Heroic assumptions from the Home Office

This week saw the publication of the Intelligence and Security Committee’s report into the Draft Communications Data Bill. servers

While the report only looks at the way the intelligence and security agencies use communications data, and not the police, it offers further insights into the issue.

In the accompanying press statement, the Committee highlighted its scepticsm, saying: “…we consider that the Government needs to give more details on its proposals if the public and Parliament are to be convinced of the necessity of the Bill.”

The report itself contained some new insights into the legislation that would require details of of everyone’s emails, web use and social media messages to be recorded.

The committee also included scathing criticism of the Home Office’s claim about a “25% capability gap, saying “The calculations behind this figure have been the source of much controversy. The Home  Office attempted to explain in its written evidence to the Joint Committee how they arrived at this figure and there has been a great deal of discussion as to how accurate the figure is: the Director General of the Security Service commented in evidence to this Committee that they rested on some “pretty heroic assumptions”.”

The Committee also warned that the issue of retaining web browsing histories was a particularly sensitive one, saying: “The opportunity of this primary legislation should be taken to review and clarify the supporting guidance and, in particular, the status of web browsing histories”

The director general of the Security Service said: “In general, it is becoming more difficult  to be confident that you are getting CD coverage of the targets that we need to look at…” highlighting, as we have done repeatedly, the importance of ensuring targeted surveillance capabilities are improved and maintained. This legislation would do little to improve this problem.

In regard to the types of data intended to be covered, the ISC also highlighted how the committee did not share the Home Office’s initial view that the three data types should be ‘Restricted’ and not included in the Bill.  They also concluded that in the case of encrypted communications, the “only prudent alternative is to attempt to collect residual, unencrypted communications data associated with a communication” clearly ruling out storage or siphoning of encrypted data.

Sharing the Joint Committee’s concerns about cost the ISC said:” it remains clear to us that there has as yet been no consultation with the CSPs, which must be involved in assessing what are, after all, their own costs”

Concluding, the ISC warns that “: Parliament and the public will require more information if they are to be convinced.  We have similar concerns regarding the background information accompanying the draft Bill. Whilst we recognise the need to take action quickly, the current proposals require further work. In particular, there seems to have been insufficient consultation with the Communications Service Providers on practical implementation, as well as a lack of coherent communication about the way in which communications data is used and the safeguards that will be in place. These points must be addressed in advance of the Bill being introduced.”

Two expert Parliamentary committees have now cast serious doubts on the claim that it is necessary for every person’s email, website browsing and social media activity needs to be logged and kept for one year. When the Director General of MI5 suggests the Home Office’s evidence relies on some ‘pretty heroic assumptions’ alarm bells should be ringing loudly.

The ISC report recognises there are weaknesses in monitoring people suspected of wrongdoing. It is becoming increasingly difficult for Ministers to justify monitoring every member of the population instead of developing their ability to monitor people who are under suspicion. The report recognises for national security situations, alternatives are available and are being used. The committee also recognises the growing futility of the Home Office’s current approach given the increasing use of encryption.

The draft Bill was a shambles and if any legislation is to allay the widespread concerns people have about an vast expansion in the power of the state to monitor every aspect of our lives it will need a fundamental and comprehensive re-write.