Investigatory Powers: Expect less scrutiny now Theresa May is Prime Minister

Experts predict Theresa May's rise to PM will give the Snooper's Charter an easier ride

With Theresa May becoming Prime Minister, the Investigatory Powers Bill (IP Bill), which she championed as Home Secretary, raises serious questions as it heads to becoming law.

The controversial plan to put surveillance on a stronger legal footing would compel internet service providers to store people's web browsing histories for up to one year, and force software providers to build backdoors into encryption.

The so-called 'Snooper's Charter' may be under the aegis of new Home Secretary Amber Rudd, but plans have changed little, and with an opposition in disarray, look unlikely to be questioned as much as it should.

"Theresa May is the poster girl for UK surveillance and she will no doubt continue this approach as Prime Minister," says Brian Spector, CEO at online identity firm Miracl. "When it comes to the IP Bill, we can only hope that the peers and lawyers who have final review can scupper its passage through Parliament with more scrutiny and conviction than our MPs did back in March [when 444 MPs voted it through the House of Commons]."

Advertisement
Advertisement - Article continues below

He says that given that most people now place all their personal data online, the IP bill would grant enormous surveillance capabilities to the government.

"If the legislation proceeds, it could undermine trust in the internet as a whole, from service providers, to device manufacturers, to the apps we use as part of our everyday lives," he adds.

Serious implications

There are also serious implications, warns Spector. "Under the proposals, [companies] would be legally bound to help UK police and security services access an individual's device. What's more, the current wording of the bill means that any software made by a British company could soon be perceived to be facilitating government spying on its customer's data."

This would have enormous repercussions by making it much harder for British technology and information security companies to compete globally, according to Spector.

Dave Levy, associate partner at IT advisory group Citihub Consulting, tells IT Pro that MPs were unlikely to give the bill the proper scrutiny it needs.

"I don't think the change in Prime Minister will make much difference except that May is the ex-Home Secretary and will have a much finer and more accurate judgement about the feasibility and political cost of getting the bill through," he says.

"Also, it's gone through the Commons and so it will only require to be considered again if the Lords make amendments, which given the majority it had in the Commons on the third reading because Labour supported it, I think it's unlikely."

One worrying aspect, much underestimated, is that the IP Bill proposes giving the intelligence services immunity from criminal liability for actions such as hacking that would be illegal if conducted by others, he points out.

"This throws up a civil liberties issue. Possibly, it will make IT security research harder to perform within the law. If so, researchers will move to a more conducive regulatory jurisdiction," says Levy.

Advertisement
Advertisement - Article continues below

Encryption issues

Jake Madders, director at managed cloud hosting company Hyve, believes the policies around data protection and encryption present particular challenges.

"Cybersecurity and data protection are core considerations for a huge range of digital businesses, with encryption of data being among the most pertinent," he says. "Removing encryption could mean that tech companies become an even bigger target for hackers. Organisations like ours adhere to the governance provided by the Data Protection Act, ISO 27001, PCI DSS standard, and via the government accreditation, G-Cloud, among others. This would all have to be reconsidered if the 'back door' to encryption the bill seeks was to appear."

Jacob Ginsberg, senior director at email encryption firm Echoworx, says that the bill undermines the fundamental right to privacy.

"There is a severe lack of clarity around encryption backdoors and bulk data collection in the bill, which will have far-reaching ramifications," he says. "Businesses need to be reassured that backdoors will not be built into encryption solutions.

"If this is not clearly defined, cloud and hosting companies will simply move their data to jurisdictions that the bill cannot influence. This could destroy the UK's data storage market, driving out over 10 billion worth of business."

Ginsberg adds that the speed at which the bill was rushed through parliament, and now through the House of Lords, undermines all of these concerns. "With Theresa May's recent appointment, further scrutiny and changes are extremely unlikely."

Handing our data to cybercriminals

Valuing anti-terrorism above encryption does not mean the government is making our data more susceptible to hacking, according to Jonathan Parker-Bray, CEO and founder of encryption app Pryvate.

"Business interests are quite selfish in this regard and will ensure that they have sufficient levels of protection in place for their customers to protect them from cyber attacks," he says.

Advertisement
Advertisement - Article continues below

The culpability in a breach falls on the company, not with the government, he adds, saying this means that companies have lots of incentive to defend their users from attacks or risk losing business.

"Whilst the government wishes to create a situation where data can be requested from companies with a warrant, the fact is that in many cases this won't be possible, and any attempt to weaken encryption will receive massive pushback from businesses throughout the country and their international partners," he says.

What next?

The issue of Brexit has grabbed most of the government's time now and for the foreseeable future. Lee Munson, security researcher at Comparitech.com, says he suspects that the IP Bill may not be quite as high on the agenda as it otherwise would have been.

"It may also no longer be a legacy the new PM wishes to associate with she has, after all, quickly demonstrated how she wishes to separate herself from the Cameronista policies of yesterday," he points out.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019