Investigatory Powers Bill: A Snooper's Charter in all but name alone

Edward Snowden is right to call this bill our biggest threat to freedom of speech

The Snooper's Charter, and despite all the efforts to try and distance it from that label by the government that is precisely what it remains, has finally been revealed in the form of the Draft Investigatory Powers Bill.

The big question is, should we be worried?

Industry reaction so far has been alarmingly supportive. I was particularly concerned by the comments from Nicholas Lansman, general secretary of ISP industry body ISPA, who said it was preparing to work with the government to ensure the bill provides a framework that "balances necessary powers with oversight whilst minimising the impact on business." How about the impact on freedom, and the necessary power to go about our personal business without being spied upon?

Advertisement - Article continues below

I say 'our' but obviously I do not include MPs in that description as the draft bill clearly omits them from being subject to the surveillance that they would have us under; it will write 'the Wilson doctrine' into law, preventing surveillance of their communications. Journalists, who you might think require similar protection if they are to do their job of ensuring freedom of speech is a reality in the UK, don't get the same pass - police will be able to access their sources with the nod of a friendly judge.

Advertisement
Advertisement - Article continues below

There will be no requirement for the likes of Google to code backdoors into their services or WhatsApp to stop runnign end-to-end encryption, as has been feared.That is a good thing, obviously. That said, if you truly believe that this bill will prevent the security services from doing whatever they think is in the national interest, which may often translate into being their own interest, then you've obviously not taken an interest in Edward Snowden.

Advertisement - Article continues below

The lawyers, politicians, civil servants and spy masters who have drafted this latest proposed incarnation of the Snooper's Charter quite obviously do know all about Snowden. In fact, it reads like a direct response to his whistleblowing. When it comes down to it, after all, what this bill will do is give legal validity to most of the stuff that the security services were already doing secretly and without that legitimacy: the bulk collection of personal communication data, the hacking into computers and smartphones, the blanket storage of internet usage data.

The legal responsibility for storing such data is to be handed over to internet service providers (ISPs) rather than law enforcement and security agencies; they will just get the right to demand to see it. In fact the bill will require ISPs to store this data, of every internet user in the UK (apart from MPs of course), detailing every site that they visit, for a full 12 months. It's okay though, because a judge will have to sign off any request to access it as well as the Home Secretary herself. Unless it's urgent, in which case all bets are off and the data is revealed without the judge's nod or knowledge.

Advertisement - Article continues below

This is probably the most worrying aspect of the bill for me, quite apart from the privacy implications. Simply put, it leaves the door open for all kinds of insecurity scenarios. Home secretary Teresa May herself apparently failed to see the irony in her statement suggesting that high profile hacking attacks were one reason the bill needs to be introduced.

Put all that user data in one place, at every ISP, and it becomes a huge target. Let's hope there is a clause added to exclude TalkTalk from having to do this, given its record. Seriously though, can you imagine what will happen when this kind of data is hacked for the first time? And it is a matter of when, not if - of that you can be sure.

Hopefully this bill, or at least the browser history retention part of it, can follow DRIPA (the Data Retention and Investigatory Powers Act) into the unlawful bin. Earlier this year the High Court ruled that parts of DRIPA were not compatible with EU rights on privacy and the protection of personal data. I fail to see how the proposed new bill is any different, and would hope that the judiciary feels the same and follows the same route to throwing it out should it ever make it into law.

Advertisement - Article continues below

If not then I fear that Snowden was right when he tweeted that the "I don't need privacy, I've nothing to hide" line equates to "I don't need free speech, I've nothing to say". At the end of the day, as Snowden also noted, "your web records are not like an itemised phone bill, they're like a list of every book you've ever opened...".

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020