Watchdog Urges UK to Change Data Security Policy

by securedatamgt | 15 Jun 2015

Padlock on a laptop

It was reported this week that a UK terror watchdog believes law enforcement in the UK need more powers when it comes to monitoring online activity. They have suggested that the government’s current data security policy might need to be altered to give authorities the access to data they need to carry out effective surveillance.

In a report titled ‘A Question of Trust’ the watchdog has stated that existing laws have been weakened and is calling for a new law which embodies different security acts that are currently in operation. The report stresses that a lot of the existing legislation is out of date with new technology, including the Regulation of Investigatory Powers Act.

The report has been approved by politicians from both sides of the political divide; importantly both the current Home Secretary and the shadow Home Secretary have publicly spoken out in favour of the reports’ suggestions. The Tory Home Secretary, Theresa May, has said already that the report will be taken into consideration when new digital security legislation is being drafted for the autumn.

The report has recommended that some powers be transferred from the Home Secretary to judges when it comes to decisions being made as to whether information should be accessed or not by law enforcers.

New Data Security Measures: “Snooper’s Charter” or Just Good Sense?

In the past attempts to pass new data security measures in Parliament have not fared well.

The Communications Data Bill, which was unveiled back in 2012, did not manage to survive Liberal Democrat opposition and the bill is still criticised staunchly by privacy campaigners.  The bill would have meant that electronic communications services providers (CSPs) would be required to retain more information; many campaigners were concerned that the authorities would be unable to deal with such high volumes of data and protect it effectively from a breach.  It is the retention of such high volumes of data which led to the campaign group Liberty dubbing the bill the “snoopers’ charter”.

The bill was first envisioned during the Blairite years and so the fact the bill is still unable to pass in its entirety does suggest that there is ample opposition against it; opposition that is only becoming more vocal as social media and electronic communications continue to become more important in our lives.

Growing Data Security Concerns

As more lives are transposed into digital formats the more likely crime online becomes. Identity theft is increasingly being undertaken using information available online when in the past an identity thief might have chosen to steal confidential documents from a victim’s post instead.

Data breaches and cyber-attacks are a daily threat all businesses now face and the protection of their information has never been such a difficult task as it is now. Many argue that, without the mass collection of data, these risks simply cannot be overcome.

Whether or not a new data bill would be that effective remains hard to determine. Online criminals are becoming more sophisticated in their activities and most terrorist organisations working online are now beginning to use encryption; this means that even if more access to data is allowed it may not be possible for the relevant bodies to get a hold of an intelligible version of this information.

Certainly there is a strong case for updating existing legislation as increasingly virtual communications take place on apps and social media sites based in Silicon Valley. Extracting information from these tech companies is not an easy feat and the UK watchdog report has suggested that judicial authority could be one way of making this process easier.

The latest report is not only demanding more powers for law enforces but also suggests more openness is needed when it comes to how the public’s information is used. As it stands a lot of businesses and individuals in the UK are unaware as to why their data might be retained in the first place. With more understanding between law enforcers and the public, compromise is more likely to be achieved.

Therefore any new data bill that is introduced must not solely help law enforcers access the information they need; it must also make sure individuals and businesses are fully aware of the implications of how and why their information may be used.