Snoopers’ Charter: dead or just sleeping?
What’s left is a promise to find ‘proposals’ (PDF, p74) to ask mobile companies to record user data in a similar way to other ISPs. This may still go beyond the basic principle of recording data for business purposes, and allowing lawful access to it when necessary, but is a long way from the original proposals for sweeping trawls for data, plus engines to analyse it.
However, we have not removed the underlying assumption that recording information about everyone’s phone and Internet communications is necessary to combat terrorism. As Duncan Campbell in our Digital Surveillance report notes, the recording of communications data is pretty novel, dating to the 1990s. It is not a ‘principle’ that data must exist and be accessed. Furthermore, there are alternatives to recording everything, particularly, as Caspar Bowden notes, targeted preservation of data concerning suspects.
What will not go away is the fear of politicians of getting surveillance of criminals wrong. They usually prefer to cover their backs, which in this case means surveil everything, just in case. This may be nonsense in practice – police have too much data and cannot use it, as Sam Smith observes.
We also need to ask how and why these policies for extreme forms of mass surveillance keep coming back, with little challenge internally. They frequently look expensive and barely workable – key components such as decryption of data, man in the middle attacks and the use of ‘black boxes’ to reassemble communications data were dropped; while others were scaled back during discussions with the Joint Committee that examined the proposals last year. Why was legislation proposed by the Home Office, if their understanding of the technologies they would have to deploy was so flaky? And what exactly did they spend £400 million on?
Data retention laws mean that innocent citizens are already having their Internet communications recorded ‘just in case’ thanks to the Data Retention Directive. This is thankfully under challenge, in Austria and Ireland, and due to be pushed to the European Courts. There is little evidence that data retention is truly useful or necessary. There is plenty to point to it being unlikely to conform with human rights standards.