Snooper’s Charter fails to protect privacy, warn MPs
Intelligence and Security Committee criticises Investigatory Powers Bill
The Investigatory Powers Bill would fail to protect UK citizens from mass surveillance, according to a Parliamentary committee's damning report on the government's proposed new law.
The Intelligence and Security Committee (ISC) today demanded "substantive amendments" to the bill, also known as the Snooper's Charter.
If passed in its current guise, the bill would see internet service providers forced to store people's internet connection records (ICRs) for 12 months, while security products would have compulsory backdoors built in for government spies to access data.
MPs and peers on the committee claimed that those behind the legislation appeared not to know what the bill is meant to achieve.
"Overall, the privacy protections are inconsistent and in our view need strengthening," said the report, adding that the bill itself was a "significant missed opportunity" and took a "piecemeal" approach to protecting privacy.
The committee said that privacy should be "an integral part of the legislation rather than an add-on".
It added that checks and balances must be set up to oversee security services' powers to collect bulk data from internet users.
The report also focused on rules that force companies to build backdoors into encrypted services, saying the bill was unclear on how warrants to access the backdoors might work, and that the committee was "not convinced as to the requirement for them".
Dominic Grieve, the Conservative chairman of the ISC, said: "Taken as a whole, the draft bill fails to deliver the clarity that is so badly needed in this area."
"The issues under consideration are undoubtedly complex, however, it has been evident that even those working on the legislation have not always been clear as to what the provisions are intended to achieve."
He added: "The draft bill appears to have suffered from a lack of sufficient time and preparation."
Antony Walker, deputy CEO of industry trade body techUK, said that the bill lacks clarity on fundamental issues, such as core definitions of key terms, encryption, and equipment interference.
"Our members are unsure exactly what is meant by internet connection records (ICRs), how they will be gathered, stored and accessed. This kind of detail is crucial to understanding the impact of the proposed bill," he said.
Walker said anything that forces companies to create or allow vulnerabilities in their systems is a huge concern and could damage public trust and have a direct impact on global perception of the UK as a home for innovation and investment.
"These concerns are reinforced by the ISC report, which calls for clarity on the effect on end to end encryption, and we urge the Home Office to take its findings on board," he added.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now