Human rights group Liberty has just won the right to legally challenge parts of the Investigatory Powers Act (IPA). Also known as the Snoopers’ Charter, the legislation passed into law last year after barely a whimper of opposition in parliament. So, what’s the big deal? In short, the law hands the state the most intrusive surveillance powers of any democracy in the world, without providing sufficient safeguards.
We all want to support the fight against crime and terror, but sometimes the means do not justify the ends. Let’s take a look at why the Snoopers’ Charter is most likely illegal, ineffective and could make your life less secure, not more.
Liberty is set to challenge several aspects of the new law. The main part is the provision which forces all ISPs and telecoms providers to store the full browsing history of every single person in the UK for 12 months.
That means they could see that you visited this site to read this article at this time and via whichever device or PC you’re currently using.
The law also mandates the same for all of your phone records, texts, and online messages.
Liberty is challenging the legality of the requirement for your ISP to store your full browsing history.
This data can then not only be accessed by the police, but also public bodies including the NHS and Department for Work and Pensions. You don’t need to be suspected of a crime for the authorities to access such data, and there’s no independent body to run the rule over these access requests.
It’s easy to see how such powers could be abused.
In fact, they’ve already effectively been ruled illegal by the EU Court of Justice (CJEU) in a landmark case brought by Liberty and MP Tom Watson.
That’s because these powers were previously enshrined in the Data Retention and Investigatory Powers Act (DRIPA); a temporary law which the IPA replaced when it came into force last year.
As Liberty outlined, the court ruled that DRIPA breached UK citizens’ rights because it:
- allowed “general and indiscriminate retention” of all communications data
- allowed those who access this data to do so without needing to justify their actions on account of investigating a specific serious crime
- allowed police and public bodies to authorise their own access, rather than seek approval from a court or independent body
- meant individuals did not have to be notified after the event if their data had been accessed
- did not require that the data be kept within the European Union
However, the IPA doesn’t only replicate the mass storage of web/comms data as per DRIPA, which Liberty will have to contest again with the CJEU; it goes further to infringe on even more personal liberties. That’s why the rights group has also been granted permission by the High Court to legally challenge three other areas of the Snoopers’ Charter.
- Bulk and “thematic” hacking: effectively allowing police and intelligence services to remotely hack/alter PCs, smartphones etc en masse even if their users aren’t suspected of a crime – leaving them vulnerable to further attack by hackers
- Bulk interception and acquisition of comms content: allows authorities to read texts, IMs and emails, and eavesdrop on calls en masse, without requiring suspicion of criminal activity
- Bulk personal datasets: allows police to request and link vast databases held by the public or private sector. These could contain highly sensitive details on your religion, ethnicity, sexuality, political views, health problems, etc
Why should you care?
The argument made by many government apologists is that if you’ve done nothing wrong, you’ve nothing to hide.
Well, unfortunately it’s not quite that simple.
Think you’ve got nothing to hide as you’ve done nothing wrong? It’s not quite that simple.
Those in authority can’t always be trusted to do what is right with our data. You might trust the current government, but what about future regimes?
There are many people in the US alarmed at the intrusive surveillance powers of a state headed up by Donald Trump – and even their regime has more limits on state snooping than we now have in the UK.
Remember: governments don’t tend to roll back such powers once enacted. Even opposition parties tend to lose their nerve once in power.
Do we trust law enforcement and the intelligence services to act responsibly with our data? Just in May, privacy watchdog the ICO fined Manchester police £150,000 after interviews with victims of violent or sexual crimes were lost in the post.
A report from rights group Big Brother Watch last year revealed that UK police had effectively breached personal data 2,300 times over four years because insiders abused their position. Over 800 police and civilian staff accessed personal data without a policing purpose and the same number shared information “inappropriately” with third parties during the period.
Bulk personal datasets in particular are “ripe for abuse and discrimination”, says Liberty, and it is absolutely right.
The web and communication records which ISPs and comms providers are being forced to retain for 12 months also contain some of our most intimate secrets. Financially motivated hackers out to extort individuals and nation state operatives looking for public figures to blackmail will have a field day.
Hackers will have a field day with the bulk data sets that contain our most intimate secrets.
No company today is hack proof, and firms like TalkTalk have been breached with ease in the past. In fact, the firm was humbled by a mere 17-year-old boy showing off his hacking skills.
Suddenly it’s less about whether you’ve done anything wrong and more about whether you want criminal hackers to be given the chance to profit from aspects of your personal life.
Perhaps most damning, however, is that mass surveillance simply doesn’t work.
Former NSA technical director and subsequent whistle-blower, William Binney, testified to parliament that bulk collection of data is “99% useless” because analysts simply don’t have time to find the needles in a vast haystack. He even claimed that the 9/11 terrorists escaped detection because their communications were not spotted in time due to bulk data collection.
Time to act
A petition calling for the repeal of the Snoopers’ Charter was signed by over 200,000 people and promptly rejected.
The IPA was opposed by legal, privacy, secret service and many other experts, while three parliamentary committees urged major changes that were ignored.
It’s taken hundreds of years for the UK to develop the democratic rights and freedoms we hold so dear. As Liberty rightly says, terrorist are trying to undermine our way of life by attacking these values.
Let’s not do their job for them by standing by while the authorities effectively do exactly the same thing themselves.