Investigatory Powers Bill: A Snooper's Charter in all but name alone

Edward Snowden is right to call this bill our biggest threat to freedom of speech

The Snooper's Charter, and despite all the efforts to try and distance it from that label by the government that is precisely what it remains, has finally been revealed in the form of the Draft Investigatory Powers Bill.

The big question is, should we be worried?

Industry reaction so far has been alarmingly supportive. I was particularly concerned by the comments from Nicholas Lansman, general secretary of ISP industry body ISPA, who said it was preparing to work with the government to ensure the bill provides a framework that "balances necessary powers with oversight whilst minimising the impact on business." How about the impact on freedom, and the necessary power to go about our personal business without being spied upon?

Advertisement - Article continues below

I say 'our' but obviously I do not include MPs in that description as the draft bill clearly omits them from being subject to the surveillance that they would have us under; it will write 'the Wilson doctrine' into law, preventing surveillance of their communications. Journalists, who you might think require similar protection if they are to do their job of ensuring freedom of speech is a reality in the UK, don't get the same pass - police will be able to access their sources with the nod of a friendly judge.

Advertisement
Advertisement - Article continues below

There will be no requirement for the likes of Google to code backdoors into their services or WhatsApp to stop runnign end-to-end encryption, as has been feared.That is a good thing, obviously. That said, if you truly believe that this bill will prevent the security services from doing whatever they think is in the national interest, which may often translate into being their own interest, then you've obviously not taken an interest in Edward Snowden.

Advertisement - Article continues below

The lawyers, politicians, civil servants and spy masters who have drafted this latest proposed incarnation of the Snooper's Charter quite obviously do know all about Snowden. In fact, it reads like a direct response to his whistleblowing. When it comes down to it, after all, what this bill will do is give legal validity to most of the stuff that the security services were already doing secretly and without that legitimacy: the bulk collection of personal communication data, the hacking into computers and smartphones, the blanket storage of internet usage data.

The legal responsibility for storing such data is to be handed over to internet service providers (ISPs) rather than law enforcement and security agencies; they will just get the right to demand to see it. In fact the bill will require ISPs to store this data, of every internet user in the UK (apart from MPs of course), detailing every site that they visit, for a full 12 months. It's okay though, because a judge will have to sign off any request to access it as well as the Home Secretary herself. Unless it's urgent, in which case all bets are off and the data is revealed without the judge's nod or knowledge.

Advertisement - Article continues below

This is probably the most worrying aspect of the bill for me, quite apart from the privacy implications. Simply put, it leaves the door open for all kinds of insecurity scenarios. Home secretary Teresa May herself apparently failed to see the irony in her statement suggesting that high profile hacking attacks were one reason the bill needs to be introduced.

Put all that user data in one place, at every ISP, and it becomes a huge target. Let's hope there is a clause added to exclude TalkTalk from having to do this, given its record. Seriously though, can you imagine what will happen when this kind of data is hacked for the first time? And it is a matter of when, not if - of that you can be sure.

Hopefully this bill, or at least the browser history retention part of it, can follow DRIPA (the Data Retention and Investigatory Powers Act) into the unlawful bin. Earlier this year the High Court ruled that parts of DRIPA were not compatible with EU rights on privacy and the protection of personal data. I fail to see how the proposed new bill is any different, and would hope that the judiciary feels the same and follows the same route to throwing it out should it ever make it into law.

Advertisement - Article continues below

If not then I fear that Snowden was right when he tweeted that the "I don't need privacy, I've nothing to hide" line equates to "I don't need free speech, I've nothing to say". At the end of the day, as Snowden also noted, "your web records are not like an itemised phone bill, they're like a list of every book you've ever opened...".

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020