U.K.'s Mass Surveillance Bill Slightly Less Awful Than What Could Have Been
Demands for encryption back doors removed, sort of.
While many Americans would like to see its government scale back its domestic surveillance, the United Kingdom is hammering out a law that would actually codify its expansion in mass metadata collection and the use of malware to access computers and phones of suspects.
The Investigatory Powers bill, often referred to as the "Snooper's Charter," passed the House of Commons this week with a vote of 444-69. But it has been scaled back at least a bit. Originally, the government had planned to demand that tech companies provide "back doors" to its security so that the government could bypass encryption protecting access to private data.
These mandatory back doors are dangerous because there's no such thing as a back door that only the "right people" can access. Mandating back doors would render consumer data of all kinds even more vulnerable to hacking. Tech companies strongly resisted such a demand, and the bill compromises by instead stating that companies may only be required to break their own encryption and would allow the companies to appeal a demand by claiming it would be overly costly or damaging. So it would be up to tech companies to convince a judge that they either can't or should not have to compromise their own security.
The bill is still awful in other ways. It requires communication companies to keep records of all websites their customers visit for a year. It will allow police and intelligence officials to access Internet records like this without a warrant. Bloomberg notes that civil rights groups oppose the legislation even with the small changes:
Civil rights and privacy advocates have also opposed the bill and the revisions the government made in the final version haven't mollified them. "Minor botox has not fixed this bill," Shami Chakrabarti, the director of the civil rights group Liberty, said when the final version was introduced in March.
Critics also have the same concern that we see here in the United States that collecting massive amounts of metadata actually makes it harder to track down communications that should matter to intelligence in fighting the war on terror, not easier. In fact, Edward Snowden-leaked documents show that the U.K.'s own spy agency had the same fears. The Intercept reports:
Notably, three years after the report was authored, two Islamic extremists killed and attempted to decapitate a British soldier, Lee Rigby, on a London street. An investigation into the incident found that the two perpetrators were well-known to MI5, but the agency had missed significant warning signs about the men, including records of phone calls one of them had made to an al Qaeda-affiliated radical in Yemen, and an online message in which the same individual had discussed in graphic detail his intention to murder a soldier.
The House of Lords will vote on the bill in the fall. If it passes, it would go into effect in 2017.
Read more about the law here.