Investigatory Powers Bill

by Mark Rowe

While Britain’s TV and media have been kept occupied with the EU Brexit debate and Donald Trump in the US, and migrants reaching the shores of Greece and getting to Europe, the important Investigatory Powers Bill, otherwise known as the snoopers’ charter seems to have slipped under the public radar in February and March, writes Jim Gannon.

During the five years of the Coalition government the Liberals and their allies blocked the so-called ‘snoopers’ charter’ recently resurrected under the name of the Investigatory Powers Bill (IPB). Some dissenters claim the new Bill is not much different than the old one. It gives the police the power to record internet connection data, tap phone calls and basically gives our security services the power to hack all the electronic devices we own. The Bill has been marketed to MPs and the wider public as a necessary regulation to ensure public safety; civil liberty organisations claim it is nothing more than a measure to curb our civil liberty.

Concern
However it is not only the civil rights groups who are showing concern, it’s the technology community too. Serious questions are being raised about the IPB as to whether or not it is actually possible to implement. Part of the proposed Bill requires Internet service providers (ISPs) to archive connections a device makes to the internet and hold that data for a minimum of a year. What they say is the Government needs to understand that this is a lot of data. No one for certain can qualify about just how much data this is but one thing is for certain; cataloguing it will be just one of the wonders of the computing world. Just one of the questions being asked is how can the security services decide which data is useful in the fight against terrorism and which data is a product of concern. Apparently this is not a new problem according to the United States’ National Security Agency. They have found they have too much untargeted data for any of it to be effectively useful, which according to reports has led to their counter terrorism operations being more inefficient and less cost effective. Overall there has been a variation of opinions expressed on this Bill but it is clear the legislators need to think very hard before we decide to totally sacrifice our privacy.

How it started
Originally the draft Bill proposed by the Home Secretary Theresa May required Internet service providers and mobile phone companies to maintain records of each user’s internet browsing activity (including social media), email correspondence, voice calls, internet gaming, and mobile phone messaging services and store the records for 12 months. Retention of email and telephone contact data for this time was already required by the Data Retention Regulations 2014 and the estimated cost was at that time £1.8 billion. The Home Secretary originally expected the bill to be introduced in the 2012–13 session, carried over to the following session, and enacted as law in 2014. However, the former Deputy Prime Minister Nick Clegg withdrew his support in April 2013 and his Liberal Democrat Party blocked it from being reintroduced during the 2010-15 Parliament. Shortly after the Conservative victory in May 2015, Theresa May vowed to introduce the Communications Data Bill in the next parliament. In November 2015, the Home Secretary announced a new draft Bill similar to the draft Communications Data Bill, although with more limited powers and additional oversight.

Liberty
While Liberty has called for a campaign to end blanket surveillance of the entire nation they have publicly said they take no issue with the use of intrusive surveillance powers per se. They say that targeted surveillance can play an important part in preventing and detecting serious crime. They claim that current legislation does not provide sufficient safeguards to ensure that such surveillance is conducted lawfully and in a necessary and proportionate way.

The debate continues
It appears the Home Secretary has her work cut out to persuade MPs to accept the bill in its current form. Whilst she endeavours to make a conclusive case for its introduction it looks like there has to be a substantial rewrite of certain aspects of it. Of course the revelation of Edward Snowden about mass surveillance in Britain and the USA has not helped.

The Guardian
In a recent article The Guardian newspaper outlined that the final report of the pre-legislative scrutiny committee on the Investigatory Powers Bill made 86 detailed recommendations to ensure the new legal framework covering intrusive spying powers was workable and could be understood by those affected and included proper safeguards. The former Labour Northern Ireland secretary Lord Murphy, who chaired the committee was quoted as saying, “The fact that we have made 86 recommendations shows that we think that part of the bill is flawed and needs to be looked at in greater detail. There is a lot of room for improvement.” The MPs and peers were particularly critical of new powers requiring internet and phone companies to store everyone’s web browsing histories – known as internet connection records – for 12 months, saying the proposal has potential but the cost and other practical implications are still being worked out. The Guardian said the scrutiny committee also demanded a much stronger oversight role for judicial commissioners, saying they must be appointed by the Lord Chief Justice rather than the prime minister, have proper technical and legal backup, and have the power to initiate their own investigations.
The committee’s report is less critical of the government’s proposed privacy safeguards than colleagues on the intelligence and security committee, who demanded earlier that they be strengthened and made the backbone of the bill. Murphy added: “There is much to be commended in the draft bill but the Home Office has a significant amount of further work to do before parliament can be confident that the provisions have been fully thought through.”

The report says the MPs and peers see the desirability of giving the security agencies and police access to everyone’s web browsing histories but have “not been persuaded that enough work has been done to conclusively prove the case for them”.

I was interested to read the committee’s main recommendations following their examination of the bill which indicated that the concerns being expressed had some foundation. The committee’s recommendations included:

– Strengthening of the judicial commissioners’ role; that they are appointed and dismissed by the Lord Chief Justice, not the prime minister, initiate their own investigations, and refer directly to the investigatory powers tribunal. But the committee says the current proposed judicial role on “double lock” authorisation of intrusive surveillance warrants is sufficiently flexible.

– Stronger safeguards for the protection of legally and journalistically privileged material to be written on the face of the bill.

– On encryption, it welcomes the Home Secretary’s reassurance that the bill will not create “back doors” to encrypted services such as WhatsApp but wants clarification written into the bill. It stops short of endorsing tech industry concerns about encryption.

– The publication alongside the bill of a full justification for so-called “bulk collection powers” – mass harvesting of personal communications data – which the home secretary has yet to provide.

– Parliamentary review of the operation of the powers under the bill, five years after it is brought into force.

The report follows even more critical assessments from the intelligence and security committee, which said the bill failed to cover all the security agencies’ spying capabilities, and the science and technology committee, which warned of its potential damage to the tech industry.

Home Secretary responds

The Home Secretary responded by saying she was determined to get the bill right. “Our draft bill followed three independent reports on investigatory powers, whose authors were unanimous a new law was necessary. We are clear we need to introduce legislation which responds to the threats we face in the digital age, protects both the privacy and security of the public, and provides world-leading oversight.”

Lord Strasburger

Lord Strasburger the Liberal Democrat peer on the scrutiny committee, said: “Sadly, the Home Office has not learnt the lessons of the snoopers’ charter, which the Lib Dems scuppered during the coalition. Three parliamentary committees have concluded that the new bill, like the last one, is vague and confusing and has many other faults. The government has a lot of work to do to get this important bill into shape. Parliament must not stand for loosely worded legislation. The Home Office has a bad habit of exploiting badly drafted acts to create highly intrusive powers without bothering to get explicit approval for them or even mentioning them to parliament. That must never be allowed to happen again.”

As you have read there is a lot to be done to get this Bill into working shape and the implications for our security industry cannot be underestimated that’s for sure. While I am certain some initially will not grasp the impact of what is really at stake here I am sure there is going to be a lot of discussion clarifying the undefined context.

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing