IPB still not fit for purpose, say tech firms

Companies and trade bodies reiterate their concerns on day of Second Reading

Houses of Parliament

The tech industry has once again hit out at the UK's Investigatory Powers Bill (IPB), ahead of its Second Reading in the House of Commons today.

The proposed legislation, also known as the Snooper's Charter, has come in for heavy criticism from tech companies and civil rights campaigners alike, who have claimed its powers are too broad, it is an invasion of privacy and that what it requires is not technically feasible.

While the Bill was revised following extensive investigations by two select committees, which heard from numerous witnesses across these groups, many are still unhappy with the current wording.

John Shaw, VP of product management at Sophos, said that while his company is supportive of the concept of the IPB, he and his colleagues are "disappointed to see that in the revised Investigatory Powers Bill, although the government has made some small improvements, all our fundamental concerns remain".

Shaw listed these concerns as weak definitions, leading to very broad interpretations of the bill; putting data at risk; the tech credentials of the proposed Judicial Commissioners; a continued potential for backdoors into encryption; and putting UK content service providers at a disadvantage, as the law will only apply to them.

"We agree it is critical that the government get this bill right. Rushing it through in its current form will be a mistake. We fear the Bill will be rejected, causing even greater delay to getting a proper regulatory framework in place, or even worse it will be passed into legislation. If it does become law, it will undermine both the security and privacy of UK citizens and impact the competitiveness of UK Internet Service Providers," said Shaw.

ISPA, the trade body representing ISPs in the UK, sounded a similar note of concern.

Chairman, James Blessing, said: "ISPA supports reform of investigatory powers through a new Bill, but we are a long way from having a Bill that is clear and workable.

"Government needs to address concerns around its intentions, definitions and costs to enable industry to make a proper assessment of the Bill and help Parliament scrutinise the complex proposals. Getting this right is essential for the UK digital economy and user trust in services."

ISPA said that, as it stands, the current bill "does not do what the Home Office says it does".

"On numerous occasions, there is a disconnect between what can be found on the face of the Bill and what the Government says the Bill will be used for. Given that the Bill is highly intrusive, the Government must put all of its intentions for how it plans to use the powers on to the face of the Bill," the organisation said.

"Reliance on speeches and non-legislative documents, such as codes of practice, to make clear what the Bill explicitly intends is unsatisfactory," it added.

ISPA also said significant questions remain over costs, definition of key terms and concepts, including Internet Connection Records and even data, how ISPs can recover costs from the government -- if, indeed, they can at all.

Parliament should be given sufficient time to scrutinise the Bill, ISPA said, as it is, in the words of the Prime Minister, "one of the most important bills [the House of Commons] will discuss".

Erka Koivunen, security advisor at F-Secure, took an even stronger tone, saying: "Let us be clear on the British Government's intentions and the consequences of those actions. 'Equipment interference' is hacking. There is a reason there is a very large security industry dedicated to protecting businesses and their digital assets -- because hacking damages businesses."

"No company wants their own government or government of a friendly partner to break into their systems or undermine the security of their services. We would encourage the Government to pause and consider the implications of its intentions before it irreparably damages British businesses," Koivunen concluded.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

HPE inks $2 billion high-performance computing deal with the NSA
high-performance computing (HPC)

HPE inks $2 billion high-performance computing deal with the NSA

1 Sep 2021
White House launches tech fellowship program to tackle key issues
Policy & legislation

White House launches tech fellowship program to tackle key issues

31 Aug 2021
Department of Health and Human Services must improve cyber security info sharing
Security

Department of Health and Human Services must improve cyber security info sharing

30 Jun 2021
JEDI contract's future becomes murky after AWS court win
Policy & legislation

JEDI contract's future becomes murky after AWS court win

11 May 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021