Get ready for the 'Snooper's Charter II'

News by Steve Gold

UK Home Secretary and NCA director general explain the need for state digital surveillance.

An interesting war of words developed yesterday between Keith Bristow, the National Crime Agency's director general and Theresa May, the UK Home Secretary, regarding access to Internet data by government agencies, including the Police.

Bristow was speaking at the Police Federation's John Harris Memorial Lecture yesterday, whilst May was speaking at the Lord Mayor's Defence and Security Lecture at London's Mansion House.

In his presentation - Policing by Consent in the Digital Age - Bristow said that there is now a pressing need for new law enforcement tools to tackle child abuse in all its shapes and forms, especially on the internet - a situation that he says will get worse.

May, meanwhile, is trying to resurrect interest in what many observers called a `Snooper's Charter' - and which the government originally abandoned after criticisms from her Liberal Democrat colleagues as unworkable and an affront to privacy.

Bristow said the Internet and digital data access issue centres on the government's acquisition and use of communications data.

"As you know, communications data is the who, where and when of a communication – but not its content. It tells us when communication was made, between which devices, and where the devices were – but not what was written or said. Communications data is not interception - to the average person, communications data could seem rather two dimensional in comparison with interception," he said, adding that type of data is now used in more than 90 percent of serious crime investigations.

May's argument in favour of a Snooper's Charter II is broadly along similar lines to the NCA director general, but taking a wholly different line of reasoning, arguing that the government needs to look again at access to communications data, given that most new technology is owned and operated by global companies who exercise considerable power - a veiled reference to Google.

The Home Secretary also dismissed allegations of mass surveillance made by the former NSA whistleblower Edward Snowden as absurd and said that UK needs to boost its intelligence capacity in response to new threats in Iraq, Nigeria, Yemen and East Africa.

“The world is a dangerous place and the United Kingdom needs the capabilities to defend its interests and protect its citizens,” she told her audience.

Professor Peter Sommer, a digital forensics specialist and Visiting Professor with De Montfort University, reviewed both Bristow and May's comments.

He said that everyone accepts that the existing RIPA (regulation of investigatory powers act) legislation is inadequate to deal with today's technology, particularly in relation to communications and interception of content.

"The objections to the failed draft communications bill were that it gave huge discretionary powers to the Home Secretary of the day, and that there were no draft codes of practice to provide the detail, that the impact assessment was "fanciful" (in the words of the Joint Committee of Peers and Lords that scrutinised the Bill) and that parts of it, including a `Request Filter' were almost impossible to understand," he explained.

According to Sommer, Home Office ministers and officials are in part to blame for that bill's demise.

What is now needed, he says, is a thorough review of all law enforcement and intelligence agency surveillance powers, currently spread over many different pieces of legislation and difficult for MPs and the public to understand.

“A piece-meal patch-up of RIPA will not work, not least because it is increasingly difficult to separate communications data from content which operate under very different authorisation regimes - law enforcement for comms data, politicians for content  - and the latter of course cannot currently be referred to in court," he said.

Sommer went on to say that it is it interesting to contrast Theresa May's approach with that of Keith Bristow, since Bristow recognises the need to explain and to get public consent, "rather than bullying any opponents of May's legislation on the basis that they don't care about terrorists, paedophiles and the like."

Over at Clavister, the security vendor, John Vestberg, the firm's CTO, said that Bristow and May's ongoing debates about privacy are good for the security industry as a whole, because they have massively raised both public and business awareness of key issues, which include access to data, and how to protect it outside of the corporate network.

"It is helping the wider business community to realise they have the choice to protect their sensitive information against interception and use by any third party, whether that's a criminal gang, an online service provider, or a national government," he explained.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews