In May 2012 a motion in the Lords was agreed that a Joint Committee on the Draft Communications Data Bill should consider and and report on the draft Bill by 30 November 2012.^[1] The 12 member select committee was chaired by Lord Blencathra.^[2]

Commons MPs sitting on the committee were Julian Huppert MP, Nicholas Brown MP, Michael Ellis MP, Stephen Mosley MP, Craig Whittaker MP, David Wright MP.^[3] Lords were Lord Blencathra (chair), Lord Strasburger, Lord Armstrong of Ilminster, Baroness Cohen of Pimlico, Lord Faulks, Lord Jones^[4] (See committee website.)

The committee ceased to exist after the report was finalised at the end of November 2012.

Report

The final report was published on Tuesday 11th of December 2012.^[5] Available online as HTML or PDF.

Written evidence is available as written_evidence_Volume.pdf. Oral evidence is available as Oral_Evidence_Volume.pdf.

Summary of recommendations

278.

• It is the duty of government—any government—to maintain the safety and security
• For this the law enforcement authorities should be given the tools they need.
• Reasonable access to some communications data is undoubtedly one of those tools.

279.

• Government also has a duty to respect the right of law-abiding citizens to privacy

280.

• These duties have the potential to conflict.
• Where and how the balance should be struck between these conflicting duties in a mature Parliamentary democracy Parliament has to decide; indeed perhaps only Parliament can in the end decide.

281.

• Our overall conclusion is that there is a case for legislation which will provide the law enforcement authorities with some further access to communications data, but that the current draft Bill is too sweeping, and goes further than it need or should.
• We believe that, with the benefit of fuller consultation with CSPs than has so far taken place, the Government will be able to devise a more proportionate measure than the present draft Bill, which would achieve most of what they really need, would encroach less upon privacy, would be more acceptable to the CSPs, and would cost the taxpayer less.

282.

• Part of the data gap is down to a lack of ability on behalf of law enforcement agencies to make effective use of the data that is available. Addressing this should be a priority.

284.

• Before re-drafted legislation is introduced there should be a new round of consultation with technical experts, industry, law enforcement bodies, public authorities and civil liberties groups.
• on the basis of the narrower, more clearly defined set of proposals on definitions, narrower clause 1 powers and stronger safeguards which are recommended in this report.
• CSPs should be given a clear understanding of the exact nature of the gap which the draft Bill aims to address so that those companies can be clear about why the legislation is necessary.

285.

• [CPSs should] be told what obligations might be imposed on them

286.

• Meaningful consultation can take place only once there is clarity as to the real aims of the Home Office, and clarity as to the expected use of the powers under the Bill.

287.

• The Home Office has however made clear that it does not currently need the power under this legislation to require other types of data be retained, and does not for the present intend to issue notices going more widely (except to CSPs which are not covered by the EU Data Retention Directive, which might be asked under this legislation to retain for 12 months data which they already create for business purposes). Clause 1 therefore should be re-drafted with a much narrower scope,

288.

• We do not think that Parliament should grant powers that are required only on the precautionary principle. There should be a current and pressing need for them.

289.

• Parliament and government both need to accept that legislation that covers the internet and other modern technologies may need revisiting and updating regularly.

292.

• Whether clause 1 should allow notices that require CSPs to retain web logs up to the first “/” is a key issue. The Bill should be so drafted as to enable Parliament to address and determine this fundamental question which is at the heart of this legislation.

294.

• We acknowledge that storing web log data, however securely, carries the possible risk that it may be hacked into or may fall accidentally into the wrong hands, and that, if this were to happen, potentially damaging inferences about people’s interests or activities could be drawn.
• Parliament will have to decide where the balance between these opposing considerations should be struck.

297.

• The Home Office has also given a commitment that no CSP will be asked to store or decrypt encrypted third party data. These commitments should be given statutory force.

299.

• The Request Filter will speed up complex inquiries and will minimise collateral intrusion. These are important benefits. On the other hand the Request Filter introduces new risks, most obviously the temptation to go on “fishing expeditions”. New safeguards should be introduced to minimise these risks.

300.

• Any public authorities which make a convincing business case for having access to communications data should, like the six we have specified in paragraph 25, be listed on the face of the Bill.

302.

• The House of Lords Delegated Powers and Regulatory Reform Committee recommended that any additions to this list should require primary legislation. We agree. Clause 9(7), which allows the Secretary of State to add further permitted purposes by order, should be deleted.

303.

• we recommend that the Government should consult on whether all the permitted purposes are really necessary.

304.

• The language of RIPA is out of date and should not be used as the basis of new legislation. The Bill should be re-drafted with new definitions of communications data.
• The challenge will lie in creating definitions that will stand the test of time.
• There should be an urgent consultation with industry on changing the definitions and making them relevant to the year 2012.

305.

• A new definition of subscriber data is needed that simply covers the basic subscriber checks that are the most commonly used.
• How to define subscriber data should be a key element of the consultation,

306.

• A new hierarchy of data types needs to be developed. Data should be divided into categories that reflect how intrusive each type of data is.

307.

• It is imperative that everything is done to make clear that content cannot be requested under the provisions of this legislation. Content is not defined in the draft Bill.
• it is nevertheless important that the content should be expressly excluded from all categories of communications data.

308.

• The SPoC process should be enshrined in primary legislation. A specialist centralised SPoC service should be established modelled on the National Anti-Fraud Network service which currently offers SPoC expertise to local authorities.
• This new service should be established by statute, and all local authorities and other infrequent users of communications data should be required to obtain advice from this service.

310.

• The IoCC should carry out a full review of each of the large users of communications data every year.
• For this the IoCC will need substantial additional resources, both as to numbers and as to technical expertise. There should be full consultation with him on this. His role should be given more publicity.

311.

• The IoCC’s brief should explicitly cover the need to provide advice and guidance on proportionality and necessity, and there should be rigorous testing of, and reporting on, the proportionality and necessity of requests made.

312.

• The IoCC will need the necessary expertise properly to examine the operation of the Request Filter.
• He will have to report on the scale of searches via the Request Filter and rigorously test the necessity and proportionality of requests put to the Filter.

314.

• Work should be done to rationalise the number of commissioners with responsibility for different areas of surveillance.

317.

• The Bill should provide for wilful or reckless misuse of communications data to be a specific offence punishable in appropriate cases by imprisonment.

321.

• We are concerned that the Home Office’s cost estimates are not robust. They were prepared without consultation with the telecommunications industry on which they largely depend, and they project forward 10 years to a time where the communications landscape may be very different.

Committee meetings and evidence

scheduled events

• Evidence sessions uploaded to YouTube

^[6]

• 2012-07-03: Scheduled private meeting ^[7]
  • Julian Huppert: Communications Data Bill - send me your evidence
  • Request for Evidence
• 2012-07-04: Scheduled private meeting ^[8]
• 2012-07-10 15:30 : Witnesses: Parliament Live stream, Transcript 1 - 96
  • Richard Alcock, Director of Communications Capability Directorate,
  • Peter Hill, Head of Unit for Pursue Policy and Strategy Unit, and
  • Charles Farr, Director General, Office of Security and Counter-Terrorism, Home Office.^[9]
• 2012-07-11 15:00 : Witnesses: Parliament Live stream , Transcript 97 - 126
  • David Davis MP,
  • Nick Pickles, Director, Big Brother Watch,
  • Jim Killock, Executive Director, Open Rights Group and
  • Dr Gus Hosein, Executive Director, Privacy International; (this session was cut short due to voting elsewhere.)
  • Professor Ross Anderson, Professor of Security Engineering at the Computer Laboratory, Royal Academy of Engineering and
  • Professor Peter Sommer, Visiting Professor in the Information Systems Integrity Group, London School of Economics
  • Glyn Wintle, Chief Consultant, Firewolf^[10] (The second session has been postponed, and will probably be rescheduled for September - after the parliamentary recess.)
• 2012-07-12 11:00 : Witnesses Parliament Live stream, Transcript 127 - 220
  • Donald Toon, Director of Criminal Investigation, HMRC,
  • Cressida Dick, Assistant Commissioner, Metropolitan Police Service,
  • Gary Beautridge, Assistant Chief Constable, Association of Chief Police Officers,
  • Trevor Pearce, Director-General, Serious Organised Crime Agency and
  • Peter Davies, Chief Executive, Child Exploitation and Online Protection Centre
  • Daniel Thornton, Head of Enforcement Legal, Financial Services Authority,
  • Councillor Paul Bettison, LGA Regulatory Champion and member of the LGA Safer Communities Board, Local Government Association,
  • Gillian McGregor, Director of Operational Intelligence, UK Border Agency and
  • Nick Tofiluk, Director of Regulatory Operations, Gambling Commission^[11]
• 2012-07-17 15:00 : Witnesses Parliament Live stream, Transcript 221 - 329
  • Angela Patrick, Director of Human Rights Policy, Justice,
  • Rachel Robinson, Policy Officer, Liberty,
  • Jim Killock, Executive Director, Open Rights Group and
  • Nick Pickles, Director, Big Brother Watch;
  • Professor Anthony Glees, Director of the Centre for Security and Intelligence Studies (BUCSIS), University of Buckingham and
  • Dr Julian Richards, Co-Director of the Centre for Security and Intelligence Studies (BUCSIS), University of Buckingham^[12]
• 2012-09-04 15:00 Witnesses Parliament Live stream, Transcript 330 - 416
  • Professor Peter Sommer, Visiting Professor at de Montford University Cyber Security Centre;
  • Professor Ross Anderson, Professor of Security Engineering, Computer Laboratory, University of Cambridge;
  • Professor Sadie Creese, Professor of Cybersecurity, Department of Computer Science, University of Oxford; and
  • Glyn Wintle, Chief Consultant, Firewolf.^[13]
• 2012-09-05 ??:?? Private witnesses Transcript 417 - 508
  • Jonathan Grayling, Head of Law Enforcement Liaison, Everything Everywhere,
  • Bob Hughes, Government Programme Manager, Telefonica UK – O2,
  • Mark Hughes, Managing Director Security, BT,
  • Mark Hughes, Head of Corporate Security, Vodafone, and
  • Simon McCready, Group Risk Director , Virgin.
• 2012-09-05 16:30 Witnesses Parliament Live stream, Transcript 509 - 546
  • Nicholas Lansman, Secretary General, Internet Services Providers’ Association (ISPA); and
  • Malcolm Hutty, Head of Public Affairs, London Internet Exchange (LINX),
  • Jimmy Wales^[14]
• 2012-09-06 10:30 Private meeting, Witnesses Panel 1 Transcript 547 - 600
  • Sarah Hunter, Head of UK Public Policy, Google;
  • Stephen Collins, Head of EU Policy, Microsoft, for Hotmail; and
  • Emma Ascroft, Director of Public Policy, Yahoo!
• 2012-09-06 ??:?? Private meeting, Witnesses Panel 2 Transcript 601 - 659
  • Simon Milner, Director of Policy for UK & Ireland, Facebook;
  • Colin Crowell, Head of Global Public Policy, Twitter;
  • Stephen Collins, Head of EU Policy, ex-Skype/Microsoft;
  • Steven Murdoch, Chief Research Officer, the Tor Project, and Senior Researcher, University of Cambridge
• 2012-10-16 15:00 Witnesses Parliament Live Stream Transcript 660 - 713
  • Sir Paul Kennedy, Interception of Communications Commissioner, and
  • Joanna Cavan, Chief Inspector, Interception of Communications Commission; and (at 16:00)
  • Christopher Graham, Information Commissioner.^[15]
• 2012-10-17 15:00 Witnesses Parliament Live Stream Transcript 714 - 749
  • Jamie Bartlett, DEMOS; and
  • Lord Carlile of Berriew (former Independent Reviewer of Terrorism Legislation).^[16]
• 2012-10-18 ??:?? Private meeting, Witnesses
  • Committee visit to the Metropolitan Police Service.^[17]
• 2012-10-23 15:00 Witnesses Parliament Live Stream Stream 2 Transcript 750 - 839
  • Henry Porter, columnist for The Observer;
  • Duncan Campbell, IPTV;
  • Paul Heritage-Redpath, Product Manager and Solicitor, Entanet Opinion; and (at 15:30)
  • Keir Starmer QC, Director of Public Prosecutions, Crown Prosecutions Service ^[18]
• 2012-10-24 15:00 Witnesses Parliament Live Stream (audio only) Transcript 840-918 Transcript 919-933
  • Richard Alcock, Director of Communications Capability Directorate,
  • Charles Farr, Director General, Office of Security and Counter-Terrorism, and
  • Peter Hill, Head of Unit for Pursue Policy and Strategy Unit, Home Office.^[19]
• 2012-10-24 ??:00 Private Witnesses Unpublished 934-1012
  • Martin Sutherland, Managing Director, Global Communications Systems, BAE Systems Detica
  • Martin Chalmers, Director, Global Communications Systems, BAE Systems Detica
  • Austin Trainer, Solution Architect, Global Communications Systems, BAE Systems Detica
  • John Davis, Chief Technology Officer - Global Communications Systems, BAE Systems Detica
• 2012-10-25 09:30
  • Committee visit to Everything Everywhere offices.
• 2012-10-30 15:00 Witnesses: Parliament Live Stream Stream 2 Transcript 1013-1140
  • Trefor Davies, Chief Technology Officer, Timico Ltd,
  • David Walker, Labelled Security Ltd,
  • Caspar Bowden, Independent advocate for information privacy rights and
  • Dr Gus Hosein, Executive Director, Privacy International;
  • Steve Higgins, Detective Chief Inspector, National Police Improvement Agency,
  • Sir Peter Fahy, Chief Constable, Greater Manchester Police and
  • Andre Baker QPM, Deputy Chief Executive, CEOP^[20]
• 2012-10-31 15:00 Final Witness: Parliament Live Stream Stream 2 Transcript 1141-1207
  • Rt Hon Theresa May, Home Secretary^[21]
• 2012-11-08 14:30 Private meeting ^[22]
• 2012-11-13 10:00 Private meeting ^[23]
• 2012-11-21 14:30 Private meeting ^[24]
• 2012-11-28 Final private meeting
• 2012-11-30 Original deadline for report

Public consultation

Deadline for the public call for evidence was 23rd August 2012. Written evidence has been collected into a 447 page document Communications Data formatted written evidence.pdf

Publicly published submissions:

• Bar Council of England and Wales
• The Law Society of England and Wales
• Coadec
• Demos
• Global Network Initiative
• Index on Censorship
• Janet
• Liberty Human Rights

• Open Rights Group
• Privacy International
• Wikimedia UK

• Paul Bernal
• Ray Corrigan
• Alec Muffett
• William Heath
• Zoe O'Connell
• Paul Connolly

Responses to the report

See also Communications Data Bill/Media

• ISPA
• Labour party
• ICO
• Global Network Initiative
• NUJ

Links

• http://www.parliament.uk/business/committees/committees-a-z/joint-select/draft-communications-bill

References