A revised version of the Investigatory Powers Bill is to be published later today by the Home Office.
The bill was introduced last year by Theresa May, the Home Secretary, and came under fire from three Parliamentary committees and civil liberties campaigners about clarity and privacy, urging the Home Office to strike a fair balance between people's privacy and security.
A Home Office spokesperson said the Investigatory Powers Bill would include greater privacy safeguards, after criticism of last year's initial plans.
Aiming to make the new bill a law by the end of the year, ministers are citing the urgent demands of national security and crime prevention.
What the bill will bring
When the bill comes into power, Internet Service Providers such as BT or Sky will be required to store the internet connection records (ICRs) to monitor what services a device connects to for everyone in the UK for a year so that police can access them when investigating someone.
Large amounts of data including personal details will be held on databases, potentially including bank or medical records. This is one of the reasons the bill has come under criticism, as FoI requests revealed that in 2015 the Home Office had suffered 33 data breaches.
An 'operational case' for these bulk powers will be published for the first time in the bill, in response to criticism that the original draft lacked clarity. The bill will now require a warrant from the home secretary for officers to access the content of emails - and a new Investigatory Powers Commission would be able to veto such requests.
Security services will have to obtain a senior judge's permission before accessing communications data to identify a journalist's source.
Apple versus the FBI
In line with current discussions between Apple and the FBI, the new legislation will give legal backing for hacking of smartphones and computers by the law enforcement.
The Home Office says that despite tech giants fearing being forced to fit 'backdoors' to their devices or make other changes to encryption that would compromise their customers' security, companies can only be asked to remove encryption that they themselves have applied, and only where it is 'practicable' for them to do so.
UK intelligence agencies are explicitly prevented from asking foreign intelligence bodies to undertake surveillance activity on their behalf unless they have a warrant approved by a secretary of state and judicial commissioner, which should hopefully stop the smartphone hacking from being outsourced to the US.
Industry reaction to the edits
Government surveillance agencies collecting data en-masse were brought to the public's attention when whistleblower Edward Snowden released data on surveillance the NSA and GCHQ carry out at home and abroad. Although the government insisted it was covered by existing surveillance laws, the new bill will make their legality more explicit and introduce privacy safeguards.
Jacob Ginsberg, Senior Director at Echoworx says that, “in the short term, I cannot see how security conscious cloud and hosting companies can remain in the country if this bill is passed. In the longer term, as new technologies and means of communication arise, UK citizens need to know that their rights and safety are top of mind for the government. I think that the committee who reviewed the first draft shared some understandable fears. Having the power to sweep up someone's browsing history without a warrant during bulk data collection is just wrong."
Moves to rush the bill through do little to reassure the public that their government is looking out for their best interests. When Lord Strasburger said "the bill needs more than mere tweaking, it needs to be fundamentally rethought and rebuilt”, the correct course of action is not to force it through Parliament without further discussion. Until both the businesses operating in the UK and the people residing there can be reassured that proper safeguards have been put in place, any attempts to speed up the process must be stopped.”
Mike Weston, CEO, Profusion, said that, “It's very concerning that the Government is pressing ahead with introducing the Investigatory Powers Bill. Three parliamentary reports have criticised nearly every aspect of the Bill, tech and security industry experts are pretty much unanimous that it is flawed and civil liberties groups have rightly pointed out that it is a serious assault on privacy."
“By introducing the IP Bill now, without making any serious revisions in line with the 86 recommendations of the Joint Select Committee, it seems that the Government is throwing caution to the wind to get it passed before the end of the year.”
“Make no mistake, this is a bad bill. It erodes the privacy of individuals online, it puts a huge burden on internet service providers and tech companies to snoop on their own customers, and it is questionable whether it will do anything to improve state security. The Government should admit that it has got it wrong, bin the Bill and start again.”