YouGov :"POLL - Blunkett's proposals on internet privacy: for or against"

Caspar Bowden cb at fipr.org
Sat, 15 Dec 2001 14:25:57 -0000 

> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Charles
> Lindsey
...
> http://www.publications.parliament.uk/pa/cm200102/cmhansrd/cm0
> 11213/debtext/

Blunkett
..
> > night, IT IS NOT POSSIBLE TO DO THAT, BUT PARADOXICALLY,
> > BECAUSE IT IS NOT
> > POSSIBLE TO DO IT, IT IS NOT REASONABLE TO SUGGEST THAT WE
> > CANNOT DO IT

> OK, I don't see the problem.

Well the problem is that an error-correcting code applied to Blunkett's
utterances needs to be able to fix two errors at once, because I can't turn
above into a true & sensible statement by fixing any single error !

> They can "voluntarily" (or compulsarily if
> it is made so) keep logs of "everything" (i.e. of such communications
> data as it is reasonably practicable to keep).

But the legally interesting question, from EC law and human rights law
perspective, is the purposes : national security or general crime

> BUT Plod cannot come along and say "see if you have any communications
> logged from Al Qaeda" (or, more precisely, he needs to specify some
> domain names or IP ranges or whatever that he is interested in) UNLESS
> he needs that data for purposes related to National Security).
>
> SO if Plod is just chasing after petty theft (or even paedophilia or
> drug trafficking) he can only ask for very recent stuff

Why only 'recent' for petty stuff - s'far as what the law says ?

> Of course, if he asks nicely, and says "Please", the ISP
> might give him a little bit more than his strict entitlement

After RIP Pt.1 Ch.2 & ATCS are in force, what legal difference does it make
if Plod asks nicely ?

> > blanket retention on the whole population (solely for law
> > enforcement purposes,
> > beyond period of business utility) is still illegal under
> > ECHR and Charter of Fundamental Rights.
>
> That may well so, in which case Blunkett's Bill falls at the first
> hurdle. But if the Bill is interpeted as "may retain beyond normal ISP
> requirements, but must not divulge except for specified
> purposes", as I have suggested above, then it might fly.

Sorry, I should have made myself clearer. Lord Phillips' amendment is
potentially double-edged for both civ.libs and Plod.

One hand, EC law cannot restrain what member states do or require for
national security. EC Comms Privacy Directive doesn't bite if data retention
is for nat.sec purposes

But on the other hand, if it is required for nat.sec purposes, then
presumably data protection law (European and domestic, 2nd DP principle
etc.) should bite to restrain that being used for general crime and broader
purposes.

And not-orthogonal-but-at-45-degrees to those arguments, is question of ECHR
Art.8 and whether blanket data retention is anyway unlawful - and then
extrapolating the jurisprudence on
necessity/proportionality/pressing-social-need in sphere of national
security and sphere of law enforcement.

That is why interpretation of

> > 1) Does that "which may relate directly or indirectly"

to national security, is going to be VERY complicated, VERY uncertain, and
general bean-feast for Matrix and Doughty St. chambers ;-)

--
Caspar Bowden                           www.fipr.org
Director, Foundation for Information Policy Research
Tel: +44(0)20 7354 2333