Privacy International warns of UK "snooper's charter" [priv]

[Declan McCullagh <declan () well com>]

---

X-Sender: lse/daviess/s.g.davies () exchange lse ac uk
Message-Id: <p0600200cbbccd5cfa594@[82.35.56.95]>
Date: Tue, 4 Nov 2003 04:08:49 +0000
To: s.g.davies () lse ac uk
From: Simon Davies <s.g.davies () lse ac uk>
Subject: Grave security dangers in new "Snooper's Charter"


PRIVACY INTERNATIONAL

MEDIA RELEASE

SECURITY FEARS OVER THE NEW UK "SNOOPER'S CHARTER"

Personal details of millions of UK citizens will be available to
Russian and Balkan authorities


EMBARGOED UNTIL 11 PM, TUESDAY 4th NOVEMBER, 2003
Privacy International will today warn a House of Lords conference that 
government proposals to stockpile details of all phone and Internet usage 
of the entire UK population will create grave dangers for privacy and security.

A number of Orders (Statutory Instruments) currently being considered by 
Parliament will establish a regime for the warehousing for at least a year 
of every phone call and email sent and received by every UK consumer.

This sensitive information, together with account and financial data, will 
eventually be available on request to investigation authorities in 
countries such as Estonia, Serbia, Russia and Croatia. The data will in 
time also be available to most European countries.

The potential for overseas countries to access this information comes about 
through a range of international treaties. The most notable of these is the 
recent Council of Europe (CoE) Cybercrime Convention, which allows for 
"minimum standard" mutual law enforcement assistance between nations 
http://conventions.coe.int/Treaty/EN/WhatYouWant.asp?NT=185 . 37 countries 
have so far signed the treaty, including Armenia, Greece, Lithuania and 
Turkey http://conventions.coe.int/Treaty/EN/searchsig.asp?NT=185&CM=&DF=

Albania, Estonia and Croatia have already ratified the treaty, thus 
bringing it into legal force. The UK has signed the treaty, but no date has 
yet been set for its ratification into law.

Russia has been arguing in the G8 for a data retention regime. If 
successful, it too would have access to UK data under the mutual assistance 
treaties.

The low standard of evidence or authentication demanded for these transfers 
creates exceptional dangers to many ethnic and other groups in the UK. The 
conditions for sharing this information are such that the transfer does not 
have to involve dual-criminality. In the G8, the CoE, and under other 
mutual legal assistance agreements, there are no requirements for dual 
criminality. In fact the CoE convention on cybercrime dissuades governments 
from allowing for dual criminality before data is required to be shared. 
There are grounds for refusal, but they are limited.

During the negotiations on the CoE convention on cybercrime, U.S. industry 
opposed international co-operation on the grounds that U.S. service 
providers would end up having to respond to requests for customer data from 
foreign governments more so than any other country's industry. After the 
United States, with its advanced telecommunications service industry, the 
United Kingdom is the likely candidate to receive the highest number of 
such requests from any country that has a mutual legal assistance treaty 
with us.

Current procedures in the UK do not require dual-criminality when 
responding to requests from other countries. In fact, sometimes only very 
basic information is required to inform the UK officials of the purpose of 
the data to be transferred.

According to current policy, the United Kingdom can receive a request for 
help from an overseas criminal court or tribunal, an overseas prosecutor, 
or any other overseas authority that appears to have the function of making 
requests for help in criminal cases. Dual criminality is not required, and 
requests are 'rarely declined' [y]. Governed under the Criminal Justice 
(International Co-operation Act 1990, the Regulation of Investigatory 
Powers Act under Part I, Chapter I section 5 allows, under a mutual 
assistance agreement, the disclosure of interception and communications 
data. This data may also be used for intelligence purposes.

The passage of the current orders and the implementation of data retention 
would make data regarding UK citizens available to governments around the 
world with little oversight or control. This data will be made available 
without regard to dual-criminality, and it may in turn be kept by foreign 
governments as they see fit. Countries such as the U.S. that do not have 
data retention schemes will benefit from the vast store of information 
available on UK citizens even when similar stores are not available on 
their own citizens.

Privacy International's Director, Simon Davies, warned "The governments 
plan to stockpile this massive amount of sensitive information poses a risk 
to a great many people. The proposals should be abandoned immediately".

"The proposals are ill considered, unnecessary and unlawful" he added.

_________________ _____________

Notes to editors:

- The government's proposals will be debated at a meeting (Wednesday) in 
the House of Lords, organised by Privacy International and the Foundation 
for Information Policy Research, and sponsored by Lord Phillips (LD) and 
the Earl of Erroll (C-B)

- A series of regulations (Statutory Instruments) recently laid before the 
Parliament intends to create a legal basis for comprehensive surveillance 
of communications. The regulations will allow an extensive list of public 
authorities access to records of individuals' telephone and Internet usage 
(under the Regulation of Investigatory Powers Act). This "communications 
data" -- phone numbers and e-mail addresses contacted, web sites visited, 
locations of mobile phones, etc. - will be available to government without 
any judicial oversight. Not only does government want access to this 
information, but it also intends to oblige companies to keep personal data 
just in case it may be useful (provisions of the Anti Terrorism, Crime & 
Security Act).

- [y] Reference: The Home Office, Seeking assistance in criminal matters 
from the United Kingdom, Guidelines for judicial and prosecuting 
authorities (Second Edition), by the Judicial Co-operation Unit, Organised 
and International Crime Directorate.

- Simon Davies of Privacy International can be reached for comment on 07958 
466 552 (from the UK) or on (+44) 7958 466 552 (from outside the UK). Email 
simon () privacy org


- Privacy International (PI) www.privacyinternational.org is a human rights 
group formed in 1990 as a watchdog on surveillance by governments and 
corporations. PI is based in London, and has an office in Washington, 
D.C.  Together with members in 40 countries, PI has conducted campaigns 
throughout the world on issues ranging from wiretapping and national 
security activities, to ID cards, video surveillance, data matching, police 
information systems, and medical privacy, and works with a wide range of 
parliamentary and inter-governmental organisations such as the European 
Parliament, the House of Lords and UNESCO.


-


At 3:50 +0000 2/11/03, Chris Summers-NEWS wrote:
> Dear Simon,
>
> Unfortunately I am on night shifts at the moment so I will be asleep 
> during the day on Wednesday and won't be able to attend but I am 
> forwarding this email to our Technology Correspondent, Mark Ward, and our 
> Politics staff in the hope that one of them can come along.
>
> All the best,
> Chris Summers
> -----Original Message-----
> From: Simon Davies [mailto:s.g.davies () lse ac uk]
> Sent: 02 November 2003 02:39
> To: Chris Summers-NEWS
> Subject: Re: Secret Britain Q&A
>
> Hi Chris,
>
> As you know, Parliament is currently considering the revised "Snooper's 
> Charter", comprising five new Statutory Instruments. These regs, if 
> approved, will establish a voluntary code for communications data 
> retention, extend a sunset clause that will give the government the power 
> to establish a mandatory framework for retention, and bring a wide range 
> of government agencies under the Regulation of Investigatory Powers Act.
>
> Privacy International and the Foundation for Information Policy Research 
> have been working closely with the Lords on this issue. We have convened a 
> meeting this Wednesday at the House of Lord's to scrutinise the 
> regulations and to debate whether they should be accepted or rejected. The 
> meeting is being sponsored jointly by Liberal Democrat, Conservative and 
> Cross-Bench peers.
>
> There is widespread concern amongst Lords about the government proposals. 
> The Joint Human Rights Committee of the Parliament at its meeting last 
> week did not approve them as human rights compliant, and instead referred 
> a number of legal issues to the government for a response. Lords are 
> concerned about the creation of universal communications surveillance, and 
> they are generally unhappy with the proposed oversight of the scheme.
>
> I was wondering whether you would like to join us for the fireworks! This 
> will be a crucial meeting, and we expect a substantial attendance of Lords 
> and MP's. The regs will most likely be debated in the Lord's on November 
> 13th, so this will possibly be the only occasion to debate the proposals 
> before they come before the Chamber.
>
> The meeting will take place on Wednesday 5th November, between 2 and 4 PM 
> in Committee Room 5. Please let me know whether you would like to join us.
>
> Best wishes
>
> Simon
>
>
>
> BBCi at http://www.bbc.co.uk/
>
> This e-mail (and any attachments) is confidential and may contain
> personal views which are not the views of the BBC unless specifically
> stated.
> If you have received it in error, please delete it from your system.
> Do not use, copy or disclose the information in any way nor act in
> reliance on it and notify the sender immediately. Please note that the
> BBC monitors e-mails sent or received.
> Further communication will signify your consent to this.


_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)