Investigatory Powers Bill: A Snooper's Charter in all but name alone

Edward Snowden is right to call this bill our biggest threat to freedom of speech

The Snooper's Charter, and despite all the efforts to try and distance it from that label by the government that is precisely what it remains, has finally been revealed in the form of the Draft Investigatory Powers Bill.

The big question is, should we be worried?

Industry reaction so far has been alarmingly supportive. I was particularly concerned by the comments from Nicholas Lansman, general secretary of ISP industry body ISPA, who said it was preparing to work with the government to ensure the bill provides a framework that "balances necessary powers with oversight whilst minimising the impact on business." How about the impact on freedom, and the necessary power to go about our personal business without being spied upon?

I say 'our' but obviously I do not include MPs in that description as the draft bill clearly omits them from being subject to the surveillance that they would have us under; it will write 'the Wilson doctrine' into law, preventing surveillance of their communications. Journalists, who you might think require similar protection if they are to do their job of ensuring freedom of speech is a reality in the UK, don't get the same pass - police will be able to access their sources with the nod of a friendly judge.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

There will be no requirement for the likes of Google to code backdoors into their services or WhatsApp to stop runnign end-to-end encryption, as has been feared.That is a good thing, obviously. That said, if you truly believe that this bill will prevent the security services from doing whatever they think is in the national interest, which may often translate into being their own interest, then you've obviously not taken an interest in Edward Snowden.

The lawyers, politicians, civil servants and spy masters who have drafted this latest proposed incarnation of the Snooper's Charter quite obviously do know all about Snowden. In fact, it reads like a direct response to his whistleblowing. When it comes down to it, after all, what this bill will do is give legal validity to most of the stuff that the security services were already doing secretly and without that legitimacy: the bulk collection of personal communication data, the hacking into computers and smartphones, the blanket storage of internet usage data.

The legal responsibility for storing such data is to be handed over to internet service providers (ISPs) rather than law enforcement and security agencies; they will just get the right to demand to see it. In fact the bill will require ISPs to store this data, of every internet user in the UK (apart from MPs of course), detailing every site that they visit, for a full 12 months. It's okay though, because a judge will have to sign off any request to access it as well as the Home Secretary herself. Unless it's urgent, in which case all bets are off and the data is revealed without the judge's nod or knowledge.

This is probably the most worrying aspect of the bill for me, quite apart from the privacy implications. Simply put, it leaves the door open for all kinds of insecurity scenarios. Home secretary Teresa May herself apparently failed to see the irony in her statement suggesting that high profile hacking attacks were one reason the bill needs to be introduced.

Put all that user data in one place, at every ISP, and it becomes a huge target. Let's hope there is a clause added to exclude TalkTalk from having to do this, given its record. Seriously though, can you imagine what will happen when this kind of data is hacked for the first time? And it is a matter of when, not if - of that you can be sure.

Hopefully this bill, or at least the browser history retention part of it, can follow DRIPA (the Data Retention and Investigatory Powers Act) into the unlawful bin. Earlier this year the High Court ruled that parts of DRIPA were not compatible with EU rights on privacy and the protection of personal data. I fail to see how the proposed new bill is any different, and would hope that the judiciary feels the same and follows the same route to throwing it out should it ever make it into law.

Advertisement - Article continues below

If not then I fear that Snowden was right when he tweeted that the "I don't need privacy, I've nothing to hide" line equates to "I don't need free speech, I've nothing to say". At the end of the day, as Snowden also noted, "your web records are not like an itemised phone bill, they're like a list of every book you've ever opened...".

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019