The current surveillance legislation allows public authorities to legally intercept communications on devices upon approval of a warrant. Is this power harmful to our rights?
Photograph: Lianhao Qu on Unsplash
The current legislation around surveillance law derives mostly from the Investigatory Powers Act 2016 (IPA). The IPA makes provisions on the interception of communications, equipment interferences, the acquisition and retention of communications data and bulk personal datasets. The Act sets out the investigatory powers which may be used. It also outlines powers suggesting for interference of data, imposing duties and protection for privacy.
Other legislation covering surveillance is of the Data Protection Act 2018 (DPA), which was developed to protect peoples’ personal data. The General Data Protection Regulation (GDPR), an EU law, sets out the procedures organisations have to adhere to when collecting personal data. Now the UK has left the EU, GDPR laws will be retained into UK law as the UK GDPR.
The IPA 2016 is a statutory provision giving British intelligence and police officials the power to collect information through the retention of bulk data. The Act provides for the power by granting a warrant to gather data, through tapping directly into communication channels from our mobiles and computers. The government can also order companies to hold onto our communication data. The Act allows government officials to enforce an obligation on companies to assist operations and bypass encryption. The government can demand that a public telecommunications service intercepts an individual's communications, allowing for the monitoring of activities without the knowledge of the individual. The security service can acquire and analyse bulk collection of communications data through a bulk dataset (e.g. private email records). The Act states powers can be exercised by acquiring a warrant that has to be approved by the appointed Judicial Commissioner, but further supplementary tests should be followed.
Criticism against surveillance law is further outlined by the courts. In January 2018, the Court of Appeal said that the Data Retention and Investigatory Powers Act 2014 (DRIPA) (a previous law covering state surveillance which has been expanded on in the IPA 2016) was unlawful. The court ruled that the legislation breached peoples’ rights by collecting internet activity and phone records. The legislation allowed public bodies to grant themselves access to personal details despite the lack of suspicion of a ‘serious crime’ being committed and required no independent sign-off.
The IPA 2016 is an Act which lays out the mass surveillance powers such as indiscriminate monitoring (involving a systematic interference with people’s right to privacy). Privacy campaigners say this is easily available to security services. To obtain a warrant to use these mass powers, there only needs to be approval from the appointed Judicial Commissioner seeing application of the IPA. The tests takes into account ‘relevant grounds’ looking at interests of national security, preventing serious crime and interests of the economic well-being. The test does not follow a stringent procedure but is rather subjective leading to surveillance being targeted and based on suspicion. The IPA 2016 allows not just the security services, but also government bodies to analyse the records of millions even if they are not under suspicion. As the Act requires communication service providers to be active participants in data interception, there is a movement into the legalisation of bulk surveillance by government. Some authorities who are allowed to access internet connection records without a warrant include: the Metropolitan Police Service, GCHQ, HM Revenue & Customs, the NHS, the Financial Conduct Authority, the Gambling Commission and the Serious Fraud Office.
For the citizen, the potential of being able to obtain public services from central or local government quickly, reliably, and efficiently is justification for electronic government (e-government). Through the electronic co-ordination of health and social care, public transport, and education; e-government aims to improve the delivery of public services. This could be achieved by providing faster diagnosis and treatment, monitoring of personal performance, easier payment systems and the online provision of targeted information. The collection and processing of data on sections of the population is important to the development of future public policies. Predictive and proactive strategies based on the analysis of personal data are, controversially, becoming more important in relation to the provision of children's services by safeguarding children’s welfare in residential childcare settings. This is achieved as the Act allows for retention of internet records, which can be used by law enforcement to identify communication service to a device.
Surveillance has been influential in the formation of predictive policing. The collection of data creates an algorithm that officials such as public bodies can follow when safeguarding of the public, albeit at the expense of individuals’ privacy. The programme requires a collection of bulk data which can be used to target certain individuals.
The European Convention on Human Rights (ECHR) was incorporated into the United Kingdom by way of the Human Rights Act (HRA) 1998. This sets out the fundamental rights and freedoms that everyone in the UK is entitled to. The most notable right concerned with surveillance within the ECHR is Article 8, which states that: ‘Everyone has the right to respect for his private and family life, his home and his correspondence.’
Surveillance law needs to take into consideration human rights such as an individual’s right to privacy and freedom of expression. This is because the line between ‘interception’ and ‘interference’ for what is ‘necessary’ is neither clear nor transparent. Since coming into force in 2016, the IPA has been subject to scrutiny on numerous occasions, most notably by the United Nations Human Rights Council (UNHRC), outlining IPA’s strategy to be ‘flawed’.
Further to this, the potential misuse of the powers, enabled by the IPA, serve to infringe rights. For example, the watchdog, the Investigatory Powers Commissioner’s Office (IPCO) revealed that MI5 had been ‘illegally mishandling our data for years’ even while exercising powers given by the Act. On the other hand, there is evidence that surveillance is effective in improving national security and that excessive collection of bulk data may be useful in preventing crimes.
One thing is clear, the Act needs provisions and reform that will balance protection and safeguarding individuals’ privacy.
By Serina Shrestha, LLB Law Student at Queen Mary University of London