Snooper’s Charter: Court of Appeal judgement paves the way to serious debate on Government’s mass surveillance programme
Categories: Latest News
Wednesday February 07 2018
The Investigatory Power Act (IPA) 2016 and the precursory Data Retention and Investigatory Powers Act (DRIPA) 2014, have sparked debate over the balance between privacy concerns and national security, with many complaining that the breadth of the legislation has resulted in nothing short of an Orwellian-like mass surveillance.
The acts are just two of the many passed in response to 9/11 and 7/7, which have moved current counter-terror legislation into the realm of pre-crime, thus creating a legal system particularly susceptible of error and prone to controversy. As such, the recent ruling of the Court of Appeal on 30 January 2018, which judged DRIPA unlawful, is a reminder of how timely and important it is to assess and debate the scope of Britain’s counter-terror legislation.
Indeed, it is not a case that many are now challenging the legitimacy of IPA, also known as the ‘Snooper’s Charter’, which replaced DRIPA in 2016 maintaining, however, parts of the ‘unlawful’ provisions. If DRIPA so blatantly clashes with EU law, then many questions should be asked about the follow-up legislation it paved the way to.
The Data Retention and Investigatory Powers Act, which received Royal Assent in July 2014, was yet another counter-measure to the increasing terrorist threat, and it responded to the need of carrying out “crucial investigations” by assessing the “who”, “when”, “where” and “how” of communications data, but not the content of the communication.
The rationale behind the speedy approval of DRIPA – it was adopted just three days after it was introduced – was that “interception and access to communications data are critical to the ability of our law enforcement and intelligence agencies to fight crime and protect the public”, and thus it sought to ensure that Britain’s security agencies could “gather information about who suspects contact by telephone or email.” The Government explained that these powers played a key role in the investigation of a number of serious crimes, “including the Oxford and Rochdale child grooming cases, the murder of Holly Wells and Jessica Chapman, the 2007 Glasgow Airport terror attack, and the murder of Rhys Jones”, while dismissing concerns that the Act did not adequately restrict police officers’ access to personal information, including citizens’ phone records and web browsing history.
DRIPA’s provisions included the attribution of power to the Secretary of State to require a public telecommunications operator to retain relevant communications data (Section 1), but its legitimacy was immediately challenged against European laws by Conservative MP David Davis – who however abandoned the case following his ministerial appointment, ironically enough, as Brexit secretary – and Labour MP Tom Watson, on the basis that it was incompatible with human rights.
In its December 2016 ruling, the European Court of Justice (ECJ) concluded that “EU law [Article 7 and Article 8 of the EU Charter of Fundamental Rights] precludes national legislation that prescribes general and indiscriminate retention of data” and that Britain’s national measures “fall within the scope of the directive.” It also found that “with respect to retention, the retained data, taken as a whole, is liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained.”
However, by the time the ECJ ruled against DRIPA – a decision confirmed by the Court of Appeal just days ago – then Home Secretary Theresa May had already begun the drafting of the Investigatory Powers Act 2016. Indeed, DRIPA was set to expire at the end of 2016, a clause that motivated the Government’s prompt drafting of what would become the Snooper’s Charter.
The Investigatory Power Act 2016, which received Royal Assent in November 2016, scoops up communications data while simultaneously attributing to the Government new domestic powers, including the creation of a database that stores the web history of every citizen in the country.
According to The Verge, IPA never received full attention in Parliament due to the simultaneous Brexit vote channelling the attention of UK policy-makers, meaning that its implications and its scope were never fully assessed. However, the UN Privacy Chief Joseph Cannataci quickly called the Snooper’s Charter “worse than scary”, and Edward Snowden promptly identified it as “the most extreme surveillance in the history of western democracy”, a judgement that portended more controversy and debates over its legitimacy.
One of the most controversial provisions of the legislation concerns the power to retain a record of every website, apps used and metadata of phone calls of every citizen for a maximum of one year, which can be accessed by a number of public officers following authorisation by a senior, specially-trained supervisor. In short, the power allows authorities to collect evidence first and find the criminals later, moving pre-crime legislation towards a very dangerous new area in which everyone is a potential suspect.
A second provision allows the surveillance and hacking of targeted or bulk data – the latter only allowed on foreign soil. In this case, the power requires a warrant from both the Secretary of State and a panel of judges (the so-called double lock procedure), and is formally reserved for “serious crimes” and threats to national security. However, even this power is subject to potential overreach, particularly since the legal challenge launched by Privacy International over the lawfulness of this measure showed that bulk surveillance or hacking has often been misused by security services.
For example, MI6 senior officials cautioned against potential misuse, admitting that they had seen “a few instances recently of individuals crossing the line with their database use… looking up addresses in order to send birthday cards, checking passport details to organise personal travel, checking details of family members for personal convenience.”
Because the powers contained in DRIPA were largely replicated in IPA, civil rights organisation Liberty is now launching an attack on the Snooper’s Charter on the basis that the DRIPA judgement “tells ministers in crystal clear terms that they are breaching the public’s human rights. The latest incarnation of the Snoopers’ Charter, the Investigatory Powers Act, must be changed.”
According to Silkie Carlo, policy officer for Liberty, “with the investigatory powers act, there is a very explicit commitment from government to basically be conducting indiscriminate, suspicion-less mass surveillance of the population.”
As such, Liberty will challenge the following IPA provisions:
- Bulk hacking: the power that lets police and agencies access, control and alter electronic devices, regardless of whether their owners are suspected of involvement in crime.
- Bulk interception: the power that allows the state to read texts, online messages and emails and listen in on calls, without requiring suspicion of criminal activity.
- Bulk acquisition of everybody’s communications data and internet history: the power that forces communications companies and service providers to hand over records of everybody’s emails, phone calls and texts etc.
- Bulk personal datasets: the power that lets agencies acquire and link vast databases held by the public or private sector.
Liberty also created a jargon-buster that simplifies complex terminologies used in the legislation.
However, the Government seems unmoved by the Court of Appeal’s ruling. Security Minister Ben Wallace said the ruling only applies to an expired legislation, and therefore does not change the way in which law enforcement agencies can detect and disrupt crimes.
He stated: “Communications data is used in the vast majority of serious and organised crime prosecutions and has been used in every major security service counter-terrorism investigation over the last decade. It is often the only way to identify paedophiles involved in online child abuse as it can be used to find where and when these horrendous crimes have taken place.”
In addition, back in November 2017 the Government announced a few amendments to the Snooper’s Charter, including removing the power of self-authorisation for senior police officers and requiring approval for requests for confidential communications data to be granted by the new investigatory powers commissioner.
The changes, however, were considered insufficient by many, including Watson, who explained: “The current legislation fails to protect people’s fundamental rights or respect the rule of law. That’s what my legal challenge proved and I’m glad Amber Rudd is making significant concessions today. But I will be asking the court to go further, because today’s proposals from the Home Office are still flawed.
“Ministers aren’t above the law – they don’t get to pick and choose which rights violations they address and they can’t haggle with the courts to avoid properly protecting people’s freedom. All of the fundamental safeguards demanded by the court must now be implemented.”
The new ruling of the Court of Appeal is likely to produce new amendments to the Investigatory Power Act, regardless of the final results of the Brexit negotiations. Indeed, if the UK wants to continue a free data sharing arrangement with the EU after Brexit, it needs to be strongly aligned with the EU’s data frameworks, and thus it would have to subscribe to EU regulations over surveillance and hacking.
This is a welcome news, however much is still needed in the effort to ensure that civil liberties are protected and individual rights are upheld. MEND has long expressed its concerns about a number of provisions to counter terrorism that are widely believed to encroach civil liberties and to disproportionally impact British Muslims.
While the Government’s effort to respond to the terrorist threat are laudable, more emphasis ought to be put on the potential dangers posed by seemingly unlimited acquiescence to pre-crime stipulations.