(Questions being added at the bottom).
Stopping the “Dangerous Logs Act” (or, the Data Retention and Investigatory Powers Bill (DRIP), as it’s slightly more officially known) is likely to be hard, but it can be amended. I’ve started a short list, and suspect others will start publishing their own over the next few hours and days.
On a first reading:
Subject Access Requests:
Add new Section 1(6)c
“or under Section 7 of the Data Protection Act 1998.”
(ensures Subject Access Requests continue, but law enforcement s(27) has to go via RIPA routes)
Enforcing no broader than now:
Add section 1(8) to the effect that “no order may be made under this section that would not have been valid under the 2009 Regulations were they still in effect”
Another sneaky definition:
remove “or describe” from specify.
(overly broad – “all the data” is a description but not a specification). This is certainly worthy of a PQ which asks whether or not “describe” is currently done, and asking for some examples of
Appearances can be deceiving:
amend“appearing to the Secretary of State”
to be “believed by the Secretary of State”
(no comment really required on that one)
Tor and encryption
There has always been a debate as to whether Facebook (for example) were subject to RIPA. They said legally no, as their data is held outside the UK, the Home Office said yes as they operated in the UK, and everyone agreed to respond to requests under RIPA by consent. It looks like the Home Office has decided to force the issue, which might prompt a response from the companies. RIPA will now require release in line with US law, which might get interesting.
Other expanded definitions
This is certainly going wider than the current list.
I’m concerned at the sunset clause date — 31st December 2016. It’s politically clean but pragmatically difficult. Parliament will certainly be in recess then, so it will have to be passed in the run up to Christmas when everyone has something better to be doing with their time. I wonder if moving the deadline a month either side would be safer. Either way, the HO can issue orders up until the day it expires, so no bill is necessarily required until December 2017 (when those orders would expire).
Questions to be asked in the debate next week:
1) This bill has generated many communications from constitutents, via twitter, facebook and email. Can the Minister confirm that it would be unlawful both currently and under this Bill for the intelligence agencies to interact with such communications, by for example, keeping a copy?
2) We are all very aware of the child abuse scandal engulfing the Home Office and related institutions. Even with the full logs kept of Home Office activities, why weren’t they sufficient? Might a flawed approach to for her department also be flawed for the country?
3) What is the maximum number of people who can be targeted by a request under these powers? What is the number that would be appropriate?
4) What benefit does the Home Secretary expect from giving herself powers to require Mumsnet to retain data? What does she expect them to say to that?
The Lib Dems seem to have done well at taking most of the usual HO poison out; there’s not much actually here. The question that I’ve not seen consideration of yet is what’s not here that should be. Those are usually day 2 stories…