Concerns Abound With UK Investigatory Powers Bill

Much like the US, since 2013 when the Edward Snowden revelations revealed just how easy it was for intelligence agencies and governments in the Western world to look in on what their citizens were doing, the UK has been embroiled in its own privacy dilemma. Just how much of our freedoms should we trade for the sake of security?

While there have been solid arguments from both sides of the debate at times, most politicians have leaned towards the heavier handed measures, regardless of which side of the political spectrum they find themselves on.

Theresa May, the British home secretary for the Conservative Party, has been the front-runner in that respect. In 2013 she championed the Draft Communications Data bill, which soon became known in the British press as the “Snooper's Charter". This charter wanted to exact new measures that would make it a legal requirement for Internet service providers (ISP) to store the browsing history, social networking activity, email, VOIP calls, online, and SMS messaging habits of all British citizens.

Privacy campaigners were appalled, but they needn't have worried too much. Coalition partner and leader of the Liberal Democrat party at the time, Nick Clegg, led his party to block the bill from being passed later that year.

Just two years on, though, that bill resurfaced, with a majority government now behind it. May proposed the bill once again, but this time termed it the Investigatory Powers bill. While this one has all of the same provisions for bulk data collection, it does go further in some respects, and it's currently undergoing debate as part of a parliamentary committee to see if it should be rushed through the approval process.

The bill itself provides the same provisions for mass data collection of citizens' online activities, though the language it uses is more vague. It uses the term “Internet connection records,” which seems to cover everything from browsing history, to chat-logs in games, to private messages on social media.

While in one breath proponents of the bill argue that it will merely relate to what websites were visited and when, the language is imprecise enough to open it up to just about anything.

Worse yet, tech firms will be roped in to assisting with this data collection and transfer to authorities if needed. They'll also be responsible for those communications being legible, which has many worried that it will lead to a mandate on weakening encryption. Prime Minister David Cameron has repeatedly called for “back doors” into software, most recently using the crisis in the aftermath of the Paris terrorist attacks as reason enough to allow police to intercept messages on end to end encryption.

While opponents of the bill have argued that even suggesting such a measure shows just how little politicians appear to understand about the technicalities of such a demand, the bill goes further.

Although it does state that a new commission would be set up to manage the use of the investigatory powers and would require one of its members' approval before allowing for the interception of communications, it has been said that in instances of emergency, the decision on whether a warrant is issued could be left to a government minister.

Because of that, some are concerned that this is all double speak, that May is happy to talk up the “double lock,” protections she's put in place for accessing communication recordings, while in actuality making it possible to bypass that check altogether.

Privacy campaigners have made clear their concerns for such a system, especially when it comes to already protected communications like those between doctors and patients, and between lawyers and clients. There is little to suggest they could not accidentally be scooped up in mass collections, or indeed targeted specifically in some cases.

There's even mention of hardware hacking, in the form of “specific equipment interference,” when it comes to acquiring data.

Even if all these measures do pass muster with the parliamentary committee, despite the calls from industry and campaigners to halt it or change the wording to something more specific, there is also the debate on how much of the data collection will be achieved. Many of the UK's ISPs don't have the facilities to bulk collect data.

That means the public are paying out. I contacted Andrews and Arnold, a small UK ISP that has been giving evidence on the matter to the House of Lords, and they suggested that it could cost upwards of $200 million for each ISP, but even that is a ball park estimate. It could cost much more.

Then there is the question of keeping that data secure from hackers and other nation states throughout the 12 months it must be maintained.

That's the real concern with the Investigatory Powers Bill, that politicians appear to at best, not have thought it through and at worst, don't seem to understand it. This is something that we've seen mirrored in many nations, and it needs to be addressed in our continually more-connected and technologically dependant lives.

The latest draft however suggests that any ignorance on the behalf of those behind the bill, is willful, as despite more than 100 concerns from parliamentary committees, almost none have been addressed. The bill will now be reintroduced into the house on March 14 and will be voted on as soon as March 22.