Privacy In The UK: The Data Retention And Investigation Powers Bill

Dann Albright 26-07-2014

A recent article about how your interest in privacy could land you on an NSA watchlist Your Interest in Privacy Will Ensure You're Targeted by the NSA Yes, that's right. If you care about privacy, you may be added to a list. Read More drew out a lot of ire towards the US government, but the UK proved last week that mass surveillance and privacy violations aren’t the sole province of the United States. The Data Retention and Investigation Powers bill (DRIP) garnered a lot of attention from the press, but it moved so quickly through Parliament that you might have missed it—here are the details you need.


What Is DRIP?

In a recent decision, the European Court of Justice overturned an EU directive that allowed e-mail and phone providers to keep users’ data—including location, travel, and social contact data—for up to two years in case of a later government investigation, in which case they’d be served a warrant to hand that data over.

After the overturning of this directive, members of the British Parliament sped the Data Retention and Investigation Powers bill through the legislative process, in essence, to get those regulations and powers back in place. DRIP requires that telecommunications providers keep users’ metadata for 12 months.


It also extends this requirement to any organization that provides services to British citizens, meaning that, according to UK law, an American or Japanese e-mail provider could be served a warrant for a UK citizen’s metadata. E-mail is inherently insecure Why Email Can't Be Protected From Government Surveillance “If you knew what I know about email, you might not use it either,” said the owner of secure email service Lavabit as he recently shut it down. "There is no way to do encrypted... Read More , but this could make it even more so if international companies decide to cooperate.

DRIP makes some alterations to an already controversial set of laws called the Regulation of Investigatory Powers Act (RIPA). In addition to the expansion of metadata storage requirements to international companies, this new legislation also changes the definition of “telecommunication providers” to include “companies who provide internet-based services.” Some commenters say that this places all of UK citizens’ e-mail, Facebook, iCloud, and text messages in danger of government snooping.


The law may also cover remote data storage, meaning that if you store data on an international server, like US-based Dropbox, the government could potentially serve a warrant to the owner of that server.

One of the discussion points that’s been getting a lot of press is whether or not this legislation expands the UK government’s powers to scrutinize and intercept communications Can You Escape Internet Surveillance Programs Like PRISM? Ever since Edward Snowden blew the whistle on PRISM, the NSA's no longer secret surveillance program, we know one thing with certainty: nothing that happens online can be considered private. Can you really escape the... Read More . David Cameron has been quoted as saying, “I want to be very clear that we are not introducing new powers or capabilities,” but many critics are calling him out on this, saying that it’s just not true.


A number of concessions were made to get the bill through, including the creation of a new oversight board, limitations on which public bodies can use data acquired through the new legislation, a review of data-intercept laws, and a “sunset clause” that states the bill will expire in 2016, when it will have to be reviewed again before reinstatement.


What’s The Big Deal?

There are a number of factors that make DRIP so controversial. One of those factors is the fact that the bill was called “emergency legislation” and rushed through Parliament in a stunning eight days. When was the last time you remember a bill getting through any congressional body that fast?

The text of the bill itself, of course, is also cause for concern, as the idea of companies retaining data from your cell phone How To Protect Yourself From Government Cellphone Surveillance [Android] Let's face it, these days the likelihood that you are being monitored by someone is rising all the time. I'm not saying that everyone, everywhere faces the threat of cellphone surveillance, but there are plenty... Read More , e-mail, or remote storage for 12 months just so they can pass it on to the government if they’re asked is very worrying—that’s a lot of data being stored, and there have been a number of high-profile losses of private data in recent memory—Adobe, eBay The eBay Data Breach: What You Need To Know Read More , and Target come to mind.


Whether or not the data being stored under DRIP will appeal to hackers is unknown, but just the fact that it’s there will certainly be reason enough for some people to try to get access to it.


And, of course, there’s the issue that the European Court of Justice just struck down a large set of very similar laws in the European Union as violating the right to privacy Lessons Learned From Don't Spy On Us: Your Guide To Internet Privacy Read More . Without getting into political speculation, this could have some big effects in the coming days for the UK’s relationship with the EU, as it’s effectively contravening a judgment passed by the highest European Court.

What Should You Do?

DRIP has garnered a lot of attention, even if it was blitzed through Parliament before the press or the people could say boo. However, people are speaking out (here’s a great open letter from a number of academic legal experts). As we’ve seen in the past, a large public outcry can have a positive effect in situations like this.

You can support groups like Access and Open Rights Group, who both are taking a stand against this sort of surveillance. Watch for petitions and public events in the coming days.



And, of course, we always recommend encrypting your data. Even if companies are only required to store metadata, there are plenty of examples of more substantive content being stored and accessed. To get started, encrypt your browsing with Tor How the Tor Project Can Help You Protect Your Own Online Privacy Privacy has been a constant issue with virtually all major sites that you visit today, especially those that handle personal information on a regular basis. However, while most security efforts are currently directed towards the... Read More , encrypt your e-mail with PGP What Is PGP? How Pretty Good Privacy Works, Explained Pretty Good Privacy is one method for encrypting messages between two people. Here's how PGP works and how anyone can use it. Read More , and switch from Dropbox to one of these three secure cloud storage providers Secure Your Files: 3 Encrypted Dropbox Alternatives Dropbox brought cloud-based file synchronization and storage to the masses, but it's been hindered by high-profile security problems. Fortunately, you have another option — an alternative service that secures your files with local encryption and... Read More .

It’s clear now that the US isn’t the only major Western nation with surveillance and privacy issues—the UK government has made a major statement with DRIP that it will take measures to store and access users’ data. We’ll be keeping a close eye on developments!

What do you think about DRIP? Does it violate the judgment by the ECJ? Does it violate a right to privacy? Should the UK attempt to enforce these sorts of laws internationally? Share your thoughts below!

Image credits: Brian TurnerDepartment for Business, Innovation, and Skills; Torkild Retvedt, Yuri Samoilov via Flickr.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Maryon Jeane
    August 6, 2014 at 1:13 pm

    I gave up Evernote some time ago (although only secondarily for reasons of privacy - it lost data for me during an upgrade and responded basically with "These things sometimes happen"...) and decided against using the Cloud for my (whole-life) database. AllMyNotes plus BitTorrent Sync has proved the perfect answer and all my data stays under my control, with no Cloud involved. I have also decided against using Cloud-based programs for working and am staying firmly with programs loaded on my own hard drives so that my data isn't even temporarily in the Cloud.

    Being slightly guerrilla-minded, I have retained the free part of my Dropbox account and it's now full of stuff which isn't private but does fill up the account. If everyone did this with all Cloud-based accounts, e-mail accounts, etc. it certainly wouldn't make scrutiny easier...

    The price of freedom is of course eternal vigilance and the game hasn't changed in essence, only in the tools used, as the world changes. Royalty in England used to use their barons and other overlords to scrutinise and control the general populace (remember the sumptuary laws?) and retribution for unwonted freedoms was usually immediate and physical; now it's subtler and more high-tech, but the aim is the same and the result is the same: control.

    So the fightback techniques should be the same: a three-pronged response of protest, obstruction and change. Just don't get caught up with the usual obfuscations, salami techniques, divide-and-conquer strategies, etc. etc. I think MakeUseOf is doing a very good job of alerting us to what's going on and to the various obstructive steps and blocks we can take and make - more power to the MUO elbow!

    • Dann A
      August 7, 2014 at 10:41 pm

      Thanks for your comment, Maryon! I'm glad you think we're doing a good job here—we try to cover the biggest changes to the privacy landscape, and I'm personally committed to helping people find the tools they need to take a stand against the loss of online privacy.

      Thanks for reading!

  2. dragonmouth
    July 31, 2014 at 7:04 pm

    "The U.S. Government is arguing that emails stored in the cloud no longer belong to an individual but instead become part of the business records of the company which owns the servers. If this stance was accepted then the government would have the right to access emails stored online anywhere in the world without the need for a search warrant." From today's Dave Parrack column.

    If the government succeeds in this, then it's a small step to declaring ALL data stored in the cloud to be part of business records of the server owner and readily accessible to government snooping. If the government succeeds in this then ALL cloud storage companies are toast. As I said previously, no economic pressure needed.

    Ever since the stampede to it began, I was very leary of cloud storage. However, I did not expect that it would be the government that would try to lay claim to data stored in the cloud. I rather expected the storage companies themselves to hold the data for ransom.

    • Dann A
      July 31, 2014 at 11:10 pm

      Yes, the classification of cloud storage data is a big issue. I'll definitely be watching it closely in the near future. Thanks for bringing it up!

      I'm thinking about writing an article about creating your own secure cloud storage; seems pretty pertinent!

  3. dragonmouth
    July 27, 2014 at 3:06 pm

    Welcome to the brave new world of 1984 that will make the activities by the Gestapo, NKVD/KBG, Stasi, et al. seem benign and amateurish.

    "Does it violate a right to privacy?"
    Is that right codified anywhere or is it a right that everyone assumes they have but in practice do not? In reality, there hasn't been much privacy for a very long time.

    "switch from Dropbox to one of these three secure cloud storage providers."
    Wasn't Dropbox at one time supposed to be as secure and as private as a bank vault? What makes anyone think that ANY cloud storage service is any safer? One law rammed through a Legislature and all cloud storage databases will become as open as public libraries.

    "we always recommend encrypting your data"
    What is to prevent a government, under the guise and rationalization of "National Security", from passing "emergency legislation" making encryption illegal? After all, wouldn't encrypting their data be the first resort for terrorists While it hasn't happened yet, that is the next step in "fighting terrorism." Twenty, or fifteen years ago, something like DRIP would not have even been thought of. Over that period of time, governments have slowly chipped away at our civil rights to the point where DRIP is a reality and surveillance cameras in each and every home is just a matter of WHEN, not IF.

    • Philip Bates
      July 29, 2014 at 11:08 am

      You're not the only one to draw parallels with 1984; The Metro, the UK's free newspaper distributed on public transport, also made the claim that 2014 is the true year of Orwell's novel. We live in scary times, and I'm afraid that true freedom has always been fictional.

    • Dann A
      July 30, 2014 at 8:10 pm

      Dragonmouth, you do bring up a number of good points. We've gone back and forth on this a few times, and I still stand by what I've said before: making some progress now will help us, at the very least, slow down our progress towards a privacy-free state. Yes, a great deal of our privacy is already gone, but we can still fight to try to get some of it back. It's a tough fight, and I have no idea if it can be won, but I think it's worth fighting. Isn't it?

      And yes, Dropbox was supposed to be safe, and other providers could be just as bad. But economics is our best weapon here—if Dropbox starts losing a lot of money becuase of privacy-related concerns, they'll be motivated to make a change.

      Finally, I think emergency legislation that illegalizes encryption is still a step too far for the government to take. A lot of people don't care about who sees what's in their Dropbox account, but I think enough people know that moving to illegalize encryption is a HUGE step that needs to be responded to.

      What do you think?

    • Dann A
      July 30, 2014 at 8:11 pm

      Philip, Metro writes some hilarious and crazy things . . . but I think they might have hit the nail on the head with that one. Unfortunately, I don't think privacy-infringing legislation is over for the year. I just hope enough people take notice to start speaking out against it.

    • dragonmouth
      July 30, 2014 at 8:47 pm

      "economics is our best weapon here—if Dropbox starts losing a lot of money becuase of privacy-related concerns, they’ll be motivated to make a change."
      Not just Dropbox but other companies as well. HOWEVER, government(s) can be better "motivators" than economic pressure. If the government pressure is eliminated, or at least much reduced, economics may not need to be used as a weapon. IMO, our best weapon is the ballot box. Vote those who would eliminate our privacy out and vote for privacy advocates. Politicians MAY listen to protesters, if there is a sufficient number of them. But they WILL listen to the voters when they threaten their sinecures. Of course the voters have to be properly educated. (viz. Arab Spring)

      "I think emergency legislation that illegalizes encryption is still a step too far for the government to take"
      That depends on how paranoid the powers that be are. How long did you say it took to pass DRIP?! It quite possible that encryption can be outlawed before we even realize that the law has been proposed. A special midnight session of the legislature or a an ammendment to an innocuous bill can spell the end of encryption by private parties. The Patriot Act which was a knee-jerk reaction to 9/11, recently was re-authorized despite public outcry.

    • Dann A
      July 31, 2014 at 2:15 pm

      I totally agree that using our votes to show our opinions is one of the best things we can do, and it's likely the one we'll have to fall back on. And in this case, where legislators were involved, that would be a good thing. But it seeems like a lot of the times the people who are behind mass surveillance aren't ones that are voted in.

      And yes, there's always the risk of things like the illegalization of encryption being forced through really quickly. I still think that's a step too far, though. I don't think they'd do it.