A decision to introduce the Data Retention and Investigatory Powers (DRIP) Bill so close to Parliament’s recess is very suspicious, and even plain under-handed. Obviously the intention was for this to become legislation with the minimum possible debate or questions asked, and we also shouldn’t be happy with the piss-poor attempts to convince us there’ll be safeguards and a ‘wider public debate’ at some undefined point in the future. When, since September 2001, have we ever seen that happen?
And Cameron hasn’t bothered to make a decent case for why ’emergency powers’ are required this time. Of course, he (along with Ed Miliand and Yvette Cooper) mentioned terrorists and deviants with a sprinkling of organised criminals, predictably, which is rather silly given there’s now supposed to be some investigation/inquiry into that alleged deviant ring in Westminster itself. Again the timing is suspicious.
A logical deconstruction of the Bill by someone more fluent in legalese can be found on Graham Smith’s blog, but the following are my own reservations:
It could easily be argued that the DRIP Bill is fundamentally wrong, straight off, as the European court ruled the Data Retention Directive invalid earlier this year because it lacked adequate safeguards and constituted an invasion of privacy. A large wedge could easily be driven through the European Convention on (qualified) Human Rights, but the Data Retention Directive was too broad even for that, giving everyone the sense they were constantly under surveillance. Or so it was argued. Privacy campaign groups saw it as a victory at the time, but I knew the ruling wouldn’t have much effect on its own since data retention wasn’t explicitly outlawed. National laws must be challenged and repealed for that to happen.
One of the more technical reasons why it violates the right to privacy is a clear line between ‘metadata’ and ‘content’ doesn’t exist yet. For example, if this ‘metadata’ were to include email addresses, that would mean The Powers That Be are indeed reading the content of our Internet communications, as email addresses can only be extracted from the payloads of TCP packets – something that’s not possible without inspecting everything that isn’t encrypted.
As we all (should) know by now, metadata can actually paint a very detailed picture of our lives – you’ll find some textbook examples somewhere on EFF’s site.
The other huge problem is a DRIP Act would do considerably more than maintain existing capabilities. The term ‘telecommuication provider’ broadened to cover practically anyone who handles data on behalf of another person.
Additionally, the bulk of it consists of amendments to the RIPA 2000, to the effect that warrants could be issued to entities operating outside the United Kingdom, or entities handling data for users outside the country. Exactly how the warrants are supposed to be enforced aren’t clear, but there are various little-known treaties and agreements between countries. Your data’s not quite as safe as you think in Romania or Russia. Perhaps this has something to do with people turning to hosting, email and VPN services operating in countries with considerably stronger safeguards.
As for the clause in the Bill that such an act would expire by 1st January 2017, it’s almost certain that a New Labour government will renew and extend the powers. In fact, as I’ve mentioned, it’s being backed by Ed Miliband and the shadow home secretary.