Was Orwell right? Are we now living in a real life 1984? Have we all just kissed goodbye to our privacy without knowing it? Unfortunately, the answer is possibly yes. Big Brother (or various government authorities) may soon be spying on you, if they are not already, or at least saving your personal data. The reason for this: the passing of the highly controversial Investigatory Powers Bill.
In an increasingly digital world, we all send a plethora of messages every day, whether it is via text, WhatsApp or Facebook Messenger. However, every time we click send, do we consider this information to be the type of thing we want the government to read, or, more importantly that the Government has the right to read?
What is the Investigatory Powers Bill?
The aptly nicknamed ‘Snoopers’ Charter 2’ was passed on 17th November 2016 and it is expected to become law before the end of the year. Worryingly, it gives the security services a multitude of tools for hacking and snooping. To name a few, this far-reaching set of new legal powers and requirements includes:
- Service providers (Facebook, Vodafone, WhatsApp– or CSPs–communication service providers, as the Bill names them) must store your data for 12 months
- Police and security services may access internet history in investigations – worryingly, without a warrant
- Technology companies have the ability to remove encryption
- Technology companies must legally assist with targeting their customers’ data, effectively bulk data collecting – although foreign companies are not under the same obligation
- The legal bugging of computers and phones, with a warrant
Arguably, it is the largest overhaul of surveillance law in almost two decades, and the most extreme form of surveillance existing in the Western world. On Twitter, Edward Snowden deemed it “the most extreme surveillance in the history of western democracy. It goes further than many autocracies.”
Why are they spying?
The Bill was first proposed in 2012 and Theresa May, in her role as Home Secretary endorsed it under the coalition. These extreme surveillance provisions arose due to a series of complaints. MI5, the police, and GCHQ had voiced criticisms about the existing law being too complex. Therefore the Bill arose in an attempt to codify the existing laws and regulations. A 2015 report conducted by the Independent Reviewer of Terrorism Legislation also recommended new law following a review of investigatory powers available to law enforcement and intelligence agencies. Interception of personal data for investigatory powers lie at the heart of this report. In a world where online platforms have become a main form of communication, the complaint was that terrorists were becoming too difficult to track. The law was deemed not thorough, nor extensive enough, thus hindering their ability to carry out their function. This new legal framework is supposedly a solution to this problem; codifying powers in the Regulation of Investigatory Powers Act and the Telecommunications Act 1984 into what can only be described as a spy’s legal dream.
In a world where it is challenging to switch on the news without being privy to a mention of terrorist threats, ratification and definition of the tools used to fight serious crime and terrorism seems reasonable.
A worrying affair for citizens – what implications does it have for you?
But what implications does the Act have for you? The likes of DWP and the Food Standards Agency will be allowed access to this information under the IP Bill (subject to application for an interception warrant). Clearly, this is unnecessarily intrusive; why would the likes of the Gambling Commission ever need such information? Considering the scope of those within the police force who are able to access the information, this paints a troubling picture. The Bill states that such information will be accessible only to superintendents and inspectors – but according to 2015 police employment statistics, over 8,000 employees fall into this category alone.
The government appearing to take an Orwellian approach is highly worrying for citizens. Most of us would feel uncomfortable with our Internet history being readily available, especially the storage of every website you have visited (I can hear some of you shudder). But soon your texts, calls, voicemails and social media conversations, including WhatsApp and Facebook Messenger messages will be stored for at least one year. Do not forget that this data storage is untargeted, meaning everyone, regardless of whether they are of intelligence interest, is subject to it. The government shows little concern for what they do acknowledge as merely “a degree of interference” with citizen’s privacy.
Anyone with overview of the rights afforded under the ECHR must be scratching their heads asking how this can possibly fit with the Article 8 right to a private and family life, or Article 8 of the EU Charter of Fundamental Rights protecting the right to personal data? David Anderson QC, the Independent Reviewer of Terrorism Legislation felt this second issue “dwarfed” all others – although he felt in light of ECHR case law, respect for private life was upheld and in the absence of suspicion, bulk data storage was not disproportionate. However, in light of the passing of the Act, it is likely to be found scrutinised in the ECJ or European Court of Human Rights in the months, or even years to come. These are not even the only freedoms that may be infringed – freedoms of association, assembly, and movement will also be affected.
For now, privacy campaigners continue to fiercely dispute the alleged interference, despite the Home Office insisting the contrary. These arguments appear difficult to reconcile with the intrusive powers. It is difficult to see how we are not edging towards a modern day spy state.
To add even further concern, hackers and the threat of cyber-crime are already an enormous fear. James Blessing, of the Internet Service Providers’ Association warned “it only takes one bad actor to go in there and get the entire database… try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you.” In a world where news of personal data hacks is not at all rare, this is a perturbing privacy law development. In future, it is highly likely that troubling leaks will occur; as Blessing acknowledged, mistakes are often made. Those handling the information will have a challenging task to keep one step ahead of hackers. Ultimately, they need to find ways to adequately protect your privacy.
It must be recognised, however, that the Act does not permit an entirely open-ended access to your personal data. Safeguards have been put in place; Theresa May argues that they are in fact “world beating”. An Investigatory Powers Commissioner will be appointed, and judges will approve warrants to access this newly stored information. However, this does little to detract from the fact that mass storage of data belonging to individuals of no interest to Intelligence Services will still be happening. Even if no government agency were to look at your stored data, this remains worrying given hacking concerns; if there were a cyberattack, who knows whose hands your personal data could end up in?
What does the technology industry think?
Citizens are not the only ones who are worried. Technology companies have clashed with the government, lobbying over the Bill’s content. Big companies including Google, Twitter and Apple voiced fierce criticism at the Bill stage, sending a note advising which parts needed re-writing. What was the reason for their complaints? Technology service providers will be directly affected by the legislation. The new expectation for them to keep full records of their customers’ data for 12 months and to hand it over when asked, will clearly cause them inconvenience. They will also be unable to offer their customers an opt-out scheme.
Encryption, the security measure which means messages can only be read by senders and recipients, lies at the heart of these complaints. Essentially, these companies are being asked to surrender to the government their encryption secrets. Secrets that they have spent millions of pounds developing. Therefore, breaking encryption is not an issue they will take lightly. For technology giants to comply with new law, they must hand over encrypted data from secure products, such as IPhones. It will be highly damaging for both companies and consumers, if this spells the end of strong encryption in the UK. Loss of user trust, particularly when consumers were paying so much for their services, spells a loss of business.
Subsequently, this places technology companies in a difficult position. The requirement may also have wider legal implications for technology companies whom the UK government seem to forget operate on a global scale. Forced decryption could land them in deep water in other countries. Indeed, the outspoken Coalition previously rejected “proposals that would require companies to deliberately weaken the security of their products via backdoors [or decryption]”. Compliance with the new law could also be costly. Many firms, including BT, may have to alter their operations to collect such vast amounts of data – an unwanted and enormous financial burden. Back in February, the House of Commons Science expressed concerns that the Bill could commercially damage technology companies, particularly those in the UK without the impressive budgets of the likes of Apple. These smaller companies are hardly likely, nor capable of upping and relocating their servers overseas in an attempt to find a loophole in the new law. This is a solution that international companies have already been exploring. For those with smaller economic resources, complying with these troubling laws will be inescapable. However, it appears that the government has failed to considered these potential wider economic ramifications of this poorly debated Act, which the press have accused of ‘slipping through Parliament’ as a result of public apathy. As the Bill comes into force, how both the big players and small UK tech companies will respond remains uncertain.
What do these developments mean for the rest of the world?
As is evident, the UK government is not setting a good example. Jim Killock, on behalf of the Open Rights Group state, “it is likely that other countries, including authoritarian regimes with poor human rights records, will use this law to justify their own intrusive surveillance powers.” For years there has been criticism over the likes of Russia tapping Internet and phone communications without even notifying communication providers during the Sochi Olympic Games. Technology companies including Twitter and Microsoft, as part of the Reform Government Surveillance Coalition had previously tried to make the UK aware of their influence on the rest of the world, and how the final outcome could influence countless similar bills around the world. Yet, with the UK setting a dangerous precedent for surveillance laws, it is a model for other jurisdictions. UK-based tech companies may soon follow in the footsteps of Eris Industries in the wake of the new legislation by moving elsewhere, bringing about another economically catastrophic consequence.
Can the Investigatory Powers Bill be justified?
With the UK’s current terror threat, it appears reasonable on the surface that a delicate balance must be struck between privacy concerns and national security, perhaps with some loss of privacy for the greater good. However, this Act seems to go too far; the rights of citizens no longer appear to be a fundamental priority.
The correct balance has not been found between protecting citizens and national security. The IP Bill goes to unacceptable lengths and is democratically threatening due to the broad availability of the stored information. Furthermore, the provisions given to government agencies, who are never likely to need personal data for security purposes, poses serious questions about the intentions of snooping. The discomfort and potential economic consequences it poses for both citizens and technology companies appear ignored. We do not want our future to be a world where Orwell’s fictional predictions become a reality.