The following guest post is contributed by David Davis, former Shadow Home Secretary and current Conservative MP for Haltemprice and Howden.
One year ago, the government passed emergency legislation granting itself wide surveillance powers to collect telephone and internet metadata. The flawed Data Retention and Investigatory Powers Act (Dripa) was forced through Parliament in a single day, with insufficient time for proper debate. It is extraordinary that so little time was given to examine powers that allow the storage of everyone’s personal data, detailing where you have been, who you have talked to and when — in other words, a record of almost everything you do.
It is clear now that there was no emergency. The government waited for three months before bringing the legislation to Parliament, and then nine months to finish implementing it — the code of practice for Dripa only came into force in March of this year.
The government was simply trying to avoid proper Parliamentary scrutiny. It was an insult to Parliament and our democracy, and a masterclass in poor legislating. Many warned at the time that the law would likely fall apart within a year — those warnings have now been fully vindicated.
Within one week of Dripa becoming law, we brought a judicial review against the government. On 17 July, exactly one year to the day after Dripa was granted Royal Assent, the courts struck it down, declaring it incompatible with EU law. It was an ignominious way to mark the anniversary of a flawed piece of law making.
The court agreed that the current access regime for these intrusive surveillance powers is utterly inadequate; in effect, other officers in the same organisation can approve getting at our data. This is one reason why phone data is accessed more than 500,000 times a year. This judgment is a hammer blow to the credibility of the government’s legislation in this area.
The government’s defeat should not come as a surprise to anyone. Concerns over its surveillance powers have been voiced time and again. And despite being put in place in response to a ruling of the European court, which struck down a similar piece of legislation, Dripa took no account of the criticisms voiced by that court.
The arguments marshalled in Dripa’s favour were almost identical to those used to support the Draft Communications Data Bill (better known as the Snooper’s Charter) in 2012. The committee of the Lords and Commons that reviewed that flawed piece of legislation comprehensively rejected these arguments, noting that the legislation paid, “insufficient attention to the duty to respect the right to privacy, and goes further than it need or should”.
If that wasn’t enough, the Home Office was criticised for providing “fanciful and misleading” evidence, and the committee concluded that the legislation was, “badly written, far too broad in scope and badly costed”.
So this government has history when it comes to poor legislation in this area.
The government now has nine months to put improved legislation in place, ensuring that there is no sudden loss of our security capabilities. This is sufficient time for the government to think again, and return to Parliament in the autumn with a timetable that allows proper debate. It is certainly far longer than the one day that the government gave to Parliament for Dripa.
Of course, this judgment is just the latest in a string of embarrassing defeats for the government over its surveillance capabilities, starting with the failure of the Snooper’s Charter.
More recently, in February the Investigatory Powers Tribunal (IPT) found that GCHQ’s access to information obtained by the US National Security Agency’s PRISM and Upstream programmes was illegal. This was the first time the IPT has found against the security services.
Then the IPT disclosed that the GCHQ had been intercepting communications between lawyers and their clients, in breach of legal privilege and undermining our rights to free speech and a fair trial.
This was followed by the Interception of Communications Commissioner, Sir Anthony May, revealing that 19 police forces made more than 600 applications to uncover journalists’ confidential sources in the past three years.
And earlier this month the IPT found that the government had illegally retained Amnesty International’s communications; the government has offered no justification as to why it was snooping on a respected human rights group. Amnesty would not even have known its communications were being intercepted, let alone unlawfully retained, had the IPT not had to issue a correction to an earlier judgment. So it is a reasonable assumption that other charities and human rights groups may have been snooped on, and in the absence of the accidental infringements on internal guidelines, we will never know.
This string of defeats shows a government that has lost control of its surveillance powers, which are being used for reasons far beyond those envisaged, without sufficient justification or oversight.
The fact is, it is no surprise that the government is failing to comply with its own laws. The whole legislative framework that underpins surveillance in the country is badly designed, excessively complex and largely out of date. In fact, what it can do legally within the 65 Acts of Parliament that allow snooping is more shocking than the occasional breaches.
David Anderson, the Independent Reviewer of Terrorism Legislation, explained in his authoritative report into investigatory powers that, “Ripa (the Regulation of Investigatory Powers Act), obscure since its inception, has been patched up so many times as to make it incomprehensible to all but a tiny band of initiates. A multitude of alternative powers, some of them without statutory safeguards, confuse the picture further. This state of affairs is undemocratic, unnecessary and — in the long run — intolerable.”
This view is supported by another recent report, this one undertaken by the Royal United Services Institute and with a panel containing a former Director General of MI5, a former director of GCHQ and a former Chief of the Secret Intelligence Service. The RUSI report mirrors Anderson’s report and also recommends clearer legislation and more effective oversight.
Crucially, both reports strongly recommend that we hand authorisation for access to communications data over to judges. The Home Secretary recently admitted to authorising up to ten warrants a day. It is just not feasible, given the other demands on any Home Secretary, for each warrant to receive the scrutiny that they require. A Home Secretary’s workload is simply too large to allow them to double up as the authorisation system for the intelligence services.
After I described this process on Radio 4, I even had a police officer write to me telling me that it was impossible for one person to properly consider ten warrants a day — and he was a specialist in this area.
There is now a new consensus that the UK needs to clarify its surveillance powers, and introduce judicial oversight. Specially trained and security cleared judges would be a far more effective oversight mechanism.
This is not a revolutionary proposal, and is already the position among our intelligence partners, including the US, Canada, Australia and New Zealand. The Home Secretary’s refusal to countenance judicial oversight flies in the face of expert, and public, opinion.
The recent defeats of the government are due to overly complex and fragmented legislation, inadequate safeguards and insufficient oversight. The government can choose to embrace the new consensus and implement the recommendations of the Anderson and RUSI reports, or they can continue to be defeated in court. Then they really will put our security at risk — and solely because of their own arrogance.