A new bill, recently passed by both parliamentary houses, requires UK ISPs to store user internet history for up to a year, and to decrypt data as needed for police investigations.
After years of controversy, the UK finally passed the Investigatory Powers Bill, giving the government a host of new surveillance powers relative to citizen internet use. The bill, which passed by both parliamentary houses on Wednesday, forces communications providers to store customer website history, calls, and texts for one year to be used in police investigations.
Another major piece of the bill is that it grants the power to remove "electronic protection applied by or on behalf of that operator to any communications or data." Essentially, this allows the UK government to require providers to remove encryption, and could severely limit the effectiveness of end-to-end encryption.
The Investigatory Powers Bill also gives the UK government the right to hack into user devices or businesses in an effort to find data relevant to an investigation, as well as the ability to leverage data on innocent citizens to build a case against potential criminals. ZDNet's Steve Ranger noted that this kind of behavior has been done for years, but the bill still raises additional concerns.
The hacking is officially referred to in the bill as "bulk equipment interference." However, certain safeguards are in place in the bill to protect "confidential journalistic material" and health records.
To oversee the effort, the bill declares that the acting prime minister must appoint an investigatory powers commissioner and other judicial commissioners. The bill adds to existing tensions between the UK government and human rights groups, which escalated to Europe's highest court in early 2015.
As noted by ZDNet's Zack Whittaker, the bill was first introduced in 2012 by Theresa May, who recently took over the position of prime minister from David Cameron following the decision of the UK to leave the European Union. The potential privacy implications of the bill have led some critics to call it the "snoopers' charter."
When the bill was first introduced, it saw strong pushback from modern tech companies like Google, Microsoft, Facebook, Twitter, and Yahoo. Then-deputy prime minister Nick Clegg worked to block the bill on behalf of Liberal Democrats in 2013, but it gained momentum when the government moved to a Conservative majority in 2015.
The 304-page bill can be viewed in its entirety here.
The 3 big takeaways for TechRepublic readers
- The UK's Parliamentary Houses recently passed the Investigatory Powers Bill, which forces service providers to keep records of all their customers' data for use in police investigations.
- The bill also provides rules for "bulk equipment interference," or hacking of personal devices and enterprise systems for relevant data.
- The bill has long received opposition from human rights groups and privacy groups, gaining the title "snoopers' charter."
- Despite privacy concerns, Microsoft calls Windows 10 'the most secure version of Windows' (TechRepublic)
- Privacy set to be biggest casualty of UK election, as "snoopers' charter" returns (ZDNet)
- Five utilities that help protect your online privacy (TechRepublic)
- Britain has passed the 'most extreme surveillance law ever passed in a democracy' (ZDNet)
- Apps vs. mobile websites: Which option offers users more privacy? (TechRepublic)