As the controversial Data Retention and Investigation Powers Bill (DRIP) slips its way through the House of Commons and into the House of Lords, the outspoken boss of broadband ISP Andrews & Arnold (AAISP), Adrian Kennard, has promised to use “all practical legal means” in order to protect their customers from state sponsored Internet snooping.
The bill, which is being rushed through parliament as emergency legislation, is effectively an amended version of the original Regulation of Investigatory Powers Act 2000 (RIPA) which, upon request, requires phone and Internet providers to keep a basic access log of all website, email and phone call activity for up to 12 months. It’s also been accused of giving the Government and GCHQ powers to continue mass state-sponsored surveillance.
The rush to push the powers through follows an earlier ruling by the European Court of Justice (ECJ), which found that the EU’s related Data Retention Directive was now considered “invalid” (here and here) because it breached the “fundamental right to respect for private life and the fundamental right to the protection of personal data” (i.e. Charter of Fundamental Rights of the EU).
But instead of addressing the ECJ’s ruling the emergency powers, which mercifully include a sunset clause that allows the legislation to be reviewed every six months, seeks not only to keep RIPA alive and protect it from EU legal challenges, but also to sneakily extend its remit to more Internet services (e.g. webmail, Skype and online video games perhaps) and make it more clearly applicable to non-UK entities (here).
Suffice to say that there has been a lot of criticism about the way that the coalition Government, alongside the Labour party (both have long sought additional snooping powers), has gone about pushing through the new law with its small but extremely significant changes. But at least one ISP plans to do all it can to oppose the changes.
Adrian Kennard, MD of AAISP, said:
“Just to be clear on our policy here – if DRIPA comes in to force, and if A&A become subject to a retention notice for all customers, we aim to work on all practical legal means to minimise the amount of data retained under that legislation – making full use of the bad wording in the Schedule in the 2009 regulations where possible.
We also aim to clearly publish what is retained under such a notice and what steps we have taken to minimise such data. Such steps may mean separate companies running email or other services, or even hosting some servers outside the UK, if those are practical steps we can take.
Why? Because blanket mass surveillance is illegal under EU law as it is against our basic human right to privacy as decided by a court, that’s why!”
Similarly Entanet’s Product Manager, Paul Heritage-Redpath, said, “It is outrageous that laws affecting each and every one of us are being passed seemingly without any of the normal parliamentary oversight or debate.”
Paul Heritage-Redpath added:
“There has been zero consultation. Instead, we will have a law that has been rushed through that gives the government tremendous power – and which the European Court of Justice has rejected. Once again the UK state is flying in the face of public opinion, ignoring industry experts and trampling on citizens’ rights in an attempt to extend its powers over technologies those in power understand little of and have even less control over. This is a sad day for British democracy.”
At some point in the future the Government will be forced to come back and address the legislation properly, although with most MPs now seeming set to support the tougher measures it’s difficult to see how the situation will change going forwards.