What the FT? UK to press EU for loopholes in surveillance ruling

Amber Rudd, the UK’s home secretary, will ask her colleagues across the EU to help her find loopholes in a ruling from the European Court of Justice that declared British surveillance laws to be illegal. 

Ms Rudd will warn other EU interior ministers at a Justice and Home Affairs meeting on Thursday that a limit on UK policing and intelligence powers could result in more cross-border crime around Europe, particularly terrorism.

What’s the background to this story?

The Investigatory Powers Act 2016 (IPA), also known as “the Snoopers’ Charter”, is a recent law that principally gives wide-ranging surveillance powers to the UK Government and public authorities.

Read the original article at the bottom of the page.
Our What the FT? series demystifies stories in the Financial Times. Read the original article about the IPA at the bottom of the page.

Under the IPA, communications service providers (such as telephone companies) must retain communications data (e.g. records of phone calls) for up to 12 months, when requested to do so by notice.

For the first time ever, the IPA also requires the collection and retention of records of internet services that have been accessed by a device. Importantly, various public authorities, including the police, HMRC, and the Gambling Commission, are given the right to access this data, in many cases without a warrant.

Unsurprisingly, these provisions have been widely criticised by privacy advocates, academics, and even telecoms companies.

The IPA consolidates existing legislation such as the Data Retention and Investigatory Powers Act 2014 (DRIPA), which was repealed at the end of 2016, but also extends existing requirements in certain places.

In 2015, two UK MPs asked the European Court of Justice (CJEU) to consider whether DRIPA was compliant with EU law, and in December 2016, the CJEU ruled that the legislation was illegal because it allowed the “general and indiscriminate” retention of electronic communications, in breach of the E-Privacy Directive (2002/58/EC), and when read in light of the Charter of Fundamental Rights of the European Union. EU law only permits the “targeted retention of data” and only to the extent “strictly necessary”.

Further, the access of national authorities to the retained data must be subject to conditions, including prior review by an independent authority and the data being retained in the EU. The only objective that is capable of justifying interference with the fundamental rights to respect for private life and protection of personal data is fighting “serious crime”.

The CJEU judgment was handed down after the IPA received Royal Assent. Although the ruling was determined in the context of DRIPA, its application is likely to be broader and, given the similarities with the IPA, it is thought that the CJEU guidance will apply to certain IPA provisions as well.

What are the wider implications of the IPA?

The main source of criticism has been around the requirements for bulk retention of data and the ability of public authorities to access that data. Human rights campaign groups consider that the IPA is not only an assault on the right to privacy, but also free speech and press freedom, as it significantly reduces the protection of journalists and their sources.

In fact, civil liberties advocacy group, Liberty, has recently launched a crowdfunded legal challenge against the Act, seeking a judicial review of the core bulk powers in the new legislation.

The IPA also gives rise to security-related concerns because it could require technology companies to create backdoors (e.g. through forced decryption) to give the government access to data and tech giants like Apple have warned that this would weaken security systems. Twinned with the bulk collection of data in multiple centralised databases, this creates a tempting target for hackers wishing to gain access to the information store.

Further, international companies are concerned about the extraterritorial applicability of the law. The IPA could potentially apply to non-UK operators that provide telecommunications services to people in the UK and certain powers also expressly apply to non-UK persons.

Negotiations will need to take place in parallel, especially in light of Brexit, to agree cross-border arrangements that prevent an international company from breaching its own national laws. In the meantime, the IPA is creating an additional source of uncertainty for foreign companies operating in the UK.

What is the Home Secretary seeking to do and will she succeed?

The Home Secretary is now hoping to align with those EU countries that have been particularly anxious about terrorism, such as Belgium, France and Spain, in order to find a legal loophole that would enable the UK to keep the IPA in its current format. More broadly, the Home Secretary is also seeking to clarify how far the government’s surveillance powers can go post-Brexit.

While member states acknowledge the UK’s important role in European security matters, inevitably, the UK’s vote to leave the EU has pushed away potential allies. Therefore, aside from having the difficult task of building strong legal arguments for maintaining extensive monitoring powers, the government will also face the added challenge of finding partners which will support its efforts to challenge the CJEU’s ruling.

What will happen next?

The UK is now under pressure to re-consider aspects of the IPA. The Court of Appeal has been tasked with determining how the CJEU’s ruling should be interpreted in domestic legislation and the government has stated that it does not intend to modify the IPA before the judgment is published in the next few months.

Corina Demeter is an associate at Herbert Smith Freehills

Rudd seeks loopholes in ECJ surveillance ruling

by Helen Warrell, Public Policy Correspondent

Amber Rudd, the home secretary, is to ask EU colleagues to help her find loopholes in a ruling from the European Court of Justice that declared British surveillance laws to be illegal.

Ms Rudd will warn other EU interior ministers at a meeting today that a limit on UK policing and intelligence powers could result in more cross-border crime around Europe, particularly terrorism.

She will argue that Britain and its EU allies need to form a consensus on what can be done to monitor electronic communications data while remaining within the law.

The ECJ judgment, published in December, dealt a blow to the UK’s security capabilities in ruling that the “general and indiscriminate” retention of electronic communications was illegal.

The Luxembourg court decreed that any such data retention should be targeted by time, geographical area or named individuals – and should be used only for the purposes of fighting “serious crime”, rather than by a wide range of public agencies.

While the judgment relates to a previous version of UK surveillance law, its replacement, the much stronger Investigatory Powers Act, compels internet and phone companies to keep the records of every phone call made and every website visited by any of their users for 12 months. The information accessed will be available to police, HM Revenue & Customs, the NHS, the Food Standards Agency and several other public bodies without a warrant.

When the act passed into law, the US whistleblower Edward Snowden tweeted: “The UK has just legalised the most extreme surveillance in the history of western democracy. It goes further than many autocracies.”

The UK is currently in a legal limbo while its own high court decides how the ECJ’s ruling should be interpreted in domestic legislation. A judgment is expected within the next few months.

Meanwhile, the Home Office is hoping that countries such as Belgium, France and Spain – all of which have suffered terrorist attacks or are concerned about being targeted – will be natural allies in the effort to find ways around the restrictions imposed by the court.

Camilla Graham Wood, legal officer at Privacy International, said the idea that the home secretary was attempting to form a “cabal of European interior ministers . . . to redefine and reinterpret the judgment” was “extremely concerning”.

She added: “Such a move on the part of the government would confirm our fears that the Investigatory Powers Act is not the transparent, accountable, lawful surveillance legislation that we were promised by Theresa May.

“If the government believes there are justifications for data retention beyond what is permitted following the ruling, then they need to make the case, and make that case transparently and openly, rather than through secret interpretations.

“Put forward the arguments to the public, show us the examples, give us objective evidence that you really, truly need all this data and where it has proved vital in investigations.”

The legal challenge was taken to the ECJ by two British MPs, Labour’s Tom Watson and Conservative David Davis, who argued that the data collection and retention powers set out in UK legislation were a threat to civil liberties. Mr Davis stepped down from the case last summer after being made Secretary of State for Exiting the European Union. In his new role, he will oversee the UK’s withdrawal from EU structures, including the jurisdiction of the ECJ.

Camino Mortera-Martinez, research fellow at the Centre for European Reform, said she suspected the home secretary’s efforts would be “in vain”.

“Even if there is political will, it’s very unlikely that member states will be able to actually do much to overcome the ECJ’s ruling in practical terms,” she said. The UK was in a weak position to negotiate given that the prospect of Brexit meant it had “one foot out of the door”, she added.

Original article published on FT.com. Reproduced with permission.