Home secretary Theresa May spoke on Tuesday about the Counter-Terrorism and Security Bill, the full details of which were published today, showing major changes to existing surveillance practises.
The bill introduces a raft of new proposals such as the ability for Police and Border Force to cancel and hold passports at the border for up to 30 days, move suspects to another part of the country and – crucially – force internet service providers (ISPs) to retain data on IP addresses. Airlines will also be obliged to disclose more passenger data in advance, including credit card details.
Privacy campaigners will be more satisfied to learn that a Privacy and Civil Liberties Board will monitor the impact of counter-terrorism legislation and act as a counter-weight to the demands of the security services for greater powers.
The announcement came just a day after the Intelligence and Security Committee inquiry into the murder of Fusilier Lee Rigby revealed that one US-based technology company – widely reported to be Facebook – withheld the online conversations of one of his murderers.
Speaking to SCMagazineUK.com earlier today, F-Secure analyst Sean Sullivan said that tracking terrorists should not be a job for the private sector.
“David Cameron said yesterday that "once you discover on someone's email account that they are planning a terrorist action”. Why the hell does he think it is okay for internet companies to discover anything from my email? -- that should be private communication.
“Perhaps there is a point about eight cancelled accounts for links to terrorist materials should raise a red flag on a particular IP address or something – but nobody should be in favour of routine scanning of anybody's inbox for anything.
“Cameron thinks US internet companies have a social responsibility - I think David Cameron has a political responsibility to address socio-economic issues that contribute to the creation of disaffected individual prone to the lure of jihadism. Blaming the internet for his government's failures will not help.”
The message on surveillance has been complicated by the fact that, just one day earlier, the UK government was detailing its involvement in a new campaign which aims to ensure local cyber-security start-ups adhere to human rights when exporting their products and services.
TechUK announced yesterday that it had partnered with the Institute of Human Rights and Business (IHRB) - on behalf of the government's Cyber Growth Partnership - to publish the ‘Assessing Cyber Security Export Risks' guide.
The 36-page guide is designed to give UK cyber-security companies detailed background information and a framework for developing a due diligence process, managing human risks rights and identifying national security risks.