UK Unveils Draft Investigatory Powers Bill
The UK has this week revealed plans for comprehensive new surveillance powers, including the right to find out which websites people visit. These new laws, which critics denounce as an assault on the right to privacy will, if passed, be able to require communication service providers to hold their customers' web browsing data for a year - a timeframe that is not available to counterparts in the U.S.. Police access to web use however will be limited to "Internet connection records", which is a record of the communications service that a person has used; for example, websites that people visit but, importantly, not the particular pages visited, and not their full browsing history.
Experts say part of the new bill goes beyond the powers available to security services in the United States. Across the West, the debate about how to protect privacy while helping agencies operate in the digital age has raged since former U.S. intelligence contractor Edward Snowden leaked details of mass surveillance by British and U.S. spies in 2013.
Home Secretary Theresa May has stated however that the new document is unprecedented in detailing what spies can do and how they will be monitored: "It will provide the strongest safeguards and world-leading oversight arrangements," she said. "And it will give the men and women of our security and intelligence agencies and our law enforcement agencies ... the powers they need to protect our country." She also stated that many of the new bill's measures merely update existing powers and provide much-needed clarification. In a (forced?) concession to privacy groups, however, the UK government has publicly stated there will be jail penalties for anyone caught abusing the system and a two-tier oversight system with senior judges with veto power will be employed to review each of the ministerial-approved warrants that will be issued each year to permit suspects' emails and conversations to be intercepted.
Nevertheless, Yahoo has stated it is especially concerned that the proposed law could extend to non-UK companies. The Computer and Communications Industry Association, a lobby group for Internet and telecoms firms including Google, Microsoft and Facebook, have also commented that the proposals are a setback for privacy rights and part of a worrisome trend towards more governmental surveillance in Europe, warning that in addition to being able to carry out bulk interception of communications data, the security services will be allowed to perform ‘equipment interference’, whereby spies take over computers or smartphones in order to access their data.
Following October’s decision by the ECJ EU data regulators have moved quickly to urge companies to consider housing European citizens’ information in Europe. Therefore, as multinational corporations scramble to adjust to the post-Safe Harbor environment, with many publicly stating that they will keep all European data on European servers until a new EU-U.S. deal is ratified, it will be interesting to observe how far national governments within the EU will be allowed to reach into privately-held data in the name of preserving public safety.