Earlier this week the Court of Appeal found the UK's Data Retention and Investigatory Powers Act 2014, commonly known as the Snoopers' Charter, unlawful as far as the prevention, investigation, detection and prosecution of serious crimes are concerned.
The Data Retention and Investigatory Powers Act was passed in 2014 to enable the government to carry out mass surveillance and to collect data belonging to citizens to prevent or investigate serious crimes in the UK.
However, soon after it was passed, the law drew criticism from concerned citizens for being too draconian and for giving enormous and unvetted powers to authorities to carry out surveillance and to collect sensitive data belonging to citizens.
The criticism had its desired effect. Following a petition by MP Tom Watson who challenged the law, the Court of Appeal found Section 1 of the 'Snoopers' Charter' unlawful and in violation of EU law for allowing authorities to collect data when the objective was not strictly restricted to fighting serious crime, and for allowing access without prior review by a court or an independent administrative authority.
"The common-sense approach taken by the judges will ensure that the most contentious part of the “snooper's charter” – the carte blanche ability to collect data with neither a warrant nor oversight – will have to be swiftly removed," said Lee Munson, security researcher at Comparitech.com.
He added, 'While no-one in their right mind would argue against surveillance of legitimate terrorist and criminal targets, this Act went way too far in casting a dragnet over ordinary citizens while failing to address the fact that the bad guys are actually quite adept at using technology, such as encryption, that the Bill simply cannot legislate against.
"Talking of which, it will be interesting to see how a rewrite of the Investigatory Powers Act affects the government's views on technology and its obsession with backdoors, not to mention its lack of understanding of either,' he added.
In November last year, the Home Office conceded that certain provisions in the Snoopers' Charter were too far-reaching and thus introduced the new Investigatory Powers Act to rectify rights violations. However, Liberty, the human rights group that represented Watson in the Court of Appeal, said that the new legislation did not fully comply with past court rulings requiring mandatory safeguards and is now challenging it in a separate case along with Watson.
"Ministers aren't above the law – they don't get to pick and choose which rights violations they address and they can't haggle with the courts to avoid properly protecting people's freedom. All of the fundamental safeguards demanded by the court must now be implemented," said Watson.
The Court of Appeal's ruling has also been backed by the Internet Services Providers' Association. In a statement, the association said that it always backed a legal framework "that would comply with existing rights and rulings so that it would not be revisited on a regular basis".
It continued: "We feel it is imperative that the Government fully and unambiguously meet the requirements of the court's judgment as it consults on additional safeguards to the Investigatory Powers Act, including independent authorisation for communications data acquisition requests. A failure to do so could lead to a situation in the near future where the UK's regime is again open to further challenge and has to be revisited once more."
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout