UK Government rushing IP Bill through Parliament

The IP Bill that we covered recently has a date for its second reading- the 15th of March. A draft copy of the bill was published in November 2015 to allow for pre-legislative scrutiny by committees and independent analysts. You can read the draft here.

Not wanting to be caught without legal cover the government is urgently pushing the bill through the House of Commons and Lords. MPs are expected to read, analyze and interpret around 900 pages of documents about complex technical and ethical issues in under two weeks.

This is not the UK’s first attempt to undermine its citizens privacy, in fact, they have been trying to pass similar laws for several years now.

IP Bill Changes

  • Six codes of practice setting out how the security services will use the powers in the bill, including access to personal communications data, state computer hacking and bulk acquisition of data.
  • Stronger privacy safeguards including the need for a senior judge to approve security service access to a journalist’s communications data. The Home Office said this was needed to ensure the willingness of sources to provide information to journalists.
  • A “double-key” ministerial warrant backed by judicial approval when UK security services ask foreign intelligence agencies to undertake work on their behalf.
  • A pragmatic approach to encryption that will require technology companies to remove encryption that they have themselves applied where it is practicable for them to do so.
  • The period for “urgent” warrants issued for the most intrusive surveillance without judicial approval is to be reduced from five to three days. (The Guardian)

“Minor Botox”

Three parliamentary committees recommended 123 changes to the draft legislation. The Intelligence and Security Committee said that the government has missed an opportunity to provide “badly needed” (p2) clarity and assurance. The approach towards data was called “inconsistent and largely incomprehensible” (p9). Keeping the definition of “data” wooly and within the Code of Practices (which can be changed at a later date) gives wiggle room on what can and can’t be used.

The Science and Technology Committee criticised the practicalities of retaining internet connection records (ICR). Internet service providers would have to do this themselves- passing on the cost to customers who would in effect be paying for their own surveillance.

The new Bill would grant police (i.e. domestic law enforcement) access to all ICRs deemed “necessary and proportionate” for conducting an investigation. The much vaunted “double-lock” mechanism does not apply either. Previously police were only allowed to access data that pertained to illegal content and activities. The power of the three letter agencies will now be available to domestic cases where there is a “threat to life” or missing persons. The UK is literally becoming the setting for Minority Report.

“Give the bill the time it needs”

Over 100 MPs, academics, activists, lawyers and businesspeople signed a letter in the Telegraph decrying the government for squandering the chance to have a law that could lead the global discussion. British surveillance is currently covered by the Data Retention and Investigatory Powers Act (DRIPA) which is set to expire in December. Theresa May has claimed that the rush is necessary because of this expiration date. But the rush could be negated by extending the sunset clause for a year. The Bill is the most significant renewal of surveillance laws in 15 years, one more year wouldn’t hurt.