Home Secretary introduces “landmark” draft Investigatory Powers Bill to Parliament

The Government's Draft Bill "significantly strengthens oversight, safeguards and authorisation"

The Government’s Draft Bill “significantly strengthens oversight, safeguards and authorisation”

Today, the Conservative Government has introduced “landmark legislation” designed to provide law enforcement bodies and the security and intelligence agencies with the investigatory powers they need to keep us all safe and fight crime in the digital age.

The draft Investigatory Powers Bill sets out in unprecedented detail the powers already available to law enforcement, MI5, MI6 and GCHQ, enshrines new capabilities in legislation and significantly strengthens the oversight, safeguards and authorisation that govern their use.

Under the new plans outlined by the Home Office, warrants for the most intrusive powers available to the agencies – such as the interception of communications – will be subject to a ‘double-lock’. In reality, this means that they will require approval by a Judge as well as from the Secretary of State.

A new, single, stronger body – led by a powerful Investigatory Powers Commissioner, a senior Judge – will replace the existing oversight arrangements split across three different bodies to establish what the Government states will be a “more visible, world-leading oversight regime”.

Internet connection records

The draft Bill includes provisions on each of the key capabilities available to the intelligence agencies and others, namely communications data, interception and equipment interference. It provides for the retention of Internet connection records (ICRs) which law enforcement agencies need to restore eroding capabilities, although access to this data will be “tightly controlled”.

Law enforcement access to such information would be on a case-by-case basis, where it was necessary and proportionate to do so in the course of an individual investigation and limited to three rigidly defined purposes. These are to identify what device had sent an online communication, establish what online communications services a known individual had accessed or identify whether a known individual had accessed illegal services online.

David Anderson QC

David Anderson QC

The operational case for ICRs is published alongside the draft Bill in direct response to David Anderson QC’s recommendation in his report entitled ‘A Question of Trust’. Law enforcement requests for access to ICRs for wider purposes are not provided for in the draft Bill. Anderson is the Independent Reviewer of Counter-Terrorism Legislation.

Internet connection records are the Internet equivalent of a phone bill – a record of the communication services a computer or a smart phone connects to, but not people’s full browsing history. ICRs – a form of communications data – would let the police service ascertain that a person has visited google.co.uk or facebook.com but not what searches have been made on Google or whose profiles had been viewed.

Local authorities will be banned from accessing ICRs for any purpose.

The three independent reviews on investigatory powers – led by David Anderson QC, the Intelligence and Security Committee of Parliament and the Royal United Services Institute – agreed that the agencies should have the power to acquire and use data in bulk. In clear detail, the draft Bill sets out existing powers for the security and intelligence agencies to do this while at the same time subjecting them to stricter safeguards.

‘Double-lock’ authorisation for bulk powers

In an oral statement to the House of Commons today, Home Secretary Theresa May made clear that the draft Bill will set out all of the agencies’ powers to acquire data in bulk, including their ability to acquire communications data relating to both the UK and overseas in bulk from communications services providers.

May announced the Government’s intention to place the capability on a more transparent footing through the Investigatory Powers Bill, and to make it subject to the same “robust safeguards” as other bulk powers, including the ‘double-lock’ authorisation process.

Home Secretary Theresa May

Home Secretary Theresa May

The legislation responds to huge changes in the way we all communicate and seeks to ensure there are no ‘No Go’ areas of the Internet for law enforcement such that the entirety of cyber space can be policed in the face of technological advances.

Home Secretary Theresa May said: “The publication of our draft Investigatory Powers Bill is a decisive moment. Never before has so much information been in the public domain about the activities of our police and security services, as well as the oversight, safeguard and authorisation arrangements which govern them. I’m clear that we need to update our legislation to ensure it’s modern, fit for purpose and can respond to emerging threats as technology advances. There should be no area of cyber space which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.”

May added: “I am also clear that the exercise and scope of investigatory powers should be clearly set out and subject to stringent safeguards and robust oversight, including ‘double-lock’ authorisation for the most intrusive capabilities. This Bill will establish world-leading oversight to govern an investigatory powers regime which is more open and transparent than anywhere else in the world.”

The draft Bill will now go through full pre-legislative scrutiny before a revised Investigatory Powers Bill is laid before Parliament in the Spring of 2016.

The Government held more than 60 meetings with captains of industry, civil liberties groups and other organisations to inform its policy proposals.

Engagement will now continue throughout pre-legislative scrutiny.

Comment from the security sector

Yuval Ben-Moshe, senior forensics technical director at Cellebrite, has made comment on the draft Bill.

“There’s been much debate over Home Secretary Theresa May’s Investigatory Powers Bill,” stated Ben-Moshe. “The legitimate concerns over the general public’s privacy point towards the importance of taking measures, with technology, to promote safeguards and ensure compliance while also proceeding to deal efficiently with emerging threats.”

He continued: “Digital forensic analysis, particularly on mobile devices and Cloud stored data, now plays such a key part in criminal investigations as all of us now have a digital footprint reflecting our character, whereabouts and future plans. In specific cases that warrant action, if the intelligence agencies are granted access to an individual or group’s mobile and online activity, the data should be handled sensitively and by fully-trained and qualified professionals.”

Ben-Moshe concluded: “It’s important that intelligence agencies have the correct technology in place to ensure forensic investigations are as full, accurate and focused as possible and extract and analyse only relevant data with a view to bringing those responsible for criminal activity to justice as well as proving people’s innocence.”

Pravin Kothari, founder and CEO of cloud security company CipherCloud, stated: “Though the Home Secretary positions the Bill as a departure from the ‘Snooper’s Charter’, the word ‘disclosure’ appears 182 times. The push to mandate data retention by Internet Service Providers and allow ‘warrant-less’ access for investigators will certainly expand law enforcement’s surveillance capabilities to the detriment of personal privacy.”

Kothari added: “As a technologist, I believe in the power of technology to solve problems. In times like these when fear-driven Bills compromise the right to privacy, we can look towards security tools, such as encryption, to defend online communications from unwanted access.”

Renate Samson, CEO of Big Brother Watch, said: “The recommendation of a ‘double-lock’ of political and judicial sign-off on the most intrusive powers appears to tick the box of independent judicial approval, but in a world which is increasingly connected online the future demands on a Home Secretary’s time could become impractical.”

Samson stated: “Requests for the retention of Internet connection records will provide access to the most detailed data on citizens, not just the ‘who and when’ of a telephone record, but the ‘what and how’ of the way in which we live our lives. The guarantee of security to this retained data will be critical. Furthermore, demands on technology companies to adhere to warrants for encrypted data, as well as the power to legally hack into our devices, could create legislative ‘back doors’ which, in a world of increased cyber attack, could make us more vulnerable to crime.”

In conclusion, Samson explained: “There’s a great deal to be scrutinised in a very short space of time. For this legislation to really be a world leader in how to protect the privacy and security of law-abiding citizens, the Bill will require a thorough investigation.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts