The consultation on the updating of the legislation to require “communications data” to be retained in order to aid possible investigations came shortly after the announcement of proposals to centralise the storage of such data. The result has been a predictable wave of paranoia. Still missing are the risk assessments that would inform rational debate.
Do read the consultation document for the Transposition of Directive 2006/24/EC “on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending directive 2002/58/EC”.
It includes examples of the use of retained data to date and a draft of the new regulations to replace those currently in force. There is no statistical analysis of why the powers have been used but scuttlebut indicates that most actual usage is related to child abuse investigations or “serious crime” (e.g. drug and people traffficking). The allegations regarding dog fouling, fly-tipping and school catchment areas are indeed serious – but they do not appear to be widespread.
More-over those abuses arise because questions raised during the original debate on RIPA, particularly those related to the training, certification and identification of those authorised to exercise the powers, have still not been addressed. We have yet to put the “regulation” into the “Regulation of Investigatory Powers”.
For example there was a suggestion that “authorities” should automatically lose their powers if they did not train staff to use them correctly, within about 18 months. Almost none of those outside the police and other law enforcement agencies like SOCA have done so.
There was also a suggestion that to reduce the risk of spoofing (to gain unauthorised access to aid fraud etc.) those claiming access should produce authorisations that could be checked by ringing a well-publicised national help-line (a genuinely single point of contact).
There were also questions regarding the responsibilities and liabilites of those demanding claiming data which they subsequently lose or leak. Hidden among the many other reports of data losses over past year are those of servers stolen from supposedly secure computer forensics labs to which data has been taken for analysis.
At least as serious, however, is the failure to use the opportunity to reduce the ability of the malicious, vicious and psychopathic to impair the human rights of the rest of us by addressing the use of intercept as evidence.
Having done jury duty and seen the criminal justice system at its worst (systematically concealing or editing evidence, preventing us from doing what we had sworn to do and thus enabling the guilty to go free) I would see this as part of a long overdue overhaul regarding the admissability of evidence for an age when the average juror can often google far more “evidence” than they are allowed to hear in court.
The need to address the issues of digital evidence will not go away – just because they are too difficult for those who hate the idea of treating jurors as anything other than dupes to be manipulated, confused and mislead are part of a ritual game.
But to returm to the point of this blog – You have until 31st October 2008 to try to restore sanity to an increasingly esoteric debate.