You probably haven’t heard much about this new piece of legislation in the UK if you live in the United States, but it’s making plenty of news across the pond. Known as the “Snooper’s Charter” in common parlance, this bill gives the government sweeping powers of monitoring the data of citizens. The bill has driven privacy advocates to distraction since it was first introduced for debate one year ago, and now it’s poised to become the law of the realm. (The Register)
The UK’s Investigatory Powers Bill has completed its passage through parliament and now only awaits Her Majesty’s stamp of approval before becoming law.
Also known as the Snoopers’ Charter, the legislation has been criticised as being among the most onerous in the world upon the civilian population, and will require British ISPs to retain a curtailed form of their customers’ internet browsing histories – including what websites they had visited – for 12 months so that various authorities could request it for investigative purposes.
Additional powers are legislated for, including offensive hacking, despite concerns about the State finding an appropriate balance between creating and patching exploits, and the collection of bulk personal data by government spies for the sake of running enormous queries on surveillance data sets.
Before getting to the details, there’s one note in the article which may take some American readers by surprise. The bill awaits Her Majesty’s stamp of approval. But their monarchy is pretty much a figurehead at this point, isn’t she? Yes, but they still maintain the tradition of keeping her in the loop.
The Monarch signs their name to every Act of Parliament before it can become the law of the land. It would be very unusual for them to refuse. No monarch has refused Parliament’s wishes for over 300 years.
Wired has a lengthy breakdown of what this means for the average British citizen. It includes things such as the government’s ability to engage in “offensive hacking” of people’s personal devices:
For the first time, security services will be able to hack into computers, networks, mobile devices, servers and more under the proposed plans. The practice is known as equipment interference and is set out in part 5, chapter 2, of the IP Bill.
This could include downloading data from a mobile phone that is stolen or left unattended, or software that tracks every keyboard letter pressed being installed on a laptop.
That one doesn’t have people nearly as up in arms as the provision which requires ISPs to store user’s “internet history” (yes, that means your browser history, among other things) for a full year in case the government wishes to take a look.
Under the IP Bill, security services and police forces will be able to access communications data when it is needed to help their investigations. This means internet history data (Internet Connection Records, in official speak) will have to be stored for 12 months.
Communications service providers, which include everything from internet companies and messenger services to postal services, will have to store meta data about the communications made through their services.
This seems to be pretty much a done deal. Keep in mind that the Brits don’t have the same sweeping rights which Americans generally take for granted. You can still be arrested for unpopular speech over there under certain conditions and don’t even get me started on the Second Amendment. Still, this probably seems intrusive even for the average British citizen.
Does it go too far? Giving the government the ability to deploy hackers to extract data from citizens may sound extreme, but the Brits have already essentially admitted that they’ve been doing it for years. This legislation simply codifies it as an allowed practice. But telling the service providers to store your “internet history” for up to a year when there hasn’t been so much as a whisper of a suspicion that you might be up to no good? I tend to lean toward the side of letting law enforcement do their jobs and keep people safe, but even I’m a bit put off by that one. Sure, the government still can’t access the information from the ISP without a warrant (at least in theory) but doesn’t that open to door to other hackers making their way in and snooping around? I hope they’ve hired some A List geeks to secure their own systems.
In any event, this doesn’t have any real, direct effect on American web users, but it’s just something to keep in the back of your mind. Next time you’re complaining about online privacy in the United States, just remember… it could be worse. You could be living in England.