Network Security

The Investigatory Powers Bill is now set to become law

The Investigatory Powers Bill (IP Bill) has now been approved by both House of Parliament  and is expected to become law by the end of 2016.

The 300 page document has completed its parliamentary process, after going through a tug-of-war with the House of Lords over proposed amendments by the Lords with regards to regulation of the press in light of the Leveson Inquiry.

The House of Commons was essentially saying that this isn't what the law was proposed for.

Introduced by the then-Home Secretary Theresa May back in November 2015, the Bill has been heavily criticised by human rights groups and privacy campaigners alike, as the Bill is seen by some to herald ‘overreaching, draconian and intrusive' spying powers for the UK intelligence agencies.

The Bill was consequently dubbed The Snoopers' Charter. Since then, it has had what could be described as a somewhat bumpy ride.

It was criticised by the UN's privacy chief who said it undermines the spirit of the very right to privacy, all major UK and many leading global privacy and rights groups, and even the parliamentary committee tasked with scrutinising the bill disapproved of it.

However,if a YouGov poll is anything to go by, a cross-section of the UK public approve of Investigatory Powers Bill. The poll, surveying 1,729 British adults, found that 51 percent would agree to the government spying on their electronic communications, at least ‘in spirit'.

A reminder of the some of the power the IP Bill is giving government:

  • The bill has the ability to force internet service providers to record every customer's web history for up to a year, the data of which can be accessed by several government departments.
  • GCHQ now has powers to collect "bulk personal datasets", which includes anyone who is not accused of any wrongdoing but have been swept up in with those who have. Data can be gathered from "a large number of devices in the specified location", this would most likely mean the data of innocent people would be gathered.
  • Companies can be forced to decrypt data on demand.
  • Companies must now notify the government of any new security features in products before they launch.
  • Intelligence agencies now have the power to hack into computers and devices of citizens.
  • The only people who are given marginally better protections are journalists and medical staff.

The Home Office's representatives, who are in charge of the law, have said on many occasions that the powers which the new Bill is set to give to intelligence agencies are needed to help protect the country's national security and give more oversight.

This is while bringing in new judicial processes and checks to ensure the law isn't misused by those in government.

One such protection is as a "double lock" system, where the secretary of state and an independent judicial commissioner must agree on a decision to carry out search warrants. As well as this, a new investigatory powers commissioner will also oversee the use of the powers. The commissioner is appointed by the serving prime minister.

Despite these protections, however, last month, the Interception of Communications Commissioner's Office issued a report which claims that multiple mistakes were made by security services in 2015 with intercepted communications data, which led to 17 wrongful arrests.

Sir Stanley Burnton, the Interception of Communications Commissioner, described a 20 percent rise in errors made by security services since the previous year.

The report claims that a range of errors were committed, including “over-collection and unauthorised selection or examination of material to the interception of the wrong communications identifier or failure to cancel an interception”.

The report says 145 public authorities had access to confidential data in 2015. Overall, 761,702 items of communications data were acquired by the security services in 2015. The report details how 1,119 errors were made by security services and their use of the data.

Unsurprisingly, the government has downplayed much of the furor the bill has caused.

It has consistently argued that the bill isn't  new, but instead reworks the old and outdated Regulation of Investigatory Powers Act 2000 (RIPA).

This was brought into law to legalise new powers for things like collecting data in bulk and hacking into networks that were conducted or ruled on in secret.

It is widely recognised that these  activities were only brought to light  thanks to litigation by Privacy International which helped push these secret practices into the public domain.

This resulted in the government scrambling to explain how these practices were legal.

Privacy International recently blogged to explain why giving these powers to government agencies to collect "internet connection records" are so far reaching.

They waste no time in saying, "At the very least, they comprise a 12-month log of websites visited, communications software used, system updates downloaded, desktop widgets used, every mobile app used and logs of any other device connecting to the internet, such as games consoles, baby monitors, digital cameras and e-book readers."

Any flaws, known or unknown, could then be exploited to break into any individual's computer or smartphone, revealing a much wider range of information about people than they might otherwise realise.


Ed Macnair, CEO of CensorNet told “I'm immensely disappointed that this law has been passed by the House of Lords today. It's hardly a secret that agencies like GCHQ and MI5 already have access to our communications, should they need it. Given that, I can't see how this law will increase our ability to stop terrorism and other crime enough to make it worth it. In fact, I worry it could do more harm than good."

Macnair added: “Aside from the arguments around privacy – which are many and valid – it's also a huge security risk. Can you imagine the damage that could be done to individuals if their private browsing history was made public? That's not people on ‘dodgy' sites but individuals with highly personal concerns from sexuality and HiV, to addictions and depression. The Ashley Madison hack if nothing else showed us the devastation that occurs when incredibly personal information is leaked."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.