You might think that Australia's draconian data retention law is a pain, but wait until you see what the UK Government has planned for its citizens: mandatory retention of browsing histories, unwarranted phone taps and metadata inspection for every single citizen. Welcome to Data Retention 2.0, where the UK plays for keeps.
To what extent should the government be allowed to monitor our internet communications? That’s the question at the heart of what is likely to be a huge and contentious political debate over the next few months, after the government yesterday published its draft Investigatory Powers Bill, which will enshrine into law and legitimise the surveillance programmes involving mass collection of data detailing our online activities.
What’s the context for this debate?
In 2013 former NSA contractor Edward Snowden revealed to the world the extent of mass surveillance by the US and UK governments. His whistleblowing proved that both governments' spy agencies, the NSA and GCHQ respectively, were involved in various bulk data-collection programmes of citizens' communications data.
A shit-storm followed on both sides of the Atlantic and now the powers that be are trying to clear it up. Rather than admitting to overreaching through keeping tabs on all communications, Home Secretary Theresa May is instead now attempting to legitimise the surveillance and formalise the procedure for doing so.
So, what does the bill contain?
The draft Investigatory Powers Bill has been dubbed the “Snooper’s Charter” by critics as it sets out a number of new rules about the bulk collection of data for the security services.
Perhaps the most profound change is that it requires all internet service providers (ISP) to retain a log of all customers’ internet usage for one year. So under the new rules, everything you do online will be accessible by the security services or the police should they want to take a look.
To get access to the data though, there will a judicial process where a judge will have to approve each data interception – except in emergencies when the Home Secretary can approve it (though it must then be approved by a judge within 5 days).
You can read the full draft of the bill at gov.uk here (PDF)
Sounds terribly draconian – what’s the best argument in favour of it?
The arguments in favour come down to preventing terrorism and serious crime. When introducing the draft in Parliament, UK Home Secretary Theresa May gave the example of a child abduction: using the powers currently in place, police are able to listen to phonecalls to help figure out where the child was taken, but if the abductor uses a messaging app, they are out of luck; the new laws give the authorities access to those messages.
So what’s wrong with that? Wouldn’t that be good?
To carry out this kind of surveillance it requires laws and state-apparatus wildly beyond logging a few messages, to the extent of the relationship between individual and state being dramatically rebalanced.
May has used a “shopping list” analogy to describe the metadata collected, but this fails to recognise how metadata on our internet usage would be more like a complete log of everything we do.
Every email we receive, tweet we read, link we click would all be logged. Given how much of life now takes place online, and will only become more so, data collection on such as scale would essentially reveal huge swathes of our lives to the government. Where's the liberty in that? You don’t need to be a dyed-in-the-wool libertarian, or much of a student of history, to surely find this unsettling.
Even more of a concern is that judicial oversight seems somewhat lacking. According to Conservative MP David Davis, who strongly opposes the bill, because the law requires judges to approach requests for access on the basis of the principles of “judicial review” rather than actual evidence of wrongdoing, the Home Secretary would have to behave in an “extraordinary manner” to not get warrants granted.
It’s pretty much the definition of using a sledgehammer to crack a nut.
Who is in favour of it, and who is against it?
Politically the debate is interesting, as it has supporters and opponents on both sides of the House. For example, while Theresa May, UK Prime Minister David Cameron and the rest of the cabinet are in favour of the bill, former Conservative frontbenchers David Davis and Dominic Grieve are very much opposed, citing breaches of civil liberty.
On the Labour side, shadow Home Secretary Andy Burnham came out in favour of the bill despite previously opposing it, saying that he thinks there are enough oversights in the current iteration to warrant it. As for Labour leader Jeremy Corbyn, he has remained suspiciously quiet on the issue (though given that Burnham has come out and supported it, Corbyn would have likely given it the nod). Deputy Labour Leader Tom Watson, who was previously one of Parliament’s leading voices on digital rights issues has remained disappointingly silent.
Former LibDem leader Nick Clegg has called the new draft an “improvement” over previous plans for bulk data collection. Green Party MP Caroline Lucas is opposed, saying that some measures are “deeply concerning”. UKIP’s position isn’t entirely clear, as the party's only MP Douglas Carswell does not appear to have commented on yesterday’s draft, though the party officially expressed concern about civil liberties when responding to the Queen’s Speech a few months ago.
Outside of Parliament, a number of other individuals and organisations have been voicing concern. Edward Snowden himself spent much of yesterday tweeting about his opposition to the bill, calling it “the most intrusive and least accountable surveillance regime in the west”. Ouch.
The Open Rights Group, which campaigns for digital rights, has issued a statement by Executive Director Jim Killock saying that:
“This Bill will redefine the relationship between the state and the public for a generation. The government needs to get it right and make sure that the UK's law enforcement and security agencies can fight serious crime while upholding all of our human rights.”
“However, at first glance, it appears that this Bill is an attempt to grab even more intrusive surveillance powers and does not do enough to restrain the bulk collection of our personal data by the secret services. It proposes an increase in the blanket retention of our personal communications data, giving the police the power to access web logs. It also gives the state intrusive hacking powers that can carry risks for everyone's Internet security.” Shami Chakrabarti, director of Civil Liberties watchdog Liberty has condemned the bill as a “breath-taking attack on the internet security of every man, woman and child in our country”.
Big Brother Watch CEO Renate Samson has issued a statement reminding us of potential unintended consequences too:
“[D]emands on technology companies to adhere to warrants for encrypted data, as well as the power to legally hack into our devices, could create legislative back doors which in a world of increased cyber-attack could make us more vulnerable to crime.”
When will it become law?
Though there has been talk about a bill for some years now, it is still early in the legislative process. The draft bill that will be proposed by the government was published on 5 November, and it will be subject to scrutiny and amendments in both the House of Commons and House of Lords before coming into law. The exact timetabling on the rest of the legislative process remains to be seen.
It is not impossible that the bill could be defeated. In reality, though, it is unlikely that proposals would have be made in the first place if government didn’t think this "Snooper's Charter" had a decent chance of getting through.
Our newest offspring Gizmodo UK is gobbling up the news in a different timezone, so check them out if you need another Giz fix.
Image: Shutterstock/Titima Ongkantong