With an opposition party beset by in-fighting, a country distracted by Brexit, and a media focused on the US presidential election, a contentious surveillance law made its way through the UK Parliament with nary a whimper.
The UK’s Investigatory Powers Bill, perhaps better known as the Snooper’s Charter, will become law within weeks, forcing companies to store troves of data on customers.
The right to not be forgotten
Despite Apple, Facebook, Google, Microsoft, Twitter and more trying to stop or change the bill, all that is left to happen is for the Investigatory Powers Bill to get Royal Assent, a pure formality.
Of particular concern to the tech companies was the fact that it allows the government to legally demand access to communications, often something that may only be possible through back doors. “We reject any proposals that would require companies to deliberately weaken the security of their products via backdoors, forced decryption, or any other means,” the companies said in a joint statement.
“A key left under the doormat would not just be there for the good guys. The bad guys would find it, too,” Apple added.
Also of concern to many, especially those in the human rights and privacy fields, is a requirement for Internet and phone companies to keep records of every phone call made and every website visited by every single one of their UK users for 12 months, with Internet companies also storing information on the device used, and phone companies keeping the date, time and duration.
Gus Hosein, executive director of the non-profit Privacy International, told the Financial Times: “No [Western] government anywhere has passed such laws on bulk collection and bulk hacking because it’s mass surveillance. Time and again, courts have ruled this is unlawful and unacceptable in a democratic society.”
NSA whistleblower Edward Snowden called it “the most extreme surveillance in the history of western democracy. It goes farther than many autocracies.”
From a storage perspective, this will likely increase the need for data centers in the UK, which may be welcomed by some in the industry. But for technology companies as a whole, it is “a logistical nightmare,” Guy Marson, MD of data science and intelligence marketing firm Profusion, said.
Meanwhile, for individual citizens, it has been called a breach of civil liberties and the right to privacy, despite there being little correlation found between mass surveillance and reducing terrorism.
Metadata, while downplayed by intelligence agencies, can be used to work out a great deal about an individual, something that could potentially be used for blackmail or public shaming. With companies having to keep the data themselves, and telecoms firms like Three, TalkTalk, Vodafone, and O2 all being hacked in recent years, many have worried about the wisdom of stockpiling such data.
Access to much of this data will also not require a warrant, with dozens of public organizations and departments including the police, HM Revenue & Customs, customs officials, intelligence agencies, the NHS, the Department of Health, the Food Standards Agency and the Gambling Commission on a list of those with some level of access.
In addition, the law will legally allow security and law enforcement agencies to hack into computers, phones and networks to use them to eavesdrop on communications, after getting a warrant. This includes hacking systems outside of the UK, although that requires authorization from both the home secretary and an independent judge.
“Decisions made today about UK legislation will set precedents which may be copied elsewhere and have wider ramifications for all parties, both in the UK and overseas,” the tech companies opposing the bill noted.
There exists some chance that the bill could be challenged in the courts and be struck down by the generally pro-privacy Court of Justice of the European Union, but with the UK planning to leave the EU, and the bill having been proposed by Prime Minister Theresa May back when she was Home Secretary, it is unclear if this will stop it happening.