Investigatory Powers Bill

Written evidence submitted by Open Intelligence (IPB 23)

Investigatory Powers Bill

Introduction

[1] Open Intelligence is an independent think-tank operating at the intersection of technology and politics to advance security and liberty. Open Intelligence was founded by Andy Halsall and Loz Kaye.

[2] In the wake of another terrorist atrocity, this time in Brussels, clearly the work of the House of Commons Public Bill Committee on the Investigatory Powers Bill is of critical importance. That scrutiny must arrive at legislation that is effective, comprehensible and workable, not just theoretically desirable. Once again [1] the alleged perpetrators of a significant attack, in this case the el-Bakraouis, were known to law enforcement. The chief challenge faced in counter-terrorism, and policing, is not so much "going dark" as making sense of the abundance of light.

[3] The recommendations are made in view of [2].

Internet Connection Records

[4] The bill must not allow for blanket, suspicionless interception or retention of Internet communications. It is vital it is clear what is meant by records of Internet communications referred to in clauses 54 and 78, and that the committee can communicate this to technology companies, any type of service provider and the general public by the time that the committee reports. The committee, and previous committees, have received many submissions on this matter, highlighting concerns on feasibility, suitability, and a worrying misuse of resources overprioritising data rather than analysis.

[5] In practical terms, the Danish experience with Internet session logging legislation shows not only has the case not been made for ICRs, they have been tried and found wanting. While the Danish Ministry of Justice report document 549331 [2] is referred to in the the Comparison of ICRs with Danish Session Logging which accompanied the publishing of the bill, the essential problems outlined in the Danish MoJ document are not adequately addressed. In section 6 the Danish intelligence agency PET as expected found targeted surveillance useful, but session logging only to a very limited extent relevant for investigations.

[6] Subsequent to the publishing of "Comparison of ICRs with Danish Session Logging" the Danish Justice Minister has shelved new plans for Internet Connection Record logging in Denmark, chiefly observing the plans were "all too expensive". [3] This should be a matter of particular concern for the committee. The committee should request the cost evaluation that was made available to the Danish Justice ministry, and seek out a new detailed and realistic costing of the Home Office plans.

Bulk Equipment Interference

[7] As laid out in our submission to the Joint Committee [4] the case has not been made for bulk equipment interference, nor of its necessity or proportionality as a power. Even if bulk EI is just to be carried out for the purposes of gathering information, this is the kind of activity that other nation states would characterise as "hacking" or "cyber-attack". There has been no proper debate about the proper security framework for carrying out such activity. As such Part 6, Chapter 3 should be struck out, and the practice ruled out in accompanying guidelines.

Oversight

[8] The intention to create a unified office under an Investigatory Powers Commissioner is welcome following the recommendations of the 3 intercept powers reports and civil society. It would provide much needed clarity, as it is far from obvious who is responsible for what in the current bodies, or for the wider public that they exist at all.

[9] Part 8 should include the provision for a public charter for the operation of the IPC. This charter should contain a plain mission statement of its public remit, and clarify any potential conflicts between the judicial and advocacy roles of the IPC so it is clear that the IPC is unambiguously the public's champion. The charter should also set clear goals for investigation of information requests.

[10] Prompt avowal of capabilities was identified as crucial for public trust by the IRTL David Anderson. Part 8 should include an explicit IPC remit to assess whether new capabilities developed in relation to the powers granted by the bill exceed what is necessary and proportionate in their operation. The IPC should have a duty to report to the Secretary of State or Scottish Ministers to make a recommendation to discontinue a particular practice as overly intrusive, or to avow a particular capability.

[11] One common complaint is that politicians and civil servants lack fundamental understanding of technological issues. To address this, clause 211 should replace the Technical Advisory Board with the Advisory Council for Digital Technology and Engineering as per the RUSI report's recommendations 4 and 5. ACDTE should also have an ethical use panel.

Further submissions and documents

[12] Due to the truncated timetable, we have chosen to enter a short, focused submission at this stage. Open Intelligence reserves the right to make further submissions.

[13] Accompanying document- Open Intelligence response to the call for written evidence to the Joint Committee on the Draft Investigatory Powers Bill 20.12.15 [5]

March 2016


[1] See paragraph 4 of Open Intelligence submission to the Joint Bill Committee in reference to Michael Adebolajo. http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/draft-investigatory-powers-bill-committee/draft-investigatory-powers-bill/written/26293.html

[2] Redegørelse om diverse spørgsmål vedrørende logningsreglerne: http://www.ft.dk/samling/20121/almdel/reu/bilag/125/1200765.pdf

[3] "Pind forkaster dyrt forslag til internetovervaagning" DK Nyt 17th March 2016

[4] In paragraphs 3-6.

[5] http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/draft-investigatory-powers-bill-committee/draft-investigatory-powers-bill/written/26293.html

 

Prepared 24th March 2016