When you write to your MP, sometimes they do sometimes elicit a response from Government Ministers (or at least their civil servants).
If only Spy Blog had the necessary skills and tools to hand, to use fingerprints and DNA analysis, to examine more closely what looks like an original letter from Theresa May, the Home Secretary, which has been forwarded to us:
2 Marsham Street, London SW1P 4DF
Rt Hon Dr Vince Cable MP
2A Lion Road
RECEIVED 3 March 2015
26 FEB 2015
CTS Reference: M1775/15
Thank you for your letter of 30 January on behalf of your constituent,
[name & address redacted]
who wrote to you to express concerns about the Counter Terrorism and Security Act 2015 (CTSA).
It is the first duty of Government to protect the public. Our law enforcement and intelligence agencies must have access to the tools they need, subject to robust safeguards, to keep us safe from terrorists and organised criminals. Communications data -- the who, where, when and how of a communication, but not its content -- is a vital tool in the investigation of crime and safeguarding the public. It has been used in 95 per cent of serious and organised crime investigations handled by the Crown Prosecution Service and every major Security Service counterterrrism investigation over the last decade.
Note the weasel words " It has been used in 95 per cent... "
Grabbing Communications Data seems to be the Standard Operating Procedure for the Police etc., regardless of whether it is actually relevant to the case and regardless of the supposed tests of Necessity and Proportionality under RIPA.
Given that there are a quarter of a million Communications Data requests a year, why can't the Home Office give hundreds of examples of where this has provided the investigative breakthrough in identifying a criminal or in providing the critical evidence which convicts him ?
Instead they regularly trot out a tiny handful of serious cases which have grabbed the attention of the tabloid media, which, mostly, do not actually support their case for Communications Data Retention at all:
Communications technology and communication services are changing fast. More communications are now taking place on the internet. Internet Protocol (IP) address resolution is the process of uniquely identifying who used an IP address at a given point in time.
This is not technically correct.
Human beings do not have IP addresses, only computer or telecommunications devices do.
More than one individual can use such equipment, so an IP address cannot be guaranteed to identify a specific individual at any point in time.
There is also a big difference between Private and Public Internet Protocol Addresses, which this paragraph glosses over. Millions of people have home or office Routers with an IP Gateway Address of 192.168.0.1 or 192.168.1.1 or 192.168.0.254 or 192.168.1.254.
Communications service providers (CSPs) do not always keep the data necessary to do this. This means that it is not always possible for law enforcement and the intelligence agencies to find out who is engaging in illegal activity on the internet. That is why we brought forward proposals for IP address resolution in CTSA.
Where available, the police, and other public authorities with communications data access powers under the Regulation of Investigatory Powers Act 2000, use this data during investigations to identify suspects, victims or vulnerable people, where it is necessary and proportionate to do so. For example, IP address resolution could be used to identify who has accessed a server containing illegal child abuse images or who is plotting a terrorist attack.
CTSA received Royal Assent on 12 February. The Act has amended the Data Retention and Investigatory Powers Act 2014 (DRIPA) to include a provision, enabling the Government to require CSPs to retain the necessary information to enable the identification of which user of an IP address is responsible for sending a specific communication.
Your constituent has raised concerns about the range of companies that might be impacted by this provision. The provision only relates to domestic communications service providers that have been served a retention notice under the Data Retention Regulations 2014.
That may be the intention of the Home Office, but that is not what this badly drafted Act says. If the Home Office meant Communication Service Providers, why not use that term on the face of the Data Retention and Investigatory Powers Act 2014 instead of "telecommunications operator" ? Why does Counter Terrorism and Security Act 2015 part 3 introduce two new legally undefined terms "internet access service" and "internet communications service" ?
Notices are served on CSPs on a selective basis, where the Secretary of State considers the obligation to be necessary and proportionate, and these notices are kept under review. It is also the Governments policy to provide for full cost recovery of the additional costs that fall to communications service providers in connection with the retention, storage and provision of communications data. This ensures that the business interests of communications service providers are not adversely impacted by their obligations.
This distortion of the commercial market through state subsidies by the eminently unqualified Home Office, should be the subject of a European Union level investigation.
Previously, the Home Office has refused Freedom of Information Act requests to name the favoured companies being paid these Data Retention subsidies,
Since DRIPA repealed the old Data Retention Regulations, perhaps the Home Office will now lift the administrative secrecy, which has no statutory provision under any of the Acts, unlike, e.g. Interception warrants or Cryptographic Key disclosure notices
In relation to your constituents specific concerns in relation to the ongoing reviews into investigatory powers, DRIPA required the Independent Reviewer of Terrorism Legislation, David Anderson , to undertake a review into the operation and regulation of investigatory powers and report by 1 May 2015.
DRIPA, as amended by CTSA, contains a sunset provision to repeal it on 31 December 2016. The legal framework concerning the retention of communications data will therefore be reviewed again by Parliament before then. This will take place in the full context of the findings of David Anderson , as well as the other ongoing reviews, such as the Intelligence and Security Committees current review into the balance between privacy and national security.
Further, the IP resolution provisions in CTSA had previously been subject to public consultation and parliamentary scrutiny by the Joint Committee on the Draft Communications Data Bill in 2012. Your constituent might be interested to note that the Joint Committee stated in their report: 'We accept that if CSPs could be required to generate and retain information that would allow IP addresses to be matched to subscribers this would be of significant value to law enforcement. We do not think that IP address resolution raises particular privacy concerns.'
It is misleading of the Home Office to claim that the Joint Committee somehow scrutinised the same or even similar IP Address Resolution wording to that in Counter Terrorism and Security Act, when the Draft Communications Data Bill contained no such wording at all.
The Draft Communications Data Bill Joint Committee - First Report section on IP Address resolution and Web Logs:
73. As outlined in paragraph 65, Home Office officials eventually told us in public evidence that they would like clause 1 to enable them to access two specific types of data: subscriber data relating to IP addresses and web logs.
Regarding your constituents concerns about definitions in CTSA, both internet access service and internet communications service are defined in the Explanatory Notes to the Counter Terrorism and Security Bill, which are available at www.parliament.uk. An internet access service is a service that provides access to the internet and can include a home broadband connection, mobile internet or publicly available WiFi. An internet communications service is a communications service which takes place on the internet and can include internet telephony, internet email and instant messaging services.
If you read any Explanatory Notes for the CTSB or any other Bill, they all rightly contain warnings like:
They do not form part of the Bill and have not been endorsed by Parliament.
Therefore this paragraph does not refute the point being made that there are no proper legal definitions of "internet access service" or "internet communications service" in CTSA, DRIPA, RIPA or in any other legislation.
It is important to recognise that, although the IP address resolution provisions in CTSA are a step in the right direction, the other capability gaps that we sought to address in the Draft Communications Data Bill will remain. These continue to have a damaging impact on the capabilities of our law enforcement and intelligence agencies. It is therefore vital that we return to this issue in the next Parliament to ensure that our law enforcement and intelligence agencies maintain the capabilities they need to protect the public and keep us safe.
The Rt Hon Theresa May MP
Will the Home Office be able to present any quantifiable evidence of the scale of this alleged "capability gap" after the General Election ? They failed to do so back in 2012.