The government proposed a fundamental shift in the relationship between citizens, the internet and the state in its 300-page draft investigatory powers bill. Under the law, now christened the snooper’s charter, almost every digital communication and movement would be logged by telecommunications companies, intercepted by intelligence agencies and subject to scrutiny. But when the government introduced the bill into parliament on Tuesday, it demonstrated not only its disregard for privacy but its contempt for that other key pillar of British society: democracy.
The bill contains some of the most intrusive surveillance powers imaginable, including some that are not currently found in any other country in the world. Cyber security is to be sacrificed at the altar of “national security”: government hacking would become legal, bulk datasets collected and mined, and encrypted services subject to state restrictions.
It will come as little surprise to many Britons that the government has contempt for privacy. In the last decade we have seen the roll-out of mandatory data retention and the secret expansion of digital surveillance, revealed only because of theactions of an American whistleblower. Prior to the publication of the draft bill, in November 2015, it had been 15 years since parliament had modernised its surveillance powers, and an overhaul of police and intelligence authorities with regards to the internet was sorely needed. Yet suddenly, with the publication of the draft text, the government decided that time was of the essence. When a joint committee was appointed to scrutinise the bill, it had 52 working days to consider the oral evidence of 59 people and 1,500 pages of written submissions. Two other committees also conducted rapid reviews of the dense legislation during the three short months between the publication of the Draft Bill and its introduction into Parliament.
All three found the draft bill, at best, problematic; the Intelligence and Security Committee (ISC) issued a scathing critique, which cut particularly deep given the Committee’s historically close relationship to the security services. The ISC found the lack of emphasis on privacy protections “surprising” and cautioning the government against using terrorist attacks as an excuse to override civil liberties. It recommended the government did away with invasive powers such as bulk hacking and introduced a new section of the Bill specifically dedicated to protecting privacy.
Other voices, vital to the democratic debate, also criticised the Draft Bill: human rights organisations and civil society argued that by legitimising “bulk interception” powers the bill would open the door for indiscriminate and disproportionate surveillance; key industry players such as Facebook, Google and Yahoo! spoke out against provisions that could be used to weaken security and undermine encryption, and cautioned that Britain’s attempt to exercise extraterritorial jurisdiction on US companies could legitimise the “lawless and heavy-handed practice[s]” of other less democratic nations. The Law Society and Bar Council raised the prospect that the draft bill would undermine the confidentiality of legal communications, and the National Union of Journalists raised the chilling effect on media and the risk posed to the protection of journalists’ sources.
In a final attempt to talk sense into the government, on Tuesday morning more than 100 MPs, experts and organisations published a letter calling on the government to take full account of the extensive criticism offered by the committees, and refrain from rushing the bill through parliament. Hours later the home secretary introduced the Investigatory Powers bill into the Commons.. A second reading is expected on 14 March and a final vote by the end of April.
If the rapid process of scrutiny isn’t a sufficiently clear demonstration of the government’s derision, its response to the committees’ recommendations bring the Home Office’s contempt for the democratic process into sharp relief. A scant handful of minor critiques have been reflected. There has been no response to the widespread criticism of the restricted powers granted to judicial commissioners. In response to demands by the joint committee and the ISC for demonstrable, evidence-based justifications for vastly intrusive bulk powers, the Home Office has provided general case studies with few details, unaccompanied by any sense of the scale and effect of such measures. The ISC’s advice that the government withdraw authorities related to bulk equipment interference powers and bulk dataset acquisition has been ignored.
With deeply regrettable flippancy, the Home Office has responded to the ISC’s recommendation that the draft legislation contain “an entirely new part dedicated to overarching privacy protections [to ensure that] privacy is an integral part of the legislation rather than an add-on” by adding one word to the bill – the word “privacy” to the title of part one, previously “general protections”.
Should the bill be brought into law, its impact on the human rights of the British people would be monumental. The government has shown an audacious disregard for these consequences. That privacy will be eroded as a result of a process that flaunts democratic tenets serves only to add insult to injury. It is not only democracy that the government has treated with contempt but the British public.
The government is collecting data on innocent civilians to tackle the ‘Dark’ web and the ‘Tor’ network, according to the International Business Times:
In the final draft of the proposals – branded a ‘Snoopers’ Charter’ by critics – the controversial bulk powers first exposed by former NSA whistleblower Edward Snowden are vast. They include bulk interception of communications, bulk equipment interference (hacking), the collection of bulk communications data held by service providers and, perhaps most controversially, the retention of so-called bulk personal datasets on masses of innocent UK civilians not suspected of committing any crime.
Additionally, they now are being endorsed as a way to combat criminality on Tor. “The use of bulk data is among the few effective methods available to counter the illicit use of the dark web,” the report asserts. “By analysing data obtained through bulk interception, investigators are able to link the anonymous identities of criminal users to their real world identities. These techniques rely on the analysis of large volumes of data; it would not be possible to do this through targeted interception or communications data powers.”
The claims come as part of the ‘Operational Case for Bulk Powers’ paper, just one document contained in the slew of fresh output that also features information on new powers such as internet connection records and the much sought-after Codes of Practice that outlines how each of the proposals will actually work in reality.
According to the bulk powers document, which repeatedly claims that UK security and intelligence agencies have never collected data ‘indiscriminately’, the intention is to combat the protections Tor offers and crack down on drug marketplaces and hacking forums that have traditionally thrived on this hidden internet.
“Strong encryption and anonymity protocols are intended to ensure the users of these sites cannot be identified,” it complains. “The dark web offers users a secure space in which information can be exchanged anonymously and beyond the reach of law enforcement. These internet services may be hosted in countries without effective legal systems, or be deliberately designed to prevent access by law enforcement agencies.
“There are many valid uses for these internet tools and sites, including by citizens campaigning for civil rights under authoritarian regimes. Terrorists and criminals, however, have also embraced some of these services.
“Bulk powers have been essential to the security and intelligence services over the last decade and will be increasingly important in the future. The acquisition and use of bulk data – information acquired in large volumes and used subject to special restrictions – provides vital and unique intelligence that the security and intelligence agencies cannot obtain by any other means.”
Yet Tor anonymity is not the only secure system the proposals aim to disrupt. end-to-end encryption, used in messaging applications from WhatsApp to iMessage, is also on the hit list.
“Encryption provides a means of making sure communications cannot be read by anyone other than the sender or intended recipient. It is now cheap and almost ubiquitous; strong encryption is typically a default setting in most IT products and on-line services, often without the user ever being aware,” the report notes. According to the UK government, bulk powers – including hacking – remain one sure-fire way of circumventing the use of these strong protections.
“The growth in the availability of encrypted communications has had two implications for the security and intelligence agencies,” the paper states. “First, they have had to become less reliant on obtaining the content of a suspect’s communications: when investigating a known threat in the UK, the agencies will often have to make greater use of bulk data to identify associates and to reveal possible attack planning. Second, the ability to obtain the communications of suspects overseas increasingly requires the use of equipment interference in order to supplement bulk interception.”
The release of the documents comes after the release of three separate Parliamentary committee reports that each slammed many of the bill’s proposals for a severe lack of clarity. Yet even now, in a bill that is supposed to contain updated privacy protections for the general public, critics have already started picking apart the numerous inconsistencies contained within.
According to Anne Jellema, chief executive officer of the World Wide Web Foundation, the bill needs an extended period of scrutiny. “The world is watching, and this legislation is too important to get wrong. It is time for the government to admit it has made a mistake, and to commit to a new timeline that allows for proper scrutiny and public debate. Rushing this vital legislation risks leaving us all less safe, imposing huge costs on UK businesses while riding roughshod over basic British values and civil liberties,” she said.
“Attempting to push a Bill of this magnitude, with this many flaws, through Parliament in a matter of weeks, is a slap in the face for Britain’s democracy.”
However, whatever the outcome, the UK government appears determined to have the bill passed by December – just before the sunset clause of the existing surveillance law DRIPA officially expires.