The second draft of the controversial Communications Data Bill, which aims to allow unparalleled interception of data about UK citizens' online communications and voice calls, is to be released next month.
Government publishes draft 'snooping Bill', estimated cost: 1.8bn Jimmy Wales and Sir Tim-Berners Lee slam Data Communications Bill MPs voice Communications Data Bill concerns to Home Secretary Draft Communications Data Bill ‘more far-reaching than first thought’ Clegg urges government to rethink ‘snooping Bill’
Gary Hough, a member of the Internet Services Providers Association (ISPA) Council, told Computing that although the next draft was due to be published at the end of February, the government had told ISPs in a meeting this week that it would instead be published at the end of March.
Government officials did not state why the delay had occurred, aside from assuring ISPs including Sky, BT and Virgin Media that many issues that were raised by MPs and ISPs would be addressed.
Concerns have been raised by MPs who believe that the bill, dubbed a 'snooper's charter' by critics, represents a huge invasion of privacy that could be exploited by criminals. The inventor of the World Wide Web, Sir Tim Berners-Lee, also voiced his concerns, claiming that the government plans were "draconian".
Hough, who is also regulatory manager at ISP provider Zen Internet, said a major concern is that those working on the proposal cannot comprehend technical issues.
"I think certainly we have seen a lack of technical understanding from Home Office officials and parliamentary people, which is quite concerning," he said.
"It's very easy to get on the back of law enforcements' needs but they need to start to see the actual work and costs associated with putting in the bill," he added.
According to the draft as it stands, the secretary of state will make sure that appropriate arrangements are put in place to ensure that ISPs will be compensated for their costs.
But Sarah Needham, senior associate at law firm Taylor Wessing, said a lack of further detail begs the question of whether some service providers may still end up out of pocket.
Zen's Hough said it was not just about the costs involved but about the logistics.
"We have to look at operational issues of implementing this, the systems, the staff, the security of the data, the legality of the data from a data protection standpoint and from an EU law standpoint. Even if bigger ISPs have the resources and funding to implement this, it does not mean the rest of the ISPs do," he said.
Lack of transparency
Needham's views on a lack of further detail have been echoed by MPs and the Open Rights Group.
One of the main areas of concern is that of retaining data, but Hough believes that even with the latest draft the government has made it clear that it may not be able to publicise exactly what types of data are to be retained "for national security reasons".
But on the flip side, Hough believes that the security of data that is being transferred from ISPs would also be under scrutiny, as it could mean an increase in criminal activity online.
"All of the data is to be held in one place at one time – where this will be, where the data is going to go, who is it going to go to; the government has a track record of not looking after data security," he said.
"As an ISP, we make sure the data is encrypted and it goes through data security procedures, but once it leaves our domain we would have no control over it," he added.
There was also a lack of detail explaining the finances behind the proposition. The government claimed the bill would cost about £1.8bn over 10 years but would benefit the UK economy by £5bn to £6.2bn over the same period.
However, there was no explanation as to how the government calculated any of the figures involved.
The public
Home secretary Theresa May has claimed that without the bill there is a "serious and growing risk that crimes enabled by email and the internet will go undetected and unpunished".
And Hough believes the public are the ones who should be consulted more than anyone and is surprised that the government hasn't aimed to do this.
He added that there will be a lack of awareness among the public on what the bill will exactly entail, and suggested that many of the UK's population won't have anything to hide, but those that do will find a way of doing so – meaning they could escape being caught out by the bill.
Without the bill, Zen's Andrew Saunders admitted that the ISP does not currently hold historical data of its users, but if a court order is put through it can track that users' online activity.
Hough believes the government does not need the historical data to gauge criminal activity, and that, as the draft stands, the government is trying to cover up other use cases for such data.
"There has been a lot of criticism from people on whether it is just an excuse for music downloads to be tracked, or for local authorities to be able to know what is put into your waste bins. The Home Office was quick to discount this but I haven't seen anything at all that allays those fears. They need to be very prescriptive on what data is going to be captured and at the moment they are not, as they are using the excuse of national security," he said.
The law
Aside from retention of data, Hough believes the key fear is of the involvement of third-party companies like Facebook and Google that do not reside in the UK.
"The use of third-party services like Gmail, for example, is a big concern for how the government will obtain co-operation with them on this. They said they would clarify this in the next draft. I know the Austrian government has rejected a similar proposal under EU law, which could be another stumbling block," he said.
One firm that would not co-operate is Wikipedia. It's founder Jimmy Wales said Wikipedia would encrypt all connections with the UK if the plans to track internet, email and text use become law.
Hough believes that, after the next draft is published, the bill could be passed within 18 months through judicial processes and parliamentary scrutiny.