MPs: snooper's charter is "overkill"
Home Office told to rewrite draft Communications Data Bill
The Communications Data Bill - the so-called "snooper's charter" - needs to be significantly revised, according to a committee comprised of MPs and Lords.
The Communications Data Bill would expand the ability of the police and security services to access information about surfing and email activities, requiring ISPs to store email header information - but not content - and other communications data.
The "snooper's charter" has been criticised by rights campaigners, but the Lords committee report is a significant blow to the Home Office's plans to expand surveillance powers on the internet.
Although the committee accepted the need for better access to online data records, the report said the plans had been poorly researched, posed a threat to privacy, and could end up costing far more than the £1.8bn budgeted for the scheme.
"There needs to be some substantial re-writing of the Bill before it is brought before Parliament as we feel that there is a case for legislation, but only if it strikes a better balance between the needs of law enforcement and other agencies and the right to privacy," said Lord Blencathra, chair of the Joint Committee.
The figure for estimated benefits is even less reliable than that for costs, and the estimated net benefit figure is fanciful and misleading
"The breadth of the draft bill as it stands appears to be overkill and is much wider than the specific needs identified by the law enforcement agencies."
One of the key criticisms of the Bill is that it is too vague, particularly Clause 1, which lays out the scope of what could and should be covered. The government claimed it is necessarily "wide" to enable it to encompass changes in technology that might develop in the future.
The committee disagreed. "We urge the government to reconsider its zeal to future-proof legislation and concentrate on getting the immediate necessities right."
The report said too many government agencies would have access to any data collected by service providers, and called for clarification on the approval procedure for data requests, as well as stronger penalties for anyone found to be abusing access to such information.
The committee was especially critical of the way the programme's costs had been calculated, with neither ISPs nor the Information Commissioner properly consulted. It said the costs were likely they'd be much higher than the predicted £1.8bn.
"We are concerned that the Home Office’s cost estimates are not robust. They were prepared without consultation with the telecommunications industry on which they largely depend, and they project forward ten years to a time where the communications landscape may be very different," the committee found.
"Given successive governments’ poor records of bringing IT projects in on budget, and the general lack of detail, there is a reasonable fear that this legislation will cost considerably more than the current estimates," it added.
The committee was also sceptical about government claims the system could lead to benefits of as much as $6.2bn.
"The figure for estimated benefits is even less reliable than that for costs, and the estimated net benefit figure is fanciful and misleading," the report said. "It ought not to be used to influence Parliament in deciding on the relative advantages and disadvantages of this legislation."
According to the Home Office, the new law would increase the breadth of data coverage it can access from 75% to 85%, which would still leave room for criminals to operate. The committee said much of the improvement could be achieved by better use of existing laws.
The report said there were only three types of information that would be improved access-wise under the plans: data matching IP addresses to specific users, data showing which internet services a user has accessed and data from overseas communications providers providing services in the UK.
Despite the Home Office's assertions, the report said it currently had access to more data than when RIPA, the system it looks to supersede, was put into force.
"The much quoted figure of a 25% communications data gap purports to relate to data which might in theory be available, but currently is not. The 25% figure is, no doubt unintentionally, both misleading and unhelpful," the report added.