The UK Communications Data Bill is no more
Privacy International welcomes the absence of a Communications Data Bill in the Queen's Speech. The Communications Data bill was originally set to significantly expand the powers of communications surveillance in the UK and set another bad standard globally. Because of the work by Parliamentarians, a concerted effort by civil society groups and some within industry, this expansion was avoided, for now. However the Queen's Speech did include a mention of new proposals:
In relation to the problem of matching internet protocol addresses, my government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace.
The explanatory notes, published alongside the speech, start ominiously similar to the Communications Data Bill, but end with a much narrower and more specific approach.
We need to see the detail to understand whether these proposals are technically sound, or whether they are a continuation of the draft Bill's problems. The draft Bill process has narrowed the Home Office's request dramatically, however their underlying objective may remain unchanged. We are aware that one reading of the short statement by the Queen means that at least one UK mobile telecommunications company needs to make no additional data available to the police.
We now believe that the Home Office wish the police to be able to ask, based on evidence in their possession, "which devices used internet address 126.96.36.199 at 14:33 on the 8th of May 2013?". That question is not necessarily substantively different to "which devices were near the address 46 Bedford Row at 14:33 on the 8th of May 2013?". Both are significant requests involving potentially significant amount of the data of innocent (virtual) bystanders. We expect an evidence based test would be required for the authorisation of such a request, and for the linking of a device to an individual or group. Done properly, such proposals should require no changes for the forthcoming IPv6 transition, while ensuring that providers do not need to disable the privacy extensions.
We welcome Downing Street's confirmation that they intend to 'continue to look at this issue closely'. We hope that suggests the Home Office will follow a different path than heretofore.
We look forward to seeing more details.