FIPR workshop on snooping-laws in the UK

On 22 October, EDRI members FIPR and Privacy International held a public
meeting to assess proposed government legislation to retain and snoop on
information about the phone and Internet activity of everyone in the UK.

Speakers from the government side tried to convince a sceptical audience
that the plans were a necessary and proportionate response to crime.
Representatives of the Home Office, Northamptonshire County Council and
the Department for Work and Pensions said that access to this data was
essential to their work. However, the head of information rights at the
Department for Constitutional Affairs said that they still had concerns
about the regulation of some government agencies. Meanwhile technical,
industry and Parliamentary speakers described the many problems with the
legislation. Oversight, cost and legality all remain to be addressed to
the satisfaction of many UK experts and Parliamentarians.

Today a follow-up meeting is taking place in the House of Lords, chaired
by Lord Phillips of Sudbury. Senators (‘Peers’) from all parties will be
attending. Several sceptical Lords are expected to push for rejection of
the proposed legislation. Co-organiser Privacy International will point at
the dangerous international aspects of mandatory data retention.
Eventually these very privacy-sensitive data will become available on
request to investigation authorities in countries such as Estonia, Serbia,
Russia and Croatia.

The potential for overseas countries to access this information comes
about through a range of international treaties. The most notable of these
is the recent Council of Europe (CoE) Cybercrime Convention, which allows
for ‘minimum standard’ mutual law enforcement assistance between nations.
37 countries have so far signed the treaty, including Armenia, Greece,
Lithuania and Turkey. Albania, Estonia and Croatia have already ratified
the treaty, thus bringing it into legal force. The UK has signed the
treaty, but no date has yet been set for its ratification into law.

Privacy International is especially worried because current procedures in
the UK do not require dual-criminality when responding to requests from
other countries. In fact, sometimes only very basic information is
required to inform the UK officials of the purpose of the data to be
transferred, and data may in turn be kept by foreign governments as long
as they see fit.

Scrambling for safety nr. 7 programme and pictures
http://www.fipr.org/sfs7.html

Cybercrime treaty
http://conventions.coe.int/Treaty/EN/WhatYouWant.asp?NT=185

Overview of signatures and ratifications
http://conventions.coe.int/Treaty/EN/searchsig.asp?NT=185&CM=&DF=