Investigatory Powers Bill: A Snooper's Charter in all but name alone

Edward Snowden is right to call this bill our biggest threat to freedom of speech

The Snooper's Charter, and despite all the efforts to try and distance it from that label by the government that is precisely what it remains, has finally been revealed in the form of the Draft Investigatory Powers Bill.

The big question is, should we be worried?

Industry reaction so far has been alarmingly supportive. I was particularly concerned by the comments from Nicholas Lansman, general secretary of ISP industry body ISPA, who said it was preparing to work with the government to ensure the bill provides a framework that "balances necessary powers with oversight whilst minimising the impact on business." How about the impact on freedom, and the necessary power to go about our personal business without being spied upon?

I say 'our' but obviously I do not include MPs in that description as the draft bill clearly omits them from being subject to the surveillance that they would have us under; it will write 'the Wilson doctrine' into law, preventing surveillance of their communications. Journalists, who you might think require similar protection if they are to do their job of ensuring freedom of speech is a reality in the UK, don't get the same pass - police will be able to access their sources with the nod of a friendly judge.

There will be no requirement for the likes of Google to code backdoors into their services or WhatsApp to stop runnign end-to-end encryption, as has been feared.That is a good thing, obviously. That said, if you truly believe that this bill will prevent the security services from doing whatever they think is in the national interest, which may often translate into being their own interest, then you've obviously not taken an interest in Edward Snowden.

The lawyers, politicians, civil servants and spy masters who have drafted this latest proposed incarnation of the Snooper's Charter quite obviously do know all about Snowden. In fact, it reads like a direct response to his whistleblowing. When it comes down to it, after all, what this bill will do is give legal validity to most of the stuff that the security services were already doing secretly and without that legitimacy: the bulk collection of personal communication data, the hacking into computers and smartphones, the blanket storage of internet usage data.

The legal responsibility for storing such data is to be handed over to internet service providers (ISPs) rather than law enforcement and security agencies; they will just get the right to demand to see it. In fact the bill will require ISPs to store this data, of every internet user in the UK (apart from MPs of course), detailing every site that they visit, for a full 12 months. It's okay though, because a judge will have to sign off any request to access it as well as the Home Secretary herself. Unless it's urgent, in which case all bets are off and the data is revealed without the judge's nod or knowledge.

This is probably the most worrying aspect of the bill for me, quite apart from the privacy implications. Simply put, it leaves the door open for all kinds of insecurity scenarios. Home secretary Teresa May herself apparently failed to see the irony in her statement suggesting that high profile hacking attacks were one reason the bill needs to be introduced.

Put all that user data in one place, at every ISP, and it becomes a huge target. Let's hope there is a clause added to exclude TalkTalk from having to do this, given its record. Seriously though, can you imagine what will happen when this kind of data is hacked for the first time? And it is a matter of when, not if - of that you can be sure.

Hopefully this bill, or at least the browser history retention part of it, can follow DRIPA (the Data Retention and Investigatory Powers Act) into the unlawful bin. Earlier this year the High Court ruled that parts of DRIPA were not compatible with EU rights on privacy and the protection of personal data. I fail to see how the proposed new bill is any different, and would hope that the judiciary feels the same and follows the same route to throwing it out should it ever make it into law.

If not then I fear that Snowden was right when he tweeted that the "I don't need privacy, I've nothing to hide" line equates to "I don't need free speech, I've nothing to say". At the end of the day, as Snowden also noted, "your web records are not like an itemised phone bill, they're like a list of every book you've ever opened...".

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021