Vertical Markets

Investigatory Powers Bill

by Mark Rowe

Home Secretary Theresa May has set out a draft Investigatory Powers Bill.

Under the plans, warrants for the most intrusive powers available to agencies – police, MI5, MI6 and GCHQ – such as the interception of communications, will be subject to what she called a ‘double-lock’, requiring approval by a judge as well as by the Secretary of State. The draft Bill provides for the retention of internet connection records (ICRs). The operational case for ICRs is published alongside the draft Bill. ICRs would let the police see a person has visited google.co.uk or facebook.com but not what searches have been made on Google or whose profiles had been viewed on.

In an oral statement to the House of Commons, the Home Secretary said that the draft Bill will set out all of the agencies’ powers to acquire data in bulk, including their ability to acquire communications data relating to the UK and overseas in bulk from communications services providers.

The Home Office spoke of seeking to ensure there are no “no go” areas of the internet for law enforcement – so that the cyberspace can be policed. Theresa May said: “The publication of our draft Investigatory Powers Bill is a decisive moment – never before has so much information been in the public domain about the activities of our police and security services, as well as the oversight, safeguard and authorisation arrangements which govern them.

“I am clear we need to update our legislation to ensure it is modern, fit for purpose and can respond to emerging threats as technology advances. There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar. But I am also clear that the exercise and scope of investigatory powers should be clearly set out and subject to stringent safeguards and robust oversight, including ‘double-lock’ authorisation for the most intrusive capabilities. This Bill will establish world-leading oversight to govern an investigatory powers regime which is more open and transparent than anywhere else in the world.”

Comments

Pravin Kothari, founder and CEO of cloud security company, CipherCloud, said: “Though the Home Secretary positions the bill as a departure from the ‘snooper’s charter,’ the word ‘disclosure’ appears 182 times. The push to mandate data retention by ISPs and to allow warrantless access for investigators will certainly expand law enforcement’s surveillance capabilities – to the detriment of personal privacy.

“As a technologist, I believe in the power of technology to solve problems. In times like these when fear-driven bills compromise the right to privacy, we can look to security tools, such as encryption, to defend online communications from unwanted access.”

Nigel Hawthorn, European spokesperson at cloud security company Skyhigh Networks, argues that the bill provides more evidence that the government is out of touch with technology. “Any law which bans end-to-end encryption will break data protection regulations and decrease security on the internet. There’s a complete misunderstanding of how end-to-end encryption works. It’s wrong to assume that forcing technology companies to break their own security is going to please the average man on the street, and this is not even technically possible in many instances. It’s not the first time the government has been wholly ignorant of technology, and despite the inevitable backlash from technology experts, politicians continue to announce these ill-thought-out unworkable proposals.

“The announcement also brings into question how seriously the government takes the security of our data. Sure, we’ll hear the “we can’t give criminals a place to hide” message, but with the number of successful state sponsored cyber-attacks and high profile data breaches ever increasing, is now really the time to lower encryption capabilities? You can’t just uninvent encryption, so if this government stops innocent people using unbreakable encryption via legitimate businesses, the only people left using it will be the criminals.”

And Jonathan Parker-Bray, CEO of Criptyque, said that the draft does not take into account an individual’s fundamental right to privacy. “Where matters of national security are concerned, we are fully behind any government proposal to protect its citizens. However, this ought not to extend to such a level where law abiding citizens no longer have the right to their own privacy. We believe that everyone has the right to choose whether or not to keep their communications private and protect themselves from cybercrime and surveillance, and use whatever encryption tools are at their disposal to achieve such ends. This bill would see those liberties potentially turned on their head, and everyone’s personal online lives – though conducted in the privacy of their own home – available for official scrutiny, without a clear rationale or justification.

“Everything from family photos, medical records, confidential business transactions, and legal communications can be exposed at a whim. Whilst we would agree strongly that there does need to be an updating and an expansion of legislation to account for the digital age, this should not override the hard-fought right to privacy that is owned by every citizen in the UK. Threat actors will always find nefarious ways of using good intentioned technology for their own means, and this law is a potential license for the invasion of the right to privacy on a scale this country cannot allow.”

Related News

  • Vertical Markets

    CBRN market

    by Mark Rowe

    Comment on the chemical, biological, radiological, and nuclear (CBRN) integrated vehicle market from Jared Bickenbach, analyst for access control, fire and security…

  • Commercial

    Mitie acquires

    by Mark Rowe

    The facilities management contractor Mitie has acquired GBE Converge Group, a fire, security and information and communications technology (ICT) installation company, for…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing