Counter Terrorism and Bulk Surveillance Powers – The Tory – We’ve Got A Majority Government – Proposals





Counter Terrorism and Bulk Surveillance Powers – New Legislation

David Anderson QC, is the official reviewer of counter-terrorism legislation. He was asked by government to conduct an independent review of the operation and regulation of investigatory powers, with specific reference to the interception of communications and communications data. He delivered his report to Downing Street on 6 May, the day before the general election.

He has said his review considered safeguards to privacy, issues of transparency and oversight as well as powers needed by the authorities to meet the challenge of changing technologies.





21 May 2015: Investigatory Powers The Anderson Report

I was required by DRIPA 2014, ( which passed through Parliament in only four days back in July 2014, to conduct an independent review of the operation and regulation of investigatory powers, with specific reference to the interception of communications and communications data, including under RIPA. That review was distinct from my normal function of reviewing the operation of the terrorism laws.

Parliament asked me, in particular, to consider:

“(a) current and future threats to the United Kingdom,

(b) the capabilities needed to combat those threats,

(c) safeguards to protect privacy,

(d) the challenges of changing technologies,

(e) issues relating to transparency and oversight,

(f) the effectiveness of existing legislation (including its proportionality) and the case for new or amending legislation.”

As I tweeted at the time, my report was completed and submitted to the Prime Minister on 6 May 2015 – the day before the General Election. A process of security-checking and preparation for publication has followed.




Given the size of the canvas that the Review was asked to cover, it will come as no surprise that it turned out to be a substantial piece of work. I am grateful to all who provided written submissions and who met with me in various parts of the UK, Berlin, California, Washington DC, Ottawa and Brussels, as well as to the small team of self-employed persons that assisted with the Review.

I am asked several times a day when the report will be published. The short answer is that the Prime Minister will decide, and that I have no privileged insight into the timing.




DRIPA 2014 s7(5) ( requires the Prime Minister to lay a copy before Parliament “on receiving” the Report, together with a statement as to whether he has excluded any matter from the Report on the grounds that it would be contrary to the public interest or to national security. Similar wording governs the publication of my Terrorism Acts reports, and has been helpfully glossed by James Brokenshire MP, formerly the Security Minister: see my 2012 Terrorism Acts report at 1.23-.25. (

The Report won’t please everybody (indeed it may not please anybody). But if it succeeds in informing the public and parliamentary debate on the future of the law, from an independent perspective, it will have done its job.


27 May 2015: Security services’ powers to be extended in wide-ranging surveillance bill

Surprise extension of bill’s scope beyond legislation to modernise law on tracking communications data was agreed only this week. The government is to introduce an investigatory powers bill that is far more wide-ranging than expected, including an extension of the powers of the security services in response to the surveillance disclosures by the NSA whistleblower Edward Snowden.




The legislation will include not only the expected snooper’s charter, enabling the tracking of everyone’s web and social media use, but also moves to strengthen the security services’ warranted powers for the bulk interception of the content of communications.




The surprise extension of the scope of the bill beyond legislation to “modernise the law” on tracking communications data was agreed within government only this week. It appears that David Cameron has decided to take advantage of his unexpected majority in the Commons to respond to Snowden’s disclosures by extending the powers of the security services.




The Home Office says the investigatory powers bill will “better equip law enforcement and intelligence agencies to meet their key operational requirements, and address the gap in these agencies’ ability to build intelligence and evidence where subjects of interest, suspects and vulnerable people have communicated online.”

Ministers promise to provide for “appropriate oversight arrangements and safeguards”, but there is no immediate detail on how the complex web of intelligence and surveillance commissioners and parliamentary oversight might be strengthened.

The government also promises that the legislation will respond to issues raised by David Anderson QC, the official reviewer of counter-terrorism legislation, in his assessment of bulk surveillance powers used by the police and security services under the Regulation of Investigatory Powers Act 2000.




Anderson delivered his report to Downing Street on 6 May, the day before the general election, and it is expected to be published in the next few days. Anderson has said his review considered the safeguards to privacy, issues of transparency and oversight as well as the powers needed to meet the challenge of changing technologies. He has said it was a “substantial piece of work” and included him travelling to Berlin, California, Washington DC, Brussels and Ottawa.

“The report won’t please everyone [indeed it may not please anybody]. But if it succeeds in informing the public and parliamentary debate on the future of the law from an independent perspective, it will have done its job,” he said on his blog.




Jim Killock, executive director of the Open Rights Group, said: “The government is signalling that it wants to press ahead with increased powers of data collection and retention for the police and GCHQ, spying on everyone, whether suspected of a crime or not.

“This is the return of the snooper’s charter, even as the ability to collect and retain data gets less and less workable. We should expect attacks on encryption, which protects all our security. Data collection will create vast and unnecessary expense.”




Renate Samson, chief executive of Big Brother Watch, said: “Whilst the title may have changed from a communications data bill to an investigatory powers bill, it will be interesting to see whether the content has radically changed.  “We have yet to see real evidence that there is a gap in the capability of law enforcement or the agencies’ ability to gain access to our communications data.”

The extended scope of the bill may follow some of the recommendations of the intelligence and security committee (ISC), which suggested in March that the entire existing surveillance legal framework should be replaced by a single new act of parliament.

The MPs and peers suggested that the new legislation should list every intrusive capability available to the security services and specify their purpose, authorisation procedure and what safeguards and oversight procedures exist for their use. This presumably extends to the kind of GCHQ bulk data collection programmes such as Temp0ra and Prism disclosed by Snowden.




The ISC said the introduction of the new communications data legislation was “critical”, but added that a new category of data called “communications data plus” should be established. It said this would acknowledge that some forms of communications data could reveal private information about a person’s habits, preferences or lifestyle choices, such as websites visited. “Such data is more intrusive and therefore should attract greater safeguards.” they recommended.




The other four Home Office bills are largely as trailed. The extremism bill will include powers to “strengthen the role of Ofcom so that tough measures can be taken against channels that broadcast extremist content”. This is despite warnings from Sajid Javid, the business secretary, that the initial proposals threatened free speech.




The bill also includes the introduction of employment checks enabling companies to find out whether an individual is an extremist so they can be barred from working with children. This is alongside already announced proposals for banning orders, extremism disruption orders and closure orders to be used against premises that are used to support extremism.




The immigration bill will create a new enforcement agency to tackle the worst cases of exploitation as well creating an offence of illegal working and enabling wages to be seized as proceeds of crime. Ministers promise to consult on the introduction of a visa levy on businesses that recruit overseas labour to fund extra apprenticeships for British and EU workers.




The five bills mean that the home secretary, Theresa May, will be one of the busiest cabinet ministers in parliament. Her policing and criminal justice bill will implement her mental health reforms, end the use of police bail for months or even years without judicial check, and introduce sanctions on professionals including social workers who fail to report or take action on child abuse.




Ministers have been silent on the sentencing aspects of this bill but the Conservative manifesto promised the introduction of short, sharp custodial sentences for persistent offenders. The new justice secretary, Michael Gove, may be looking again at this proposal.

The psychoactive substances bill or legislation to introduce a blanket ban on legal highs is to be introduced this week. It will criminalise the trade in legal highs with prison sentences of up to seven years but will not make personal possession a criminal offence. The legislation will distinguish between everyday psychoactive substances such as alcohol, tobacco, caffeine and some medicinal products and new designer drugs that imitate more traditional illegal substances.





UK government quietly rewrites hacking laws to give GCHQ immunity



UK government quietly rewrites hacking laws to give GCHQ immunity

The UK government has quietly passed new legislation that exempts GCHQ, police, and other intelligence officers from prosecution for hacking into computers and mobile phones.

While major or controversial legislative changes usually go through normal parliamentary process (i.e. democratic debate) before being passed into law, in this case an amendment to the Computer Misuse Act was snuck in under the radar as secondary legislation.

According to Privacy International, “It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner’s Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes… There was no public debate.”





Privacy International also suggests that the change to the law was in direct response to a complaint that it filed last year. In May 2014, Privacy International and seven communications providers filed a complaint with the UK Investigatory Powers Tribunal (IPT), asserting that GCHQ’s hacking activities were unlawful under the Computer Misuse Act.

On June 6, just a few weeks after the complaint was filed, the UK government introduced the new legislation via the Serious Crime Bill that would allow GCHQ, intelligence officers, and the police to hack without criminal liability.

The bill passed into law on March 3 this year, and became effective on May 3.

Privacy International says there was no public debate before the law was enacted, with only a rather one-sided set of stakeholders being consulted (Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, police, and National Crime Agency).





Despite filing its complaint back way back in 2014, Privacy International wasn’t told about the changes to the Computer Misuse Act until last week; until after the new legislation became effective. The UK government is allowed to do this, of course, but it’s a little more underhanded and undemocratic than usual.

According to Privacy International’s legal experts, the amended Computer Misuse Act “grants UK law enforcement new leeway to potentially conduct cyber attacks within the UK.” Following Snowden’s leaks throughout 2013 and 2014, a cynical person might see this new legislation as something of an insurance policy: under the previous Computer Misuse Act, the courts might have found GCHQ’s hacking activities within the UK to be illegal—now they’re on more solid ground.