IPB still not fit for purpose, say tech firms

Companies and trade bodies reiterate their concerns on day of Second Reading

Houses of Parliament

The tech industry has once again hit out at the UK's Investigatory Powers Bill (IPB), ahead of its Second Reading in the House of Commons today.

The proposed legislation, also known as the Snooper's Charter, has come in for heavy criticism from tech companies and civil rights campaigners alike, who have claimed its powers are too broad, it is an invasion of privacy and that what it requires is not technically feasible.

While the Bill was revised following extensive investigations by two select committees, which heard from numerous witnesses across these groups, many are still unhappy with the current wording.

John Shaw, VP of product management at Sophos, said that while his company is supportive of the concept of the IPB, he and his colleagues are "disappointed to see that in the revised Investigatory Powers Bill, although the government has made some small improvements, all our fundamental concerns remain".

Shaw listed these concerns as weak definitions, leading to very broad interpretations of the bill; putting data at risk; the tech credentials of the proposed Judicial Commissioners; a continued potential for backdoors into encryption; and putting UK content service providers at a disadvantage, as the law will only apply to them.

"We agree it is critical that the government get this bill right. Rushing it through in its current form will be a mistake. We fear the Bill will be rejected, causing even greater delay to getting a proper regulatory framework in place, or even worse it will be passed into legislation. If it does become law, it will undermine both the security and privacy of UK citizens and impact the competitiveness of UK Internet Service Providers," said Shaw.

ISPA, the trade body representing ISPs in the UK, sounded a similar note of concern.

Chairman, James Blessing, said: "ISPA supports reform of investigatory powers through a new Bill, but we are a long way from having a Bill that is clear and workable.

"Government needs to address concerns around its intentions, definitions and costs to enable industry to make a proper assessment of the Bill and help Parliament scrutinise the complex proposals. Getting this right is essential for the UK digital economy and user trust in services."

ISPA said that, as it stands, the current bill "does not do what the Home Office says it does".

"On numerous occasions, there is a disconnect between what can be found on the face of the Bill and what the Government says the Bill will be used for. Given that the Bill is highly intrusive, the Government must put all of its intentions for how it plans to use the powers on to the face of the Bill," the organisation said.

"Reliance on speeches and non-legislative documents, such as codes of practice, to make clear what the Bill explicitly intends is unsatisfactory," it added.

ISPA also said significant questions remain over costs, definition of key terms and concepts, including Internet Connection Records and even data, how ISPs can recover costs from the government -- if, indeed, they can at all.

Parliament should be given sufficient time to scrutinise the Bill, ISPA said, as it is, in the words of the Prime Minister, "one of the most important bills [the House of Commons] will discuss".

Erka Koivunen, security advisor at F-Secure, took an even stronger tone, saying: "Let us be clear on the British Government's intentions and the consequences of those actions. 'Equipment interference' is hacking. There is a reason there is a very large security industry dedicated to protecting businesses and their digital assets -- because hacking damages businesses."

"No company wants their own government or government of a friendly partner to break into their systems or undermine the security of their services. We would encourage the Government to pause and consider the implications of its intentions before it irreparably damages British businesses," Koivunen concluded.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
TechUK panel slams "woeful" gov response to digital IDs
identity and access management (IAM)

TechUK panel slams "woeful" gov response to digital IDs

4 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020