DRIP - UK Data Retention and Investigatory Powers Bill

Peter Fairbrother zenadsl6186 at zen.co.uk
Sat Jul 12 20:32:07 BST 2014 

On 12/07/14 17:17, Francis Davey wrote:
>
> 2014-07-12 16:54 GMT+01:00 Peter Fairbrother <zenadsl6186 at zen.co.uk
> <mailto:zenadsl6186 at zen.co.uk>>:
>
>
>     I don't know whether that is deliberate power grab or just sloppy
>     drafting - but it really cannot be allowed to stand.
>
>
> I discussed this with him. I think "sloppy drafting" is more likely in
> my experience of the way these things are put together in a rush.
> Obviously it could well be deliberate, but legislative drafting is an
> extremely poor quality exercise - one of the reasons why you need
> Parliamentary time.

I dunno - maybe they got the wording from an earlier attempt to, Oh, 
let's say, do deep packet inspection of the entire the web - and didn't 
change it.



The supposed justification (in the notes) for the change is to make 
plain that the revised definition includes webmail servers - but this is 
a fundamental change to RIPA, not just to the otherwise partly-limited 
DRIP, and apart from including webmail servers it includes all social 
media sites like Facebook, and almost all online games sites, and many 
many other services, which were never included (or thought to be 
included) before.


I find it hard to believe that nobody realised that.


> I am afraid I completely believe that this was all done at the last
> minute. I.e. that not only was nothing done since April but no-one was
> planning for the result in April - which many of us anticipated anyway.

Yes, I can easily believe it was done in a bit of a hurry - but again, 
it was supposed to be done in such a way as to _ensure_ that it did 
nothing more, or as little more as possible more, than replace the 2009 
Regulations.

Section/Clause 5 conspicuously does far far more that that. Did nobody 
notice?


> However, it is self-evident that DRIP does more than re-enact the 2009
> regulations. Indeed if that was what they wanted to do, a few lines of
> statute would do the trick. There is therefore no excuse for the rush
> with the wording before Parliament right now.


Agreed. To do that we would need to at least:

Modify ss. 1(5) to apply the 12-month limit to all Notices and 
Regulations and Powers made under the Act.

Delete ss.1(6)(b)

Delete ss.1(7)

Otherwise modify section1 to comply with the above.

Put the 2009 Regulations schedule in a schedule to the Act, and apply it 
universally, so that only data described in the schedule comes under DRIP.

Modify ss.2(1) to the definitions in the 2009 Regulations.

Delete ss.2(2) and 2(3).

Delete ss.2(4)(c).

Delete sections 3,4 and 5 entirely.







Or, perhaps most important of all, just delete section 5.

AFAICT, that's the baddest bit, by a very very long way.





I don't much care about the exact details of how and what, I just care 
that the job of the Police in accessing personal data from the internet 
is hard - otherwise they may make too much use of their legal power to 
do it.

Also, if it's hard they will tend to only use it where necessary.



-- Peter Fairbrother

More information about the ukcrypto mailing list