Despite hacking and snooping fears, web surveillance legislation sails forward
June 9, 2016
Shah Sheikh (1172 articles)
Share

Despite hacking and snooping fears, web surveillance legislation sails forward

The government’s controversial web surveillance legislation continues to make its way towards becoming law.

The bill passed its third reading in the House of Commons by 444 votes to 69: it now goes to the House of Lords where is will face more scrutiny: the government wants the new law to be in force by the end of the year.

One of the most controversial aspects of the Investigatory Powers Bill is that it requires telecoms companies and internet service providers to store information about every person’s communications data – calls, texts and web browsing history for a year. This goes much further than the US and other European countries as has lead to the bill being known as a ‘snoopers charter’.

The legislation also gives police and intelligence agencies the power to hack into devices or even the systems of large organisations in order to read communications and other data as part of an investigation, plus powers to sift through vast databases filled with information about the innocent in order to find links between criminals. While intelligence agencies have done this for years, the bill aims to clarify these powers but it comes at a time of great unease about the amount of data that is collected and how that is done.

It was these powers which generated the most disagreement during the two day debate over the legislation.

Conservative MP Stephen McPartland noted: “It is horrible that we live in a society where this House…will have to legalise mass surveillance of every man, woman and child in the United Kingdom who has an electronic device, but sadly that is the society we live in, and we have to have a trade-off between what keeps us free from terrorism and what keeps us free in terms of privacy.”

But he also raised questions about the wisdom of collecting so much data about the general public: “I believe that we are getting ourselves into a situation in which we will have so much information on so many people that it will be of no value to us whatever. It will be like the internet: you can put anything in, and you get 3,000 pages back.” Indeed a document leaked this week suggests that information overload could be an issue for intelligence agencies.

McPartland added: “Combined with other measures in the bill, this is not just about hacking the equipment of somebody who may be of particular interest as part of a terrorist organisation; we are talking about every man, woman and child with an electronic device inside the UK.”

Another Conservative MP David Davis warned of how wide a surveillance net the legislation could throw: “If I call 100 people, and then the people called by those 100 people are investigated, that would be a very typical intelligence exercise, pursuing the two rings of contacts. That could involve 100,000 people, most of whom have nothing to hide but could become under permanent surveillance by the state.”

Similarly the Scottish National Party’s Anne McLaughlin said the the so-called ‘bulk equipment interference’ – hacking by police or intelligence agencies – risks weakening security for all by creating security holes that could be used by others.

“It is therefore an indiscriminate form of interference that leaves systems vulnerable, not only to our own security services using their powers sparingly and proportionately, but to those looking to cause harm and to profit from broken security. If the front door of someone’s house has been kicked in by the police, criminals are not prevented from entering after their departure,” she said.

However, the government argues that since 2010, intercepted communications has formed between 15 and 20 percent of the total intelligence picture in counter-terrorism investigations: in 2013-14 such interceptions played a critical role in investigations that resulted in more than 2,200 arrests and the seizure of more than 750 kg of heroin and 2,000 kg of cocaine, more than 140 firearms and more than £20m.

“These powers enabled over 90 percent of the UK’s targeted military operations during the campaign in south Afghanistan, and they have been essential to identifying 95 percent of the cyberattacks on people and businesses in the UK discovered by the security and intelligence agencies over the past six months,” said security minister John Hayes.

The SNP voted against the bill, after refusing to back it unless the powers to store keep internet records was not removed from the Bill. “What is proposed is unacceptably intrusive and practically unworkable,” said SNP spokesperson on Justice and Home Affairs Joanna Cherry.

Despite its previous concerns, Labour did vote for the bill, arguing that it had secured privacy protections and that NHS records should only be accessed in “exceptional circumstances“. On the use of personal data, it appears that Labour has now persuaded the government that these should only be accessed by authorities in cases of serious crime. Communications data is only to be accessed in situations where the crime being investigated could lead to a six month jail term; web surfing data is likely to require a higher threshold.

“We have to put in place appropriate protections that would not allow personal information to be handed over freely in relation to more trivial offences,” said Shadow Home Secretary Andy Burnham

Despite the parliamentary debates, it appears that general awareness of the looming legislation remains low: a poll commissioned by human rights campaign group Liberty claims that nine out of ten British adults believe the state surveillance powers proposed by the bill are not acceptable. Nearly three quarters (72 per cent) claimed they don’t know anything about bill – or had never even heard of it.

According to Liberty’s survey, 38 per cent of respondents believe it would only be acceptable for the government to access and monitor records of communications and web usage if they were suspected of committing a crime: 22 per cent said it would be acceptable only if they have committed a crime. And while 30 per cent believe it would never be acceptable, eight per cent said they were happy to be monitored like this in all circumstances.

Source | ZDNET