Should start-ups be worried about the Snooping Charter?
In the face of continued opposition, the Home Office appears to be pressing ahead with it’s controversial Communications Data Bill, widely known as the “snooping charter,” which aims to give security services new powers to...
The second draft was originally due for publication at the end of February, but was then pushed back to the end of March, according to reports, and now the Home Office is saying we will “have to wait for the Queen's Speech” for an update on what is happening.
As the campaign group Big Brother Watch pointed out in a recent blog post, “the process remains as it began - closed, without public consultation and driven by desire to implement the same pre-determined solution we have seen for nearly a decade”.
The initial draft, which was published in June 2012, proposed that Communications Service Providers (CSPs) should store all details of online communication in the UK - including the time, duration, originator and recipient of a communication and the location of the device from which it was made - for 12 months.
This would include, for the first time, details of messages sent on social media, webmail, voice calls over the internet and gaming, in addition to emails and phone calls.
The police, the Serious and Organised Crime Agency, the intelligence agencies and HM Revenue and Customs would all be able to access this data without the permission of a judge, as long as they were investigating a crime or protecting national security. They would also be able to see the actual content of any messages by obtaining a warrant from the home secretary.
Unsurprisingly, the draft bill was met with a barrage of criticism, not least from a Joint Committee of MPs and Peers, which said in December 2012 that the draft bill must be 'significantly amended' to deliver only necessary data that law enforcement needs.
“There is a fine but crucial line between allowing our law enforcement and security agencies access to the information they need to protect the country and allowing our citizens to go about their daily business without a fear, however unjustified, that the state is monitoring their every move,” said Lord Blencathra, Chair of the Joint Committee, at the time.
Privacy campaigners also slammed the Bill. Open Rights Group campaigner Jim Killock warned that officials would be able to build up a complex map of individuals' communications which “could compromise journalistic sources, deter whistleblowers and increase the risk of personal details being hacked”.
Meanwhile, the cost of implementing the Bill was revealed to be up to £1.8 billion over 10 years. This included the cost of reimbursing CSPs for the cost of implementing suitable systems to capture, retain and transmit data - estimated to be £859 million.
Perhaps one of the most persuasive arguments against the Bill, however - and the reason I am writing about it here - is that it puts Britain at a major competitive disadvantage internationally, and may have a detrimental effect on the businesses of digital start-ups and entrepreneurs that fall into the category of CSPs.
The Coalition for a Digital Economy ( Coadec) is one of the many organisations that responded to the Joint Committee's call for evidence. Coadec is an independent non-profit organisation sponsored by BCS, Google and Yahoo that works to give digital start-ups and entrepreneurs a voice in policy discussions.
In its response, Coadec pointed out that the definition of CSPs is unclear, meaning that businesses providing any element of communications could be required to collect data on their subscribers. This could therefore affect not only large digital businesses which specifically provide a communications service, but also websites such as retail sites that allow buyers to communicate with sellers and recruitment websites that allow employees to respond to adverts.
Coadec said that the very architecture of digital businesses rests upon the way they handle the data they collect. If digital businesses are forced to standardise their data collection processes, there is a risk that innovation will stagnate and developers will look to grow their businesses abroad. Moreover, the cost to small businesses could end up being prohibitively expensive if every entrepreneur is required to invest time, and the minimal capital they have to grow, to develop a system to comply with the legislation.
“At a time when the Government is aiming to make the UK the best place to start and grow a technology business, the Communications Data Bill appears to be the fly in the ointment. Forcing small businesses to front the costs for retaining a whole swathe of data they wouldn't normally collect presents a huge barrier to entry that could crush a startup,” said Sara Kelly, executive director of Coadec.
“It would also place them at a significant competitive disadvantage when competing on the global platform. UK startups competing with businesses from around the world for contracts that rely on data security are going to fall down against competitors who aren't required to provide their governments with automated access to data.”
It is hard to predict what a second draft of the Communications Data Bill will look like, because it has been formulated without public consultation. The Home Office first outlined the basic measures almost a decade ago and has barely revised its approach since the 2009 consultation that ruled out a central database, according to Big Brother Watch.
The Joint Committee report recommends that the Bill should include new definitions of communications data that are narrower in scope and draw a clearer line between data and content that will stand the test of time. It also recommended that fewer public authorities should be able to access communications data. But there is no guarantee that the government will follow these recommendations.
If the Communications Data Bill is not mentioned in the Queen's Speech on 9 May it is most likely dead in the water, because it will indicate that the Treasury has not yet committed the funding to implement the Bill. If it does come, however, then tech start-ups and SMEs need to look very closely at how their businesses will be affected, and talk to organisations like Coadec about getting involved in the campaign if they are still at risk.
Only by keeping pressure on the government to ensure that the Communications Data Bill serves the needs of consumers and businesses, rather than making their lives more difficult, will we avoid letting impractical and potentially damaging legislation slip through the net - as in the case of the Digital Economy Act.