If you believe in fate, you will find it is no coincidence that the final reading of the Investigatory Powers Bill is taking place in the House of Lords today, on Halloween. After the reading and, potentially, a few amendments, the Bill will be granted Royal Assent and shortly become law.
But apart from the fact the whole thing can be summarised as “a particularly scary episode of Black Mirror”, what is the so-called Snoopers’ charter really all about?
Go on then, what is it?
The Bill will give the government unprecedented surveillance powers by allowing them to collect and intercept your communications in new ways.
It will also lay down the rules about these powers, providing clear guidance to security agencies, the police, and other public authorities about how they should and shouldn’t use them.
Okay, but what sort of powers?
Are you sitting comfortably (with your webcam taped over and your location services turned off)? Good, then I’ll begin.
The Bill will:
- Force your Internet Service Provider to keep your Internet Connection Record (ICR) – a list of services and websites you use and when – for 12 months.
- Oblige communications companies to retain your communications, hand them over when served with a notice, and remove encryption when requested.
- Create new rules about who can intercept your communications, ie. who can read your messages.
- Explicitly legalise intelligence agencies, law enforcement and the armed forces interfering with (ie. hacking) electronic equipment – for example, by covertly downloading the contents of your phone or remotely accessing your computer.
- Allow security and intelligence agencies to use these powers in bulk to obtain large numbers of data about a large number of people.
- Create warrants for authorities to examine “Bulk Data Sets” – basically, a lot of people’s personal information – such as medical records and tax histories.
But why?
The Bill is mainly a counter-terrorism measure, though authorities also hope to use it to catch criminals. For example, the retention of ICRs will help the police to identify people who are sharing child pornography online.
The Bill also collects and updates existing rules about the use of investigatory powers.
So… it’s good?
No one can deny that catching terrorists and child abusers is incredibly important, but the Bill compromises our privacy in unprecedented ways. Instead of just monitoring criminals, the government has the power to monitor everyone. This creates a scary precedent for the complete erosion of our privacy, and also might not work in practice. Imagine, for example, how your ICR could be misconstrued in court. Imagine how the inside jokes you share with your friends online could be misinterpreted. For some people, their search histories are arguably as private as their thoughts.
In fact, former MP and lecturer at the University of Cambridge Julian Huppert has called the Bill “terrifying”, writing on openDemocracy:
“Some of the powers in the Bill are deeply intrusive, and with very little possible justification. All of us want to be safe, and protected from terrorists and the like – but the evidence that these powers are all needed is thin indeed. However, the cost to all of our privacy is huge.”
Security is also at risk, as allowing authorities to bypass encryption also opens the (back)door to hackers. Nic Scott, managing director of data security specialists Code42, told ComputerworldUK: “You either have encryption in place or you don’t. Once you create a backdoor for law enforcement purposes, you are also opening the door to other, potentially malicious, parties.”
But there are safeguards are in place?
The Bill has an extensive number of safeguards that may help assuage public fears. For example:
- It will now officially be an offence if a person in a public authority unlawfully obtains communications data.
- There will be a brand new, super powerful Investigatory Powers Commissioner who will oversee the use of the powers.
- All search warrants are subject to a “double lock”, meaning the Secretary of State must first authorise the warrant, and a judicial commissioner must approve the decision.
- A “Request Filter” will ensure that only data required to answer an authority’s request is handed over and that irrelevant data will not be made available.
- If an investigatory body wishes to identify a journalist’s source, they must seek judicial approval first.
- Extra consideration is also given to certain “sensitive” professions such as doctors, lawyers, and MPs.
- Authorities must consider whether information they are seeking could be acquired by less intrusive means as well as weighing up the public interest.
Aha! But there are flaws in these safeguards?
Well, yeah. In theory, they all sound great, but there are endless problems in practice. To start with, the reasons why a warrant to read your messages could be approved are vague. According to the Bill, these warrants must be “necessary in the interests of the prevention or detection of serious crime, in the interests of national security, or to protect the economic wellbeing of the United Kingdom when it is also relevant to national security, and must be proportionate to what is sought to be achieved”. It is quite easy to see how this definition could be stretched to rubber-stamp a lot of dubious requests.
Also, scroll up. Did you notice that bit about MPs? Did ya? Did ya?
But at least they’re telling us about it…
Transparency is a big part of the Bill, and, if you’re an optimist, it’s great that the government is at least admitting to spying on us. If you’re a pessimist, however, you might wonder what else is happening behind the scenes.
It’s also worth remembering, if you’re so inclined, that two weeks ago the Investigatory Powers Tribunal ruled that MI5 and GCHQ unlawfully collected bulk data on UK citizens for a decade and despite the whole human-rights-violating thing, there have been no ramifications for either organisation so far.
If this is all so awful, why doesn’t anyone care?
The essence of the Bill was first envisioned years ago and was blocked by the Lib Dems in coalition from being introduced between 2010 and 2015. This initial Bill – the Draft Communications Data Bill – was met with resistance, whereas Theresa’s May’s new iteration has sailed through the Houses of Commons and Lords relatively unscathed. This is partially due to the changes, and partly because, well, Brexit was quite distracting.
Labour has come under fire for voting with the government to back the Bill, with Jim Killock, the Director of the Open Rights Group, saying: “Labour did not table any serious amendments to this draconian legislation in the House of Lords. Labour is simply failing to hold the government to account.”
Although privacy groups warn about the Bill, the lack of coverage in the media has meant little public interest.
What’s going to happen next?
After the third reading today, amendments may be made and the Bill will return to the House of Commons to consider these amendments. After this, the Bill will be granted Royal Assent and it is likely to become law by the end of the year.
Is it too late to do anything?
It’s probably too late in the game for petitions or protests, although we can hold out hope that the House of Lords amends some of the Bill. The best-case scenario is that we all get much better at safeguarding our online affairs, although that might just pave the way for even more investigatory powers. Happy Halloween!