Snooper’s Charter explained: Should you care?

What is the Investigatory Powers Bill and why should you care? Here’s a quick summary of the issue.

The
government has unveiled its controversial Investigatory Powers Bill,
dubbed in previous forms as the ‘Snooper’s Charter’. It will require
companies to store customer phone and internet records for 12 months.

Blocked
by the Lib Dems in the last coalition government, the overhauling of
laws on surveillance are being touted as necessary tools in the ongoing
fight against terrorism and other national security threats.

But
the proposed new powers have caused a backlash from some MPs, Peers,
and the public who claim it gives too much power to the government to
snoop on private information.

The legislation will be examined
by both Houses of Parliament ahead of a vote on the final bill next
year. But what exactly are the arguments in favour of and against the
new legislation?

Jargon Buster

Communications Data – Messages
sent online automatically generate extra data such as who sent it, to
whom, when, and how. This information is known as communications data
and is what the Investigatory Powers Bill aims to allow agencies to
access.

Internet Connection Records – This largely
translates as a person’s browsing history but can also include
information on services used by individuals such as Skype and Whatsapp.

End-To-End Encryption – A
method of secure communication that stops third-parties accessing data
while it is being transferred from one communicating party to another,
eg. from one Whatsapp user to another.

Related: Google and the EU’s antitrust investigations

The Legislation

The Investigatory Power
Bill essentially gives government agencies, police, and spies more
access to your private online communications.

As it stands, if
agencies have justification, they can listen to phone calls, intercept
emails and hack devices. But they can’t see what online services someone
is using, so if the police wanted to find out whether a suspect was
using Skype to communicate, currently they couldn’t do so.

The
bill changes that by proposing that companies hold “internet connection
records” for 12 months so they can be requested by authorities. Agencies
will be given the power to see what online services are being used by
whom as well as when, how and, where. So if you sign in to Whatsapp at
4.00pm, the state would be able to see that information if they wanted
to.

Agencies will, however, require a warrant from the Home
Secretary if they want to see exactly what is being said on the online
services.

The legislation also addresses how the state will run
operations involving the collection of large amounts of data,
effectively making legal the revelations of the Edward Snowden leak
concerning GCHQ’s mass collection of data.

Powers for mass collection of communications and other personal data by
MI5, GCHQ, MI6 have been included in the bill. Agencies will be given the ability to hack
computers and phones around the world for purposes of national
security, serious crime, and economic well-being. Should the proposed bill become law, it would mark the first time powers of mass data collection appeared in statute.
Overseas companies are exempt from the measures.

Other proposals laid out in the bill include:

• If practical, British companies now legally have to help law enforcement agencies hack devices.

• It will now be a criminal offence to “knowingly or recklessly obtain communications data from a telecommunications operator without lawful authority”, punishable by up to two years in prison.

• Local councils will retain some investigatory powers, including the surveillance of benefit cheats. They will not be allowed access to online data stored by companies however.

The Blackphone 2 smartphone runs PrivatOS, an Android-based operating system offering advanced security controls

Arguments in favour of the bill

The
main argument for overhauling surveillance law, aside from keeping the
public safe, is that the current rules were written before the modern
digital explosion and are in desperate need of being updated.

Agency
bosses have long been calling for the law to be updated as they claim
their current powers are not comprehensive enough to carry out important
security work in the modern world. Three major reports
in the last year have largely agreed with these sentiments, although
they have warned against forcing legislation through. Perhaps this is
why David Cameron has called the bill “one of the most important pieces
of legislation” before Parliament.

Ministers are keen to
highlight the built-in restrictions, which they say are designed to
prevent new powers being used against the innocent. For example, the new
criminal offence of unlawfully accessing internet data will be pointed
to as an important restriction on the ability of agencies to access
information. The government must also have cause and legal justification
to investigate individuals under the new law.

As well as this, a
team of judges will make up the newly proposed Investigatory Powers
Commission, overseeing how police, MI5 and other agencies are operating
with regards to collection of online data.

One of the arguments
made in favour of the new Bill, and against the charge that it will
impact the innocent, is that the government has no reason to use it in
an invidious way. In other words, security forces are not interested in
trawling through your Facebook posts or listening in on conversations
you have with your mates about last night’s exploits.

This may
seem to be avoiding the principle of the matter, but those in favour of
the bill argue that it addresses issues with outdated legislation and
that those innocent citizens worried about being spied on underestimate
the risk to the public from criminals being able to easily hide from the
authorities.

Home Secretary Theresa May announced the new legislation in Parliament on Wednesday

Arguments against the bill

The public fear mass
data collection of the type revealed by Edward Snowden concerning the
National Security Agency in the United States. It was the Snowden leaks
which also identified GCHQ as collecting far more data than realised and
it is this, rather than targeted surveillance, that most worries
opponents, with the National Council for Civil Liberties suggesting that such powers turn us into a “nation of suspects”.

Still,
opponents of the bill have a right to be worried. After the original
‘Snooper’s Charter’ was blocked in Parliament, the Data Regulation and
Investigatory Powers Act (DRIPA), was rushed through in its place. But
the High Court ruled DRIPA illegal, saying it was “inconsistent with
European law”. Whatever the new legislation contains, being wary is a
natural response considering the recent history surrounding the bill in
its various forms.

At a time when there is increasing talk of the
Conservatives doing away with the Human Rights Act and replacing it
with one of their own, those sceptical of the Investigatory Powers Bill
are keen to ensure that no human rights concerning privacy are being
breached by the legislation. It’s often noted that that laws requiring
blanket data collection are not needed in any other EU or Commonwealth
country, so why the UK?
 
A petition
on campaign website 38 degrees against the legislation has more than
50,000 signatures and claims the Investigatory Powers Bill is “a breach
of our privacy, and against the idea of democracy but also a waste of
tax-payers’ money in light of cuts to the public budget in health and
social care.”

End-to-end encryption, a method of ensuring that
only the sender and recipient of messages can read them, is also a
sticking point for opponents of increased surveillance. The Telegraph reported
this week that companies would be banned from using end-to-end
encryption under the laws being introduced to Parliament today but, as
Business Insider reports, the government has informally advised businesses that this is not the case.

However,
the bill is expected to state that companies must take “reasonable”
steps to hand over data requested by agencies with a warrant, which
could theoretically include encrypted data. If so, companies may have to
build backdoors into encrypted data transferred between users so that
they can decrypt it before providing it to the state.

This
raises a whole host of further concerns which opponents of the bill will
be keen to highlight. If a provider can access your information, so too
can any hackers that manage to infiltrate a provider. With the shadow
of the recent cyber-attack on TalkTalk still looming, ministers are
going to have a hard time selling any attempt to undermine encryption to
opponents of the bill.