Last updated: 
1 month 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Committee reports on draft Investigatory Powers Bill

Wednesday, February 17, 2016 - 10:03

At the LINX meeting yesterday I was invited to summarise the various Parliamentary Committees' reports on the draft Investigatory Powers Bill. For more detail, see Graham Smith's excellent commentary.

All three reports find problems, though the pattern has changed from four years ago when the predecessor Communications Data Bill was considered. In 2012 the most severe criticism came from the Joint Bill Committee: this time that Committee considers the Government is "on the right track but significant changes are needed". The Commons Science and Technology Committee's headline is that the "cost of the Bill could undermine UK tech sector". But the most critical report comes from the Intelligence and Security Committee which, working at a high level of security clearance, should have the most information about the activities of the security services. They find aspects of the Bill "inconsistent and confusing" and comment "even those working on the legislation have not always been clear as to what the provisions are intended to achieve".

The reports share many common features. All are concerned about the unclear definitions, picking out "internet connection records" as a particular problem. The unclear extent of powers "relating to the removal of electronic protection" and "equipment interference" is criticised: the Science and Technology Committee in particular note that this lack of clarity combined with the very wide range of organisations that might be subject to these powers could damage trust in the UK high tech sector as a whole. All Committees are concerned at the potential breadth of "bulk" powers and "class" warrants, doubting whether the case for such intrusive measures has been made. For the debate in Parliament to be meaningful they consider that the Codes of Practice, which the Government will use to implement the Bill's powers, must be published alongside the Bill. Finally all are critical of the timescales, both for their reviews and also for the preparation of the draft Bill: the Intelligence and Security Committee say "it appears that the draft Bill has perhaps suffered from a lack of sufficient time and preparation".

The Government does now have a fixed deadline, since the High Court ruled last July that current UK data retention law was incompatible with human rights and would be suspended from 31st March 2016. There are now suggestions that, to allow sufficient time to address the issues raised by the Committees, the Government might propose legislation extending that deadline separately from the full Investigatory Powers Bill.