Home Secretary Theresa May has announced that The Home Office will make concessions to mitigate privacy concerns brought up by the Investigatory Powers Bill (IPB).
Critics have said that the IPB is simply looking to give the current GCHQ surveillance programmes, which collect vast quantities of internet data in the UK and personal details held on databases, revealed by Edward Snowden in 2013, a firm legal footing.
According to former NSA senior manager William Binney up to three billion people are affected by NSA surveillance of internet and telecoms systems.
Home Secretary Theresa May says these ‘bulk powers' have played a significant role in every major counter-terrorism investigation over the past decade.
Despite the concerns raised by the Intelligence and Security Committee (ISC), as well as MPs from all three major political parties, The Human Rights Committee said that, “bulk data gathering was "capable of being justified.”
Talal Rajab , head of programme - Cyber and National Security at techUK commented to SCMagazineUK.com by email that: “It's vital parliament takes into account the full impact of the Bill on the future of the UK's digital economy. These latest amendments are a step in the right direction, and the recognition of the importance of privacy provisions, in line with recommendations from the Intelligence and Security Committee, is key for consumer trust in digital products and services.
The legislation is due to return to the House of Commons on Monday for a further two-day debate, and the Home Secretary is set to introduce a ‘privacy clause' which will ensure that the new surveillance powers introduced with the bill are used when the intelligence required can be gathered in less invasive ways.
This coming debate will be the last substantial debate on the legislation prior to the EU referendum in three weeks time.
The Human Rights Committee welcomed the Investigatory Powers Bill as a "significant step forward" in human rights terms but said more safeguards were needed. The Home Office said it welcomed the joint committee's report.
Rajab went on to say that, “But we're not out of the woods yet. Many of the concerns raised by the tech industry, particularly around Internet Connection Records, encryption and the extraterritorial application of the Bill, require further scrutiny and clarity. Failure to do so will make it harder for Government to achieve its aim of delivering world-leading legislation – one which underpins rather than undermines the UK's world-leading digital economy.”
Rajab is not alone in these concerns; investigative journalist Paul Lashmar of No More Sources, last week raised concerns about “woefully inadequate safeguards” protecting journalists and their sources from state surveillance.
Speaking to the Press Gazette, British investigative journalist Duncan Campbell said he is not against surveillance being used against terrorists “They are doing effective anti-terrorism. It does work. It's what people want.” But he also warned: “There are not remotely enough safeguards in place. Most national parliaments have no idea what is going on."
Jacob Ginsberg, senior director, Echoworx spoke with SC and warned of the consequences this bill could bring: “If this bill passes, we're going to see a tidal wave of other European countries looking to impose similar legislation as well. Aside from the short term economic costs, it would be very hard to over-estimate the damage that a bill like this could do to our society. It's important that not just members of parliament, but also the British public seize the opportunity to question this bill before the powers the UK government seeks are granted.”
And arguably this is already happening - The European Parliament is set to finalise more than four years of negotiations this week in Strasbourg when MEPs pass the new EU data protection act in the Civil Liberties Committee.
The new legislation aims to create a uniform set of rules across the EU fit for the digital era, improve certainty as to the law and boost trust in the digital single market for citizens and businesses alike. Clear and affirmative consent to data processing, the right to be forgotten and tough fines for firms breaking the rules are some of the new features.