UK government pushing ahead with surveillance powers bill in face of strong criticism

Despite a trio of parliamentary committees (ISC, STC and a joint select committee) criticizing the UK government’s draft surveillance legislation — and some committee members even calling for a complete rethink — the government is rushing ahead anyway.

Today it has introduced a tweaked version of the IP bill to parliament, and reiterated that new legislation “needs to be in force” by 31 December this year.

The Investigatory Powers Bill (IP bill) has been trailed as a necessary piece of legislation to plug so-called “capability gaps” for security and law enforcement agencies, and also as an overdue update to the legal framework around the use of such powers.

While never explicitly mentioned by government, the 2013 disclosures by NSA whistleblower Edward Snowden underlie the controversial attempt to put mass surveillance techniques that had been used for years by domestic security agencies (not always legally) on a secure legal footing.

The Home Office has published the full text of the amended bill today, along with a clutch of documents relating to the proposed legislation, including codes of practice for the various powers.

The move comes less than a month after the bill was savaged by the Intelligence and Security committee for having inconsistent and inadequate privacy protections, yet overly broad intrusive powers. You could say Home Secretary, Theresa May, is not for turning…

The Home Office claims the revised bill and the “further explanatory material” it has published responds to “the vast majority of the recommendations” made by the trio of critical committees.

Critics of the bill are saying the opposite — that the amended version of the bill does little to address fundamental concerns with the draft bill. And indeed, even further tightens the security screw in some instances — such as by extending police access to UK citizen’s web browsing records for specific crimes, as the Guardian has noted.

Police will also be able to deploy hacking in cases involving a “threat to life” or missing persons. And police use of these powers does not require the so-called “double-lock” ministerial authorisation that other intercept warrants do require.

In terms of the changes it has made in response to committee feedback, the government is saying it has “refined technical definitions” and published additional material such as the codes of conduct in the interests of increasing clarity about how powers in the bill will be used and why they are need.

It also claims to have enhanced privacy safeguards — noting specifically that it has added additional protections for journalists and lawyers.

On the web browsing records element of the legislation, it says it will “continue to work closely with industry to develop implementation plans for retaining internet connection records in response to recommendations from the Joint Committee and the Science and Technology Committee”.

Internet connection records (or ISCs) refers to the requirement in the legislation that ISPs retain details on the websites accessed by users for the past 12 months. Industry concerns about the cost of implementing such a massive data capture system are clearly not going away. And the government’s early cost estimate for implementing ISCs (£247 million) looks unlikely to stand still.

Introducing the revised bill in parliament today, May claimed recommendations from the committees had “provided the basis for the legislation being brought forward today”.

Amendments to the draft legislation she specifically flagged up include a shorter period of time before urgent warrants that have been authorized solely by the Home Secretary must be retroactively reviewed by a judicial commissioner; the adding in of “statutory safeguards” to prevent domestic security agencies asking overseas partners to intercept comms where they do not have a warrant; and a degree of clarification on the bill’s encryption fudge — “to put beyond doubt that companies can only be asked to remove encryption that they themselves have applied (or has been applied on their behalf by a third party), and that they will not be asked to remove encryption where it is not practicable for them to do so”.

However she also noted the government has rejected calls to eject bulk equipment interference warrants (aka mass hacking as a sanctioned state agencies investigatory technique) from the bill. “This is a key operational requirement for GCHQ,” she told parliament. “We have published a public case for the use of bulk powers which sets out why this power remains necessary.”

The now published operational case for bulk EQ, as it’s known, and also bulk interception (aka mass surveillance) states that these are “foreign-focused powers” — allowing the security and intelligence agencies to “gather overseas-related communications of terrorists, serious criminals and state based threats in parts of the world where the UK may have a limited or no physical presence”.

“Warrants for these powers must not be sought with the intention of acquiring the communications or private data of people in the UK,” it adds. (The key phrase there is of course ‘with the intention of’ — as is the case when you use a very large scoop to harvest anything in bulk you are not able to be discriminating, and so UK citizens’ data is going to end up being lifted in this dragnet… )

Another recommendation the government has rejected is the justification of “economic well-being”, linked to national security, as a purpose for which some of the powers set out in the bill can be used.

“That is in line with the statutory purposes of the intelligence agencies and relevant European Directives,” said May.

Now that the full text of the bill plus detailed documents pertaining to the proposed legislation are in the public domain there’s a crowdsourced scrutiny effort in train, with people tweeting out a series of observations that would appear to contradict government claims…

Civil liberties organizations have also slammed the amended bill as lacking meaningful improvements, and called out the government for trying to rush the legislation through parliament.

Eric King, Director of the Don’t Spy on Us pro-privacy and digital rights coalition, said in a statement: “Rather than a full redraft, we’ve been given cosmetic tweaks to a heavily criticised, deeply intrusive bill.

“Reshuffling safeguards, without meaningfully improving protections, authorisations or oversight does nothing to address widespread concerns about mass surveillance. The unsettling absence of a robust, technical detailed, evaluation of those bulk powers means the case still hasn’t been made, and Parliament won’t have the information it needs to do it’s job.”

“There simply isn’t time for proper scrutiny of all these powers in the timeframe proposed. More than 100 experts called on the Home Office to put on the brakes. The government must think again,” he added.

Earlier today a group of MPs, academics, lawyers, digital rights campaigns and others also co-signed an open letter in the Telegraph calling on the government not to rush surveillance powers through parliament — and suggesting instead the government could split data retention powers into a separate bill to be dealt with this year, allowing “a comprehensive Investigatory Powers Act to follow next year after adequate consultation”.

The Shadow Home Secretary, Labour’s Andy Burnham, has also said the party could withdraw its support for the IP bill unless the government allows for a longer period of scrutiny.

“It needed to be considerably revised after three expert reports just a matter of weeks ago,” Burnham told The Independent on Sunday at the end of last month. “For Labour’s support, ministers must show they have listened to our calls for greater transparency, stronger safeguards and protection of people’s privacy. It is crucial that this Bill is not rushed and necessary time is given to consider these complex issues.”

The UK’s third political party, the Liberal Democrats, has also warned they will not support a fast-tracked bill.