Spying on all of the Queen’s subjects is OK – But Not Westminster MP’s and the Lords
The only amendment to the government’s sweeping new spying bill so far made by politicians is to stop them from being spied on.
In December 2016, politicians in the UK passed The Investigatory Powers Bill
The Act, (heavily criticised by civil rights groups, privacy experts and over 100,000 people for the intrusive and draconian levels of surveillance of the private lives of individuals), was passed by Westminster in December 2016.
As expected, legal challenges against the powers of the act have been submitted to the relevant controlling authority in anticipation the government will amend aspects of the act causing most concern to the public.
The European Court of Justice has ruled the collection of bulk data to be unlawful.
The British government has refused to amend the act, the response being that provisions contained within it are necessary to help protect the country’s national security and oversight is provided for the protection of individuals.
Many aspects of the legislation have yet to be implemented but it is expected the act will be fully in force before the end of 2017 which is worrying when considered against the slow moving Brexit talks.
Clarifying its extent in advance of Royal Assent in December 2016, then home secretary Amber Rudd said:
“This Government is clear that, at a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe.
The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge.
But it is also right that these powers are subject to strict safeguards and rigorous oversight.
The Investigatory Powers Act is world-leading legislation that provides unprecedented transparency and substantial privacy protection.
I want to pay tribute to the independent reviewers, organisations, and Parliamentarians of all parties for their rigorous scrutiny of this important law which is vital for the safety and security of our families, communities and country.”
The legislation includes:
For the first time, security services will be able to hack into computers, networks, mobile devices, servers and more under the proposed plans.
The practice is known as equipment interference and is set out in part 5, chapter 2, of the IP Bill.
This may include downloading data from a mobile phone that is stolen or left unattended, or software that tracks every keyboard letter pressed being installed on a laptop.
“More complex equipment interference operations may involve exploiting existing vulnerabilities in software in order to gain control of devices or networks to remotely extract material or monitor the user of the device.”
The power will be available to police forces and intelligence services. Warrants must be issued for the hacking to take place.
For those not living in the UK, but who have come to the attention of the security agencies, the potential to be hacked increases.
Bulk equipment interference (chapter 3 of the IP Bill) allows for large scale hacks in “large operations”.
Data can be gathered from “a large number of devices in the specified location”.
A draft code of practice says a foreign region (although it does not give a size) where terrorism is suspected could be targeted, for instance.
As a result, it is likely the data of innocent people would be gathered.
Security and intelligence agencies must apply for a warrant from the Secretary of State and these groups are the only people who can complete bulk hacks.
To help oversee the new powers, the Home Office is introducing new roles to approve warrants and handle issues that arise from the new powers.
The Investigatory Powers Commissioner (IPC) and judicial commissioners (part 8, chapter 1 of the IP Bill) will be appointed by Theresa May, or whoever the serving prime minister is at the time.
The IPC will be a senior judge and be supported by other high court judges.
“The IPC will audit compliance and undertake investigations,” the government says.
“The Commissioner will report publicly and make recommendations on what he finds in the course of his work,” guidance on the original bill says (page 6).
“He will also publish guidance when it is required on the proper use of investigatory powers.”
Web records and Communication Services
Under the IP Bill, security services and police forces will be able to access communications data when it is needed to help their investigations.
This means internet history data (Internet Connection Records, in official speak) will have to be stored for 12 months.
Providers, which include everything from internet companies and messenger services to postal services, will have to store meta data about the communications made through their services.
The who, what, when, and where will have to be stored. This will mean your internet service provider stores that you visited “Caltonjock” to read this article, on this day, at this time and where from (i.e. a mobile device).
This will be done for every website visited for a year.
Web records and communications data is detailed under chapter 3, part 3 of the law and warrants are required for the data to be accessed.
A draft code of practice details more information on communications data.
Bulk data sets
As well as communications data being stored, intelligence agencies will also be able to obtain and use “bulk personal datasets”.
These mass data sets mostly include a “majority of individuals” that aren’t suspected in any wrongdoing but have been swept-up in the data collection.
These (detailed under part 7 of the IP Bill and in a code of practice), as well as warrants for their creation and retention must be obtained.
“Typically these datasets are very large, and of a size which means they cannot be processed manually,” the draft code of practice describes the data sets as. These types of databases can be created from a variety of sources.
Draft regulations published in May 2017 reveal how the IP Act’s provisions will work in practice.
The technical regulations, which put obligations on internet communication companies, say “communications and secondary data” about a person will have to be provided “in near real time” to authorities when a warrant has been obtained.
Also, the regulations, which were being consulted on with UK technical groups, say that where possible ‘electronic protection’ (also known as encryption) should be removed by communications companies where it is possible to do so.
Public authorities that can access records
Metropolitan police force
City of London police force
Police forces maintained under section 2 of the Police Act 1996
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Secret Intelligence Service
Ministry of Defence
Department of Health
Ministry of Justice
National Crime Agency
HM Revenue & Customs
Department for Transport
Department for Work and Pensions
NHS trusts and foundation trusts in England that provide ambulance services
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department for Communities in Northern Ireland
Department for the Economy in Northern Ireland
Department of Justice in Northern Ireland
Financial Conduct Authority
Fire and rescue authorities under the Fire and Rescue Services Act 2004
Food Standards Agency
Food Standards Scotland
Gangmasters and Labour Abuse Authority
Health and Safety Executive
Independent Police Complaints Commissioner
NHS Business Services Authority
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust
Tom Skillinger: Leader of the 100.000 signature petition submitted to the government said:
“This is an absolute disgrace to both privacy and freedom and needs to stop.
It has only made it this far due to it being snuck past the population in relative secrecy. It isn’t too late.
We can fix this before the UK is turned into a dystopian surveillance state.”
Jim KIllock: Executive Director of the “Open Rights Group” said:
“Amber Rudd says the Investigatory Powers Act is world-leading legislation.
She is right, it is one of the most extreme surveillance laws ever passed in a democracy.
Its impact will be felt beyond the UK as other countries, including authoritarian regimes with poor human rights records, will use this law to justify their own intrusive surveillance regimes.
Theresa May has finally got her snoopers’ charter and democracy in the UK is the worse for it.”
14 May 2017: Privacy start-up company – Why we decided to leave the UK following election
The company has raised tens of thousands through crowd funding to create a pro-privacy peer-to-peer network and smartphone app that allows users a Facebook experience without handing over personal information.
Aral Balkan, founder and developer on the platform, explains why the company has decided to leave the UK following the 2017 General Election results.
Shortly after winning the election last week, the Tory’s home secretary Theresa May made a commitment to reintroduce the snooper’s charter, an initiative previously blocked by the coalition.
Stances like this, as well as the plans to block encrypted messaging applications as well as a distillation of the Humans Right Act, will lead the Brighton based company to leave the UK.
Aral Balkan, founder and developer recently said: “It would be ironic to stay in a country that just scrapped its “Human Rights Act” when you’re trying to further the cause of human rights, don’t you think?
The possibility of stronger legislation from Europe concerning data protection, privacy and human rights, to be announced this year is not enough to us working within the British Isles.
“I have very little faith that Europe will stand strong on protecting our human right to privacy.”
“There are major and increasing concerns over lobbyists’ influence on the new incoming general data protection and the Tory Manifesto is at severe risk from corporate influences who favour big data over big data protection.”
“They seem to be more interested in keeping Silicon Valley companies happy and being rewarded with investments into ‘start-up’ ecosystems and increased lobbying spends.
If we are to tackle the issue of protecting privacy (and thus human rights) in the EU, we should take a long, hard look at the staggering amounts of institutional corruption at the state and EU levels and take whatever steps are necessary to ensure the remove the influence of corporate finance in public policymaking.”
Legislation from the EU is expected to be published before the end of 2017 and it is expected safeguards concerning data protection, privacy and human rights will be greatly strengthened over the UK legislation.
Nothing of the EU bill will be introduced into the UK during the Brexit discussions. But in any event it is saddled with the same drawback as the UK.
The EU appears to be more interested in keeping Silicon Valley companies happy (and being rewarded with investments by them into “start-up” ecosystems and increased lobbying spends).
If the EU is to tackle the issue of protecting privacy (and human rights) in the EU, it needs to take a long, hard look at the staggering amounts of institutional corruption at the state and EU levels and take whatever steps are necessary to ensure the remove the influence of corporate finance in public policymaking.”
Balkan blames “multistakeholderism” and “co-regulation” that sees companies like Google and Facebook invited to the EU table to decide how they should be regulated and give advice on what privacy protection should be implemented to protect individuals.
“That’s like inviting the wolf to the table to comment on the welfare of the sheep.
Multistakeholderism, public-private partnerships, and co-regulation are all euphemisms for institutional corruption.
If we’re serious about tackling these issues let’s work to remove the influence of (mainly American, and mainly Silicon Valley) companies from the policy decisions made in Europe that concern the welfare of Europeans.”
Stages in development
Balkan, who has been programming for over 30 years – and working professionally for 15 – is just about to kick off Ind.ie’s pre alpha programme for Heartbeat.
Heartbeat is a social network – one part of the underlying technology the start-up is creating to eventually offer an entirely private smartphone (the Indie phone) .
Pulse – a private version of Dropbox and a bridge tool called Way-stone will follow with the help of crowdfunding.
“I have a couple of days of coding left until I can get there and then we’re going to test it out with the team for a few days before starting to open it up to the 850 or so alpha testers who supported us in the top two tiers during crowdfunding.
It’s taken us about 6 months to get here, which is much longer than I’d originally estimated, but it’s not like anyone has built this before so we’re also learning as we go.”
Private island, Scandinavia or Scotland?
Development aside, now the small firm must think about where to relocate. “We don’t know where we’re moving to yet.
We’ve had a lot of words of support and lots of invitations to come visit,” said Balkan.
So far, a private Island in Panama owned by a friend, a handful of Scandinavian countries like Norway, Sweden and Iceland due to their human rights credentials as well as Berlin are top of the list for Ind.ie.
Scotland is another option, Balkan adds, “If we could be confident they it would leave the UK and resist the Tory push for ubiquitous surveillance.”