The UK Government's Draft Investigatory Powers Bill is a missed opportunity to bring much needed clarity to the security agencies' intrusive capabilities", a joint parliamentary committee reported today.
Ahead of the separate report by the joint committee providing formal pre-legislative scrutiny of the draft bill, the Intelligence & Security Committee has published its views on those aspects of the bill that relate to the agencies' investigatory powers.
The committee supports use of such powers where necessary and proportionate, and the Government’s broad intent to provide greater transparency around those powers through new legislation. However, while the draft bill incorporates a number of earlier recommendations by the committee, it is "disappointing" that the various powers and authorisations will remain scattered through different pieces of legislation and that the draft bill therefore fails to provide a comprehensive legal framework. "In our view this is a missed opportunity", the report states.
In particular it calls for an entirely new part in the bill dedicated to overarching privacy protections. These should "form the backbone of the legislation", ensuring that privacy is integral to the approach rather than an add-on, with the exceptional powers in the bill being built round this. At present the draft bill "adopts a rather piecemeal approach, which lacks clarity and undermines the importance of the safeguards associated with these powers".
Major changes are also recommended in three areas: equipment interference, bulk personal datasets, and communications data.
On equipment interference, all IT operations should be brought under the same legislation, with the same authorisation process and the same safeguards. No sufficiently compelling evidence has been produced as to why bulk equipment interference warrants are required: in the committee's opinion, targeted warrants can be drawn sufficiently broadly that a separate "bulk" warrant is unnecessary.
Regarding bulk personal datasets, as a general principle the committee consider that class authorisations should be kept to an absolute minimum. Given that each such dataset potentially contains personal information about a large number of individuals, the majority of whom will not be of any interest to the agencies, the committee considers that each dataset is sufficiently intrusive that it should require a specific warrant and class bulk personal dataset warrants should be removed from the legislation.
As for communications data, the approach to examination of data is "inconsistent and confusing". It is essential, the committee states, that the same safeguards are applied to the examination of all such data, however acquired, and these should be statutory rather than simply policy and good practice.
Other more specific matters are also highlighted, such as "operational purposes", timeframes and the extra-territoriality of the draft bill, which the committee believes require amendment if the legislation is to provide "the security and intelligence agencies with the investigatory powers they require, while protecting our privacy through robust safeguards and controls".
Committee chairman Dominic Grieve QC, the former Attorney General, commented: "Taken as a whole, the draft bill fails to deliver the clarity that is so badly needed in this area. The issues under consideration are undoubtedly complex; however it has been evident that even those working on the legislation have not always been clear as to what the provisions are intended to achieve. The draft bill appears to have suffered from a lack of sufficient time and preparation. Therefore while we are conscious of the time constraints upon the Government due to the sunset clause in the Data Retention and Investigatory Powers Act 2014, we would urge them to take time when bringing forward the new legislation in order to construct a comprehensive and clear legal framework for authorising the actions of the intelligence agencies."