It is being branded as the most intrusive piece of legislation regarding Internet privacy yet published by the UK Government, but what is the Investigatory Powers Bill that has been introduced by the Home Secretary Theresa May?
In the foreword to the new Bill, Ms. May said: “The use of investigatory powers is vital to locate missing people, to place a suspect at the scene of a crime or to identify who was in contact with whom.
“Powers to intercept communications, acquire communications data and interfere with equipment are essential to tackle child sexual exploitation, to dismantle serious crime cartels, take drugs and guns off our streets and prevent terrorist attacks.”
It is currently in draft form, meaning there will be a public consultation process and further scrutinisation of the Bill before it is put forward for a vote.
So what does it mean? Is it an infringement on your rights, or does it defend you?
What is the history?
There is a huge amount of Government legislation covering the area of communications, some of which date back to the mid-1990s. Here are some of the important developments:
The Police Act 1997 – Gave powers to the police to use intrusive surveillance techniques (such as listening devices) to gather intelligence on suspected criminals.
Regulation of Investigatory Powers Act 2000 (RIPA) – Allowed “certain public bodies” the right to demand Internet Service Providers (ISPs) to provide them data on a customer’s communication.
This demand must be warranted by either the Secretary of State, or a member of the Scottish Executive if that is where the request is being made. So far, this Act has allowed over 600 bodies the right to demand such data.
European Union’s Data Retention Directive 2005 – Forced members of the European Union to retain communications data for no less than 6 months, and no more than two years.
The “data” included only extended to email addresses, caller IDs, locations, and telephone numbers.
The Directive was repealed by the European Court of Justice is 2014, stating the “retention period, and security justifications were ill-defined, and concluded that, in order to be lawful, the data retained should be limited to a specific purpose and length of time that is determined objectively.”
Because of this the Directive was void “with immediate effect.” This left EU members with the task of setting-up their own data retention laws.
Data Retention and Investigatory Powers Act 2014 (DRIPA) – Following the ECJ’s repeal of the European Directive, the UK Government reasserted the police and security agencies’ power to continue demand telephone and Internet records of individuals, with the consent of the Secretary of State.
Data would be held for a maximum of 12 months by ISPs, and the number of authorities allowed to request a warrant would be reduced. Furthermore, it paved the way for the current Investigatory Powers Bill for 2016.
Counter-Terrorism and Security Act 2015 (CTAS) – With the increase in concern over “Islamic State”, and greater immigration, the UK Government allowed the authorities to seize individuals’ passport, and bar some from entering the country. It also added to the data retention powers provided in the RIPA.
What does the new Bill do?
After reviews by David Anderson QC, the Intelligence and Security Agency of Parliament, and a panel convened by the Royal United Services Institute, the government received 198 recommendations – 124 from Anderson alone.
When you break it down, there is not a lot of new features in the Investigatory Powers Bill. It is broken into three key aims:
- Make the powers available to police and security agencies clear, understandable, and collated into one piece of legislation;
- Provide a “double-check” system in reviewing warrant requests;
- Make legislation compatible with the new age of digital technology
Clarifying police and security agency powers
As shown above, the actual powers and data covered by the existing legislation is somewhat unclear, and so the Home Secretary is seeking to make this clear in the new legislation.
Furthermore, the new Bill will exclude local authorities from being able to request a warrant to view the content of data, for instance local councils.
However, the issue that many are taking with the Bill is security agencies’ ability to hack computers, phones and other devices. These powers are covered in the Intelligence Services Act 1994, but the new Bill will provide limitations on the number of warrants agencies can request at one time – “bulk” requests.
The “double-check” system
Perhaps the most crucial piece of the Bill is the creation of a new Investigatory Powers Commission (IPC), including a senior judge and judicial commissioners who are most likely retired judges.
This IPC would be the second body that must sign-off a search warrant made by security agencies, after it has been deemed satisfactory by the Secretary of State.
As said in the draft Bill:
“The draft Bill will create a single new independent and more powerful IPC. The Commissioner will be properly supported and will have a significantly expanded role in authorising the use of investigatory powers and a wide-ranging and self-determined remit to oversee any aspect of how law enforcement and the security and intelligence agencies use the powers and capabilities available to them.”
The graphic below provides an understandable flowchart of how warrants would be processed.
Making the legislation compatible with the digital age
Finally, the Bill would force ISPs to keep Internet connection records (ICRs), and allow security agencies to learn which device a communication was sent from.
It should be noted, the Bill does not mean authorities can read everything you say online, or every page you visit. Currently, the Bill would require authorities to ask for a warrant to view the actual content of your ICRs.
For instance, if you were to visit the bbc.co.uk website, the authorities cannot view anything after the first forward-slash. The same applies to Facebook: they can see you sent a message, but not to whom or what.
So…is the legislation all bad?
From what I can read – no.
The Investigatory Powers Bill would simply allow the government to clarify the position authorities have in intercepting ICRs. Furthermore, there are more safeguards in place to defend the rights of Internet-users than there are new powers for agencies.
Furthermore, the new IPC will, in theory, keep the government in check with what it is authorising to be viewed.
Despite the criticism he received in the Commons today, Richard Graham MP’s controversial “if you have nothing to hide, you have nothing to fear” remark may indeed be true.
However, we should not be surprised by these developments. Government legislation is only just catching up with the rapidly expanding world of digital communications, and it may take much time to flesh out the new Bill to cover everything.
Also, it is important for people to be aware of how the new Bill may affect them. As Edward Snowden said on the U.S. Government: “I can’t in good conscience allow the U.S. government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building.”
What else can I read on this?
There were a number of websites that helped me in wading through the legislative jungle on this topic, but these are the best.
For the Bill itself click this link.
For another blog on what you need to know about the Bill click here.
Also, I strongly recommend you visit the UK Parliament’s website on legislation, by going here.
It is hard to simplify these things, but I hope this has been of use to you – and not too dull!