November 5, 2015 at 2:15 am #121263Jahkno!Keymaster
The U.K. government has today published a draft bill setting out new surveillance powers that if passed into law will allow the security and intelligence agencies to more deeply probe Brits’ digital activity by requiring U.K. ISPs keep a log of all the websites visited by Internet users over the past 12 months.
Brits’ media consumption habits, banking activity, political affiliations, health concerns, sexual proclivities and more could all potentially be inferred from state mandated Iogging of Internet activity under the proposed new legislation.
The Investigatory Powers Bill was introduced to Parliament by Home Secretary Theresa May earlier today, who said the government hopes to have an amended bill introduced next spring, following a Parliamentary and committee scrutiny process — with the aim of getting a final bill onto the statue books before the end of 2016.
Speaking in Parliament ahead of May, Prime Minister David Cameron said the new powers are required to help the police and security services combat crime in an era of social media.
May went on to describe the aim of the bill as being to draft a new law “consolidating and updating our investigatory powers, strengthening the safeguards and establishing a world leading oversight regime”.
The government confirmed its intention to legislate to plug what it termed “capability gaps” in law enforcement and security agencies’ intelligence gathering abilities in the digital era back in May. It is tabling legislation now with a view to replacing DRIPA — aka the existing ’emergency’ surveillance legislation which was rushed through Parliament back in 2014, and which has a sunset clause meaning it will expire at the end of 2016.
DRIPA was criticized both for the draconian data capture powers it afforded, and also for the unseemly haste with which it was railroaded through Parliament — allowing no time for proper Parliamentary scrutiny. The Investigatory Powers bill will at least get the latter, with a special committee of MPs due to pore over its detail in the coming months.
Despite criticisms of the potential chilling effect on the U.K. tech sector of draconian state surveillance powers, at a time when European institutions have generally been seeking to roll back data retention capabilities and bolster privacy protections for individuals in the post-Snowden era, the U.K. government is nonetheless pushing ahead with a bid to cement and expand the powers of the surveillance state by enshrining mass surveillance as ‘due process’ for domestic intelligence agencies and proposing what critics have dubbed another ‘Snooper’s Charter’.
The government has of course been attempting to spin otherwise — by, for example, claiming mass surveillance (euphemistically referred to as “bulk collection”) is “proportionate and necessary” in today’s modern digital era, and explicitly stating it is not seeking to ban encryption. Albeit that any ban on encryption would likely be impossible to enforce — especially without international agreement, given how much technology is developed and distributed by non-U.K. companies.
On the encryption point, earlier this year Cameron had made comments widely interpreted as an intention by a future Conservative majority government to outlaw the technology. In the event today’s draft bill does not apparently seek to explicitly outlaw encryption but May said the requirement that is currently in secondary legislation — “that those companies that are issued with a warrant should take reasonable steps to be able to respond to that warrant in unencrypted form” — is being brought “onto the face of the legislation”.
So it remains to be seen whether a company that runs a service under end-to-end encryption and then, if served with a warrant, fails to deliver unencrypted data because they are unable to do so is considered to be breaking U.K. law or not.
“But we are not banning encryption,” added May. “We recognize that encryption plays an important part for people in keeping their details secure.”
(It also appears the government recognizes that encryption can play an important role in its new legislation being perceived as more moderate than it could otherwise have been… )
May went on to emphasize that other contentious measures — included in the earlier 2012 Communications Data bill (also dubbed a Snoopers’ Charter), which failed to pass Parliament — have been dropped.
“The draft bill we are publishing today is not a return to the draft Communications Data bill of 2012. It will not include powers to force U.K. companies to capture and retain third party Internet traffic from companies based overseas; it will not compel overseas communications service providers to meet our domestic retention obligations for communications data,” she said.
Despite this, the requirement that Internet and phone companies retain data on the websites users have visited for a full 12 months remains a huge and intrusive expansion of state surveillance powers. Civil rights organization Big Brother Watch sums up this data as “the what and how of the way we live our lives”.