In November 2015 the Home Secretary unveiled the draft Investigatory Powers Bill (IPB) which will overhaul the current legal framework in this area. Since then Google, Facebook, Twitter, Yahoo and Microsoft have jointly submitted evidence to the committee scrutinising the IPB and they are not alone in their concerns.
High profile businesses from a variety of sectors have spoken out about their concerns over the draft IPB that was published late last year. Some of the principal concerns raised by these businesses relate to the adequacy of the safeguards pertaining to the investigatory powers bestowed by the IPB and the requirements for telecoms providers to store and provide potentially extensive amounts of data going back 12 months.
CONSOLIDATION OF EXISTING LAWS
The IPB seeks to modernise the current legal framework and to consolidate the current piecemeal rules governing communications data.
Communications data comprises information about internet and phone communications, in particular the source, date, time, destination, duration and type of communication. The content of communications is not included in this definition.
WHAT HAS CHANGED?
According to government officials, the aim of the IPB was to ensure that law enforcement agencies in the UK have the requisite powers to use their intelligence gathering capabilities to keep the public safe.
In particular, the government claimed that the benefits of the IPB would include "better equipping law enforcement and intelligence agencies to meet their key operational requirements, and addressing the gap in these agencies’ ability to build intelligence and evidence where subjects of interest, suspects and vulnerable people have communicated online".
Broadly the IPB covers:
- the acquisition of communications data (as above, this excludes content but covers the who, where, how and when details of the communications);
- the interception of communications (particularly the content of communication data in the course of transmission); and
- obtaining communications data by equipment interference (i.e. hacking).
- Imposing a legal duty on British companies to enable and assist law enforcement agencies to "hack" devices (including bypassing any encryption) to acquire information.
- A new requirement for internet service providers to store, for 12 months, the search activity of subscribers.
- New powers allowing state officials to intercept communications devices and collate internet and personal communications data.
- The ability of law enforcement officers to obtain, without a warrant, the names of websites people have visited.
- A new criminal offence punishable by up to two years in prison of "knowingly or recklessly obtaining communications data from a telecommunications operator without lawful authority”.
In addition the IPB introduces a new Investigatory Powers Commissioner to oversee the legislation and compliance.
WHY ARE THERE SO MANY OBJECTIONS?
The IPB’s biggest opponents have argued that the government is yet to produce any evidence that the increased access to communications data provided for by the IPB will make the public any safer.
Its advocates, on the other hand, have argued that the powers imposed by the IPB are not new but that the greater level of transparency imposed by the IPB will lead to greater scrutiny and thereby protection for individuals.
At the commercial level, internet service providers and telecoms operators in particular are likely to be substantially affected by the IPB - compliance with hacking warrants, retention of communications data and authorising access to communications data being just a few examples.
The draft published in November remains a draft and we are yet to know whether the IPB will pass in its current form. However, the extent of the concerns raised means that the IPB’s progress through Parliament is likely to be potentially challenging.