As expected, the UK’s sweeping surveillance framework, the Investigatory Powers Bill, has become law.

Also known as the Snooper’s Charter, it forces telecoms and Internet providers to store troves of metadata, as well as sanctioning government hacking and demanding backdoors.

Safety through surveillance

Theresa May
Theresa May – DCD/Sebastian Moss

Home Secretary Amber Rudd said that the new law provided “unprecedented transparency and substantial privacy protection.”

“The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The Internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight.”

Before the beginning of 2017, Internet and phone companies will have to start keeping records of every phone call made and every website visited by every resident of the UK for 12 months, with Internet companies also required to store information on the device used, and phone companies keeping the date, time and duration of a call.

According to Schedule 4 of the bill, the following agencies will be able to view UK citizens’ browsing history with few legal restrictions (via Chris Yiu):

  • Metropolitan Police Service
  • City of London Police
  • Police forces maintained under section 2 of the Police Act 1996
  • Police Service of Scotland
  • Police Service of Northern Ireland
  • British Transport Police
  • Ministry of Defence Police
  • Royal Navy Police
  • Royal Military Police
  • Royal Air Force Police
  • Security Service
  • Secret Intelligence Service
  • GCHQ
  • Ministry of Defence
  • Department of Health
  • Home Office
  • Ministry of Justice
  • National Crime Agency
  • HM Revenue & Customs
  • Department for Transport
  • Department for Work and Pensions
  • NHS trusts and foundation trusts in England that provide ambulance services
  • Common Services Agency for the Scottish Health Service
  • Competition and Markets Authority
  • Criminal Cases Review Commission
  • Department for Communities in Northern Ireland
  • Department for the Economy in Northern Ireland
  • Department of Justice in Northern Ireland
  • Financial Conduct Authority
  • Fire and rescue authorities under the Fire and Rescue Services Act 2004
  • Food Standards Agency
  • Food Standards Scotland
  • Gambling Commission
  • Gangmasters and Labour Abuse Authority
  • Health and Safety Executive
  • Independent Police Complaints Commissioner
  • Information Commissioner
  • NHS Business Services Authority
  • Northern Ireland Ambulance Service Health and Social Care Trust
  • Northern Ireland Fire and Rescue Service Board
  • Northern Ireland Health and Social Care Regional Business Services Organisation
  • Office of Communications
  • Office of the Police Ombudsman for Northern Ireland
  • Police Investigations and Review Commissioner
  • Scottish Ambulance Service Board
  • Scottish Criminal Cases Review Commission
  • Serious Fraud Office
  • Welsh Ambulance Services National Health Service Trust

The Government will also, to some extent, be able to force companies to open access to encrypted communications (often not possible without backdoors), legally hack UK citizens without a warrant, and collect data on residents of foreign countries with a warrant.