polygraphus - Fotolia

BCS calls for criminalisation of reckless data disclosure

The BCS believes criminalising reckless disclosure would reassure the public in how data is managed under planned surveillance laws

BCS, The Chartered Institute for IT is urging government to make reckless disclosure of data a criminal offence under the proposed Investigatory Powers Bill.

In light of the fact that the draft bill requires communication service providers to store internet connection records, the BCS is calling for greater assurances this data will be safe.

It should be a criminal offence if a professional designs and implements an IT system to store website history, but fails to follow best practice to protect access to that data, according to 85% of IT professionals polled by the BCS.

The BCS argues that such a failure would be tantamount to reckless disclosure of data – which should be included as a criminal offence in the proposed bill.

“The criminal offence around misuse of data outlined in the bill is welcome, however we can and we must create systems which by default protect against misuse,” said David Evans, director of policy at the BCS.

“In an area of critical national importance, it would be reckless and inexcusable for individuals to design data systems which created unnecessary risks to the public, where those risks could have been prevented through known techniques.”

The BCS believes that criminalising reckless disclosure through poor IT system design, as well as the misuse of data, would provide greater assurance for the public in how their information is managed in the process of protecting against serious crime.

Read more about the draft Investigatory Powers Bill

Disparity in surveillance concern

A YouGov survey commissioned by the BCS revealed a marked disparity between the views of IT professionals and the general public concerning surveillance.

While 54% of UK citizens said they feel very or fairly comfortable with the security services and police having access to their website history, only 35% of IT professionals felt the same.

“We often hypothesise about the strength of feeling against surveillance measures from the technology community versus a sanguine public opinion – and we now have findings to support it,” said Evans.

“We need to spend more time discovering the reasons behind this disparity. If the technology community have legitimate concerns, they are not resonating with public feeling.”

As an organisation with a Royal Charter and purpose to make IT good for society, Evans said the BCS would like to see society as a whole debate the role of technology in protecting against crime and debate the issues of proportionality.

The survey revealed that 76% of IT professionals tend to disagree or disagree strongly with the claim that, to protect national security, companies should weaken or defeat their own security measures to provide authorities with access to content that has been encrypted.

“While government access to services is a useful tool, it is vital that citizens are able to protect themselves from both criminal and foreign state activity,” said Evans.

BCS calls for clarity

The BCS has joined calls for greater clarity within the draft bill and a clear expression of principle that the security of communications for individuals collectively will not be compromised.

“The government and its agencies should be recognised and applauded for engaging as never before in this public debate. We now urge security services and the wider government to continue their public engagement around the principles in the bill, ensuring an appropriate culture set around the use of these powers, in which this law will be enacted,” said Evans.

A report on an inquiry by parliament’s Science and Technology Committee published on 1 February 2016 said the draft is too vague and needs to be redrafted to avoid economic damage.

Committee chair Nicola Blackwood said it is vital to get the balance right between protecting security and the health of the UK economy.

The report on parallel inquiry by the Draft Investigatory Powers Bill Joint Committee is scheduled to be published on 11 February 2016.

Read more on Privacy and data protection