Emergency legislation to ensure that UK law enforcement and intelligence agencies can maintain their ability to access the telecommunications data they need to investigate criminal activity and protect the public will be announced today by the Prime Minister and Deputy Prime Minister. This has cross party agreement.
The government is taking this action following 2 recent developments. First, the European Court of Justice (ECJ) has struck down regulations enabling Communications Service Providers (CSPs) to retain communications data for law enforcement purposes for up to 12 months. Unless they have a business reason to hold this data, internet and phone companies will start deleting it which has serious consequences for investigations – investigations which can take many months and which rely on retrospectively accessing data for evidential purposes.
Secondly, some companies are calling for a clearer legal framework to underpin their cooperation with law enforcement and intelligence agencies to intercept what terrorists and serious criminals are saying to each other. This is the ability to access content with a warrant signed by a Secretary of State.
Both of these issues have left the UK government with an urgent need to bring forward emergency legislation.
The emergency Data Retention and Investigation Powers Bill will enable agencies to maintain existing capabilities. It will respond to the ECJ judgment on data retention and bring clarity to existing law in response to CSPs’ requests. Without action, our law enforcement and intelligence agencies will lose sight of data that is crucial for protecting national security and preventing serious crime, and lose track of some dangerous individuals as a result.
At the same time, the PM and DPM will also announce new measures to increase transparency and oversight. In addition there will also be a sunset clause after 2 years.
Prime Minister David Cameron said:
It is the first duty of government to protect our national security and to act quickly when that security is compromised. As events in Iraq and Syria demonstrate, now is not the time to be scaling back on our ability to keep our people safe. The ability to access information about communications and intercept the communications of dangerous individuals is essential to fight the threat from criminals and terrorists targeting the UK.
No government introduces fast track legislation lightly. But the consequences of not acting are grave.
I want to be very clear that we are not introducing new powers or capabilities – that is not for this Parliament. This is about restoring 2 vital measures ensuring that our law enforcement and intelligence agencies maintain the right tools to keep us all safe.
Deputy Prime Minister Nick Clegg said:
We know the consequences of not acting are serious, but this urgency will not be used as an excuse for more powers, or for a ‘snooper’s charter’.
I believe that successive governments have neglected civil liberties in the pursuit of greater security. We will be the first government in many decades to increase transparency and oversight, and make significant progress in defence of liberty.
But liberty and security must go hand in hand. We can’t enjoy our freedom if we’re unable to keep ourselves safe.
The following steps will also be taken to strengthen oversight and transparency:
- the Bill includes a termination clause that ensures the legislation falls at the end of 2016 and the next government is forced to look again at these powers
- between now and 2016 we will hold a full review of the Regulation of Investigatory Powers Act, to make recommendations for how it could be reformed and updated
- we will appoint a senior diplomat to lead discussions with the American government and the internet companies to establish a new international agreement for sharing data between legal jurisdictions
- we will establish a Privacy and Civil Liberties Oversight Board on the American model, to ensure that civil liberties are properly considered in the formulation of government policy on counter-terrorism. This will be based on David Anderson’s existing role as the Independent Reviewer of Terrorism Legislation.
- we will restrict the number of public bodies that are able to approach phone and internet companies and ask for communications data. Some bodies will lose their powers to access data altogether while local authorities will be required to go through a single central authority who will make the request on their behalf.
- finally, we will publish annual transparency reports, making more information publicly available than ever before on the way that surveillance powers operate
What is communications data?
Communications data (metadata about communications – not the content of communications) has been used in 95% of all serious organised crime cases handled by the Crown Prosecution Service. It has been used in every major Security Service counter-terrorism investigation over the last decade. It is particularly important for targeting serious criminals, including drug dealers, paedophiles and fraudsters. It has also been used to stop crimes in action and save lives, and to prevent miscarriages of justice.
The ability to access communications data retrospectively is crucial in developing intelligence and evidence about the activities of suspects, victims and vulnerable people for the period before a crime or other incident has taken place.
A large number of criminal investigations rely on communications data that is several months old at the point it is acquired by law enforcement. For example, an ACPO survey has shown that just over half of the CD acquired during child abuse investigations is between 6 months and 12 months old.
But this capability is under threat. The European Courts recently struck down their legal underpinning for companies to hold on to information for 12 months, which is vital for our security and intelligence agencies to conduct their investigations.
Without a clear legal basis in UK law, and unless they retain it for business need, companies will soon stop providing this data on the regulated, authorisation basis that they have done for many years and may even start deleting data which is essential for law enforcement and national security. The government therefore plans to introduce a simple piece of fast track legislation to restore the legal basis for companies to hold this data - it will take due account of the recommendations the ECJ made in its judgment.
Were these powers lost, it would be harder or impossible to effectively investigate a range of crimes, including:
- murder – those who conspired to assist the killers of Rhys Jones were caught using evidence from mobile phones, which proved they were associating at certain key times and places
- sexual exploitation – the men who groomed young girls in Rochdale were prosecuted, in part, using mobile phone call evidence which showed their association with each other and contact with victims
- drugs – a gang operating in Merseyside, Lancashire, Glasgow and South Wales in 2011 was found with 30kg of drugs and £37,000. Mobile phone call and text evidence was used to determine the gang’s hierarchy and identify key individuals. This resulted in the arrest of two gang members not otherwise identified using normal surveillance techniques
- doorstep fraud – a gang who conned an 85-year-old were prosecuted using evidence that they had called the victims repeatedly from their mobile phone
- locating vulnerable people – mobile phone location data was used to direct a search by Mountain Rescue and locate an elderly man with medical conditions, who had gone missing following a hospital appointment.
Although it is difficult to be definitive about the impact of not requiring companies to retain this data, a major recent Europol investigation into online child sexual exploitation (known as Operation Rescue) gives an indication of what the impact would be:
Of 371 suspects identified in the UK, 240 cases were investigated and 121 arrests or convictions were possible. One man was sentenced in March 2010 to 6 years’ imprisonment for sexual abuse of 2 minors after police discovered more than 60,000 indecent images on his computer.
In contrast, of 377 suspects identified in Germany, which has no such data retention arrangements, only 7 could be investigated and no arrests were made.
What is lawful intercept?
The interception of communications be it listening to the calls made on a telephone, or opening and reading the contents of a subject of interest’s letters or emails, are an important capability for both the police and Intelligence agencies. Authorised by the Secretary of State, it is used, alongside other covert capabilities and techniques, to develop an understanding of the threat posed by individuals and networks, to build our coverage of their activities, and to identify means by which to disrupt them before they damage the UK or endanger lives.
Since 2010, the majority of MI5’s priority investigations have used interception in some form to identify, understand or disrupt plots seeking to harm the UK and its citizens.
The value that visibility of online communications can bring to understanding terrorist threats is clear. Just last month it was revealed in court that Mashudur Choudhury, now the first person in the UK to be convicted of terrorist offences in connection with the Syria conflict, had received advice on how to access extremist training and weaponry in Syria through online calls with other extremists based overseas.
This is not an isolated incident - access to communications by and between criminals or terrorists is critical to the ongoing security of the UK and its citizens. The loss or reduction of this capability will seriously harm our ability to investigate and disrupt such threats in the future.