2nd Update: Surveillance bill; judicial oversight, no encryption ban, archiving browsing data
Home SecretaryThersa May unveiled the draft Investigatory Powers Bill in parliament today. It will be examined in detail by both Houses of Parliament before a final bill is produced for consideration by MPs and Lords.
UK surveillance questioned as government publishes anti-terror law
A panel of specially qualified judges will now oversee the decisions of ministers who authorise warrants for communications interception in what is being described as a rationalisation of UK government surveillance powers.
The new authorisation process included in the draft Investigatory Powers Bill was described as a "double lock" by Home Secretary Theresa May when she unveiled the proposed legislation today.
More controversially, the draft bill would also require providers of communication services to retain metadata on user activity for a period of one year.
The police and security services will continue to apply for warrants to the Home Secretary for more intrusive activities such as the interception of data, and this will be reviewed by the judicial panel – but in the case of an emergency the Minister would be able to make an immediate decision, which would need to be ratified within five days, whereas a law enforcement warrent would last three months, and a security services warrant lasts six months.
If a warrant were rejected, the requesting agency could abandon the request or modify the request. In the case of an emergency warrant being overturned agencies would be required to return any information obtained.
To approve a warrant, both the Home Secretary and the panel would be required to decide whether the actions proposed were necessary, targeted and proportionate.
Last year there were 2,400 intercept warrants authorised.
In addition an investigatory powers commissioner, who will be a senior judge, will be appointed by the Prime Minister, replacing three existing commissioners.
Perhaps the most controversial element is the proposed requirement that web and communications companies hold "internet connection records" for 12 months so they can be requested by authorities. The information they would be required to hold includes the device connected to and the IP address of the target website.
Although the government has dropped plans to give authorities full access to everyone's internet browsing history, it will collect metadata regarding who is contacting who, what, when and where, and the data will be made available to the police and security services without a warrant. Looking at the content would require a warrant.
The police account for most of the 500,000 annual external requests for communications data with approval at inspector or superintendent level depending on the kind of data being requested; 40 other public bodies will get different levels of access but often will need a magistrate's authorisation.
To avoid the misuse of this data a new criminal offence of "knowingly or recklessly obtaining communications data from a telecommunications operator without lawful authority" has been created and will carry a prison sentence of up to two years.
Councils are specifically prohibited from accessing such data to 'snoop' on their constituents.
The discussion confirmed on the record that hitherto, GCHQ had, as revealed by Edward Snowden, been engaged in mass surveillance under the 1984 Telecommunications Act. However, the Home Secretary excused this activity, commenting that the old laws were inadequate. "Technology has moved on, the law hasn't and we need to update the law," she said.