Following the attack on satirical magazine Charlie Hebdo in January, the Prime Minister announced that if his party wins the May 2015 general election it would introduce a "comprehensive piece of legislation" to tackle terrorists' communications online. This would involve legislating on the interception and collection of communications data.
The PM argued that “we cannot allow modern forms of communication to be exempt from the ability, in extremis, with a warrant signed by the Home Secretary, to be listened to”.
Statements such as these have led to concerns that encryption of online communications will be outlawed entirely. Whilst Whitehall officials have not elaborated further or commented on whether, for example, services such as Snapchat and WhatsApp would be targeted or prohibited under any new proposals, it is clear that encrypted communications will be at the forefront of legislators’ minds.
Reviving the snoopers’ charter?
The comprehensive legislation envisioned will in all likelihood involve reviving elements of the Draft Communications Data Bill, nicknamed the “snoopers' charter”. The Bill was originally proposed by the Government in 2012, but was blocked by the Liberal Democrats later that year on civil liberties grounds.
The Bill was and remains controversial. As currently drafted, it requires communications service providers such as internet service providers, telecommunications companies and mobile networks to keep the data of their users (which would not otherwise be stored for business purposes) for up to 12 months from the date of the communication concerned.
The data collected would not include the contents of messages, however it could include where they are sent from and who they are received by. This has led to criticism of the Bill as an invasion of privacy. It has also been argued that these requirements could lead to increased levels of cyber-crime, as hackers may deliberately target stored personal data.
Expiry of emergency measures
Another reason that new legislation is being considered is the expiry of the Data Retention and Investigatory Powers Act (“DRIPA”) next year.
DRIPA was quickly introduced in July 2014 as an emergency measure. It was implemented to allow security services continued access to users’ internet and phone records, following a repeal of those rights by the Court of Justice of the European Union (“CJEU”) in April last year.
The CJEU ruled that such retention was a broad interference with fundamental human rights to private life and the protection of personal data. It is no surprise then that, as with the Draft Communications Bill, DRIPA has been criticised as infringing privacy rights.
Counter-Terrorism and Security Act 2015
The Counter-Terrorism and Security Act received Royal Assent on 12 February 2015. Part of the Act adds to the existing Data Retention and Investigatory Powers Act to allow the identification of individuals or devices using a particular IP address at any given time. However, this doesn’t address the fact that it is common for many individuals to share devices, meaning that the IP address may not always match the person using it.
There still appears to be no consensus on legislation in relation to security services’ right to intercept online communications data.
What is clear is that any decision-making with respect to communications surveillance will need to carefully balance personal freedoms with the need for security, a task which is becoming more difficult in a landscape of rapid technological change.