Sergey Nivens - Fotolia

MPs win challenge to Dripa surveillance legislation

The High Court ruled that the UK's Dripa legislation is inconsistent with EU law, but home secretary Theresa May plans to appeal

MPs David Davis and Tom Watson have won a legal challenge to the controversial Data Retention and Investigatory Powers Act (Dripa) that rushed through parliament in July 2014.

Some commentators say the ruling shows there is still the need for public debate on the issue of access to electronic communications by security and law enforcement agencies.  

Davis, a former Conservative minister and Watson, who is in the running to be Labour’s next deputy leader, brought the case along with campaign group Liberty.

The MPs said the legislation was not subjected to proper scrutiny and allows the police and security services to spy on citizens without proper safeguards, making it incompatible with human rights.

The High Court ruled that the legislation is inconsistent with European Union (EU) law, which effectively nullifies aspects of the legislation, reports the BBC.

The ruling said that aspects of the legislation are unlawful because they are in breach of Article 7 and 8 of the EU Charter of Fundamental Rights and should be “disapplied”.

Updating surveillance security

However, the ruling has been suspended until March 2016 and home secretary Theresa May has been granted the right to appeal.

The ruling comes as May prepares to formulate surveillance legislation in the form of a Investigatory Powers bill to “modernise” surveillance legislation.

The government plans to have the legislation in place by the time the Dripa legislation expires at the end of 2016, in line with a sunset clause agreed in return for quick parliamentary approval.

Mistakes made

The ruling also coincides with a report by interception of communications minister Anthony May, which reveals blunders in the use of surveillance powers.

While the report said the implementation of Dripa does not appear to have changed the operational practice of public authorities or communication service providers, police errors have been made.

The report said an innocent man was arrested and the homes of four others were searched after they were incorrectly identified as paedophiles using data collected under Dripa.

The report highlights 17 “serious” errors that, in some cases, led to a significant impact on the lives of those involved.

The report also reveals that two police forces breached rules requiring them to obtain judicial permission to obtain data relating to journalists.

Responding to the High Court ruling, Liberty said it made clear that existing laws governing data retention and access to information required urgent review.

“It catches the communications of everyone in the UK, including the emails, calls, texts and web activity of MPs, journalists, lawyers, doctors and other communications that may be confidential or privileged,” said Liberty.

“Today’s landmark judgment comes exactly one year after Dripa received Royal Assent on 17 July 2014. It was rushed through parliament by the coalition government, which claimed “emergency” legislation was necessary three months after the Court of Justice of the EU ruled the existing EU Directive on data retention invalid because it was so sweeping in its interference with individual privacy rights,” the group said in a statement.

Europol consultant, cyber security expert and visiting professor at Surrey University Alan Woodward said it was a very unusual step for politicians to challenge primary legislation in this way.

“It is notable that it is a challenge from across the political spectrum, which shows the depth of feeling that a sizeable group feel on this subject,” he told Computer Weekly.

Protecting privacy

Woodward said article 12 of the UN Declaration of Human Rights states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

He said there is a fine line between legitimate and arbitrary interference. “I think most people agree that in extremis law enforcement agencies should have the ability to monitor criminal activity. 

“However, this ruling shows that there is still significant debate to be had on how far the public are willing to allow the sifting of the haystack in order to find the needle,” said Woodward.

He said there also needs to be debate about under what circumstances citizens can be caught up in an arbitrary trawl of data and if that is really an invasion of privacy.

Woodward said the legal challenge is surprising in the light of legislation’s sunset clause. “The specific expiry date was intended to close perceived holes in law enforcement capabilities, whilst recognising it was contentious and needed to be debated and should not enter the law ad infinitum.

“It remains to be seen exactly what impact this will have, as it does not negate the whole of the legislation. I suspect it will need to be tested in court to understand that fully. However, I imagine that the various agencies affected will be scratching their heads today wondering what it all actually means,” he said.

Read more about surveillance

Read more on Privacy and data protection