The last in a series of posts on the forthcoming Investigatory Powers Bill
Previous: Communications Data Acquisition
RIPA was future-proofed by writing it in such abstract technology-neutral terms that, combined with some fiendishly tortuous drafting, anyone not in the know had little chance of twigging what it was actually designed to do.
The draft Communications Data Bill took a different approach, building in flexibility to accommodate future technological innovation by granting broad order-making powers to the Secretary of State – orders that themselves would contain little detail. This went down very badly with the Parliamentary Joint Committee that scrutinised it:
“We have not seen a draft of such an order, and we have been told that we will not be shown one. But it is clear that the order will only be a framework. The specific requirements will be imposed by secret notices by the Secretary of State.”
The Committee went on:
“Given the wide anxiety raised by the breadth of clause 1, we pressed the Home Office officials as to why it could not be narrowed to cover only the gaps which currently needed to be filled. Mr Farr’s answer was:
“The fundamental reason why we are nervous about limiting clause 1 is future-proofing ... Because I genuinely believe that no sooner will you get this legislation through than something else will come up, given the pace of change in the communications industry, which will create another gap, particularly if clever people know that we have filled one area, and so now try to exploit another. Future-proofing and flexibility are at the heart of the language we have used in clause 1.”... We did receive from Mr Farr the important undertaking that Home Office officials would look at clause 1 again, and advise Ministers on whether it can be changed, enhanced or improved. We believe that it can indeed be changed and improved, by being narrowed to cover specifically the gaps so far identified. An undertaking, whether by officials or by ministers, that a power will be used only to a limited extent, is of little value. Once a power is on the statute book, it is available to be used, and also to be misused or abused, at any time in the future. It is hardly surprising that a proposal for powers of this width has caused public anxiety.”
The Anderson Report described Clause 1 as “an excessively broad power”. (14.24)
A similar criticism can be levelled at the data retention powers under DRIPA, which are exercisable by notice from the Secretary of State to public telecommunications providers. The government treats the notices as secret and has declined to reveal any details about them, even to the court that heard the DRIPA judicial review, on grounds that to do so would prejudice national security.
At least under DRIPA the specific datatypes that can be ordered to be retained are listed, albeit there has been a move towards more generality (and concomitant obscurity) in the amendment made by the Counter-Terrorism and Security Act 2015 to cover IP address resolution data.