Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Communications Data Bill - Be Very Afraid!

Communications Data Bill - Be Very Afraid!

An overview of the UK's draft Communications Data Bill, presented at OggCamp2012 on behalf of the Open Rights Group by Simon Phipps.

Downloadable file is a Hybrid PDF and can be edited in LibreOffice.

Simon Phipps

August 19, 2012

More Decks by Simon Phipps

Other Decks in Technology


  1. Simon Phipps
    Director, Open Rights Group
    Communications Data Bill
    Be Very Afraid...

    View full-size slide

  2. CDB tl;dr (for early leavers...)

    New law that allows any agency so authorised to
    order your ISP to collect ALL meta-information
    about everyone's internet activity, retain it for a
    year and supply it to them for arbitrary analysis.

    Almost impossible to repair in a way that
    preserves citizen digital rights.

    Needs your input now.

    Needs you to start supporting ORG

    View full-size slide

  3. The Topic Of The Hour

    Previously rumoured as “Interception
    Modernisation Programme” under Labour

    Announced as “Communications Capabilities
    Development Programme” in Queen's Speech

    Now “Communications Data Bill” (CDB)

    Colloquially, “Snooper's Charter”

    View full-size slide

  4. Didn't The Coalition Say No?

    When the coalition was elected, they promised that:
    – “We will end the storage of internet and email records
    without good reason”

    Nick Clegg added:
    – "We won't hold your internet and email records when there
    is just no reason to do so."

    Seems someone had a
    “Yes, Minister” moment...

    View full-size slide

  5. CDB Is A Zombie Bill

    It gets killed ... It keeps coming back to life

    Source is deep inside Home Office

    Same outcomes sought repeatedly

    This will probably not be the last time we need
    to defeat it...

    View full-size slide

  6. CDB Structure

    Part 1 creates a new power to order ISPs to
    collect communications data

    Part 2 creates a system for assorted public
    bodies to get access to this data.

    Part 3 adjusts other laws to reflect the new
    powers and establishes who has oversight.

    View full-size slide

  7. What Data?

    Modelled on existing powers (“may read the
    envelope”): postal, phone records

    Any traffic data, use data, or subscriber data

    But not the message itself

    Kept for 12 months by default

    Any civil, criminal or military proceedings can
    trigger indefinite retention

    No requirement for any citizen to be told

    View full-size slide

  8. Delivered-To: [email protected]
    Received: by with SMTP id m3csp12715pbn;
    Thu, 26 Jul 2012 07:11:49 -0700 (PDT)
    Received: by with SMTP id zz6mr41583709oeb.11.1343311909082;
    Thu, 26 Jul 2012 07:11:49 -0700 (PDT)
    Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [])
    by mx.google.com with ESMTPS id r4si21118589obz.27.2012.
    (version=TLSv1/SSLv3 cipher=OTHER);
    Thu, 26 Jul 2012 07:11:48 -0700 (PDT)
    Received-SPF: pass (google.com: domain of [email protected] designates as permitted sender) client-ip=;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates as permitted sender) [email protected]
    Received: by mail-ob0-f182.google.com with SMTP id un3so2755750obb.41
    for ; Thu, 26 Jul 2012 07:11:48 -0700 (PDT)
    X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=google.com; s=20120113;
    Received: by with SMTP id js2mr42185754obb.38.1343311908355;
    Thu, 26 Jul 2012 07:11:48 -0700 (PDT)
    Received: from [] (cosm4.all-cosme.info. [])
    by mx.google.com with ESMTPS id qv2sm10759032obb.11.2012.
    (version=SSLv3 cipher=OTHER);
    Thu, 26 Jul 2012 07:11:47 -0700 (PDT)
    Subject: Re: Speaking At OggCamp
    Mime-Version: 1.0 (Apple Message framework v1084)
    Content-Type: multipart/alternative; boundary=Apple-Mail-3--67519763
    From: Simon Phipps
    Date: Thu, 26 Jul 2012 15:11:40 +0100
    Cc: Jim Killock ,
    Peter Bradwell ,
    Ryan Jendoubi ,
    Mark Johnson
    Message-Id: <[email protected]>
    References: <[email protected]>
    <[email protected]> [email protected]>

    To: Dan Lynch
    X-Mailer: Apple Mail (2.1084)
    X-Gm-Message-State: ALoCoQmaq4J5AUU0LXmhSdsgSViBrM1WrP9ho/r7yY512bu2pMzZY3z4mqwCSX5L5HlRmLOTgRdI
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain;
    Looking forward to being there again :-)
    Simon Phipps, http://webmink.com/
    Meshed Insights & Knowledge
    Mobile: +1 415 683 7660
    New office line: +44 238 098 7027
    Not OK

    View full-size slide

  9. Exactly What Data?

    Information about how the service is used by people, except for the
    contents of communications

    Any information that a telecoms operator has about people who use their

    Traffic data: Anything associated with a communication for the purpose of
    facilitating transmission, which also satisfies at least one of these criteria:
    – Identifies any person, apparatus, or location which the communication is being sent
    to or from
    – Identifies apparatus involved in sending the communication
    – Controls apparatus involved in sending the communication
    – Identifies the time when something relating to the communication occurs
    – Identifies data that is associated with the communication

    For postal operators: anything the postal service uses to transmit the
    communication, anything about how people are using the postal service,
    and any other data that the postal service has about people who use the

    View full-size slide

  10. That's a lot!

    Yes, and for a long time & a lot of eyes

    Enormous volume of data

    Can be data mined, heuristically analysed &
    triangulated with other data

    Can be managed by a central service

    Can be shared with wide range of users

    With friction of mechanical records removed, offers
    unprecedented ability to deduce anyone's location,
    actions, opinions and associations

    View full-size slide

  11. Who can request?
    (a) a police force,
    (b) the Serious Organised Crime Agency,
    (c) Her Majesty’s Revenue and Customs,
    (d) any of the intelligence services,
    (e) any public authority designated for the
    purposes of this Part by order of the Secretary of

    View full-size slide

  12. For What Purpose?
    (a) in the interests of national security,
    (b) for the purpose of preventing or detecting crime or of preventing disorder,
    (c) for the purpose of preventing or detecting any conduct in respect of which a penalty may be
    imposed under section 123 or 129 of the Financial Services and Markets Act 2000 (civil penalties
    for market abuse),
    (d) in the interests of the economic well-being of the United Kingdom,
    (e) in the interests of public safety,
    (f) for the purpose of protecting public health,
    (g) for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution
    or charge payable to a government department,
    (h) for the purpose, in an emergency, of preventing death or injury or any damage to a person’s
    physical or mental health, or of mitigating any injury or damage to a person’s physical or mental
    (i) to assist investigations into alleged miscarriages of justice, or
    (j) where a person (“P”) has died or is unable to identify themselves because of a physical or
    mental condition, to assist in identifying P, or to obtain information about P’s next of kin or other
    persons connected with P or about the reason for P’s death or condition.
    The Secretary of State may by order amend this subsection so as to add to or restrict the
    permitted purposes.

    View full-size slide

  13. Who & For What Purpose

    Anyone the Secretary of State wants.

    Anyone to whom the Secretary of State

    For any purpose the Secretary of State wants.

    View full-size slide

  14. Justifications

    “We have to keep up with the technology
    criminals are using”

    “It's meta-data that contains no personal

    “We'll ask OfCOM first”

    “We will make sure the data is used properly”

    “It will only cost £1.8bn”

    View full-size slide

  15. What's Wrong With That?

    “Keeping Up”
    – This is not the postal service
    – There's no public accountability or judicial oversight

    “No Personal Data”
    – Meta-data allows triangulation
    – Mass data allows heuristic analysis

    “Ask OfCOM/Data Protection”
    – Already ineffective on behalf of citizens

    “Used properly”
    – Mission creep will happen
    – Home Secretary can arbitrarily extend without oversight

    View full-size slide

  16. Triangulation

    View full-size slide

  17. Mission Creep

    Congestion charge cams

    Traffic status cams

    Routine police tool

    Car park cams

    Routine business tool

    Once created, any resource
    can be repurposed in
    response to a popular crisis

    View full-size slide

  18. Summary

    CDB makes us all a suspect.

    Instead of being under surveillance when there
    is evidence of wrongdoing, you will be under
    suspicion by default.

    Once created, this resource can only grow in
    scope & use

    View full-size slide

  19. What shall I do?
    In order of engagement:

    Join Open Rights Group
    – http://openrightsgroup.org

    Read ORG materials
    – https://wmk.me/TMvWns

    Respond to consultation THIS WEEK
    – http://www.parliament.uk/business/committees/committees-a-

    Join (or start) a local ORG chapter

    View full-size slide

  20. Simon Phipps
    Director, Open Rights Group

    View full-size slide