Last week, the UK government published the Investigatory Powers Bill, a new surveillance law that has been heavily criticised by privacy and free speech activists, the technology industry, lawyers and academics.
A draft version of the Bill was published in November 2015 and scrutinised by three parliamentary committees. Between them, they made 123 recommendations for how the Bill should be improved. EDRi member ORG, the Don’t Spy on Us coalition and many others called for a complete re-write of the Bill. However, the revised version was published less than three weeks after the Joint Committee reported its findings, and little of substance has changed. You can read an initial comparison here.
One change that led to much online ridicule was the attempt to address a recommendation by the Intelligence and Security Committee who said, “privacy protections should form the backbone of the draft legislation, around which the exceptional powers are then built” and added that “one might have expected an overarching statement at the forefront of the legislation”. The Home Office response appears to have been to add the word “Privacy’ to a heading in Part One of the Bill!
On a more serious note, the Bill will give the UK one of the most extreme surveillance laws in the world. It will put the activities exposed by Edward Snowden, such as the wholesale tapping of fibre optic cables and bulk hacking, into law. Proposals to introduce judicial authorisation are weak and mean that in effect politicians not judges will continue to authorise surveillance around the world. As well as the impact on British citizens, a major concern is that it will be copied by authoritarian regimes. China recently passed surveillance legislation with similar provisions that was condemned by the international community.
The Bill will also extend existing data retention obligations and force Internet Service Providers (ISPs) to collect a record of their customers’ web browsing history and app use. The police and other government organisations will be able to access and analyse these records through a ‘filter’. Effectively, all communications and location records from ISPs and phone companies would become part of a single, searchable, distributed dataset.
The reason that the Government is rushing to legislate is because parts of the Data Retention and Investigatory Powers Act 2013 (DRIPA) are due to expire in December 2016. This law was passed after the Court of Justice of the European Union (CJEU) struck down the Data Retention Directive. In 2015, the British High Court found parts of DRIPA to be unlawful following a legal challenge by two Members of Parliament. The Government appealed, and the UK courts have asked the CJEU two questions to clarify the applicability of their ruling in the Digital Rights Ireland case to UK law. Its findings could affect the data retention provisions in the IPB, but are also highly significant for other European countries, as it should clarify their duties in regard to domestic retention laws. Questions have also been referred to the Court of Justice by the Swedish courts. The cases have been expedited and the hearing for both is on 12 April.
Meanwhile, it appears that the Government will attempt to force the IPB through the House of Commons in the next two months – during which British political debate will be dominated by the EU referendum.
ORG is working with the Don’t Spy on Us coalition to raise public awareness and amend the Bill as it progresses through Parliament. On Tuesday, we launched a fundraiser for an advertising campaign about the Bill and we’d be grateful if any organisations would like to share it to their networks: https://www.dontspyonus.org.uk/donate
(Contribution by Pam Cowburn, Open Rights Group)