A controversial shoring up and expansion of state surveillance powers in the U.K. has been agreed upon by both houses of parliament, clearing the way for the formality of Royal Assent and the passing of the Investigatory Powers bill into law before the end of the year.
The legislation creates a legal framework authorizing state actors to hack into devices, networks and services, including in bulk; maintain large databases of personal information on U.K. citizens, including individuals suspected of no crime; and force companies to decrypt data on request — effectively placing limits on the use of end-to-end encryption.
It also requires communications service providers to maintain an ongoing log of all digital services their users connect to for a full year — accessible not only to spy and law enforcement agencies, but a wide range of government agencies too. No warrant is needed for access.
Critics have long branded the #IPbill a “Snooper’s Charter.” But with the official opposition Labour party falling in line behind the government there was little hope of derailing the drive to lock in sweeping and intrusive state mass surveillance powers — which had been used in secret (and at times illegally) prior to the Snowden disclosures forcing their avowal in parliament.
The government argues the incoming law provides intelligence and law enforcement agencies with the powers necessary to fight terrorism and investigate crime. And it points to new oversight mechanisms created by the legislation — such as a so-called “double lock” of judicial and senior ministerial sign-off for warrants needed for certain of the powers, and a new Investigatory Powers Commissioner to audit agencies’ compliance — claiming they provide the checks and balances to ensure usage of the powers is properly authorized and balanced against considerations of individual privacy and civil liberty.
Critics disagree, dubbing it the most extreme law ever passed in a democracy — because it cements the legality of mass surveillance. “We are left with a Bill that mostly permits and codifies all the illegal practices revealed through whistleblowing and court action,” argues the Open Rights Group’s Jim Killock, writing in Newsweek.
He also flags up what he describes as the bill’s “woefully under-debated” new power: aka Internet Connection Records (ICRs) — the requirement on communications services providers to collect and store real-time data on the websites accessed by all users for a full 12 months.
“This unprecedented level of micro-surveillance is accompanied by a machine to make sense of the mass of data, called a ‘Filter’, but is in essence, a search engine. It can match these ICRs with your mobile phone location data and call histories. It can, we believe, be used to profile the social relationships and the sexual and political activities of every U.K. citizen,” says Killock of ICRs.
Others — including the U.K.’s former Information Commissioner — have warned of the hacking risk created by generating and maintaining such a honeypot of sensitive data.
The risks to the reputation of U.K. companies whose services might be backdoored by state agencies is another concern. How can U.K.-based tech companies promise a trusted service to users when the law can compel them to pre-bake weaknesses into systems on-demand? Perhaps only by moving their businesses elsewhere.
Critics of the bill, such as the Lib Dem’s Lord Strasburger, have also argued there are weaknesses in the scope of the judicial review process, claiming it does not allow judges to review the content of warrants — only to look at whether due process was followed; meaning the oversight offers no effective check on how the powers are exercised.
While another peer who tried unsuccessfully to amend the bill, Green MP Jenny Jones, flagged a lack of requirement of “reasonable suspicion” for powers to be used — and therefore a lack of a clear threshold for authorizing state surveillance — arguing this allows sweeping justification for the usage of the bill’s highly intrusive powers.
So, in other words, that the U.K. has sanctioned mass surveillance as the modus operandi of its intelligence and law enforcement agencies, rather than granting them narrower capabilities to surveil specific suspects in targeted investigations. So much for everything Edward Snowden warned about…
Widespread concerns are also being voiced about the links between U.K. intelligence agencies and U.S. agencies, especially in the wake of the election of Donald Trump as the next U.S. president.
tl;dr: Data gathered by the UK’s GCHQ — authorized by the IPBill — will be able to find its way to Trump’s NSA…Featured Image: Bryce Durbin/TechCrunch