Filtering arrangements for obtaining data

Part of Investigatory Powers Bill – in a Public Bill Committee am 4:30 pm ar 14 Ebrill 2016.

Danfonwch hysbysiad imi am ddadleuon fel hyn

Photo of Joanna Cherry Joanna Cherry Shadow SNP Westminster Group Leader (Justice and Home Affairs) 4:30, 14 Ebrill 2016

I wish to speak briefly on clause 58. I indicate that I will also cover clauses 59 and 60, which I also oppose. The clauses provide for the establishment and use of a filter to gather and analyse communications data. They provide for a communications data request filter, which was a feature previously proposed in almost identical terms in the rather unpopular draft Communications Data Bill. The only change made is that under clause 58(5), which states that the Secretary of State

“must consult the Investigatory Powers Commissioner about the principles on the basis of which the Secretary of State intends to establish” the filter.

The request filter essentially is a search mechanism that allows public authorities to conduct simple searches and complex queries of the databases that telecommunications operators will be required to build and hold. The Joint Committee on the Draft Communications Data Bill described the request filter in that Bill as

“a Government owned and operated data mining device”,

which, significantly, positions the Government at the centre of the data retention and disclosure regime. Access to the filter and the data it produces would be subject to the same self-authorisation processes as all communications data. In practice, the request filter would be a search engine over an enormous federated database of each and every citizen’s calls, text records, email records, location data and internet connection records. Those would be made available to hundreds of public authorities.

I am sure the Government will, as they have in the past, be keen to portray the request filter as a safeguard for privacy. However, the processing of such a huge amount of personal data, as permitted by the request filter, is a significant privacy intrusion. It is not only me who thinks that; the Joint Committee on this Bill noted that there were

“privacy risks inherent in any system which facilitates access to large amounts of data in this manner.”

When I asked the Solicitor General why other countries do not do that, he said that the lead must start somewhere, but I do not want my constituents to be guinea pigs for such a system. I can tell from my mailbox that many of my constituents are very concerned about such huge amounts of personal, private data being held and analysed in that way. They want to see serious crime tackled, but not at the expense of their privacy.

A balance has to be struck, and I fear that the request filter is more of an intrusion into privacy than a safeguard for it. It is a portal with the power to put together a comprehensive picture of each of our lives. We should not misunderstand that that is what the filter can do. It raises many of the same concerns as a large and centralised store, with the added security concerns of protecting multiple distributed databases.

Public authorities will have a permanent ability to access the request filter, which will make it an enticing and powerful tool that could be used for a broad range of statutory purposes. The ability to conduct the complex queries that the request filter will allow for could increase the temptation to go on fishing expeditions—that is, to sift data in search of relationships and infer that concurrences are meaningful. That was one of the many concerns expressed by the Joint Committee on the Draft Communications Data Bill about the request filter proposal.

With the request filter power, authorities could use communications data to identify attendees at a demonstration and correlate that with attendance at other public or private locations in a 12-month period, or identify those regularly attending a place of worship and correlate that with access to online radio websites, inferring risk. Those examples show that the new ability risks casting undue suspicion on thousands of innocent citizens and mining their personal contacts for patterns, which is an unacceptable intrusion into the privacy and civil liberties of our constituents and British citizens generally.