Today Tech Liberty made an oral submission to the Justice & Electoral Select Committee about the Search & Surveillance Bill, following up from our written submission.
We changed some of our recommendations between the written and oral submissions, particularly around:
- Notifying people of searches or surveillance against them
- Handling targeted searching of computers
The full text of our oral submissions follows, albeit there were some wording changes in the actual presentation.
Good morning and thank you for giving us the opportunity to make a submission. I represent Tech Liberty, we’re a group dedicated to defending civil liberties in the digital age.
In this submission we would like to concentrate on two issues, firstly a general point about notification, and secondly some of the issues around searching computers.
We are opposed to the general thrust of the bill which, in our opinion, does not strike the appropriate balance between expanding government powers and maintaining civil liberties.
The Bill does have some safeguards to prevent abuses – the need to get a warrant, the requirement to tell someone that they are being searched, the reporting to Parliament of the number of warrants issued, we believe that these do not go far enough.
Particularly when it comes to notification, the bill doesn’t insist on it in all cases. Section 126 of the bill allows the searcher not to notify the target if this would “prejudice on-going investigations”. Unsurprisingly there is also no requirement to notify people of covert audio and video surveillance.
We accept that this is necessary; however we see no legitimate interest in keeping searches or surveillance secret after an investigation is completed.
One of the cornerstones of our open and democratic society is that the government and state agencies are accountable to the people. However, this accountability is impossible if people do not know how the government has acted against them.
Therefore we recommend that the Bill establish the principle that people who are the targets of these powers must be notified.
We also recommend that this should be done automatically after a period of time, say three months, has elapsed. For the rare occasions where this may risk other on-going investigations, we further recommend that the agency involved be able to apply to the courts to delay the notification.
This notification regime will provide an important safeguard against the abuse of search & surveillance powers, by allowing people to challenge the use of those powers against them.
We now turn to the more technical field of searching computers and will be comparing the realities of forensic IT work to the assumptions contained within the Bill.
The intention in the Bill is very clearly that searches will be targeted and limited by the conditions of the search warrant, a principle that we support.
Some earlier submissions expressed concerns that investigators will go on data trawling and intelligence fathering missions, thereby ignoring the conditions on the search warrant. The interim report dismissed these concerns with the comment that "search must be limited through the use of appropriate search terms, to parts of the computer where the documents sought could reasonably be located."
However, the reality is that IT forensics doesn’t quite work this way.
The first thing done when a search warrant is exercised is that the computer systems are seized and a copy is taken of the entire system. This preserves the integrity of the evidence and also allows seized equipment to be returned sooner.
Secondly, investigators then use forensic tools to read the contents of the copied computer and create an index of what is stored on it.
These tools then present investigators with lists of the files on the computer, including filenames, titles, abstracts of documents and thumbnail images of pictures.
By scanning through these lists and looking for the material specified by the search warrant, investigators will also be presented with other material that is not covered by the warrant. They might not be actively “trawling” for material but it will be presented to them anyway. Arguably, this information is now “in plain view” and can be seized and acted on.
This means that any digital search will inevitably extend to cover all material stored on the computer system. Suggesting that the targeting requirements of search warrants will provide any protection is a fiction.
How to resolve this problem? I admit that we have been struggling with it. Our written submission suggested recording all search terms used and presenting that to the defence but, as we have described, this doesn’t really meet the reality of the situation.
Secondly we suggested that information not covered by the search warrant should not be able to be used in court – but we can all imagine situations where a business fraud investigation finds digital evidence of murder or child abuse where it would be insupportable not to act.
However, we have since realised that the law already includes what may be an acceptable compromise. The search laws for the Security Intelligence Service and Customs Departments already tackle this, by saying that unrelated information can be passed to the Police but only if it relates to serious crime. The same is true of the Search & Surveillance Bill where it talks about windfall evidence in the context of video surveillance only being available if the offense would also qualify for video surveillance.
We recommend adopting this compromise so that when searching computer systems, investigators cannot use any information about minor crimes that are not covered by the conditions of the search warrant.
We believe that this may go some way to bridging the divide between the requirement for searches to be targeted and the nature of searching digital data.
However, we note that this still does not address the problem of searchers engaging in general intelligence gathering and would welcome any further changes that could help limit this.
Our next topic is privacy. There are very real privacy problems that occur with copying computer systems. For example, an officer executing a search warrant to seize business papers would never think to seize the family photo album, but if they’re taking a computer the family’s digital photos would be swept up along with everything else.
Infringing privacy in this way leads to emotional suffering – I’m sure everyone in this room, and particularly the politicians, would feel uncomfortable with the knowledge that a third party has access to all of their personal letters, family photos, medical records and other documents.
While this problem is probably unavoidable, we suggest that the following recommendations will at least provide people some reassurance about the process:
- That the notification of being searched should include details of what computer data storage items were taken and which of these were copied.
- That copies of computer systems must be deleted as soon as practical.
- That the original owner should be notified when this deletion is complete.
The combination of these recommendations will ensure that people whose privacy has been infringed are at least informed of what has happened to their personal information.
In conclusion, we believe that the Bill hasn’t fully taken into account the effect of the differences between searching in the digital and physical spheres. We hope you can take our recommendations into account and we would be happy to answer any questions