The UK Home Office has introduced an updated version of the Investigatory Powers Bill that expands upon and “updates” existing surveillance law in the UK. As written, the bill will undermine privacy, data protection, freedom of expression, and digital security for people in and outside the UK.
Access Now previously joined civil society organisations in calling for changes to the bill, but the concerns went largely unaddressed. Now, we call on parliament to stand with users and reject or significantly revise it. Companies, technology experts, academics, and United Nations special rapporteurs provided more than 1,500 pages worth of comments and suggested edits to the Joint Committee alone. Three UK parliamentary committees echoed a number of those recommendations. However, in just two weeks, the Home Office claims to have reviewed and implemented the necessary changes. Among the unaddressed, yet common, criticisms of the bill are that it:
- undermines the development and use of encryption,
- authorises bulk collection of information,
- extends surveillance power beyond the UK borders,
- does not require judicial authorisation for surveillance, and
- provides little transparency.
In the midst of heated efforts to stop governments from undermining encryption, the bill grants the UK Secretary of State broad control over the development of encryption. The secretary is authorised to create regulations on the “removal by a relevant operator of electronic protection.” The bill contains no restriction, as recommended by Access Now, several other commenters, and at least two Parliamentary committees, on the use of this provision to order companies to alter their digital security measures. As Access Now explained, the “free development, distribution, access, and use of encryption protects confidentiality of communication, increases trust, helps prevent crime, and contributes to a healthy economy.”
In addition, the expansive bulk authorities envisioned in the bill violate human rights standards that demand proportionality in surveillance laws. Under the current language, bulk warrants can be issued for the interception of communication and equipment interference. Compounding these problems, the bill fails to ensure adequate transparency or oversight: it lacks any requirement for advance approval of surveillance orders by an independent judicial authority.
Hundreds of pages worth of draft codes of practices have also been published in conjunction with the bill. The codes provide a process for carrying out surveillance authorities; however, they fail to provide substantive protections beyond the bill and are not formally legislated, so they are subject to change as the government sees fit. In fact, the Home Office issued a revised code of practice for surveillance practices last year that Access Now and others objected to: the code re-interpreted the government’s authorities to allow more surveillance to occur.
Now that the bill has been published, a final vote could take place in as little as two months. This move takes advantage of the noise that will be created by the Brexit debate and the upcoming referendum on whether the UK will stay in the EU. The processes require that parliament first conducts a quick line-by-line debate. According to MP David Davis, “when you work it out, it’s a 300-page bill — so that’s something like five seconds to consider each line on second reading.“ The bill will then go to the committee stage on March 22nd, with a final vote possible just a month later.
That timeframe is far too short for a bill that will, in essence, allow Britain to pwn the world by conquering cyberspace. Access Now, led by Executive Director Brett Solomon, joined MPs, UK surveillance experts, and civil society leaders in a letter calling for more time on the bill to allow for “adequate consultation.“
We now call on parliament to reject the bill outright or make substantial substantive changes to ensure that it conforms to human rights standards that will protect the privacy and rights of individuals.