"The Surveillance Commissioner warns ... " Be very careful what you wish for

Last week I received an FIPR alert covering the Hawktalk Blog entry on a supposed warning  from the UK Surveillance Commissioner on significant RIPA failings, particularly with regard to unregulated private sector surveillance using the Internet. Hawktalk is worth reading but it is almost exactly twelve years since I set in motion the EURIM (now the Digital Policy Alliance, website under construction) exercise that led to the rewriting of the draft regulations for the “Lawful Interception” interception of Business Communications. I  recommend that those who agree with the Commissioner and/or Amberhawk read the BIS summary of the inputs to the consequent DTI “re-consultation” 

Many of the points made then remain valid today. Current UK and EU initiatives (such as the draft Data Protection and Identity Regulations) are just as ill-informed and potentially damaging as the draft Lawful Interception regulations were then. Those whose business models are at risk today need to similarly work together to ensure that common sense prevails over the regulatory and compliance empire building that drives the businesses of the future off-shore.

Theoriginal draft Lawful Interception regulation was circulated after the start of the summer break for a nominal and “routine” 6week consultation (deadline for submissions early September). It was based on Home Office and DTI internal papers, ignoring what had been said in Parliament , letalone in meetings outside.  Meanwhile there had been twochanges of official in DTI since the passage of the primary legislation and at least one change of officials in Brussels since the agreement of the relevant directive. The DTI official named as responsible had been in his new post barely a month – having been moved across from a differnt area.

Iwas rung on July 27th 2000 by a EURIM member who had read the draft and calculated thatthe cost of compliance for one of their call centres, alone, could be over a£million. I asked him if his company would be willing to be quoted, If so, Iwould try to organise an emergency response. He said he would try. I thoughtI would hear no more. To my surprise he rang back the following Monday,everyone was away so he had spoken to the Finance Director who had spoken with the Chairman. He had permission to provide figures for the Secretary of State, but they were not willing to go public. Giventhat degree of seriousness, I asked for a confirming e-mail and promised to domy best.

I then e-mailed the Secretary of State’s PPS who I knew was still atwork and set about ringing round CBI, IoD, Intellect etc. All “at the top” or with responsibity for “public affairs” were on holiday.We were on our own. I feared the worst, a choice between doing nothing and preparing for controversy and an automatic departmental defensive response during the run up to the Party Conference season – or “leaking” the story to the press during the silly season.  

To my relief (and not a little surprise) the civil servant responsible for the draft rang me on Friday 4th, “on the instructionsof the minister”. Over the next fifteen minutes he went from initial caution toserious interest. Like most civil servants, he was formidably bright but withlittle knowledge of industrial or commercial realities of the subject he hadbeen tasked to cover. More-over, having only just arrived and picked up analready written draft, he had no reason to be personally defensive. An hourlater we had the makings of a way forward. The consultation would be extended to twelve weeksand EURIM would organise a round table in the middle of August tobegin the assembly of serious industry inputs from September onwards.

To my further surprise we were able to assemble ameeting within little over a week that included people who were at the right level to have influence and understood both the issues and what was at stake for thei4r organisations. It was hosted by the UK legal counsel of one multi-national and included the head of Public Affairs for their long-standing “deadly” rival. The Chairman of theNHSIA (predecessor to NPfIT) came along himself and asked some most pertinent questions. So did the Deputy Information Commissioner. The group notonly agreed the scale and nature of the problems and who needed to be consulted, it also agreed a team to help redraft the regulations inthe spirit of what had been agreed in Parliament and an overlapping team to ensure that the redraftdid indeed have widespread industry support. I then took my summer break.

Bythe time I came back in early September, I was told that the revised draft had beenagreed by BIS with almost no change and that a couple of corporate memberswere “walking” it round the various trade and professional bodies whose responsesare a matter of record. The non-confidential material from the workshop was “farmed out” across those responses, keeping that from EURIM succinct and dry. 

The exercise had begun with a concern over overhead cost on call centresbut in the public summary of the responses youwill note the concern of LINX that the original draft covered, for example, spam filters. Another problem was the conflict withrequirements by financial services and other regulatorsto monitor communications for a wide variety of reasons – from consumerprotection against mis-selling to insider trading.

The original call-centreexample is referred to but not attributed. The reason was that there had been serious ructions when the senior management of the EURIM member concerned  came back from thesummer break. It was not that their datahad been anomymised  and used publicly.It was that the Finance Director had been shown genuine operational data.

There is a serious point here. It also helps explain why it is todifficult to organise a genuine impact assessment on new regulation. This maywell be the only consultation exercise, ever, in which part of the impactassessment was based on genuine data and not huff and puff.      

Overthe years I have had flack for not claiming the credit for EURIM, as opposed togiving it to all who helped, particularly to the BIS official who helped turn apotential public disaster into an unpublicised success. The upside was good will and future allies. The downside has been that, faced with similar problems today, many persist in spending time and money on competitivelobbying, while saying they lack the resources to participate in a group likeEURIM which really can deliver.

However, that delivery depends …

in part on the quality of the EURIM staff and rapporteurs, I have linked to the DPA team and have agreed to remain a consultant as long as wanted) who have to be funded …

but also on the willingness of the members to work with their competitors, as well as their strategic partners, for the common good.

That still appears to be a price too great for some to pay but the good news is that the current teams looking at the EU Data Protection and Digital Identity in the content of both the Digital Single Market and UK Competiveness, with the relevant officials sitting, in ARE every bit as good as that which we assembled back in 2000. If you follow the DPA membership link  do make a point of asking for details. As yet the rates are unchanged so I recommend you join and pay at least a year in advance before the next Council meeting looks at them.

Yes I know times are hard and you are probably slashing you public affairs budget. But this is almost certainly much better value than what you are currently spending it on – especially if you make ACTIVE USE of the opportunities to meet and work alongside the decision takers among your customers, suppliers and competitors to organise ACTION, not just discussion, on issues of mutual concern.