The story is little different in the UK. The incumbent government’s Home Secretary, Theresa May, has dragged the Investigatory Powers Bill back to the table, and it has been derided as a privacy-infringing security nightmare. But still, the government are set on implementation, despite the draft having been scoffed at by security experts, let alone the numerous MPs who have written to national publications in opposition.
UK Citizen Privacy
Aside from the apathetic “nothing to hide, nothing to fear” expression pushed by many who appear to have little understanding of their personal privacy, the legislation being pushed through would oblige every single UK-based ISP, as well as mobile providers (CSPs – Communication Service Providers), to maintain data records for over a year in case the records are required for analysis. This would work alongside current operations, including the bulk interception of citizen information, which the government has already admitted “will almost always involve an interference with an individual’s rights under Article 8 of the European Convention on Human Rights.”
It wasn’t actually meant to work like this.
The government tried to phrase the more controversial areas of the new law as to lessen the impact on their own citizens whilst allowing for bulk collection of any overseas communications utilising UK communication channels. The new law “prevents the issue of a bulk interception warrant with the primary purpose of obtaining communications between people in the British Islands,” which sounds excellent, until you read the caveats contained the legislative guidance for MPs: “Due to the global nature of the internet, the route a particular communication will take is hugely unpredictable. This means that a bulk interception warrant may intercept the communications to or from an individual in the British Islands.”
In order to maintain absolute order over the myriad forms of communications, security services would be able to implement a bulk interception warrant for an unspecified reason, though must be “necessary and proportionate.” Within this, web services and mobile services are called out explicitly, and defined by their numbers.
If a service has over 10,000 users, it may be obliged to offer government security services assistance in building a “technical capability to give effect to interception, equipment interference, bulk acquisition warrants or communications data acquisition authorisations.” This in turn leads to “an obligation placed on a CSP to remove encryption only relates to electronic protections that the company has itself applied to the intercepted communications (and secondary data), or where those protections have been placed on behalf of that CSP, and not to encryption applied by any other party.”
Translated: we would like backdoors into your private communications, especially where encryption techniques have been implemented by the company. Those companies receiving regular warrants from the security services will likely have their entire communication network compromised to enable swift action when required i.e. the ongoing FBI/Apple debate.
In reality, some of this is already in place. Edward Snowden confirmed as much with his 2013 revelations. This potential piece of legislation enshrines a governmental right to spy upon its own citizens, into law, with no legal recourse.
I am not arguing against our digital privacy laws being modernised. Their last major update was around 12 years ago, in a time before even Facebook, let alone encrypted messaging services such as WhatsApp and Telegram.
Yes, it does need to change. Yes, there does need to be a clear, public debate. No, it should absolutely not be forced through before the 31st December 2016. When a document pertaining to building the largest digital data collection scheme the country has seen contains lines such as “Section 214 of the Act provides a power for the Secretary of State to develop compliance systems. This power could be used, for example, to develop consistent systems for use by CSPs to intercept communications and secondary data. Such systems could operate in respect of multiple powers under the act” we have duty as citizens to stop, and take notice.
So many people do not care. So many place credence in “nothing to hide, nothing to fear,” when the reality is maintaining privacy is a basic requirement for maintaining the human condition – with dignity, and the respect we deserve.
Image courtesy of iosphere / freedigitalphotos.net.