Under the new law, coming into effect in a matter of weeks, ISPs and telcos will be required to store data on websites visited, along with apps and messaging services used, for 12 months using an Internet Connection Record. It won’t detail the individual pages, or the messages sent. Additionally, although the law will be put in place soon, it may take up to another year to become operational.
You may think only law enforcement will have (or need) access to these records, but the list of agencies and government departments that will be able to request them numbers 48. It includes civilian, military, and secret law enforcement agencies, along with the Department of Health, HM Revenue & Customs (that’s the tax man), the Food Standards Agency, the Gambling Commission, the fraud squad, the Office of Communications (better known as Ofcom, which looks after telecommunications in the U.K.), and the department for work and pensions.
Police and intelligence services will have a broader scope to carry out bulk surveillance, compel companies to decrypt data, and hack into suspects’ devices if necessary. These acts will only require approval from the home secretary.
Reaction
The long, winding road to the Snoopers Charter has been riddled with opposition. Digital rights NGO Privacy International and Amnesty strongly opposed the law with the latter dubbing it a “dangerous piece of legislation that will needlessly violate the rights of citizens in the U.K.”
Edward Snowdon commented on the Investigatory Powers Bill early in November, calling it, “the most intrusive and least accountable surveillance regime in the West” in a tweet.
By my read, #SnoopersCharter legitimizes mass surveillance. It is the most intrusive and least accountable surveillance regime in the West.
— Edward Snowden (@Snowden) November 4, 2015
“We’ve given our security services unprecedented powers to spy on us,” commented Green Party MP Jenny Jones after the passing of the bill.
Jim Killock, executive director of the Open Rights Group, said the passing of the bill could have a huge effect beyond the U.K., serving as a blueprint for other governments to pass overreaching surveillance legislation. Open Rights Group said it intends to continue fighting the law.
“The IP Bill will put into statute the powers and capabilities revealed by Snowden as well as increasing surveillance by the police and other government departments,” said Killock. “There will continue to be a lack of privacy protections for international data sharing arrangements with the U.S. Parliament has also failed to address the implications of the technical integration of GCHQ and the NSA.”
Killock added that the Court of Justice of the European Union may be able to rule against the bill in the new year and order amendments to protect privacy. Regardless of Brexit in the coming years, such a ruling could stymie the IP Bill taking effect.
“Privacy International is disappointed that Parliament has failed to curtail these broad and deep forms of surveillance that will affect each and every one of us, even if we’re not suspected of any crime. But the fight is not over,” said Caroline Wilson Palo, general counsel at Privacy International, “It will simply move from the politicians to the judges, who will need to decide if the [Investigatory Powers Bill] is consistent with the rule of law and the values of our democracy.”
Scope and commissioners
Warrants will be required to access records, and these along with other issues related to the bill will be handled by a newly appointed Investigatory Powers Commissioner, or IPC, and a team of judicial commissioners. These new positions have yet to be filled, but will be given to a senior judge, and other high court judges.
The bill won’t just affect those living in the U.K., and isn’t restricted to internet activity specifically. For example, it can be used to authorize the hacking of those monitored by law enforcement (or any of the agencies with access to the data, presumably) that may live outside the country. Detailed in the IP Bill and referred to as Equipment Interference, the draft refers to tactics including the use of keyloggers, software exploits, or other bulk hacking techniques to gain access to hardware.
These counter-terrorism and serious crime fighting measures make sense, but the IP Bill also lets agencies access bulk data packages containing a large number of records regarding private, law-abiding citizens activities online. However, public authorities accessing the data without a warrant will be breaking the law.
A draft version of the IP Bill is available here, along with a draft of the Equipment Interference bill here.
Article originally published on 17-11-2016. Updated on 11-29-2016 by Andy Boxall: Added in all the organizations able to view web history, plus further comment and information
