Intelligence Committee: Data-snooping bill necessary, but needs work

The committee has said that the public and parliament will need more detail

The Intelligence and Security Committee (ISC) has released the findings of its investigation into the impact of the government's planned 'data-snooping bill', warning that while new legislation is necessary, the government must provide increased detail to satisfy parliament and the public..

The draft of the controversial Communications Bill was published in June last year, and has since suffered heavy criticism from a parliamentary committee, large private companies and privacy experts.

Much of the concern centres on perceptions that it gives too much discretion to the Home Secretary and places unrealistic and harsh requirements on Communication Service Providers (CSPs).

As the bill stands, it would give police access to communications data for the purposes of tackling serious crime.

Communications data includes information such as which websites individuals have visited, and who they have emailed, but not the actual content of exchanges. The government wants to update existing data laws to enable police to access communications data generated by new technologies such as VoIP (voice over IP) service Skype.

The Draft Bill also plans to require communication service providers, when requested to do so, to retain and store communications records that they might not already keep.

The ISC recognises that the government's approach is accurate, in that it can't update the current RIPA act to cover new emerging technologies, and it cannot expand current investigatory powers available to the government. Therefore, it says that new legislation is required.

"We have examined the possibility of expanding the user of other investigatory tools to offset the decline in availability of communications data, and also whether a voluntary approach might work: neither offers a solution, and indeed the CSPs themselves have said that they must have a legal foundation to retain data," reads the report.

"Whilst legislation is not a perfect solution, we believe it is the best available option."

The Home Office's argument for introducing the bill centres on a 'capability gap' it is experiencing, due to the increased use of mobile technologies and internet services, which are harder than traditional fixed telephone networks to monitor. It claims that their capability to effectively monitor necessary communications data is some 25 percent less than it has been previously, and this gap is set to increase.

This capability gap forms the basis for its argument to keep the definitions of the bill broad - so that it can take into consideration new technologies as they emerge, without the need to introduce more new legislation in the future.

However, the ISC's concern is that the Home Office hasn't been clear - up until now - about what monitoring is currently covered under this capability gap. The Home Office claims that this will give terrorists an advantage when considering which technologies to use at the moment to form attacks.

The ISC, however, has managed to gather some further detail of where the Home Office is struggling to collect data, and it is unsurprising that it centres on internet monitoring.

"We recognise that the draft bill is deliberately broad in order both to permit futureproofing of the legislation against technological change and not to reveal gaps in operational capability. However, this is causing considerable concern for the CSPs, and also parliament and the public," said ISC.

"We therefore welcome the decision by the Home Office to make public information on the three core elements of the gap: subscriber details showing who is using an Internet Protocol address; identifying which internet services or websites are being accessed; and data from overseas CSPs."

The ISC has said that the Home Office should consider whether there is 'any room for manoeuvre' on whether increased detail could be provided on the face of the bill as to what government hopes to be able to monitor, as this will instil greater confidence in the bill's critics.

It also said that the Home Office needs to properly consult with the CSPs, something it claims the government is yet to do, about the practical implementation of the bill (how data will be stored) and also the way in which the data is used and the safeguards that will be put in place.

Join the CSO newsletter!

Error: Please check your email address.

Tags infrastructuresecurityintelpublic sectorIT Business

More about BillSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek du Preez

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts