CHAPTER 11: SERVICE PROVIDERS
(c)
Companies were all concerned about the implications of being compelled to
cooperate in interception and data matters. Although they would welcome an
avenue to seek clarity, particularly about the meaning of the law and general
requirements placed on them, they did not wish to have a discretion to question
the merits of a particular interception or data request. It was for Government to
ensure that a request was lawful, necessary and proportionate, such that they
could then comply with it without fear of redress unless they themselves made an
error.
11.33. All thought the Government-industry relationship needed improvement. Some
companies were nevertheless suspicious that competitors enjoyed privileged
relationships with Government, though no company felt that it had one.
11.34. In this respect, whilst the existing mechanisms of the Government-industry
relationship, such as the Communications Data Strategy Group, were welcome, they
did not extend to matters of interception.20 There was an appetite for more strategic
discussion with industry at an earlier stage. The perceived inadequate consultation
over the 2012 Bill still rankled,21 as did the handling of DRIPA 2014. There remained
concerns that the technical features of the 2012 proposals, the request filter and DPI,
were not likely to be effective, though this may be an example of inadequate
engagement rather than a fully informed disagreement on technology. They noted that
the sunset clause in DRIPA 2014 s8(3) will operate from the end of 2016, and that
consultation with them thus needs to begin quickly.
11.35. There was further concern that the law was complex, that it had not kept up with
technological and market change, and that it was dispersed over different statutes.
Some concerns were highly technical, such as the impact of the definition of
interception in relation to requests to remove offensive material or apply virus
protection tools. In part the response to these difficulties was a desire to have a route
to clarify the law, perhaps through easier access to the courts. But there was an
appetite to see the law made clearer and consolidated, for example as between the
scope of RIPA and TA 1984. In addition, they felt that data retention and data
protection rules could find themselves in conflict.
11.36. UK companies generally thought the distinction between communications data and
content was still valid, but needed development. Web logs, cloud services and social
media were particularly difficult areas to reconcile with the current definitions.
Companies felt that some communications data was highly intrusive and this was not
fully recognised by current legislation. There was no longer any simple physical
separation of internal and external communications.
11.37. Companies had a number of tactical suggestions as to how interception and data
arrangements could be improved within the current legal framework, and believed that
greater cooperation would engender ideas for more effective use of available powers
and capabilities and enable future challenges better to be anticipated and dealt with.
20
21
Although new arrangements are to be introduced from May 2015, see 7.74.
That perception was shared by the JCDCDB, which was critical of the lack of consultation: JCDCDB
Report, chapter 4.
211