ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

UK Snoopers Charter is an Assault on Freedom

As expected, on Wednesday last week Home Secretary of the ruling UK Conservative Party government, Theresa May, unveiled sweeping plans to grant the UK government unprecedented legal powers to spy on the personal web browsing history of every UK citizen (while at the time awarding itself the  legal right to intercept internet communications from anywhere around the world!).

Investigatory Powers Bill: Theresa May calls it 'update'

Investigatory Powers Bill: Theresa May calls it 'update' Investigatory Powers Bill: Theresa May calls it 'update'

Key points of the proposal include:

ISPs will be required to keep "internet connection records” of every customers’ internet activity for a minimum of 12 months

May stridently asserts that claims this will give police access to users' full internet history are "simply wrong”, as only the web domains visited will be recorded, and not the individual web pages within that domain, or any conversations held.

However, with this data the government will be able easily to determine what kind of porn you like, whether you are cheating on your partner, your political and religious affiliations, what your hobbies and pastimes are, and more.

After all, it does not take a mind-reader to guess the political leanings of a regular visitor to the www.greenpeace.org website, or that a married individual who frequents a dating website is being unfaithful (or wants to be!). The fact that the individual web pages looked at on those websites are not recorded hardly matters!

The legalization of mass government spying

The government freely admits the new law formalizes something that has been going on in secret since (at least) 2001. Supporters argue that by making this mass surveillance explicit, it brings the operation under a "legal framework”, and therefore provides some form of oversight and accountability to it.

What no-one seems to be asking is whether such mass intrusion into the privacy of each and every UK citizen can ever be justified in the first place. The government is framing the issue as one of privacy vs security, and May made some vague and unsubstantiated assertions that surveillance has prevented a number past terrorist attacks.

Even if true, the question we need to ask ourselves is "do we want to live in a society where we sacrifice our freedom, trusting a government that has proven time and again that it simply cannot be trusted to protect us, because we are scared of bogeymen and terrorists?” If so, then the terrorists have already won.

The way to fight terror to be not terrified, and to cling ever harder to our society’s hard-won ideals of freedom and tolerance, for which Britain is justly famed. By giving in to our fear, and becoming an intolerant big-brother society, we lose everything worth preserving.

Interestingly, the Bill also grants the UK government the explicit legal right to spy on all data passing through fiber-optic cables entering and exiting the UK (again this is something that is known to happen covertly already).

This effectively means that the UK government is granting itself the right to spy on everyone on the planet, regardless of nationality. Equally interestingly, not a single foreign government has complained about this…

Police, security organizations, and other government bodies will be able to access stored logs without a warrant

Local councils have for some reason been singled out as an exception and require a warrant, but as the current bill is based on the old RIPA legislation, the list of government services that will likely be able to access everybody’s highly personal records is staggeringly long, and includes bodies such as the Department of Health, HM Revenue and Customs, the Postal services Commission, the NHS ambulance service Trust, the Scottish Ambulance Service Board, and many more.

Despite May’s talk of "double-lock” oversight, there will be no effective oversight for access to this incredibly huge and sensitive trove of personal data.

Given that all this data is to be stored by telecoms companies, whose track record of keeping such data secure is hardly reassuring, it is probably safe to assume that every hacker and tech-savvy criminal will also quickly have access to this information.

"Double-lock” oversight over "intercepts”

Under the proposals, ministers can authorize "intercepts”, which then require "judicial approval” before they can be put into effect. This is what May refers to as a "double-lock”.

Given that there is explicitly no oversight over just about every random government department having full access to every citizen’s internet and phone records, this must presumably refer real-time monitoring (aka "bugging”) of communications, breaking into people’s houses, infecting laptops with malware, and other highly invasive TAO style operations.

What "judicial oversight” actually means, however, is that a group of retired (not serving, as this would constitute a severe conflict of interests) judges who are hand-picked by the government and will not have the technological expertise or understanding of covert surveillance necessary to make informed decisions, will effectively rubber-stamp ministerial edicts.

The role of these "judges” will therefore simply be to ensure that the correct procedures have been followed (and even here ministers can delay this minimal judicial oversight for 5 days simply by declaring the case "urgent.”)

As an almost meaningless sop to those in professions such journalism, medicine and law, ministers will have to spell out the protections afforded to sensitive information when investigating members of such professions.

Rather than provide reassurance, the proposals instead make it clear that contrary to what British people have always taken for granted, there is no such thing "privileged” or "confidential” conversations  between MPs and constituents, between doctors and patients, or between lawyers and clients.

Legal requirement for overseas companies to co-operate in decrypting users’ data

With deceptively bland title of "Maintenance of technical capability notice,” Section 189 of the Bill requires all companies operating in the UK (even if not UK companies) to comply with UK government demands, as long as "it is (and remains) practicable for those relevant operators to comply with those requirements."

This almost certainly means that the government will try to force tech companies to introduce back doors into their encrypted products (while at the time making it a criminal offense for anyone involved to reveal the existence of those backdoors, under any circumstances (Section 190(8))! Dear God.

The only silver lining to this frankly shocking attack on privacy and personal freedom is that is difficult to conceive of international tech companies complying with such ridiculous over-reach. Given that companies such as Apple and Google have robustly resisted similar demands by their own government, it seems very unlikely that they will just roll over to the UK government.

How this will play out remains to be seen, but it seems probable that this clause, which is causing a great deal of concern among tech companies, will be dropped as part of a strategic  ”softening” on the government’s position, designed to help push the proposals through Parliament.

Conclusion

The Investigatory Powers Bill is the greatest assault on British freedom since the Nazis tried to invade the country in World War 2. Yet instead of picking up arms to defend our freedom, the British public appears utterly complacent.

We have been sold hook, line and sinker on the false narrative that mass surveillance over every aspect of our personal lives is necessary to keep us safe, rather than being the precursor to an all-powerful, intolerant, right-right State that it is.

The "Snoopers Charter” will not make us safer; it will make us more vulnerable to government oppression, while at the same time doing absolutely nothing to deter the "bad guys”.

Preston Byrne is general counsel for  Eris Industries, a blockchain-based startup which moved from the UK to the US following Prime Minister David Cameron’s remarks over banning strong encryption earlier this year. I will leave you with his words,

"This legislation will not address the problem it’s designed to solve. Terrorists will go dark using off-the-shelf software like GPG and Tor, at the same time as ordinary people and businesses are placed in serious jeopardy because all of their own data is stored somewhere in a way which can be compromised.

Businesses already fail to secure user data today, as seen by the TalkTalk hack. The same applies to governments, as we saw with the US Office of Personnel Management hack where data on every American government worker with a security clearance was stolen by hackers widely believed to be state-sponsored.

Nothing in this bill ensures the security of that data, either. Instead it turns every business providing telecommunications in or to the United Kingdom into an attack vector. The best way to guarantee the safety of user data is for it to not exist. Our national security will be significantly enhanced if we store less data, not more, and increase the use of strong cryptography, rather than reducing it.”

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

2 Comments

Proust
on November 17, 2015
Excellent article, very well written. You say in the conclusion, though, "Yet instead of picking up arms to defend our freedom, the British public appears utterly complacent". I do not believe they are complacent. I believe they are like me, very afraid and angry about these powers but, at the same time, do not have a clue what can be done about it. The British public are no longer involved in the political process. We all see we are being duped but action means mass action. We can do nothing unless we organise and protest but we all know that protest achieves nothing. The politicians view the people as a minor irritant. They certainly arent working to please us even though we pay their wages
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small_webp.webp
Douglas Crawford replied to Proust
on November 17, 2015
Hi Proust, Sigh. But I think that is part of the complacency.. this despondent belief that politicians can and will do as they please, and that there nothing ordinary people can do about it. In my view, it is precisely because of this apathy that politicians and their banker masters are allowed to continue with their terrible accumulation of wealth and political power, and damn the common people, everyone on the receiving end of bombs we sell to nations known for their human rights abuses, the climate, and anything else that does not directly serve their greedy and self-serving interests. However, as a keen student of history, I am very aware that things do change, and can change fast. As a pacifist I believe that peaceful protest is the only way we can legitimately change things, as you cannot build a better world on piles of bodies. This will not be easy, but we are the 99 percent...

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service