What is the Investigatory Powers Bill and why should you care? Here's a quick summary of the issue.
The government has unveiled its controversial Investigatory Powers Bill, dubbed in previous forms as the ‘Snooper's Charter’. It will require companies to store customer phone and internet records for 12 months.
Blocked by the Lib Dems in the last coalition government, the overhauling of laws on surveillance are being touted as necessary tools in the ongoing fight against terrorism and other national security threats.
But the proposed new powers have caused a backlash from some MPs, Peers, and the public who claim it gives too much power to the government to snoop on private information.
The legislation will be examined by both Houses of Parliament ahead of a vote on the final bill next year. But what exactly are the arguments in favour of and against the new legislation?
Communications Data – Messages sent online automatically generate extra data such as who sent it, to whom, when, and how. This information is known as communications data and is what the Investigatory Powers Bill aims to allow agencies to access.
Internet Connection Records – This largely translates as a person's browsing history but can also include information on services used by individuals such as Skype and Whatsapp.
End-To-End Encryption – A method of secure communication that stops third-parties accessing data while it is being transferred from one communicating party to another, eg. from one Whatsapp user to another.
The Investigatory Power Bill essentially gives government agencies, police, and spies more access to your private online communications.
As it stands, if agencies have justification, they can listen to phone calls, intercept emails and hack devices. But they can’t see what online services someone is using, so if the police wanted to find out whether a suspect was using Skype to communicate, currently they couldn’t do so.
The bill changes that by proposing that companies hold "internet connection records" for 12 months so they can be requested by authorities. Agencies will be given the power to see what online services are being used by whom as well as when, how and, where. So if you sign in to Whatsapp at 4.00pm, the state would be able to see that information if they wanted to.
Agencies will, however, require a warrant from the Home Secretary if they want to see exactly what is being said on the online services.
The legislation also addresses how the state will run operations involving the collection of large amounts of data, effectively making legal the revelations of the Edward Snowden leak concerning GCHQ's mass collection of data.
Powers for mass collection of communications and other personal data by MI5, GCHQ, MI6 have been included in the bill. Agencies will be given the ability to hack computers and phones around the world for purposes of national security, serious crime, and economic well-being. Should the proposed bill become law, it would mark the first time powers of mass data collection appeared in statute.
Overseas companies are exempt from the measures.
Other proposals laid out in the bill include:
- If practical, British companies now legally have to help law enforcement agencies hack devices.
- It will now be a criminal offence to “knowingly or recklessly obtain communications data from a telecommunications operator without lawful authority”, punishable by up to two years in prison.
- Local councils will retain some investigatory powers, including the surveillance of benefit cheats. They will not be allowed access to online data stored by companies however.
Arguments in favour of the billThe main argument for overhauling surveillance law, aside from keeping the public safe, is that the current rules were written before the modern digital explosion and are in desperate need of being updated.
Agency bosses have long been calling for the law to be updated as they claim their current powers are not comprehensive enough to carry out important security work in the modern world. Three major reports in the last year have largely agreed with these sentiments, although they have warned against forcing legislation through. Perhaps this is why David Cameron has called the bill “one of the most important pieces of legislation” before Parliament.
Ministers are keen to highlight the built-in restrictions, which they say are designed to prevent new powers being used against the innocent. For example, the new criminal offence of unlawfully accessing internet data will be pointed to as an important restriction on the ability of agencies to access information. The government must also have cause and legal justification to investigate individuals under the new law.
As well as this, a team of judges will make up the newly proposed Investigatory Powers Commission, overseeing how police, MI5 and other agencies are operating with regards to collection of online data.
One of the arguments made in favour of the new Bill, and against the charge that it will impact the innocent, is that the government has no reason to use it in an invidious way. In other words, security forces are not interested in trawling through your Facebook posts or listening in on conversations you have with your mates about last night’s exploits.
This may seem to be avoiding the principle of the matter, but those in favour of the bill argue that it addresses issues with outdated legislation and that those innocent citizens worried about being spied on underestimate the risk to the public from criminals being able to easily hide from the authorities.
Home Secretary Theresa May announced the new legislation in Parliament on Wednesday
Arguments against the bill
The public fear mass data collection of the type revealed by Edward Snowden concerning the National Security Agency in the United States. It was the Snowden leaks which also identified GCHQ as collecting far more data than realised and it is this, rather than targeted surveillance, that most worries opponents, with the National Council for Civil Liberties suggesting that such powers turn us into a “nation of suspects”.
Still, opponents of the bill have a right to be worried. After the original ‘Snooper’s Charter’ was blocked in Parliament, the Data Regulation and Investigatory Powers Act (DRIPA), was rushed through in its place. But the High Court ruled DRIPA illegal, saying it was "inconsistent with European law". Whatever the new legislation contains, being wary is a natural response considering the recent history surrounding the bill in its various forms.
At a time when there is increasing talk of the Conservatives doing away with the Human Rights Act and replacing it with one of their own, those sceptical of the Investigatory Powers Bill are keen to ensure that no human rights concerning privacy are being breached by the legislation. It’s often noted that that laws requiring blanket data collection are not needed in any other EU or Commonwealth country, so why the UK?
A petition on campaign website 38 degrees against the legislation has more than 50,000 signatures and claims the Investigatory Powers Bill is “a breach of our privacy, and against the idea of democracy but also a waste of tax-payers' money in light of cuts to the public budget in health and social care.”
End-to-end encryption, a method of ensuring that only the sender and recipient of messages can read them, is also a sticking point for opponents of increased surveillance. The Telegraph reported this week that companies would be banned from using end-to-end encryption under the laws being introduced to Parliament today but, as Business Insider reports, the government has informally advised businesses that this is not the case.
However, the bill is expected to state that companies must take "reasonable" steps to hand over data requested by agencies with a warrant, which could theoretically include encrypted data. If so, companies may have to build backdoors into encrypted data transferred between users so that they can decrypt it before providing it to the state.
This raises a whole host of further concerns which opponents of the bill will be keen to highlight. If a provider can access your information, so too can any hackers that manage to infiltrate a provider. With the shadow of the recent cyber-attack on TalkTalk still looming, ministers are going to have a hard time selling any attempt to undermine encryption to opponents of the bill.