About a month ago* I wrote about the Home Office’s non-response to my FOI request asking for details of information given to Communication Service Providers (CSPs) about the Communications Data Bill. As you can see from that article, and the request itself, the request was refused. So I asked for an internal review into their handling of one section of it.

Specifically, I challenged their refusal to provide me with copies of documentation supplied to CSPs. This is what I wrote:

I feel that your justification for refusing to release copies of documentation supplied to CSPs is not supportable. CSPs are not law enforcement operators, and any information supplied to them must, of necessity, be widely disseminated among their technical staff in order for it to be evaluated and implemented. Unless all members of CSP staff and their contractors are required to sign an undertaking committing them to maintaining confidentiality, there can be no expectation that the material will not be made public in any case via other means. There is, therefore, no reason not to supply it to me directly.

The response to my internal review arrived today. As expected, the review has upheld the original decision to withhold the information. It would have been surprising had it not done so, and I’m not particularly disappointed that it has. But the review has itself revealed a bit more that we didn’t previously know, and that’s useful information even without the data that’s been withheld. Paragraph 12 of the response states

With regard to the information supplied to CSPs/ISPs, I have established that due to the sensitive nature of the information only certain individuals within the companies are able to view it. Mr Goodge’s contention that the information is disseminated widely within the companies is therefore incorrect.

Again, that’s not entirely surprising, and to be honest my initial contention otherwise was a little disingenuous. What I was really after – and got – was written confirmation of the fact that the information has been supplied under security restrictions. But the review response went on to tell me something that, while still not all that surprising, wasn’t something I’d been fishing for. In paragraph 13, I was told

I can confirm that at least some of the information was supplied by or relates to one of the security bodies listed in section 23(3) of the Act.

“The Act”, in this context, means the Freedom of Information Act 2000, and section 23(3) lists some organisations which are effectively exempt from it. That list comprises, effectively, the intelligence services (MI5, MI6 and GCHQ), the National Criminal Intelligence Service (NCIS) and the Serious Organised Crime Agency (SOCA) as well as various tribunals relating to them. Given that the tribunals are unlikely to be the source of any information, that means that at least one of the crime or intelligence agencies have contributed to it.

That being the case, it means that this particular issue is genuinely impenetrable via freedom of information legislation. There’s a blanket opt-out for anything related to the intelligence and serious crime agencies, and no internal review or appeal to the ICO can change that.

That doesn’t mean the exercise has been worthless, though. We have learned a few things:

• The Home Office has issued information to some CSPs/ISPs related to Internet traffic monitoring.
• That information has been supplied under security restrictions.
• The recipients of the information do not want to be identified because they fear that it will damage their commercial reputation.

You can draw your own conclusions about what that means in practice. One thing is certain, though, and that’s that it’s going to be deeply unpopular with the electorate.

* Any article about an FOI request usually begins with the words “About a month ago”, because that’s how long it takes to get an answer.