Skip to Content

Cybersecurity & Standards, Government Surveillance

Submission of Evidence to UK Investigatory Powers Review

In July 2014, the United Kingdom enacted a sweeping new set of surveillance powers in legislation known as the Data Retention and Investigatory Powers (“DRIP”) Act.  The act, which was highly controversial, expanded the surveillance powers established in an earlier set of laws known as the Regulation of Investigatory Powers Act (“RIPA”).

The DRIP Act mandates that an independent evaluation of the UK’s investigatory abilities and practices must take place sometime before May 2015.  To that end, the Independent Reviewer of Terrorism Legislation, a UK barrister with nearly 30 years of practice experience, has issued a call for evidence on DRIP and RIPA from interested parties.

CDT is deeply concerned about the scope of the surveillance powers that are available to the UK authorities under DRIP and RIPA, and on October 10, 2014, we submitted written evidence to the Independent Reviewer that describes some of these concerns.  The issues we have highlighted include:

  • The DRIP Act empowers the UK Secretary of State for the Home Department to issue interception warrants for communications content that is stored outside of the UK’s territorial jurisdiction.  In other words, the Home Secretary now has the power to issue warrants for the content of correspondence, even where that data is stored in another country (such as the U.S. or Ireland).  CDT believes the Home Secretary’s exercise of this authority would violate international law, and we are also concerned that an extraterritorial interception warrant could compel communications service providers to violate other countries’ domestic laws — including, in the U.S., the Electronic Communications Privacy Act and the Fourth Amendment to the Constitution.
  • RIPA gives the UK authorities extremely broad powers to obtain, access, and store communications metadata (such as the date, time, sender, recipient, and subject line of an e-mail).  We believe these powers violate the right to respect for private life found in Article 8 of the European Convention on Human Rights (“ECHR”).
  • DRIP and RIPA give the Home Secretary virtually unlimited powers to issue data retention orders, which can potentially extend to all data held by a communications service provider such as Google, T-Mobile and Vodafone.  We believe these powers also violate Article 8 of the ECHR.

CDT has proposed specific solutions to each of these problems, and in particular, we have recommended that Parliament replace the Home Secretary’s ability to issue data retention orders with a system of U.S.-style data preservation orders, which law-enforcement officials can use on a narrow, individualized basis in criminal investigations.