While communications data is integral to the work of the intelligence and security agencies, a cross-party intelligence and security committee has deemed that a lot more work is required for the proposed Communications Data Bill to work.
In the report, it deemed that "whilst there are other investigatory tools available, communications data is less resource-intensive, quicker and less intrusive than these alternative approaches". In the case of communications data, it accepted "that there is a serious problem that requires action".
Of a number of points that the committee said "must be addressed in advance of the bill being introduced", were for: legislation to update the current arrangements governing retention of communications data; more thought to be given to the level of detail that is included in the bill, in particular in relation to the order-making power; and more consultation with service providers on practical implementation, as well as a lack of coherent communication about the way in which communications data is used and the safeguards that will be in place.
After questioning agencies on how they accessed communications data, the committee found that the security service was the greatest user by far, with British Security Service director general Sir Jonathan Evans saying that access to communications data "of one sort or another is very important indeed".
“It's part of the backbone of the way in which we would approach investigations. I think I would be accurate in saying there are no significant investigations that we undertake across the service that don't use communications data because of its ability to tell you the who and the when and the where of your target's activities,” he was quoted as saying in the report.
“It tends to be relatively reliable. It's relatively accessible at the moment in a number of areas, and from our point of view it's a very, very important capability. Obviously what we try to do is to use the tools available to us to identify the activities of people who are putting us at risk and then to act to disrupt that threat.”
Also questioned was GCHQ, who said that "communications data is integral to the work of the intelligence and security agencies" and is "particularly useful in the early stages when the agencies have to be able to determine whether those associating with the target are connected to the plot or are innocent bystanders".
In terms of the provisions of the bill, government agencies will be named on the face of the bill as one of only four bodies having access to the data. Meanwhile the Information Commissioner will review the security of the data against accidental loss, unlawful destruction, unlawful retention and unauthorised disclosure, among others.
With regard to the security of the bill, it said: “However, the complete absence of any detail about the data to be covered by the bill is giving rise to considerable concern in Parliament and from the general public. We have been given detailed evidence as to which areas will and will not be covered and, moreover, which particular types of communications are currently causing the greatest problems. This is highly classified material and could not be made public without damaging the operational capabilities of the agencies.”
The draft bill, named by critics as the ‘Snoopers Charter', was announced last year and was further detailed in the Queen's Speech. More details were confirmed by the Home Secretary Theresa May, while criticisms of the security of data by internet inventor Tim Berners-Lee have not helped its case.
Speaking about the proposed bill last year, Wikipedia founder Jimmy Wales said: “The argument is that they don't want content, they only want communications data, but the problem is one of the more difficult security portions of the bill is that it contemplates mandating service providers' data that they wouldn't keep for business purposes.
“Already people are quite concerned and the public is quite uneasy about how much data Facebook and Google keep and [they are] keeping more data; and they don't want a centralised database and as far as security goes there will be breaches and mistakes and hackers have a desire to get access to this kind of information.
“It was part of the coalition agreement, to stop the unnecessary storage of personal data, this shows very little concept of it.”