used in the majority of serious and organised crime cases, and that "its importance cannot be overstated".

"For example, it is often the only way to identify paedophiles involved in online child abuse and can be used to identify where and when these horrendous crimes have taken place."

However, Martha Spurrier, Director of Liberty, the digital rights group that provided legal representation for Labour's Tom Watson, said that the plans were a "cop-out".

"The Government has defined the 'serious-crime' exception absurdly broadly - to include crimes punishable by only a few months in prison. It fails to propose the robust system of independent oversight that is so vital to protect our rights and ignores other critical changes demanded by the court."

"This is window dressing for indiscriminate surveillance of the public when ministers should be getting on with making the law fit for purpose."

Jim Killock, executive director of Open Rights Group, said that the government had "evaded the main point of the Watson judgment", arguing that proposals do not go far enough to comply with EU law.

"Without narrowing what they keep to specific places, incidents or investigations, these changes will not meet the standards set by the courts," said Killock. "Combined with the so-called Request Filter, which could be a power for a police search engine for retained data, this will remain an incredibly intrusive surveillance power, unparalleled in democratic countries."

The government has launched a 7-week public consultation to seek feedback on the proposals given the "ongoing public interest in investigatory powers".

Dale Walker

Dale Walker is the Managing Editor of ITPro, and its sibling sites CloudPro and ChannelPro. Dale has a keen interest in IT regulations, data protection, and cyber security. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.