A joint parliamentary committee investigating the Draft Communications Data Bill has described the current proposed legislation as 'overkill' and said that the Home Secretary shouldn't be given sweeping powers that would trample on UK citizens privacy.
The Draft Communications Data Bill, which was put forward in June, would give police access to communications data for the purposes of tackling serious crime.
Communications data includes information such as which websites individuals have visited, and who they have emailed, but not the actual content of exchanges. The government wants to update existing data laws to enable police to access communications data generated by new technologies such as VoIP (voice over IP) service Skype.
The Draft Bill also plans to require communication service providers, when requested to do so, to retain and store communications records that they might not already keep.
The joint committee's recommendations, which are released today, urge government to amend the proposals so that fewer public authorities would have access to communications data and that the Bill should include new definitions of communications data, which are narrower in scope, and draw a clearer line between data and content.
"There needs to be some substantial re-writing of the Bill before it is brought before Parliament as we feel that there is a case for legislation, but only if it strikes a better balance between the needs of law enforcement and other agencies and the right to privacy," said Lord Blencathra, Chair of the Joint Committee.
"There is a fine but crucial line between allowing our law enforcement and security agencies access to the information they need to protect the country and allowing our citizens to go about their daily business without a fear, however unjustified, that the state is monitoring their every move."
He added: "Whilst the Joint Committee realise that there are specific data types which are not currently available, and which would aid the work of law enforcement bodies and the security services, we are very concerned at how wide the scope of the Bill is in its current form."
Other recommendations in the report include establishing a centralised service that acts as an internal authorisation process for accessing communications data, as well as making 'wilful or reckless' misuse of communications data a specific offence that is punishable by a prison term.
"We can see only three types of data that are not currently being collected which we know could aid the work of law enforcement and other agencies: data matching IP addresses to specific users, data showing which internet services a user has accessed and data from overseas communications providers providing services in the UK," said Lord Blencathra.
"The breadth of the draft Bill as it stands appears to be overkill and is much wider than the specific needs identified by the law enforcement agencies. We urge the Government to reconsider its zeal to future-proof legislation and concentrate on getting the immediate necessities right."
He added: "We are confident that the safeguards already in the draft Bill, together with our recommendations to strengthen those safeguards, will do just that."
However, despite recommending a narrower scope when legislating, the Lords report also says that 'depending on how the communications world develops', the Home Office may need broader powers in the future.
The report claims that 'parliament and government both need to accept that legislation that covers the internet and other modern technologies may need revisiting and updating regularly'. It says that the committee has considered ways in which the Secretary of State might be given powers in the future to allow her to address 'new and significant gaps if and when they emerge'.
Initial thoughts are that if information outside the scope of the Bill was required, primary legislation on each occasion could occur, or power to amend the bill by order, which would be 'subject to a super-affirmative procedure, which would guarantee fuller Parliamentary consideration than a standard affirmative order'.
With regards to security, the committee is satisfied with the proposed safeguards to protect against the abuse of data or inadvertent error by public authorities, but also acknowledges that storing web log data, however securely, carries the possible risk that it may be hacked into or may fall into the wrong hands. It claims that 'potentially damaging inferences about people's interests or activities could be drawn' if this were to happen.
Finally, the committee highlights that it is 'concerned' with the government's financial cost/benefit analysis. The Home Office's impact assessment estimates the benefits from the draft Bill in the ten years to 2020/21 to be between £5 billion and £6.2 billion, with a cost estimate of £1.8 billion. This would give government a net benefit of between £3.2 billion and £4.4 billion.
However, the report slams the estimates for not being robust and prepared without consultation with the telecommunications industry. They also project forward 10 years to a time where the communications landscape may be very different, it says.
"Given successive governments' poor records of bringing IT projects in on budget, and the general lack of detail about how the powers under the Bill will be used, there is reasonable feat that this legislation will cost considerably more than the current estimates," says the report.
"The figure for estimated benefits is even less reliable than that for costs, and the estimated net figure is fanciful and misleading. It out not be used to influence parliament in deciding on the relative advantages and disadvantages of legislation."
It continues: "Whatever the benefits of the Bill, they are unlikely to be financial."