This week, the Queen gave royal assent to the Investigatory Powers Bill (aka "The Snoopers Charter"), marking the end of the controversial bill's passage into law.
The Investigatory Powers Act 2016 introduces several new powers, which the Home Office says will ensure that law enforcement and the security services "have the powers they need in a digital age to disrupt terrorist attacks". While the Act restates many existing powers, some of the new powers have attracted criticism as undermining privacy rights, including:
- Collection of Internet Connection Records: Internet and communications companies will have to retain meta data of customers' browser history for 12 months. This information includes which websites users have visited, when and for how long. Some 48 authorities, including government departments, police forces, local councils and HMRC, will be able to request this information.
- Equipment interference warrants: For the first time, the Home Secretary will have the power to permit security services to hack into computers, networks, mobile devices and servers.
- Access to "bulk" personal data sets: The Home Secretary may issue warrants to the security services to allow access to large data sets held by public and private organisations, or to permit large scale hacks, including in overseas operations.
Despite government assurances of proper oversight (there will be a new Investigatory Powers Commissioner and a "double-lock" mechanism for some of the more intrusive powers), civil liberties campaigners have criticised the Act. Bella Sankey, the Policy Director for Liberty, said the new powers "open every detail of every citizen's online life up to state eyes, drowning the authorities in data and putting innocent people's personal information at massive risk."
An online petition to repeal the Act has gained over 145,000 signatures. The government has confirmed that a number of provisions in the bill will not be in place for some time.
Against the backdrop of recent high profile data breaches, a key concern for everyone must be whether the companies that collect the data (and the authorities that access it) can keep such data secure. Internet records would be a prize target for the hacker who manages to access them!