Tombaky - Fotolia
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Government will have a more targeted approach rather than dealing with large volumes of data, May told a cross-party committee scrutinising the government’s draft Investigatory Powers Bill.
May said she had limited the purposes for which communications records could be used in the proposed legislation. However, it would be possible for security services or law enforcement agencies to serve warrants on coffee shops, libraries or small businesses offering Wi-Fi services.
“I do not think it would be right for us to exclude any networks,” she said.
Retention orders would be looked at on a case-by-case basis and there are no intentions to limit the size of organisation that could be served with a warrant, she said. A small communication service provider (CSP) may cover a particular geographical area or niche so it “may be helpful if a notice was served”.
There would be cost recovery and discussions with small providers such as coffee shops, and they would have a right of appeal, she said.
In earlier evidence, Vodafone, EE and O2 said they would not have the capacity to store the data the government wished to collect. They said it would cost far more for them to collect customers’ communications records than the total £247m subsidies the government was prepared to pay.
“We have not just plucked this figure out of the air. We are talking to them about how this can be provided, and they have been responsive,” she said.
“I believe the discussions we’ve had show the technical feasibility and ability to deliver,” she told MPs and peers.
Government will not ask for encryption keys
The home secretary said there were no plans to change the legal rule about encryption or to require CSPs to hand over private encryption keys.
“When a warrant is lawfully served, there is an expectation that they can take reasonable steps on that warrant.”
This means internet and phone companies should provide data in a form law enforcement and security services can read, she said. “We are not asking them to give us the keys to their encryption.”
Paul Strassburger MP asked if there was ever a time when bulk powers – including mass interference, hacking computer systems and scooping up data from people who had not committed a crime – were proportionate.
May said there were times when it was, and the government complied with European Union (EU) rules on the matter. The government would not collect all the data all of the time, she said.
“We believe our current regime is compliant with EU law, and the regime we are bringing forward will be within EU law,” she said.
Former US National Security Agency (NSA) technical director Bill Binney previously gave evidence that warnings about potential terrorists in data were missed because analysts “were drowning in the volume of data”, Strassburger told the committee.
The home secretary said that bulk communication is sometimes the only means to obtain data, but it was not collected “in an untargeted way”.
“You can’t look for the needle in the haystack unless you’ve got the haystack,” she said.
She rejected Strassburger’s description of the move as mass surveillance: “The UK does not undertake mass surveillance – we have not and we do not.”
However, there could be cases where bulk equipment interference will be necessary, she said.
May silent on protection for lawyers and journalists
May was asked whether there was evidence of any interception that breached professional confidentiality – such as with lawyers or journalists’ contacts with their sources – but she declined to give any details.
“I think it’s important those powers are available. We do not publicise warrants or any interception warrants,” she said.
The prime minister would have to be consulted over any interception of MPs, members of the European Parliament (MEPs) or devolved parliament members’ communications.
Judicial oversight and the double lock
May said she aimed to be transparent about the fact that people had safeguards.
She said it would be up to judicial commissioners to decide how they approached any particular issues in reviewing a secretary of state’s decision to issue a surveillance warrant – a principle known as the double lock.
She said the whole point of the double lock is both parties need to agree for warrants to be applied, but the double lock would not apply to issues of national security.
The home secretary was challenged over provisions in the bill, which will give police and security services access to sensitive personal data, which could include bank statements and medical records.
May declined to specify what data sets they would access, as those excluded from any public list could be used “by those who wish to do us harm”.
Conservative MP Victoria Atkins asked May if targeted equipment interference warrants could be used to create “thematic warrants” that could be used against a wide range of people.
She said that, while this type of warrant might be used in cases of kidnap or threat to life to identify people, it will not be possible to use a thematic warrant against a very large group of people.
Foreign intelligence sharing
Committee members suggested that, unless the bill found out how the government would obtain data from overseas intelligence agencies, it could “drive a coach of horses” through the proposed legislation.
May said the agencies “only obtain the information where it is lawful for them to do so”.
Judicial commissioners would be appointed for three years by the lord chief justice to provide judicial oversight, rather than by the prime minister.
“There is no suggestion that they have not been independent in the work they have done,” said May.
They will be current or senior members of the judiciary and would be “fierce champions of their independence”.
Read more about the draft Investigatory Powers Bill
- The draft Investigatory Powers Bill could have major implications for telecommunication companies operating in the UK.
- The draft Investigatory Powers Bill’s plan to increase surveillance is already controversial, but there are growing concerns over the potential economic consequences
- UK information commissioner Christopher Graham has called for a regular review of interception powers and greater audit powers.