Is there a flaw in the Data Retention and Investigatory Powers Act Regulations, which have been rushed through without any public consultation ?
- Provisional draft of the Data Retention Regulations 2014 (.pdf) published on 10th July
- The Data Retention Regulations 2014 - passed by the House of Commons on Tuesday 22nd July 2014 (still awaiting approval by the Lords)
The The Data Retention (EC Directive) Regulations 2009 are potentially very wide ranging in the type of Communications Data which Telecommunications companies and Internet Service Providers and Postal Service Providers (all lumped under the term "Communications Service Providers") who have been served with a Data Retention Notice have to comply with.
N.B. the list of Communications Service Providers who have been served with such a Data Retention Notice should not be a secret, but the Home Office refuses to provide a list of them under Freedom Of Information Act requests, , in the stupid belief that somehow "bad people" can afford to manage to avoid the big Telcos , Mobile Phone Networks and ISPs and magically find a smaller, more privacy friendly provider, whose upstream traffic, purchased from from the Big Providers who are already on the list, is not already snooped on.
Since the Home Office wastes public money on compensating the CSPs affected, this is actually an illegal Government Financial Subsidy to the big incumbents in the Telco / ISP market, thereby distorting the market and stifling competition to any new potential entrants into those markets, against UK and European Union competition laws.
The new Data Retention and Investigatory Powers Act 2014 Act introduces the concept of "relevant communications" based on the 2009 Regulations. which are limited
to landline telephony, mobile phone telephony, internet email and internet service logon / logoff (of of limited relevance when dial up Internet access was common, but irrelevant for "always on" broadband ADSL access)meaningless
Stupidly, perhaps, the Provisional draft of the Data Retention Regulations 2014 includes a Schedule of the "relevant communications" types.
We would argue strongly that if this wording is passed (bearing in mind that with Secondary Legislation, there is no opportunity for Amendments, the small rubber stamp committee of the Commons and the one in the Lords can only Accept or Reject the text of a Statutory Instrument) there seems to be a big loophole, which would have been pointed out to the Government if they had bothered with a Public Consultation.
PART 2
MOBILE TELEPHONY[...]
10. Data necessary to identify the location of mobile communication equipment
(1) The cell ID at the start of the communication.
(2) Data identifying the geographic location of cells by reference to their cell ID.
Either this is a draughting error, or the Home Office really are technologically incompetent.
Mobile Phone Call Detail Records / Charging Detail Records both the Cell ID at the Start of a communication and the Cell ID at the End of the mobile phone communication.
Some systems actually record the Start and End Cell IDs of both the Recipient of a voice call or SMS text message and that of the Sender if they are also using a mobile phone.
We think therefore, that these new Regulations make it illegal for Mobile Phone Network Operators to hand over the "Cell ID at the End of a communication", or any of the potentially dozens of Intermediate Cell ID locations which a mobile phone on the move is likely to generate between the Start and the End of the communication.
If Spy Blog worked for the Police or the Intelligence Agencies, we would be furious with the Home Office for such legislative bungling, which actually reduces the useful Communications Location data from Mobile Phones, which they have access to at present.
It is also unclear if this error applies to not only 12 month old Retained Communications Data (which the Home Office have never been able to cite a single criminal case where this led to the investigative breakthrough in identifying the criminals c.f. the previous Spy Blog article) but to any demand for Communications Location Data. even narrowly targeted, very recent or real time Location Data demands.
Perhaps the Home Office sophists will try to claim that this is all still somehow covered by the broader 2009 Regulations definitions, but these are repealed by the 2014 Regulations and the new more restricted Schedule in the Provisional Regulations (if passed) must be what "Parliament intended".
The Commons have now passed these The Data Retention Regulations statutory instrument, today, Tuesday 22nd July 2014.
The Lords have not yet announced when they will do so but they will be rubber stamping exactly the same Motion to Accept the Statutory Instrument making the DRIP Regulations as the Commons, without amendment on Tuesday 29th July 2014
N.B. currently there does not seem to be anything in the Lords' business calendar before their Recess at the end of July, so this controversial "emergency" legislation may not actually come into force until at least mid October when the Lords return.
Data Retention and Investigatory Powers Bill
Government Note on the European Court of Justice Judgment
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/331106/DRIPgovernmentNoteECJjudgment.pdf
The House of Lords have approved the Regulations, without a vote. They are now in force immediately
http://www.publications.parliament.uk/pa/ld201415/ldhansrd/text/140729-0001.htm#14072930000149
Now waiting for the legal challenges to excessive retention of mobile phone Location Data i.e. anything except the start Cell ID