U.K. civil rights group Big Brother Watch has obtained data revealing the extent of domestic police forces’ access to web users’ communications data.
In a report published today the organisation says U.K. police forces made more than 733,000 requests for comms data over a three year period (between 2012 and 2014) — which is says is the equivalent of one request being made every two minutes.
On average, 96 per cent of requests were internally approved — so just four per cent of all requests were declined. The report is based on data Big Brother Watch obtained by making Freedom of Information requests to U.K. police forces.
The type of comms data police forces are accessing typically refers to metadata such as sender and recipient details for text messages, emails, phone calls. However Big Brother Watch says it can also include a person’s location, via the GPS on their mobile phone or IP address of their home computer; websites visited; web searches undertaken; and the method of communications used.
The organization notes wider criticisms that the expansive umbrella of metadata has itself become deeply intrusive — even before the new U.K. government’s push to expand state surveillance capabilities, via a forthcoming Investigatory Powers Bill that aims to sanction capturing the content of communications too, is taken into account.
A key argument being made by the government to justify new legislation is a so-called “capability gap” for digital data capture. But Big Brother Watch says its report shows the vast majority of requests made by police forces are approved — “potentially giving law enforcement access to a vast amount of information” — which it argues casts doubt on Home Office claims of a lack of data being the problem.
It argues greater transparency is needed to ensure an informed debate ahead of any new state surveillance powers, noting:
Currently, if the public want to know about how their communications can be accessed by law enforcement, their only source of information is from the transparency reports published by a handful of technology companies. It is unacceptable that law enforcement agencies that access and use our personal data are so lacking in transparency and are so reluctant to express the purpose and process of this element of policing.
A statistical analysis of how often these powers are requested, how often they are refused and how effective they are when used, would assist in increasing public understanding of why Communications Data plays a crucial role in 21st century policing.
As well as supporting calls for new definitions of comms data, to better reflect differing levels of intrusiveness, the organization argues that judicial approval should be a required last step in any request for comms data:
Currently the system culminates with the sign-off from an internal Single Point of Contact (SPoC). Whilst law enforcement have worked hard at promoting the benefit of the internal SPoC system, based on the findings of our report and the sheer volume of communications data requests approved, we believe that a further independent level of approval is necessary to ensure that a standardised procedure exists across all police forces.
This system would ensure an independent assessment of the necessity and proportionality of the request. It would act as an extra safeguard. Should a problem occur during an investigation external approval will be of benefit in ensuring that independence was maintained whenever a request for personal data was made.
Other changes it is calling for are a requirement that police forces publish transparency reports detailing how requests are approved, the number of individuals affected and the type of crime comms data is used for.
It also wants to see a “clear, standardised procedure” for access to comms data, and proof that data that’s more than six months old is regularly used “in order to establish a proportionate approach to data retention”.
Only one U.K. police force, Humberside, provided Big Brother Watch with a breakdown (below) of the offense categories attached to its comms data requests.
The crime category generating the most requests between 2009 and 2012 for this police force was drugs. Categories generating the least requests include auto crime, criminal damage and rape.