This page is meant to capture actual responses to the Joint Committee Consultation on the Draft Communications Data Bill. Its goal is to help people write customised personal letters, by giving examples of what others wrote.
Summary: This response takes a rather sentimental approach and tries to appeal to the feelings, rather than the reason, of the decision makers involved.
- Please do not allow this Communications Data Bill to be passed into law.
- Take the time to carefully consider the long-term effects of such a broad set of measures.
- Most people find such issues too complicated to take a stand against the populist "we need more security" line. Please dare to be different. Have in mind that most widely respected information security experts (e.g. Bruce Schneier, Ross Anderson etc) agree that concentrating sensitive information, even when done with the best of intentions, creates too many opportunities for misuse, by law enforcement and criminals alike.
- This set of measures looks like "security theatre", with dire privacy side-effects on top. It appears to be doing something that will benefit law enforcement, but on closer inspection will have dire negative effects on the people of this country.
- Increased surveillance is not the way to build a more harmonious society. It has never been, and as long as people exist, it will never be. The potential damage to public faith and the people's psyche will be difficult to calculate when these databases (too, as every other!) are hacked into, leaked, sold to cybercriminals.
- Please don't create something we don't fully understand the implications of.
Summary: This response addresses two of the questions in the original Joint Committee consultation and contains a few arguments that can be used with MPs at a later stage.
- 2. Has the Government made a convincing case for the need for the new powers proposed in the draft Bill?
- There already extensive provisions under the Regulation of Investigatory Powers Act (RIPA). There is currently no convincing case for an extension of data gathering and surveillance powers as proposed in the Draft Communications Data Bill. The proposals are likely to generate vast amounts of additional data, and rather than looking for a needle in a haystack, the effect would be akin to adding more hay to the stack. This also increases the risk of "false positives" - flagging perfectly legitimate behaviours as suspicious, thereby turning us all into a nation of suspects. Rather than introducing the Communications Data Bill, the government should focus on tightening up RIPA, making it more transparent and limiting the number of often frivolous requests granted under that Act.
- 3. How do the proposals in the draft Bill fit within the wider landscape on intrusion into individuals' privacy?
- Both of the likely uses of the data generated under the Communications Data Bill are problematic from a privacy point of view:
- Data mining: This is the practice of looking at the entire data set to spot suspicious behaviour patterns and proactively take steps to prevent an individual from doing something as a result. A possible action that could be taken as a result of data mining is, for instance, putting someone on a no-fly list. We are therefore likely to end up with law enforcement agencies making life-changing decisions about individuals on the basis of data which is likely to be inaccurate, generate false positives and which individuals will have very little or no access to in order to appeal and overturn such decisions.
- Data filtering: This is the practice of tracing one individual's activity through the entire data set. A remarkably detailed picture of an individual's life can be generated from records such as who they have contacted by phone or email, what websites they have accessed or where they have been, based on location data from mobile phone networks. Simply by existing, this data set becomes a target for malicious activity by criminals, corrupt journalists or other parties not authorised to access the data. Rather than increasing our safety and security, this data set would expose us to additional risks.
- Both data mining and data filtering at the scale proposed in the Draft Bill give the state unprecedented powers to invade individual's privacy. They extend well beyond the sphere of digital communications and into our physical day-to-day lives. There are also additional concerns over the extent of the intrusion into content of communications, as well as potential future secondary uses of the data set.
- Intrusion into communication content: While the Draft Bill is intended to only track headline communications data (who, where, how, when) rather than content, the proposed implementation would potentially give access to communication content. For instance, in the case of data on which websites an individual has visited, content is implicitly included in this information. Remarkably accurate conclusions about content may be also be made by putting together different pieces of information from the data set, e.g. if an individual looked up medical terms on the Internet and then went to see their GP.
- Secondary uses: We have seen a number of cases where data sets collected by companies or governments for one purpose have later been used for other purposes without gaining consent from individuals. A recent example comes from Germany where the government is in the process of legalising the sale of citizens' data acquired through the mandatory registration programme to private companies for marketing purposes on an opt-out rather than opt-in basis. Therefore invasion of privacy is unlikely to remain limited to the state and law enforcement agencies.
(add your responses below)