CHAPTER 14: EXPLANATIONS
evidence-based approach will be essential if this potentially useful initiative is to be
progressed, especially bearing in mind the difficult legal climate summarised above.
14.36. The question of how access to such material should be authorised, and in particular
when and how ISIC may need to be involved in addition to the normal mechanisms
for public authorities to access communications data, will also need careful
consideration in the event that a proposal is advanced.
14.37. As to compulsory retention of third party data – an extremely expensive part of the
planned Communications Data Bill – I did not get the sense that this was judged to be
the priority that it once was, even within law enforcement (9.64 above). The CSPs I
spoke to about it were either actively hostile or felt remote from the debate since it
was so long since they had been consulted. Some of the difficulties were identified in
2012 by the JCDCDB.32 Three years on, the comments of the JCDCDB at 14.25
above remain apposite.
14.38. Accordingly, as stated in Recommendation 18, there should be no question of
progressing this element of the old draft Bill until such time as a compelling operational
case has been made, there has been full consultation with CSPs and the various legal
and technical issues have been fully bottomed out. None of those conditions appears
to me to be currently satisfied.
Collection in bulk
14.39. Recommendation 19 concerns the equally controversial subject of bulk data
collection. The UK’s current regime for the collection of bulk data has been
exhaustively considered over the past year or so by:
(a)
The IOCC, in his reports of April 2014 and March 2015.33 The limits on the
power, and the safeguards on its operation, were meticulously set out and
considered.
(b)
The IPT, in the Liberty IPT judgment of December 2014.34
(c)
The ISC, in its Privacy and Security Report of March 2015.35
Some of the most senior judicial and political figures in the country have therefore had
the opportunity to analyse the regime and to comment upon it.
14.40. The IOCC and the IPT were not tasked with evaluating the statutory framework, but
rather with assessing whether it was properly and lawfully operated. Nonetheless,
each was exposed to the practical reality of that operation, including the full
safeguards that operate to protect individual privacy. In that connection, it is
significant that:
(a)
32
33
34
35
The IOCC, having pointed out that there was a policy question as to whether
the duly authorised interception agencies should continue to be enabled to
JCDCBC Report, paras 89-109.
IOCC Report of April 2014 at (6.5.27-6.5.58); IOCC Report of March 2015 at 6.23-6.40.
Liberty IPT Case, judgment of 5 December 2014, paras 61-152.
ISC Privacy and Security Report, chapters 4 and 5.
267