The Government introduced the Investigatory Powers Bill to Parliament on Tuesday, March 1. It covers the powers available to the police, security and intelligence services to gather and access communications and communications data; and is due to pass into law before the end of 2016, the Home Office says.
Home Secretary Theresa May, pictured, said: “This is vital legislation and we are determined to get it right. Our proposals have been studied in detail by a Joint Committee of both Houses of Parliament established to provide rigorous scrutiny, and two further committees. The revised Bill we introduced today reflects the majority of the committees’ recommendations – we have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements – and will now be examined by Parliament before passing into law by the end of 2016. This timetable was agreed by Parliament when we introduced the Data Retention and Investigatory Powers Act in summer 2014. Terrorists and criminals are operating online and we need to ensure the police and security services can keep pace with the modern world and continue to protect the British public from the many serious threats we face.”
Six draft statutory codes of practice and the case for bulk powers have been published alongside the Bill: visit https://www.gov.uk/government/publications/investigatory-powers-bill-codes-of-practice.
The Bill, like the Government’s earlier proposals, have been met sceptically by the UK IT sector. Some have pointed to the vague legal language – such as communication companies not being forced to decrypt messages unless it is “practicable”; which gives leeway to the authorities to determine what that is, it is claimed. Jonathan Parker-Bray, CEO of Criptyque, developers of the Pryvate communications app, said: “It would be hugely ironic if the new laws the Government hopes will help it deal with the digital age actually push technology even further down the path of encryption. This could be exactly what happens if technology companies build a positive response to the language being used in the revised Investigatory Powers Bill. There is a vagueness of the word ‘practicable’ which has the potential to be far too broad, potentially encompassing anything that fits ‘when the government has a warrant and the technology company has the power to do it.’ It would not be surprising if security companies took steps to make their solutions impracticable for them to decrypt, in response to the Government’s demands.
“For example, in the current Apple case in the US the steps the FBI is asking for, such as updating the iPhone with a new version of iOS that disables brute force attack protections, are entirely practicable. The FBI has a court order and Apple can do it, but are arguing that they shouldn’t. However, Apple themselves have said they are currently working on solutions that will prevent them having to take this action with future devices, which is precisely what could turn laws like this into a positive force in the security industry.
“To make themselves immune to the burden of the new legislation, security companies based in the UK may have to go a step further and make their products secure even from themselves. The only way they can protect their users’ data fully is by ensuring that they cannot access it. There are a few methods that could be taken to achieve this, such as making a device/software platform verify and reject updates that lower security standards. The goal then becomes developing security solutions that are more intelligent and resilient, and more capable of protecting businesses from outside threats.”
Nigel Hawthorn, Skyhigh Networks’ European spokesperson, said: “Using the argument of national security as a battering ram, the Government is once again taking an approach that will cause more harm than good for businesses. Encryption is a key capability that makes business traffic safe from prying eyes, and asking companies to weaken, restrict or introduce backdoors is a sure fire way to ensure that sensitive data will find its way into the wrong hands. At a time when countries and businesses are panicking about the security of their information, restricting encryption will only make the situation worse.
“The technology versus national security debate is already in full swing due to the ongoing Apple vs FBI situation and, after this announcement, expect to see more companies and the average man on the street siding with Apple. Everyone has a right to privacy, but the Government is doing its utmost to take that away.”
For the Bill, visit http://services.parliament.uk/bills/2015-16/investigatorypowers.html.
