BT, Yahoo and TalkTalk raise concerns with Snoopers’ Charter proposals

BT, Yahoo and TalkTalk scrutinise Snoopers' Charter in latest written submissions

Parliamentary scrutiny of the Draft Investigatory Powers Bill, also branded the Snoopers’ Charter, has included written and oral evidence from tech firms, security experts and civil rights groups.

As the written submissions continue to be published, V3 has picked out a number of key statements from the latest batch of evidence.

BT – Greater transparency needed

bt-centre-4BT works closely with the UK government but still has a number of concerns with the bill. The firm stated in its written submission to parliament that it needs “better oversight and transparency”.

“Strong law, with clear safeguards throughout the process, should give everyone confidence that intrusive powers will only be used when necessary. For BT, it is crucial that our customers can share that confidence,” the firm said.

One major concern is bulk data retention, under which telecoms firms would be required to store customer data for 12 months.

“We consider that some further explanation of what is meant by ‘bulk’, either on the face of the bill or in guidance material, would enable greater transparency and assist the purpose of determining proportionality,” BT said.

“Government should be able to use bulk powers provided the pending legal cases uphold their validity, and that strong oversight means that they are only used when it is necessary and proportionate to do so.

“This essentially represents our view on all relevant powers: provided that they are lawful in principle, and there are appropriate safeguards in place, we think it is legitimate for government to exercise them.”

Furthermore, BT noted that any new law should include “full cost recovery” for companies having to store the data, which would include calls, messages and internet record metadata.

“Since these obligations are necessary to protect society, we believe that these costs should be borne by the government, not by communications service providers [CSPs] or their customers,” said BT.

It was estimated in previous parliamentary sessions that the cost of storing internet records alone would cost the UK taxpayer upwards of £17m a year.

Yahoo – Intrusive bulk powers

Yahoo building in silhouetteEchoing the concerns of BT, service provider Yahoo branded bulk powers “very intrusive and indiscriminate” by definition.

“It is important that the committee goes beyond merely placing bulk powers on a firmer statutory footing and scrutinises their proportionality and necessity,” Yahoo said in its submission.

“In its scrutiny, the committee must be mindful that the term ‘bulk’ has evolved to mean different things to different stakeholders and that, through the process of legislative reform, it now has a different legal meaning in different jurisdictions.”

In the US, for example, the USA Freedom Act introduced last year effectively ended ‘bulk collection’ of internet data following the Edward Snowden disclosures.

However, the term ‘bulk’ has persisted in the UK. Yahoo explained that this will lead to concerns from tech firms operating on a global scale.

“The current legal framework comprises the law in the requesting country, law in the receiving country and the international agreements that connect the two. Taken as a whole, this framework is fragmented, with gaps and conflicts which have gone unaddressed for many years,” the company said.

“In this more global communications environment, this fragmentation has become more and more obvious and creates a patchwork of overlapping and conflicting laws which overseas and domestic UK CSPs must navigate in order to discharge their legal obligations to safeguard users’ privacy and respond appropriately to valid requests for access to data.”

TalkTalk – Definitions left unclear

TalkTalk logoTalkTalk said in its written submission that many “important details” about how the bill will operate are left undefined in the bill.

The exact definition of internet connection records (ICRs) remains vague and unexplained even by home secretary Theresa May, who failed to provide a coherent definition during a recent evidence session.

“The government has indicated that secondary legislation and codes of practice will set out the exact definitions and interpretations of data such as ICRs, and how the system will account for the limitations in their use caused by proxy servers and virtual private networks,” said TalkTalk.

“It is vital that any secondary legislation or codes of practice are effectively scrutinised.”

However, the firm noted that the balance between liberty and security should be a matter for parliament to determine.

“In consultation with the government on the bill, and for the purposes of this submission, we have attempted to restrict our comments to improving the effectiveness of the legislation as opposed to expressing a view on its principles,” TalkTalk said.

Home Office – Bulk data sets and national security

Downing Street WhitehallConservative MP John Hayes, speaking on behalf of the Home Office, wrote about the plans for the much criticised bulk personal data set collection (BPDs), repeating the line that the government cannot say what these sets are on the basis of national security.

“There is a limit to the number of examples of BPD that can be put into the public domain without affecting national security,” said Hayes.

“Further detail as to what is held or how they are used could incite behaviour change and reduce the utility of the information itself, or affect the ability of the security and intelligence agencies to carry out their statutory functions.

“Nor is it possible to make public the types of data set that currently the agencies do not hold; this may provide those that wish to do us harm greater insight as to the limits of the agencies’ capabilities and thus how to avoid detection or disruption.”

This “national security sensitivity” contains necessary oversight, according to Hayes, but he offered no description of what it is.

“The security and intelligence agencies can only seek to obtain and examine bulk personal data sets that are necessary to their statutory purposes. In all cases, they must consider carefully the necessity and proportionality of obtaining a data set,” he said.

David Anderson QC – Operational cases needed

newspapers-and-glassesDavid Anderson, the independent reviewer of terrorism legislation, released his A Question of Trust report in June that investigated the validity of the UK surveillance apparatus.

Anderson said in his written submission: “The government should do more to make an operational case for the bulk powers that it seeks to preserve, as it has for the ICR power that it seeks to introduce. That course seems to me, indeed, to be very much in the government’s own interest.

“It is the government that bears the burden (including the legal burden) of demonstrating that inroads into the legal protection afforded to privacy and to personal data are necessary and proportionate.

“[In particular] where, as in the case of equipment interference, those inroads are active rather than passive, and may affect the interests of companies and individuals in friendly nations who are not themselves suspected of wrongdoing.”

Anderson noted in his previous report that he was left in doubt of the utility of bulk data collection and the compulsory retention by CSPs of communications data.

“Whether those powers are proportionate in law is ultimately for the courts to decide,” he said.

“There must by now be evidence of the utility of these powers, but they have not been the subject of parliamentary debate, and each may ultimately have to be defended in European courts which, because of their limited capacity to consider closed material, will need to be persuaded on the basis of evidence in the public domain.”

Tech firms including Google, Microsoft and Facebook recently issued a joint statement in opposition to key aspects of the bill while evidence from home secretary Theresa May left many unanswered questions.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

15 January 2016 | 2:25 pm – Source: v3.co.uk

[ad_2]

Leave a Reply

Your email address will not be published.