DRIP - UK Data Retention and Investigatory Powers Bill
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sat Jul 12 20:32:07 BST 2014
On 12/07/14 17:17, Francis Davey wrote:
>
> 2014-07-12 16:54 GMT+01:00 Peter Fairbrother <zenadsl6186 at zen.co.uk
> <mailto:zenadsl6186 at zen.co.uk>>:
>
>
> I don't know whether that is deliberate power grab or just sloppy
> drafting - but it really cannot be allowed to stand.
>
>
> I discussed this with him. I think "sloppy drafting" is more likely in
> my experience of the way these things are put together in a rush.
> Obviously it could well be deliberate, but legislative drafting is an
> extremely poor quality exercise - one of the reasons why you need
> Parliamentary time.
I dunno - maybe they got the wording from an earlier attempt to, Oh,
let's say, do deep packet inspection of the entire the web - and didn't
change it.
The supposed justification (in the notes) for the change is to make
plain that the revised definition includes webmail servers - but this is
a fundamental change to RIPA, not just to the otherwise partly-limited
DRIP, and apart from including webmail servers it includes all social
media sites like Facebook, and almost all online games sites, and many
many other services, which were never included (or thought to be
included) before.
I find it hard to believe that nobody realised that.
> I am afraid I completely believe that this was all done at the last
> minute. I.e. that not only was nothing done since April but no-one was
> planning for the result in April - which many of us anticipated anyway.
Yes, I can easily believe it was done in a bit of a hurry - but again,
it was supposed to be done in such a way as to _ensure_ that it did
nothing more, or as little more as possible more, than replace the 2009
Regulations.
Section/Clause 5 conspicuously does far far more that that. Did nobody
notice?
> However, it is self-evident that DRIP does more than re-enact the 2009
> regulations. Indeed if that was what they wanted to do, a few lines of
> statute would do the trick. There is therefore no excuse for the rush
> with the wording before Parliament right now.
Agreed. To do that we would need to at least:
Modify ss. 1(5) to apply the 12-month limit to all Notices and
Regulations and Powers made under the Act.
Delete ss.1(6)(b)
Delete ss.1(7)
Otherwise modify section1 to comply with the above.
Put the 2009 Regulations schedule in a schedule to the Act, and apply it
universally, so that only data described in the schedule comes under DRIP.
Modify ss.2(1) to the definitions in the 2009 Regulations.
Delete ss.2(2) and 2(3).
Delete ss.2(4)(c).
Delete sections 3,4 and 5 entirely.
Or, perhaps most important of all, just delete section 5.
AFAICT, that's the baddest bit, by a very very long way.
I don't much care about the exact details of how and what, I just care
that the job of the Police in accessing personal data from the internet
is hard - otherwise they may make too much use of their legal power to
do it.
Also, if it's hard they will tend to only use it where necessary.
-- Peter Fairbrother
More information about the ukcrypto
mailing list