Thursday, 10 July 2014

Data Retention

First off, yes, I know this is happening, and it is nice to get tweets, emails, calls, facebook messages, irc messages, and so on from all my friends and blog readers saying "did you know?".

The BBC are covering this as well

I am very much against blanket surveillance, and the previous Data Retention regulations did do that to some extent. They only applied in some cases (and A&A had never been asked to retain data), and the enforcement was odd too (civil action to force compliance?). The drafting was really bad and left, in my opinion, a lot of loopholes.

There are some key issues here though :-
  1. Blanket surveillance of the population is not acceptable - it is a breach of human rights, and the EU courts agree with that. That is why they struck down the previous regulations. How can the UK go against that? AFAIK even this new emergency legislations has to be in line with EU Human Rights rules, and it won't be if it imposes blanket surveillance in the same way as a regulation which has already been considered and lost. Why is the UK government even trying to go against Human Rights anyway?
  2. Rushing through any law shrouded in secrecy is bad - what the hell is going on?
  3. I hesitate to put down the threat of terrorists, but statistically they are a tiny threat compared to even car drivers. The amount of surveillance and laws and vast amounts of money spent reacting to terrorism is not really sensible. They try to cause terror, and that is what they are doing - if we allow ourselves to give up basic human rights in this fight, we have lost.
But I can't really say much more until the wording of the bill is seen, and the implications considered by someone with a sensible legal mind (e.g. Malcolm).

Update: This is the bill: Data Retention and Investigatory Powers Bill

P.S. AAISP have no black boxes. AAISP have not been asked to retain data under the 2009 regulations.

From ORG: "What exactly is the point of human rights judgements if even the Liberal Democrats are prepared to ignore them? The CJEU have outlined very clearly what needs to happen before governments compel data to be retained. They say you cannot do it on a blanket basis, and someone independent, such as a regulator or a judge, must supervise police access. These fundamental points are missing from the emergency laws."


  1. But But But.... Think of the Terrorists^W Children!

  2. This is an outrage. I'm making as much noise about this as I can.

  3. Seems strange the pathetic liberals including Julian Huppert seem to be supporting would think the liberals want to defend human rights. not go against them. but on the other hand the party is run by an ex tory

  4. Emailed Ian Lucas MP and then phoned his office to hopefully get emails looked at today.

  5. Rushing through any law shrouded in secrecy is bad - what the hell is going on?

    1. Anything that has to be done in secret is *not* in the public's best interest.
    2. BBC News being the mouth of the government is bragging about this and/or rubbing it in out faces imo. Why else would they cover something that is secret?
    3. We're officially suppose to lovely accept this with smiles and acceptance.

  6. 1. The British government keeps going on about getting out of the EU human rights legislation because it prevents them from doing terrible things. They've listed a variety of things that they want to do that the EU bans, and all of them have struck me as things that they really shouldn't be doing anyway!

    2. They're rushing through these laws before people get the chance to object - exactly the same as they've done with previous "anti-terror" and "child protection" laws that have eroded our civil liberties. They know that there would be uproar if people got chance to think about it, so do it as quickly and quietly as they can.

    3. To my mind, the real terrorists are the government and security services: the OED defines terrorism as "use of violence and intimidation in the pursuit of political aims." The government and security services may not be actually committing acts of violence, but they are certainly using it to intimidate the public into supporting their political agenda. Their usual "if you do $foo the terrorists will blow you up" seems no different to me than the bombers' "if you don't do $foo we'll blow you up".

    The threat of terrorism really is vanishingly small and is only a big deal because of the shock factor. When I was growing up, they did the right thing by downplaying the attacks - if the IRA set off a bomb then there would be a brief news report saying that it had happened and then everyone moved on. These days, they stir everything up instead - if there's an attack then they make sure the public get properly riled up and then push their "anti-terror" legislation. There doesn't even have to be an attack - the security services just have to announce that they've found some evidence that someone was planning some half-arsed attack.

  7. Is the colour of the boxes important? Surely they could be beige or grey and still be used for monitoring/logging.

    1. It's all a conspiracy. RevK does have monitoring boxes, but he can't tell us. Since he wouldn't lie to us or be compelled to lie, he states "we have no black boxes" which would be a truth if the boxes were indeed a different colour. ;-)

    2. No "black" boxes of any colour!!!

  8. I don't really have an issue with the current data retention and RIPA legislation. LEA access to call records, ISP logs etc has resulted in a lot of arrests, prevention of crime and prison sentences. What we have now is a long way from a police state and is used well.

    This new legislation is being rushed through to counter the EU court debacle which could cause network operators to be in dubious legal water. They don't do anything silly, requests for data are scrutinised and it is really handled all very well.

    It is a sad fact that criminals of all persuasions use communications to further their activity, and the relevant organisations do need this data to combat crime. It isn't all about terrorism, its a shame that this is picked on. It is about sex traffickers, drug dealers, murders, burglary gangs any all manor of crime.

    Yeah, sometimes the authorities are a little dumb in how they use the data and what they assume it means. This is an educational issue and it is down to people in the industry to help with this.

    Now for another home-brew :)

    1. I would be interested to see citations for your claim in the first paragraph. I suspect an awful lot of the arrests/prevention/sentences would have happened without the legislation but with a good, old-fashioned, judge-issued warrant.

    2. "LEA access to call records, ISP logs etc has resulted in a lot of arrests, prevention of crime and prison sentences."

      Brilliant. Lots of people being arrested clearly proves that the laws are necessary and that we don't live in a police state. The actual "crimes" might be totally harmless acts like reading a terrorist manifesto or using certain rude words on the internet, but it's statistics that count, and as long as the authorities can put lots of manufactured "criminals" behind bars they must be doing a good job. Bravo!

      Now can I have a another glass of Kool-Aid please?

    3. I don't have a problem with police being able to retrieve (via a warrant) any information that is already retained for other reasons (e.g. billing) - this is how it all started, after all: the GPO used to retain billing records for their own use and the police could get a warrant to see them, just as they can get a warrant to see any other information that exists. If they wanted any information above and beyond the details that were already being recorded (e.g. if they wanted to listen to the phone call) they had to get a warrant to collect the additional data _before_ the event.

      Requiring any data to be collected/retained purely for law enforcement purposes without a warrant is a very slippery slope in my opinion - we're moving out of the territory of not interfering with the law abiding public to putting everyone under suspicion all the time and collecting data on everything they do just in case they are later suspected of committing an offence.

      I would rather a few criminals go free than the whole population be put under continual suspicion and scrutiny. And lets not forget that once the data has been collected, controlling access to it becomes a big problem - now it may require the police get a warrant, but can you guarantee that this won't change within the retention period of the data?

      Not wanting to Godwin the conversation too much, but this point is relevant: the Nazi party were voted in by the German population democratically - people trusted them. They then went around exterminating Jews. Just imagine what would have happened if they had an existing database that had been collected over many years that they could analyse to find out the religious persuasions of every single person, who each person associates and communicates with, where those people tend to hang out, etc. It would've made it so much easier to round up all the Jews wouldn't it? Can you be sure that our government will be trustworthy for as long as this data is retained? (Hell, many people would question how trustworthy the authorities are *now*). One day the authorities are using this data in your interests to round up the criminals, the next day they're rounding you up because you do something to piss them off.

  9. They may well have happened with a good old fashioned judge-issued warrant. I'd expect though that the time taken to work on a case would significantly increase if a judge had to approve every request for comms data.

    Now, I do think that RIPA is a little too broad in the scope of organisations who can access data and this should be challenged.

    1. The time taken to work on a case would be significantly increased if a judge had to approve every request for police to break into people's homes to collect evidence.

      You can use the "but its quicker without a warrant!" excuse to justify pretty much any warrantless act. I for one am not interested in making the police's job slightly easier at the expense of the liberties of all the vast majority of the population who are innocent.

      Hell, it'd also be a lot easier for the police if they could lock criminals up without bothering the judge with trivialities like proving their guilt wouldn't it?

  10. OK, so it is not really about keeping the data, it is rather the RIPA legislation that causes issues. I understand the issues with RIPA, I've seen it used very well but of course that may not always be the case.

    Would everybody here be happy with RIPA if it has judicial oversight?

  11. The quoted portion I saw earlier seems to require ISPs to retain "traffic data, use data OR subscriber data" (my emphasis) ... in which case, the Clueless graphs would seem to be sufficient!

    "Yes, PC Plod, line number 4309 downloaded 13,409,309 bytes and uploaded 4,909,203 bytes between 1 pm and 2 pm on the 2nd of July. Sorry, we don't know who that is, we don't keep that data..."

    It is alarming to see the way Cameron rushed to ram this legislation through as an "emergency" with so much secrecy (apparently, not even the Cabinet members being summoned to be told about it knew why they were summoned!) - and the way both the "opposition" and "liberal" parties jumped into line behind him.