The UK just passed the most elaborate mass surveillance law in the Western world. The Investigatory Powers Bill, commonly referred to in England as “The Snoopers Charter,” gives the government unprecedented access to the online activities of its citizens as well as legally requiring tech companies to cooperate with government investigations.
Both the House of Lords and the House of Commons have now passed the bill, leaving only the final step, royal assent or approval from the queen, in order to go into effect. It is expected to receive that formal blessing before the end of the year.
The intent behind the bill is to allow the British government the authority to prevent the internet from being used to commit crimes, though many privacy groups and tech companies argue that it infringes upon the privacy of law-abiding citizens.
The bill will require ISPs (internet service providers) to retain records of all online activities for a year, and permits various government agencies access to these records for law enforcement purposes. It also gives the government the legal right to hack into computers and mobile devices. The method, referred to as “equipment interference,” can include extracting information, monitoring the use of or listening in on any communications transmitted over computers, mobile phones, or other digitally connected devices.
This means the internet browsing history, email, text, and telephone communications, as well as data stored on British citizen’s computers with access to the internet, can all be legally accessed, reviewed, and stored by agencies within the British government. In effect, anything you do on a phone or computer within the U.K. will be subject to government surveillance.
The ability to access citizens’ web-browsing history is one of the chief concerns of civil rights groups within the U.K., particularly in regard to journalists, lawyers, and medical professionals who need to exercise a level of privacy in the execution of their professional duties. Although additional protections have been put into place to protect the privacy of such professions, many claim the additional steps amount to nothing more than an extra box to check before accessing private information.
The bill also gives the British government the authority to “bulk hack” the devices within any region of the globe in the interest of national security, though such actions must be approved by the secretary of state, particularly when hacking into devices in other countries.
Jim Killock, executive director of the Open Rights Group, said before the recent vote, “If passed, it would mean that the U.K. has one of the most draconian surveillance laws of any democracy with mass surveillance powers to monitor every citizen’s browsing history.”
Tech companies have rallied against the bill for a number of reasons, including the cost and challenges of retaining the internet history of the U.K.’s 64 million citizens. Apple, Google, Facebook, Microsoft, and Twitter have all voiced their complaints about the new bill, particularly the portions requiring tech companies to aid the government in hacking into users’ devices and to divulge any new encryption or security changes being made before they are available to the public.
The U.N. has also spoken out in opposition to the Investigatory Powers Bill. The U.N.’s privacy chief, Joe Cannataci, stated plainly that the new surveillance bill will “run counter to the most recent judgments of the European Court of Justice and the European Court of Human Rights, and undermine the spirit of the very right to privacy.” He continued in his annual report to suggest that the British government “step back from taking disproportionate measures which may have negative ramifications far beyond the shores of the United Kingdom.”
The British government counters these concerns by emphasizing that intelligence and law enforcement agencies will be able to use the powers granted by the bill to protect British citizens and combat crime of all sorts within the nation. In an effort to ease some concerns about privacy, the government also added what they call the “double lock” requirement before accessing a citizen’s private information, in which warrants will have to be signed off on by both judicial and senior ministerial authorities before being exercised. This is the American equivalent of requiring both a judge and a politician to sign off on the warrant, rather than only a judge.
Critics of the bill have cited that, although this additional step may be a safeguard for some, the bill’s only requirement for a warrant to be granted is the vaguely worded “reasonable suspicion,” which allows for sweeping justifications made for accessing the private information of citizens.
“This unprecedented level of micro-surveillance is accompanied by a machine to make sense of the mass of data, called a ‘filter,’ but is, in essence, a search engine. It can match these ICRs with your mobile phone location data and call histories. It can, we believe, be used to profile the social relationships and the sexual and political activities of every U.K. citizen,” claimed Jim Killock.
Although the bill is still the subject to heated debate within the United Kingdom, the only remaining hurdle between it and becoming the law is royal assent, which most on either side of the aisle agree is simply a formality. The bill is expected to be passed into law within the next month.
Image courtesy of latticesemi.com