Is the UK Set To Become ‘The Most Intrusive and Unaccountable Regime in the West’?

An "unprecedented" and wide-ranging new surveillance law proposed by the British government this week has again sparked fierce debate on the use of covert powers to protect national security and the safeguarding of citizens' privacy rights. But what does the draft Investigatory Powers Bill really mean for people in the UK?

The bill, presented by Home Secretary Theresa May to parliament on Wednesday, is an attempt to update Britain's complicated patchwork of surveillance laws. Its main current legislation, the Regulation of Investigatory Powers Act 2000, was drafted before the creation of Facebook and Twitter. Then came the Edward Snowden revelations, revealing how the UK intelligence agency Government Communications Headquarters (GCHQ) was, with the United States' National Security Agency, was collecting data on a mass scale unbeknown to the public.

While in the US the response has been to kick back against government spying — the USA Freedom Act passed in June put limits on bulk data collection by the NSA — the UK government has gone in the other direction, proposing greater "snooping" powers than those explicitly allowed in the US, Canada, Australia or the rest of Europe.

Related: Here's Every Email the NSA Got After Asking Americans for Tips on How to Protect Privacy

First things first, what does the Bill propose?

One of the most controversial aspects of the draft Investigatory Powers Bill is that it will require communication companies to store data on every UK citizen's online activity for 12 months, recording the websites, services or instant messaging applications people have been accessing. Known as Internet Connection Records (ICRs), police and security services would not need a warrant to see what websites citizens are clicking on. Authorities will not be able to see the contents of pages citizens viewed, just the website itself.

Some examples of the difference between Internet Connection Records (no warrant) and browsing history (warrant) — Mikey Smith (@mikeysmith)November 4, 2015

ICRs are "simply the modern equivalent of an itemized phone bill," according to May, and are needed to find out what a suspect, or even a victim, has used to communicate online, subsequently allowing investigators to request for more specific communications data. ICRs could be used to find out whether a suspect has been involved in online criminality, such as accessing terrorist material, or sharing indecent images online, for instance.

Another significant element of the bill is that for the very first time, the UK government has made its surveillance powers explicit. The Government Communications Headquarters (GCHQ) has been engaged in bulk collection of citizens communication data for years — but the British public was not aware of this until US whistleblower Edward Snowden revealed its activities in 2013.

In a surprise development, May admitted to members of parliament when unveiling the bill that her government and previous ones have been authorizing warrants for mass data collection since 2001, under different bits of legislation buried in various existing laws. Now, such collection is openly and clearly provided for in one place.

The bill also allows for security agencies to hack into people's computers — termed "equipment interference" — and places a legal obligation on communications companies to help them do so when required. The law does not ban encryption of data, as originally feared, but it includes a power to force companies in the UK to remove encryption on certain communications upon request.

Related: How Colombia Built a Massive Surveillance 'Shadow State'

Why the controversy?
Despite the promise of the Bill providing "the strongest safeguards and world-leading oversight arrangements," human rights organizations have suggested that the Bill is a further intrusion of a citizen's right to privacy, and privacy rights campaigners have raised serious concerns.

According to Edward Snowden, the new bill "legitimizes mass surveillance" and would create "the most intrusive and least accountable surveillance regime in the West." He rubbished May's claim about ICRs, tweeting: "Your web records are not like an 'itemised phone bill,' they're like a list of every book you've ever opened."

Speaking to VICE News, Eric King, Deputy Director of Privacy International, said: "I always suggest people get out their phones and have a look at the previous searches that they've done, the history that they've had on their phone, you will immediately recognise just how personal and just how invasive it can be. Obviously it can reveal your political affiliations, your political opinions, what you might be thinking of certain topics. It could hint at your religious affiliations."

The World Wide Web Foundation went even further, arguing ICRs are unnecessary, disproportionate, and "ride roughshod" over the fundamental right to privacy. "By retaining the top-level internet address of every website visited by every UK resident – accessible without a warrant – it will be possible to paint an incredibly detailed picture of a person's hopes, fears and activities, and will create a data pool rife for theft, misuse or political persecution," it said in a statement. "It goes against international norms and also risks creating a race to the bottom globally as repressive regimes seek to copy Britain's example."

The bill is deceptive and threatening, said Renate Samson, Chief Executive of Big Brother Watch. "[It] appears at first glance to tick all the right boxes, but when you scratch the surface it is clear that the proposals could create cyber vulnerabilities," she told VICE News. "The use of hacking, bulk data retention and a demand for encrypted data to be available in an unencrypted form all have the potential to expose us and make us more vulnerable in this hyper connected, big data controlled times."

Related: Facial Recognition Technology Is Big Business — And It's Coming For You

Any safeguards?

Agencies will not need a warrant to collect ICRs, but there are some provisions limiting access. Police and security services will only be able to make a request for data from communications firms "where it is necessary and proportionate to do so in the course of a specific investigation."

The law enforcement intent must be to find out "which individual has used a specific internet service, how a subject of interest is communicating online, [or] whether an individual is accessing or making available illegal material," and the request must be made by a "designated senior person."

May made an assurance that agencies would not be able to make a request for the purpose of determining whether someone has visited, for example, a mental health website, or a news website. Local governments will be banned from accessing the data.

For more intrusive surveillance, such as the accessing of the contents of communications (what specific page someone viewed for instance, or what they wrote in a message) and the bulk collection of communication data, a warrant will have to be signed off by a government minister, and it will also require authorization from a new Investigatory Powers Commission, comprising senior judges.

As for Members of Parliament, any proposed interception of their communications would have to be signed off by the Prime Minister — a reaction to the recent news that the so-called Wilson Doctrine, a doctrine that provides assurances that MPs communications are protected from UK security agencies, has no legal basis.

Related: Your Face, Voice, and Tattoos Are the FBI's Business Now

Will the bill be passed?

According to the UK government the proposed law is essential in the digital age in order to fight terrorism and serious and organized crime. It follows two previous attempts to bring in surveillance legislation — the 2013 Digital Communications Bill, dubbed the "Snoopers' Charter," which proposed far-reaching powers allowing internet providers and phone companies to record clients browsing history, social media, and phone calls for a year, and the 2014 Data Regulation and Investigatory Powers Act (DRIPA), emergency legislation requiring firms to retain all customers' communications history for a year.

The "Snoopers Charter" was defeated by the Conservative Party's coalition government partners, the Liberal Democrats, while the UK's High Court ruled parts of the DRIPA were too imprecise and unclear and said the government had to come with something better.

This time around, the legislation's prospects look much more favorable. Crucially, the Investigatory Powers Bill has gained the support of the opposition Labour Party. The issues it deals with go "way beyond party politics," said the Shadow Home Secretary Andy Burnham. "Strong powers must be balanced by strong safeguards for the public," he told MPs as the law was debated on Wednesday, but parliament "cannot sit on its hands and leave blind spots." The bill was "neither a snooper's charter nor a plan of mass surveillance," he added.

The law will now through several stages of scrutiny before it is placed before parliament and voted on next year.

Follow Jenna Corderoy on Twitter: @JennaCorderoy

Photo via Flickr

Related: Who's Afraid of the Surveillance State?