Comment: What future for Britain's surveillance laws?

Peter Sommer, digital forensic services
Peter Sommer, digital forensic services

By Peter Sommer

Surveillance laws are not about absolutes, but finding a balance between protecting individuals, organisations, community and state, and limiting intrusion in people’s lives – what is necessary and proportionate to the circumstances – an understanding of the range of threats and cost.

In the end, the only proper place for determining where that balance should be struck is parliament, as the vehicle for democracy. Policing, and for that matter the activities of the security and intelligence agencies, in a country like the United Kingdom operate on the basis of consent. Without that consent, law enforcement becomes much more difficult, expensive and potentially oppressive.

Elsewhere, this publication shows just how far the landscape of surveillance technology has changed and with it that balance. But there has been no recent rounded public discussion; the communications data bill was presented as a minor technical amendment to existing law to "maintain capability".

One has to go back to the early 1980s and the reviews leading to the Police and Criminal Evidence Act 1984 designed to overcome obvious defects in the previous "judges rules", and to 2000 for the Regulation of Investigatory Powers Act (RIPA) which deals with electronic and human surveillance.

Commissions, royal or otherwise, can sometimes seem a convenient political delay tool, but given the vast changes in surveillance technology and types of threat, surely some form of considered review would greatly enhance public debate. It would lead to a complete overhaul of surveillance legislation written in language which reflects current technological realities?

As well as fact and evidence gathering, here are some obvious items for its agenda:

Should we base electronic surveillance law on whether something is "communications data" or "content", always supposing we think that a distinction can be made? Would it be better to use levels of intrusion measured against suspected activity? This is the approach taken elsewhere in RIPA with "directed" and "intrusive" surveillance for physical watching of individuals. Can we also include laws about direct computer intrusion and undercover work?

Material acquired by interception of data in transmission continues to be inadmissible and can only be used for intelligence purposes. It is a bizarre English law anomaly, is there any basis for its continuance?

Is it right that surveillance authorisations are variously made by senior law enforcement officers and politicians as opposed to judges? What impact does this have when seeking assistance from overseas entities, as is becoming increasingly significant? Can we convert the assessment features of the current single point of contact regime, so that it directly assists a judge rather than being a law enforcement function?

Do we really need to retain data about the electronic activities of the whole population against the possibility that a small fraction may be of future use in an investigation? Can we devise an order against targeted individuals whose data would be retained but only released subsequently when there was a proven need? But we would need to identify criteria for targeting these people in the first place.

Strong plausible oversight is essential to giving public confidence to any surveillance regime.

How do we move from the current sample of auditing of requests for access to single streams of evidence, to a position where a commissioner tests for necessity, proportionality and the entire process, including linking and combining into databases of multiple streams of evidence? And should not the commissioner have the power and resources to carry out no-notice inspections? The commission, needs some permanence, as the surveillance landscape will continue to shift.

This is an extract from Open Rights Group’s Digital Surveillance report. To read more click here.

Peter Sommer is a visiting professor at De Montfort University and reader at the Open University. He taught at the London School of Economics for 17 years. His previous role was as a visiting professor. Sommer’s research interests and publications include cyber security, cyberwarfare and the reliability of digital evidence. His main income comes from acting as an expert witness for both prosecution and defence interests in criminal cases and civil proceedings.

The opinions in's Comment and Analysis section are those of the author and are no reflection of the views of the website or its owners.


Load in comments
Politics @ Lunch

Friday lunchtime. Your Inbox. It's a date.