Twitter and others to face criminal offence if they tip off users about snooping requests


Tom Whitehead Security Editor

December 30, 2015

Ministers to make it a criminal offence to notify the subject of a surveillance operation that requests of their data have been made.

Bosses at Twitter and other communications companies face up to two years in prison if they tip off customers that spies or the police are monitoring them under a proposed new law.

Ministers want to make it a criminal offence to notify the subject of a surveillance operation that requests of their data have been made, unless expressly allowed.

The move follows concerns some communications and social media firms will alert users if MI5, MI6, GCHQ or the police have asked for their records.

It emerged in June that it was company policy at Twitter to notify its customers unless “prohibited from doing so”.

Facebook ‘snooping’ requests increase 60 per cent in UK

Another unnamed company said “our priority is our brand, not UK intelligence”.

But a new “disclosure provision” contained in the draft Investigatory Powers Bill, currently going through parliament, now aims to address that.

Notes to the bill said the new offence will “ensure that a communication service provider does not notify the subject of an investigation that a request has been made for their data unless expressly permitted to do so”.

The offence will carry a maximum sentence of two years in jail on conviction.

The note adds: “While in many cases it would be detrimental to the investigation if a communication service provider notified the subject of an investigation that a request for their data had been made, there are cases where this would not be the case.

“The legislation provides for communication service providers to notify the customer in such circumstances where the public authority is content for them to do so.”

But it is likely to fuel tensions between the authorities and the communications companies, who are already sensitive about how they cooperate on data requests in the wake of the Edward Snowden leaks.

MI5 and GCHQ secretly bulk collecting British public’s phone and email records for years, Theresa May reveals

Antony Walker, Deputy CEO at techUK, which represents communications and internet companies, said: “A right of redress by the citizen depends upon individuals being notified at some appropriate time that requests have been made to access their data.

“By preventing companies from notifying consumers about requests for access to data the Investigatory Powers Bill risks being out of step with the direction of international law.

“This will make cooperation between jurisdictions more difficult and could slow down the sharing of information between international agencies.

“So from that perspective preventing companies from being more transparent about the data requests they receive appears counter-productive.

“It also contradicts the desire of communications service providers to be more transparent with their customers about how law enforcement powers impact their customers, which has been regarded as helpful in building confidence about how investigatory powers are used.”

The bill also proposes a new offence of knowingly or recklessly obtaining communications data without lawful authority.

The measure is aimed at ensuring those officials, officers and spies who access the personal data do so legitimately and appropriately.

Those who break the law will also face up to two years in prison.

A separate proposal in the bill will also allow police and spies to deploy “filter” software that scoops up personal data from several communication and internet firms at once.

The “automated systems” can process and analyse communications data from a number of providers.

Officials insist the technology is designed to limit the risk of “collateral intrusion” on personal information.

The Request Filter is designed to access data, for example on one suspect, that may be held across a number of communications companies.

Notes to the bill insist it is a “safeguard” because the filter “ensures that, after analysis, only the data which identifies the key facts about a communication is passed to a public authority and data irrelevant to the investigation is destroyed”.

It adds: “By using the Request Filter to automate the analysis, the amount of data passed to public authorities will be minimised, reducing the levels of intrusion and protecting privacy.”

This article was written by Tom Whitehead Security Editor from The Daily Telegraph and was legally licensed through the NewsCred publisher network.

Comment this article

Great ! Thanks for your subscription !

You will soon receive the first Content Loop Newsletter