Plans to monitor all Britons’ online activity risk uncovering “incompetent criminals and accidental anarchists” rather than serious offenders, the information commissioner has warned.
Ministers want to strengthen the law on internet data retention to help the police tackle security threats.
Christopher Graham said the “really scary people” could simply avoid detection by changing their behaviour.
But another leading watchdog said the proposed new powers were “essential”.
Under the government’s plans, currently being scrutinised by Parliament, service providers will have to store details of internet use in the UK for a year to allow police and intelligence services to access it.
Records will include people’s activity on social network sites, webmail, internet phone calls and online gaming.
Ministers argue law enforcement agencies need to keep pace with the changing technology used by offenders but critics have called the proposals a “snooper’s charter”.
Question of judgement
Christopher Graham told a committee of MPs and peers set up to scrutinise the legislation that it may end up only applying to the six largest companies – which control about 94% of the market.
There was a danger that the most serious criminals, including terrorists, would simply use a smaller provider that permitted encrypted communications and take the view they were “home free”.
“The really scary people will have worked it out for themselves,” he said.
It was up to Parliament to decide on the merits of the proposals, he added, but there were “important data protection principles at stake”, such as the length of time material was retained, the risk of unauthorised access and whether it was fully disposed off at the end of the period.
“There is a judgement to be made between the security community saying ‘we have to have this stuff’ and the civil liberties community which says this is a gross intrusion of privacy and of citizens’ rights.”
The legislation, if approved, should be kept under consistent review to ensure it was working as intended, Mr Graham said.
“It really is for Parliament to keep a watch on these things,” he added. “You can have commissioners to chase up on this and that. But this will not be one to legislate and forget.”
He said there needed to be detailed discussions about how the new compliance regime would work and the information commissioner would need more powers and resources to keep track of all the material stored.
Sir Paul Kennedy, the data interception watchdog, said it was “essential” for the law to be strengthened, although he believed the proposed new powers would be used sparingly.
He told the committee the police and security services could only obtain about 75% of the information they needed to help secure convictions and disrupt potential terrorist activity and this gap was “very dangerous”.
Offenders were far harder to trace than ever before, he added, since they were now communicating through the internet and social media, rather than by phone, and sometimes leaving “no footprint”.
“We are unsighted in one section of the market and we are in a world which is still extremely volatile.
“Against this background, what is now being sought is not about the amount of information in the public domain but it is about requiring service providers to retain certain information – which can only be accessed in a proper way and when it is shown to be necessary and proportionate to access it.”
Sir Paul was asked by Liberal Democrat MP Julian Huppert whether he agreed with recent comments by Chief Constable of Derbyshire Mick Creedon that the powers could be used to corroborate if someone had been sending a text while driving at 80mph.
“I have hesitations about that. I am doubtful about the serious crime frontier if you are in that territory…It\ must depend entirely on the context.”