In late 2015, Theresa May, the UK Home Secretary introduced the Investigatory Powers Bill (the “Bill”). Mrs May stated that the Bill was introduced to ensure that surveillance laws are “modern, fit for purpose and can respond to emerging threats as technology advances”. The Bill, which has been published with extensive explanatory materials, fact sheets and impact assessments, sets out a raft of powers for intercepting and obtaining communications data, either in bulk or as a specific target.

The UK Government says that the Bill, in large part, brings together under one umbrella powers that already exist. And those existing powers have been extensively used: according to the Home Office figures, there were over half a million authorisations in 2014 following requests for communications data by the police and other public bodies. There were also some 2,765 interception warrants authorised by ministers in the same year.

Aside from making explicit in law for the first time the powers of the security services and police to hack into and bug computers and phones, the Bill also places obligations on “communications service providers” to maintain “permanent capabilities” to intercept and collect the data passing over their networks. Those same service providers are required to keep records of the websites visited by their users for a 12-month period.


The Bill provides that the more-intrusive measures will have a form of judicial oversight, introducing an Investigatory Powers Commissioner (“IPC”) who will be supported by additional “judicial commissioners”, all of whom will be senior judges proposed by the Lord Chief Justice for three-year terms. Whilst the IPC will oversee the exercise of prescribed powers generally, the judicial commissioners will be specifically responsible for approving interception warrants (requests to uncover the content of people’s messages). The judicial commissioners’ oversight, however, will not extend to a pre-authorisation of the use of such measures and it is as yet not clear whether it will operate as an effective check and balance as opposed to a ‘rubber stamping’ exercise. Exemptions will also be allowed in “urgent cases” of up to five days.

Many of the more-intrusive powers have drawn strong criticism, particularly from civil liberties groups and not least in relation to the seemingly weak protection afforded to the (otherwise sacrosanct) legal professional privilege. But recent weeks have seen technology companies spearheading the opposition to certain of the Bill’s powers—in particular, the impact of a new power that compels them to assist the security services and police with bypassing encryption.

In evidence to the Draft Investigatory Powers Bill Select Committee, Mrs May stated that the UK Government recognized the importance of encryption and was not proposing to make any changes to existing powers. Mrs May said that the authorities would expect a provider to take “reasonable steps” to comply with a warrant, which would include producing the data in a form that was “legible” and not encrypted. Mrs May added that the UK Government did not “want the keys” to a provider’s encryption or, in other words, a ‘back door’.


The draft Bill has been the basis of consultation which will conclude imminently. The Joint Committee which undertook the consultation has indicated that it will report on its findings in February 2016, with a revised Bill being published later this year.

It is the Government’s intention that the revised Bill be enacted by the end of next year, as the current Data Retention and Investigatory Powers Act will cease to have effect from 31 December 2016.