UK Police and intelligence officers are to be handed the power to monitor people's messages online in what has been described as an attack on the privacy of vast numbers of Britons.
The Home Secretary, Theresa May, intends to introduce legislation in next month's Queen's Speech which would allow law-enforcement agencies to snoop on citizens using Facebook, Twitter, online gaming forums and the video-chat service Skype.
Regional police forces, MI5 and GCHQ, the Government's eavesdropping centre, would be given the right to know who speaks to whom on demand and in real time and without a warrant. Warrants would only be required to view the content
Civil liberties groups rightfully expressed grave concern at the move. Nick Pickles, director of the Big Brother Watch campaign group, described it as
An unprecedented step that will see Britain adopt the same kind of surveillance as in China and Iran.
David Davis, the former Conservative shadow Home Secretary, said:
The state was unnecessarily extending its power to snoop on its citizens.
It is not focusing on terrorists or on criminals, the MP said. It is absolutely everybody. Historically, governments have been kept out of our private lives. They don't need this law to protect us. This is an unnecessary extension of the ability
of the state to snoop on ordinary innocent people in vast numbers.
Shami Chakrabarti, director of Liberty, said the Conservatives and the Liberal Democrats had resisted greater surveillance powers when in opposition:
This is more ambitious than anything that has been done before. The Coalition bound itself together in the language of civil liberties. Do they still mean it?
May is confident of enacting the new law because it has the backing of the Liberal Democrats, once strong supporters of civil liberties, but now obviously not. Senior Liberal Democrat backbenchers are believed to have been briefed by their
ministers on the move and are not expected to rebel in any parliamentary vote. A senior adviser to Big Brother Clegg said he had been persuaded of the merits of extending the police and security service powers
The Home Office said that the legislation would be introduced as soon as parliamentary time allows , and said:
We need to take action to maintain the continued availability of communications data as technology changes. Communications data includes time, duration and dialling numbers of a phone call or an email address. It does not include the content of
any phone call or email and it is not the intention of Government to make changes to the existing legal basis for the interception of communications.
However these claims about not snooping on contents seem somewhat contradictory when considering the proposed extension to social networking. There the communications only exist as the contents of a web page. There are no dialled numbers and
email connections on Facebook, just the messages on your wall.
According to The Sunday Times, which broke the story, the ISP's Association, which represents communications firms, was unhappy with the proposal when it was briefed by the Government last month. A senior industry official told the paper: The
network operators are going to be asked to put probes in the network and they are upset about the idea... it's expensive, it's intrusive to your customers, it's difficult to see it's going to work and it's going to be a nightmare to run legally.
Guy Herbert, General Secretary of NO2ID said:
Astonishing brass neck from the Home Office, attempting to feed us reheated leftovers from the authoritarian end of the Blair administration. It is not very far from a bug in every living room that can be turned on and turned off at official
whim. Whatever you are doing online, whoever you are in contact with, you will never know when you are being watched. And nobody else will either, because none of it will need a warrant.
Put aside privacy – and the government has – the scheme is an astonishing waste of money. What problem does it solve that is worth billions?
Guy Herbert, General Secretary of campaign group NO2ID said:
Astonishing brass neck from the Home Office, attempting to feed us reheated leftovers from the authoritarian end of the Blair administration. It is not very far from a bug in every living room that can be turned on and turned off at official
whim. Whatever you are doing online, whoever you are in contact with, you will never know when you are being watched. And nobody else will either, because none of it will need a warrant.
It looks like the Home Office is setting out to leapfrog China and gain the UK an unenviable position as the most monitored society in history. The automatic recording and tracing of everything done online by anyone -- of almost all our
communications and much of our personal lives, shopping and reading -- just in case it might come in useful to the authorities later, is beyond the dreams of any past totalitarian regime, and beyond the current capabilities of even the most
The vague assertion that all this is needed to deal with the usual bogeyman, terrorism, is worthless. It is hard to imagine any threat that is serious enough to justify it. But something that aims to make surveillance easy will create a demand
for surveillance. Unless it is subject to proper controls from the beginning, then the pretexts for access will multiply. That would mean the end of privacy.
Put aside privacy -- and the government has -- the scheme is an astonishing waste of money. What problem does it solve that is worth billions?
Comment: Same Old Policy
3rd April 2012. From David
It's interesting that the new email/phone snooping thing is *exactly* the same as that about to be brought in by Labour in 2006 - methinks this one is down to the long-term Whitehall Mandarins, rather than any particular party....
There is a growing backlash against the proposals to let the security services monitor every email, phone call and website visit by politicians from both coalition parties.
Chief among the Conservative rebels was Jacob Rees-Mogg MP, who suggested the proposals were hypocritical given the Prime Minister's previous stance against the control state .
In a 2009 speech Cameron said: Faced with any problem, any crisis, given any excuse, Labour grasp for more information, pulling more and more people into the clutches of state data capture.
Rees-Mogg said: The Government ought to remember why it favoured liberty in opposition. The powers it creates may in future be used by less benevolent administrations.
David Davis, the former Shadow Home Secretary, said the plan was an unnecessary extension of the ability of the State to snoop on people. What this is talking about doing is not focusing on terrorists or criminals. It's absolutely everybody's
emails, phone calls, web access.
Senior Liberal Democrats are also planning to rebel. They want the Government to clarify whether the legislation will allow GCHQ to access information on demand and without a warrant. The party passed a motion at its spring conference
banning communication interception without named, specific and time-limited warrants.
Tim Farron, the President of the Liberal Democrats, wrote on Twitter: We didn't scrap ID cards to back creeping surveillance by other means. State mustn't be able to trace citizens at will.
Big Brother Clegg tries the angle that there is no central database
While there will be no database, providers will be required to record all activities of their customers so they can be accessed if needed.
Nick Clegg said he was against the idea of a central database and the government reading people's e-mails at will. He claimed: I'm totally opposed as a Liberal Democrat and as someone who believes in people's privacy and civil liberties.
But in fact if the proposal is a rehash of what the police etc wanted under Labour, then they wanted the ISP's to provide access to their local databases so that the police could actually use it like a central database (albeit a little bit slower
on database searches).
Clegg also claimed that the government will not ram legislation through Parliament . He said the proposals would be published in draft first to allow them to be debated.
Meanwhile Theresa May has been suggesting that the capability is primarily for tracking down terrorists and paedophiles. But of course that has always been the stated case, and it has never stopped the capability to be used for trivial snooping
eg to help councils investigate all sorts of low level nonsense.
LibDems have been fed some blather trying to get them on the government track
An internal Liberal Democrat briefing on Home Office plans to massively expand government surveillance was today passed to Privacy International. The document contains significant evasions and distortions about the proposed Communications
Capabilities Development Programme (CCDP), and is clearly intended to persuade unconvinced Lib Dem MPs to vote in favour of the proposal.
The very reason I loathe Labour with a passion is because of the obsessive control-freakery they displayed during their years in power. With their being voted out, it seemed we were rid of these big brother tendencies. Now it appears some in
government have been infected by much the same virus.
Kindly tell the Home Secretary where to stick her proposals for yet greater surveillance of communications.
The Prime Minister said that Nick Clegg was made fully aware during a meeting of the National Security Council of Home Office plans for police powers to monitor internet communications.
In a put-down to his Coalition partners, Cameron said it was important to remember that some of the most senior Liberal Democrats in government waived through the proposals before they were made public.
The Deputy Prime Minister hit back, saying he had made clear in the meeting that he would stop the laws unless civil liberties were protected.
Conservative ministers insist the new laws will simply widen the current scope of powers --- police and intelligence agencies are already allowed to monitor telephone calls, letters and emails. They dispute the idea that monitoring voice calls
and other communications over the internet amounts to snooping.
Prominent Lib Dems have expressed outrage that the changes will allow the police greater power to track online communications, such as on Facebook and Skype.
Sir Tim Berners-Lee, who serves as an adviser to the government on how to make public data more accessible, says the extension of the state's surveillance powers would be a destruction of human rights and would make a huge amount of highly
intimate information vulnerable to theft or release by corrupt officials. In an interview with the Guardian, Berners-Lee said:
The amount of control you have over somebody if you can monitor internet activity is amazing.
You get to know every detail, you get to know, in a way, more intimate details about their life than any person that they talk to because often people will confide in the internet as they find their way through medical websites ... or as an
adolescent finds their way through a website about homosexuality, wondering what they are and whether they should talk to people about it.
The British computer engineer, who devised the system that allows the creation of websites and links, said that of all the recent developments on the internet, it was moves by governments to control or spy on the internet that keep me up most
at night .
He said that if the government believed it was essential to collect this kind of sensitive data about individuals, it would have to establish a very strong independent body which would be able to investigate every use of the surveillance
powers to establish whether the target did pose a threat, and whether the intrusion had produced valuable evidence. But he said that since the coalition had not spelled out an oversight regime, or how the data could be safely stored, the most
important thing to do is to stop the bill as it is at the moment .
The government has published a draft version of a bill that, if signed into law in its current form, would force Internet Service Providers (ISPs) and mobile phone network providers in Britain to install black boxes in order to collect and
store information on everyone's internet and phone activity, and give the police the ability to self-authorise access to this information. However, the Home Office failed to explain whether or not companies like Facebook, Google and Twitter will
be brought under the Regulation of Investigatory Powers Act (RIPA), and how they intend to deal with HTTPS encryption.
Faith in the integrity of HTTPS encryption is what makes online banking and the entire e-commerce industry possible, and Google uses it to secure its Gmail service, as do most webmail providers. The need for easy access to Gmail has been one of
the Home Office's primary justifications for the Communications Bill, but technology experts are dubious as to whether it is possible to technically and lawfully break HTTPS on a nationwide scale. At this morning's Home Office briefing, Director
of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: It will.
The draft Bill includes controversial measures to require network operators to acquire communications data relating to third party services -- for example, requiring an ISP to discover and record when its customers post a message on a social
networking site, and to which other user of the site that message was addressed. The Bill does not specify what data ISPs are to acquire, nor provide any limits; the requirements for ISPs are to be set out in Orders made by the Home Secretary at
a later date.
Writing in The Sun, Home Secretary Theresa May said:
I just don't understand why some people criticise these proposals. People have a right to privacy. But unless you are a criminal, then you've nothing to worry about from this new law. This isn't a snoopers' charter, it's a criminals' nightmare.
At a press and MP briefing at Parliament today, Julian Huppert MP said that he couldn't believe the bill could even be put before the House in its current form. David Davis MP remarked that, given that the RIPA process is already a disgrace
, the Home Office should be introducing a bill that introduces warrant requirements to RIPA rather than making it even easier for the police to access citizens' communications data. He also revealed that David Maclean, the most right-wing
politician the Home Office ever saw , will be chairing the committee on the bill.
Dr Gus Hosein, Executive Director of Privacy International, said: In the UK, we've historically operated under the presumption that the government has no business peering into the lives of citizens unless there is good reason to - that people
are innocent until proven guilty. This legislation would reverse that presumption and fundamentally change the relationship between citizen and state, and their relationship with their internet and mobile service providers. Yet there are still
big question marks over whether Facebook and Google will be brought under RIPA, and how far the government is willing to go in undermining internet security in order to fulfil its insatiable desire for data.
In the US file-sharers will soon be monitored on behalf of the MPAA and RIAA, and in the UK there are plans to monitor and store all Internet communications. To counter this people are turning to VPN services. How long before VPNs become illegal?
Even the cost of setting up China's Great Firewall is reported to have cost less than $1 billion. Might it be that the scale of the nationwide monitoring system is far greater the government has so far been willing to publicly acknowledge?
Ministers signalled they will rewrite the Snooper's Charter which gives police, security services and anyone else the government nominates new powers to snoop on communications. An influential parliamentary committee branded it overkill and Deputy Prime Minister Nick Clegg said it needed a
fundamental rethink .
Home Secretary Theresa May accepted the substance of a highly-critical report by the committee set up to scrutinise the draft version of the Bill, which would allow a range of official bodies to monitor emails, web phone calls and activity
on social networking sites.
The committee of MPs and peers said the legislation would give the Home Secretary sweeping powers to issue secret notices ordering communications companies to disclose potentially limitless categories of data . And they accused the
Government of using fanciful and misleading figures to support its case for the legislation.
Clegg said he was ready to block the Bill in its current form, and called on the Home Office to go back to the drawing board :
I believe the coalition Government needs to have a fundamental rethink about this legislation.
We cannot proceed with this Bill and we have to go back to the drawing board. We need to reflect properly on the criticisms that the committee have made, while also consulting much more widely with business and other interested groups.
This session's Queen's speech did not contain any explicit mention of the Communications Data Bill, but did make reference to proposals aimed at making it easier for law enforcement to match IP addresses to individuals.
My government will continue to reduce crime and protect national security. Legislation will be introduced to reform the way in which offenders are rehabilitated in England and Wales.
Legislation will be brought forward to introduce new powers to tackle anti-social behaviour, cut crime and further reform the police.
In relation to the problem of matching internet protocol addresses, my government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace.
The government provides more details in the briefing notes on the Queen's Speech:
[IP] addresses are generally shared between a number of people. In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used
the internet to communicate instead of making a phone call, it may not be possible for the police to identify them.
The Government is looking at ways of addressing this issue with CSPs. It may involve legislation.
Commentators have linked these proposals to comments made by Deputy Prime Minister Nick Clegg in April, suggesting that the government could be considering some sort of intervention relating to IPv6 adoption.
Right now, there are not enough IP addresses to go round for all of the devices being used. Temporary addresses are attached to computers and phones while they are online, but the records of these are patchy, which means they cannot easily be
matched back to individuals.
The police say a clearer picture would be a huge help in their investigations and we should explore how that can be done. --- Nick Clegg, writing in The Telegraph
Labour MP Tom Watson spoke out at the Labour Conference to criticise Ed Miliband, David Cameron, Nick Clegg and the rest of Parliament for turning a blind eye to the explosive growth in the power of the surveillance state
Speaking in the light of a summer of revelations from whistleblower Edward Snowden about the Internet surveillance programmes of British and American intelligence, he said:
We're living in the most closed system of liberal democracy in the Western world. We have the most unaccountable intelligence services.
Parliamentary scrutiny hasn't just failed. It doesn't exist.
I can't think what any party leader has said about this. That's an absolute disgrace. This is a callous denial of our freedom.
I have no faith in the Intelligence and Security Committee [which is charged with overseeing the UK intelligence agencies]. I hope Parliamentarians say we're not going to take it this anymore.
We have to say we're not going to put up with this and build a cross-party coalition to make the intelligence services accountable for once and for all and provide oversight of a surveillance state running amok.
He was speaking at a fringe event hosted by campaign groups Open Rights Group and Big Brother Watch.
Also speaking was Paul Johnson, the Deputy Editor of The Guardian who has orchestrated their coverage of the Edward Snowden revelations. He talked about:
The most surreal 36 hours I've ever had as a journalist where, on the orders of GCHQ, we bought masks and anglegrinders...to destroy the material [that they had from Edward Snowden].
We told them two weeks earlier it was already in New York. The whole thing was surreal. It was an entirely bizarre moment. It illustrates at heart that the British Government doesn't believe this story should have been written.
Javier Ruiz, Campaigns Director of Open Rights Group called for the start of a movement against mass surveillance:
This isn't just the responsibility of political parties. We really need to look at a political solution that involves citizens, government and private companies.
Nick Pickles - Director of Big Brother Watch, told the audience:
How we govern data isn't fit for the Internet age. Parliament need to drag the intelligence agencies into the open. Secrecy cannot be justified to simply prevent embarrassment. We've been telling the world to do one thing while doing a
completely different thing ourselves.
Police are to get powers to force internet firms to hand over details linked to IP addresses in order to help them help snoop on people's internet use.
The anti-terrorism and security bill will oblige internet service providers (ISPs) to retain information linking IP (Internet Protocol) addresses to individual subscribers.
The home secretary, Theresa May, said the measure would boost national security, but again complained that Liberal Democrats were blocking further steps.
Loss of the capabilities on which we have always relied is the great danger we face, May said. The bill provides the opportunity to resolve the very real problems that exist around IP resolution and is a step in the right direction towards
bridging the overall communications data capability gap.
However, the Lib Dems insisted that the communications data bill -- branded the snooper's charter -- was dead and buried . The party also stressed that the deputy prime minister, Nick Clegg, had been calling for the IP measures
since spring 2013.
The technical details are either sparse or misleading, maybe deliberately. Home and mobile broadband users have obviously had their IP address recorded and logged for sometime along with logs of messages and websites visited. I believe that the
bill is targeted at internet access on mobile phones where an IP address is shared by many users simultaneously without retaining detailed user records per IP message.
The Register obtained a slightly getter explanation from the Home Office:
Every internet user is assigned an IP address to ensure communication service providers know which data should go to which customer and routes it accordingly. Addresses are sometimes assigned to a specific device, such as a broadband router
located in a home or company. But they are usually shared between multiple users and allocated randomly by the provider's automated systems.
Many providers currently have no business reason for keeping a log of who has used each address. It is therefore not always possible for law enforcement agencies accessing the data to identify who was using an IP address at any particular time.
Such communications data is a vital tool in the investigation of terrorist and criminal activity, and significantly contributes to the conviction of child sex offenders.
The inability to link IP addresses to individuals poses serious challenges for law enforcement agencies. The proposed measures would reduce the risk of terrorism by improving the ability of the police and other agencies to identify terror
suspects who may be communicating with each other via the internet.
It would also help to identify and prosecute organised criminals; cyber bullies and computer hackers; and protect vulnerable people. For example, it can be used to identify a child who has threatened over social media to commit suicide.
This legislation will not however address all the capability gaps that the Draft Communications Data Bill aimed to fill. These gaps will continue to have a serious impact on law enforcement and intelligence agencies. For example, the provisions
will not enable the retention of weblogs -- a record of information relating to a communication between a user and the internet, including a record of websites that have been visited.
The Counter-Terrorism and Security Bill amends the definition of relevant communications data that Internet providers are required to retain. The apparent intention is to ensure that Internet providers retain IP port numbers or machine MAC
addresses when these are necessary to distinguish users, such as when the network is employing Carrier-Grade Network Address Translation (CGN).
Four members of the House of Lords have attempted to bring back from the dead the Communications Data Bill -- otherwise known as the Snoopers' Charter. The entirety of the bill that had previously been rejected (or at least put on hold) by
Parliament -- some 18 pages in all -- was added as a late amendment to the Counter Terrorism and Security Bill currently passing through the Lords. This is utterly cynical at best, and a total abuse of parliamentary procedure at worst.
The Communications Data Bill is the one which required ISPs (or any telecommunications provider') to keep a log of all activity associated with an individual or IP address. Whilst ostensibly requested for 'security reasons (being played up
again in the light of the Charlie Hebdo murders in France) -- this mass retention of data is nothing less than oppressive, unwarranted, mass surveillance of the entire populace.
We know all too well from the Snowden revelations that power is abused by those who hold it -- and that there is mission creep in the data retained and the uses to which it can be put. There is no reason to think that this would be any different.
Previously the bill had been rejected in scrutiny by a joint committee of the Lords and Commons for a variety of reasons - amongst them the fact that the Home Office had totally underestimated the cost involved as well as the lack of any evidence
that there is any benefit to be had by requiring ISPs to hold this data. It was also requested that the Independent reviewer on Terrorism legislation, David Anderson, reviewed and commented on the bill and Parliament is still waiting for his
response to the initial proposals.
Given all that, it is shocking and simply unacceptable that four unelected Lords are attempting to pass this draconian legislation, not in its own right, but as a late amendment to a current bill. It is a total abuse of parliamentary procedure
and means that this legislation will not suffer the intense scrutiny that a new bill would, but instead would be passed in a backhanded fashion without review and consideration by both Houses.
The House of Lords is intended in our parliamentary system to be a revising chamber -- adding a totally new bill as an amendment to an existing one completely goes against that entire principle. The very fact that they feel it is necessary
to bring the bill in this underhand manner shows that they clearly don't have any faith in the ability of the legislation to stand up to proper scrutiny.
The rushed passing of the #DRIP legislation set the worrying precedent for this kind of action by parliament when seeking to pass contentious legislation that avoids scrutiny. As a party we warned of the dangers of Parliament passing
controversial and oppressive surveillance laws without appropriate time or scrutiny. Despite the calls of both ourselves and others, that bill passed into law.
The House of Lords has rejected amendments to the Counter-Terrorism and Security Bill which would have introduced substantial parts of the Communications Data Bill, more commonly known as the Snoopers' Charter .
The amendments were withdrawn at the request of Lord Bates, Parliamentary Under-Secretary at the Home Office, who argued that including the amendments at such a late stage could jeopardise the entire Bill.
Lord Bates promised to investigate the possibility of sharing more widely a redrafted version of the draft Communications Data Bill, apparently written to take into account the Joint Committee's recommendations , but which has so far been
kept under wraps by the Home Office.
The UK's Independent Review of Terrorism Legislation has said, it is time for a clean slate when it comes to surveillance law in the UK. In his report, David Anderson QC condemned the current legislative framework as, fragmented,
obscure, under constant challenge and variable in the protections that it affords the innocent .
Anderson was tasked with reviewing surveillance law as a requirement of the Data Retention and Investigatory Powers Act, one of the concessions gained by Labour and the Lib Dems in return for their support in rushing the Bill through
Parliament last July.
Anderson, unsurprisingly, does not condemn mass surveillance in principle and endorses bulk collection by the security services, but the report does call for a radical overhaul of how surveillance is regulated.
Here are some of the key points:
Since the Snowden revelations began two years ago, Parliament has further legislated for surveillance through DRIPA, the Counter Terrorism and Security Act 2015 and amendments to the Computer Misuse Act that legitimise hacking by the security
services. Anderson's damning verdict that the law, is variable in the protections that it affords the innocent can't be ignored. The report says: A comprehensive and comprehensible new law should be drafted from scratch, replacing the
multitude of current powers and providing for clear limits and safeguards on any intrusive power that it may be necessary for public authorities to use.
Under the current system, warrants for surveillance are signed off by government ministers, who are not independent. Anderson's recommendations that warrants should be signed off by judicial commissioners is a welcome shift away from politicial
authorisation but it would be preferable for warrants to go through the courts and be signed by serving judges to help make sure that surveillance is necessary and proportionate .
Anderson says that extending capabilities through a new Snoopers' Charter should only happen if there is, a detailed operational case needs to be made out, and a rigorous assessment conducted of the lawfulness, likely effectiveness,
intrusiveness and cost of requiring such data to be retained . So far the Government hasn't made such a case. In addition, it has made a report by Sir Nigel Sheinwald top secret. That report is believed to have suggested that a new
international treaty could be a legal alternative to the Snoopers' Charter. Despite this, the Home Secretary Theresa May today told the House of Commons that the re-drafted Snoopers' Charter would be laid before Parliament in the autumn -
although it would be scrutinised by a Joint Committee.
It is unlikely that Anderson's review and the Intelligence and Security Committee's Privacy and Security report would have happened were it not for Edward Snowden's revelations. Two years on, there are still many battles to be fought but one
thing is certain - the status quo cannot continue. MPs from all parties must act to ensure that the UK has surveillance powers fit for a democracy.
Theresa May, the Home Secretary, announced yesterday morning that the Investigatory Powers Bill will be published in draft form in the autumn. A joint committee of MPs and Peers will scrutinise the bill.
The police and intelligence services should be able monitor people suspected of serious crimes. But it's completely unclear that collecting information about everyone, all of the time is an efficient or cost-effective way of investigating
crime. And it's even less likely that this is in line with our fundamental human rights to privacy and freedom of speech.
If you agree, can you
sign our petition? We think the police and intelligence agencies should have powers that are effective and genuinely protect our privacy and freedom of speech.
WhatsApp, Facebook Messenger and Snapchat could all potentially be banned under the latest revision of the Government's Snoopers Charter that's being drafted at the moment.
The Investigatory Powers Bill, mentioned in the
2015 Queen's Speech , would allow the government to ban instant messaging apps that refuse to remove end-to-end encryption.
Home Secretary Theresa May reportedly plans to push the bill forward as quickly as possible, putting it in front of the Government by the Autumn.
The unconfirmed ban has caused an outcry on social media with reactions ranging from anger to disbelief that the Government would be able to take on companies like Apple, Google and Facebook.
David Cameron hinted at such repressive measures earlier this year in the aftermath of the Paris shootings when he claimed that when implementing new surveillance powers he would have no problem banning services like Snapchat if they didn't
comply. He threatened:
In our country, do we want to allow a means of communication between people which even in extremes, with a signed warrant from the Home Secretary personally that we cannot read.
My answer to that question is no we must not. If I am prime minister, I will make sure it is a comprehensive piece of legislation that makes sure we do not allow terrorist safe spaces to communicate with each other.
damning report on government surveillance however , leading computer experts at MIT have claimed that the proposals by both the US and UK governments have 'failed to account for the risks' that are inherently associated with removing
encryption. The report states:
These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm.
In a decision of great potential importance, the Divisional Court (a Lord Justice and High Court Judge sitting together) have declared section 1 of DRIPA, an Act of Parliament passed in 2014, to contravene the EU Charter of Fundamental Rights as
it was interpreted in the Digital Rights Ireland judgment of April 2014.
Digital Rights Ireland declared invalid the Data Retention Directive of 2006, an EU measure which had been promoted by the UK and which required all Member States to retain telecommunications data for periods of between 6 and 24 months.
DRIPA (enacted under emergency procedures in July 2014, in only four days) was the UK's reaction to Digital Rights Ireland. Its purpose was to provide a statutory basis, replacing the now-invalid Directive, for the requirement that service
providers in the UK retain certain categories of data (e.g. sender/recipient, date/time/duration of communication, but not content or web browsing history) for 12 months.
The Divisional Court judgment applied the Digital Rights Ireland principles to DRIPA, disapplying the Act of Parliament to the extent that it failed to respect the EU Charter of Fundamental Rights.
It remains to be seen whether the Government will appeal and, if so, how quickly that appeal will be heard.
Andrew Parker, the Head of MI5, has called for more up-to-date surveillance laws in an interview with the BBC, where he also stated that communications companies have an ethical responsibility to alert the authorities to potential threats
. Parker said:
MI5 and others need to be able to navigate the internet to find terrorist communication, we need to be able to use data sets to be able to join the dots to be able to find and stop the terrorists who mean us harm before they are able to bring
plots to fruition.
We have been pretty successful at that in recent years but it is becoming more difficult to do it as technology changes faster and faster [and] encryption comes in.
The government is currently planning renewed attempts to pass the Communications Data Bill, also known as the Snoopers' Charter . They are expected to bring forward a new version of the Bill in October.
Commentator and encryption expert Bruce Schneier commented:
For most of human history, surveillance has been expensive. Over the last couple of decades, it has become incredibly cheap and almost ubiquitous. That a few bits and pieces are becoming expensive again isn't a cause for alarm.
The government has also been briefing the communication industry about the extended snooping plan.
Theresa May has already met with companies including BT, TalkTalk, EE, Vodaphone, and Virgin Media to discuss plans to bring forward a new draft of the Communications Data Bill in October. Non-ISP networks and civil liberties groups have
reportedly been summoned to separate meetings.
As the head of MI5 launches a push for unparalleled powers, will he answer challenging questions on why banning encryption, or weakening it through compulsory backdoors, won't make us all less safe? By Julian Huppert
Police have lobbied the government for the power to view the internet browsing history of every computer user in Britain ahead of the publication of legislation on regulating surveillance powers.
Senior officers want to revive the measures similar to those contained in the snooper's charter , which would force telecommunications companies to retain for 12 months data that would disclose websites visited by customers, reported the
Richard Berry, the National Police Chiefs' Council spokesman for data communications refused to comment on any specifics of the forthcoming legislation, but claimedr the police were not looking for anything beyond what they could already access
through telephone records. Detailing the powers police want, he said:
We essentially need the 'who, where, when and what' of any communication, who initiated it, where were they and when did it happened. And a little bit of the 'what', were they on Facebook, or a banking site, or an illegal child-abuse
ISPs have warned that any new powers introduced by the government to allow broader snooping of web browsing behaviour must come with adequate oversight to protect civil liberties.
The Internet Service Providers' Association (ISPA) has sent a checklist of five key principles to MPs that it believes any new legislation must adhere to.
The ISPA said it had not yet been consulted over any extension of powers to cover internet browsing history. Andrew Kernahan, ISPA spokesman, said:
Once the bill is published we will be going through it with a fine-toothed comb. What we do know is that internet connection records that the government wanted was included in the draft communications data bill that was rejected by parliament.
The independent reviewer of terrorism legislation, David Anderson, said there needed to be a rigorous assessment conducted of the lawfulness, likely effectiveness, intrusiveness and cost of requiring such data to be retained.
Kernahan said despite the bill's rejection, the government had not consulted with ISPs . We are still yet to have a proper conversation about this, he said.
Councils, the taxman and dozens of other public bodies will be able to search the internet and social media activity of everyone in Britain, The Telegraph can disclose.
Technology firms will be required to keep records of the websites and apps which people have used and details of when they accessed them for 12 months under new powers unveiled this week.
The new powers, contained in legislation which is published on Wednesday , will primarily be used by police and the security services in pursuit of suspected terrorists and serious criminals.
Nominally they will not be allowed to see which pages people have viewed or their searches while on the websites and apps, or the content of any messages, without a warrant, however it would seem likely obtaining a warrant will be a rubber stamp
The Telegraph understands that a total of 38 bodies will also be entitled to access the records for the purpose of detecting or preventing crime .
A government source claims that access will be limited, targeted and strictly controlled and overseen by a new Investigatory Powers Commissioner, but such 'oversight' has never ever done anything to reign in the authorities in any previous
incarnation of snooping laws.
Ministers are also planning to introduce a new offence to deter the abuse of powers which will result in significant fines. Councils will also be required to get requests signed off by a magistrate before they are authorised, but it seems
unlikely that a magistrate would ever side with anyone accused of a crime.
The authorities will be able to see which websites were visited, but not the exact page that they viewed.
The intelligence agencies, police and the National Crime Agency will be the obvious users of the capability but other bodies including the Financial Conduct Authority, HMRC, councils, the Health and Safety Executive and the Department for Work
and Pensions will be able to access the information.
Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday.
Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.
Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant. A Home Office spokessnoop
The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of
terrorists and criminals in order to resolve police investigations and prevent criminal acts.
That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These
companies' reputations rest on their ability to protect their users' data.
Contrary to recent promises by Ministers that the government will not attempt to weaken or undermine encryption, the new obligation would require companies to ensure that they had the capability to decrypt any data they stored. This would
particularly impact cloud-based companies like Apple and Facebook, which have won consumer trust for the integrity of their Facetime and WhatsApp communications services by designing them with encryption that protects customer data even from the
End-to-end encryption means, for communications, that the message is encrypted by the sender with a key known only to the intended recipient. Thus Alice can Facetime Bob safe in the knowledge that Apple cannot access the communication,
even though Facetime communications need to be sent through servers run by Apple. End-to-end encryption also applies for data storage in the cloud: a business storing its corporate data in a cloud service like Amazon S3 or Google Glacier will
encrypt that data with a key that it knows and Amazon or Google does not.
The ability to support end-to-end encryption has been a crucial factor enabling adoption of cloud-based services as a viable alternative to traditional applications run by corporate IT departments. Quite apart from any consumer backlash,
prohibiting this capability would give pause to more security-sensitive businesses, that have a duty to protect the integrity of their customer data: if storing data in the cloud means exposing customer data to the cloud-service provider, use of
cloud services becomes much riskier. Recent high-profile breaches at TalkTalk, Vodafone and credit-rating agency Experian have greatly raised sensitivity to risk.
The Million Mask March is an annual protest against government cuts and surveillance across the UK, with the largest gathering in London. It is organised by the internet group Anonymous. The Facebook page for the event, on 5th November, said
it was intended to oppose the encroaching destruction of civil liberties.
The Met Police said they were imposing conditions under the Public Order Act. Ch Supt Pippa Mills said conditions were being placed on the protest because we have such serious concerns . The police have specified:
The march must not start before 18:00 GMT and must finish at 21:00; Attendees should stick to a particular route between Parliament Square and Trafalgar Square; Officers have the power to make protesters remove facial coverings.
Protests are expected across the world, with demonstrations expected to take place in countries including Cambodia, Chile, Canada, America and Mexico.
The Register details what ISPs will and will not be able to determine from your internet usage. However the article should be read with a little caution. Eg just because an ISP cannot determine which of your family members is accessing the
websites on the log doesn't mean the authorities can't. In fact the bill mentions specific capabilities to use context and tracking cookies etc to determine which family member access which sites.
UK surveillance bill could bring very dire consequences , warns Apple chief
The bill would preserve current blanket data retention requirements for communications data and add a new requirement for communications service providers to retain users' "Internet connection records" for up to 12 months. As
described in the government's explanatory notes, this requirement means that the government could get a list of all the websites a person visits or online services they use for up to a year. Even though this would not provide access to the
specific pages of a website the person visited, it would be highly revealing of a person's online activity and could result in self-censorship with a chilling effect on free expression. It would also breach the right to privacy and to
information, given that it applies to all users regardless of whether they are under suspicion. Intelligence agencies and police would be able to access such communications data without a warrant or review by a judge. Although judicial approval
is required for police to gain access to journalists' sources, it would not be required for intelligence agencies to get this access.
Apple has called for changes to the UK government's investigatory powers bill, over fears it would weaken the security of personal data of millions of law-abiding citizens .
In a submission to the bill committee the company expressed major concerns and called for wholesale changes before the bill is passed. It siad:
We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat. In this rapidly evolving cyber-threat environment, companies should remain free
to implement strong encryption to protect customers
Apple highlighted the main areas of the bill that it wants to see changed. It told the committee that passages in the bill could give the government the power to demand Apple alters the way its messaging service, iMessage, works. The company said
this would weaken encryption and enable the security services to eavesdrop on iMessage for the first time. In its submission, Apple said:
The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too.
Apple said it was worried about the scope of the bill as many of the provisions in the bill apply to companies regardless of where they are based, giving the bill international scope, despite being a purely domestic piece of legislation. It also
runs the risk of placing companies in a damned if they do, damned if they don't position. The company said:
Those businesses affected will have to cope with a set of overlapping foreign and domestic laws. When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk
sanctions. That is an unreasonable position to be placed in.
The governments invasive mass snooping laws will be used to bring online bullies and trolls to justice, the Home Secretary says.
Theresa May reportedly says that surveillance powers, unveiled under the Investigatory Powers Bill last month, will be used by police and spooks to track down and identify anonymous cyberbullies. The Times reports that 'officials' will be
able to unmask users going by various aliases.
Previously the government has maintained that the far reaching Snooper's Charter would be restricted to tracking serious crimes such as terrorism and child abuse.
Offsite Article: Theresa May wants to see your internet history, so we thought it was only fair to ask for hers
Microsoft will warn email and OneDrive users if it detects apparent attempts by governments to hack into their accounts.
Google, Facebook, Twitter and Yahoo already offer similar government hacker alert systems to the one just introduced by Microsoft. Alerts are far from rare. Google, for example, reportedly tells tens of thousands of users every few months that
they've been targeted by foreign spooks.
The Special Rapporteur on the right to privacy has heavily criticised the Investigatory Powers Bill in his first report to the Human Rights Council.
The report calls for disproportionate, privacy-intrusive measures such as bulk surveillance and bulk hacking as contemplated in the Investigatory Powers Bill [to] be outlawed rather than legitimised.
Jim Killock, Executive Director of Open Rights Group responded to the report's findings:
The Special Rapporteur's report is yet another damning criticism of the Investigatory Powers Bill. Not only does it call for the disproportionate powers in the Bill to be 'outlawed rather than legitimised', it points out that the Bill does not
comply with recent human rights rulings, which means it could be open to legal challenges.
The report also voices another serious concern -- that the impact of this extreme legislation will be felt around the world, and copied by other countries.
The Government cannot continue to ignore the overwhelming evidence that the IPB is a deeply flawed piece of legislation.
The Haystack is a new documentary , released today by
Scenes of Reason , bringing together leading lights for and against the UK's Investigatory Powers Bill. This unprecedented piece of legislation, which is now under parliamentary scrutiny, seeks to affirm and expand the surveillance remit of
UK security services and other departments, including new powers for the police to access internet connection records -- a database of the public's online activity over the previous 12 months.
The film provides an excellent roundup of arguments on both sides of the tortuous surveillance debate, including Conservative MP Johnny Mercer echoing the well-worn refrain, if you have nothing to hide, you have nothing to fear. Jim Killock of
Open Rights Group , speaking at the film's launch, quipped that Mr Mercer might feel a bit different if it were the left-wing government of Jeremy Corbyn and John McDonnell wielding these powers. Indeed, as far-right parties attract support
around Europe and the world, the likelihood increases of tremendous state surveillance becoming the plaything of ever more abusive regimes.
The immense capabilities contained within the bill are unpalatable in the hands of any authority -- they are all too easily harnessed to undermine perfectly reasonable political opposition and judicial work. By way of example, the film outlines
one such case where the current UK government improperly gained access to privileged details of a court case against it. In this light, the bill seems an intolerable threat to democracy and free expression.
Voices of concern from the security community , such as Sir David Omand, ex-GCHQ chief, explain that precautions against terrorism require more spying. Others reject this, noting that security services have failed to act on intelligence when they
do have it -- spending enormous sums on digital surveillance only reduces their efficacy in the realm of traditional detective work. Moreover, those costs, to be borne by government and industry, are excessive at a time of cuts to other public
services designed to protect us from more conventional enemies, such as disease.
The debate is winding -- this film helps straighten things out.
The European Court of Human Rights (ECtHR) has found that the UK's mass surveillance programmes, revealed by NSA whistleblower Edward Snowden, did not meet the quality of law requirement and were incapable of keeping the interference
to what is necessary in a democratic society.
The landmark judgment marks the Court's first ruling on UK mass surveillance programmes revealed by Mr Snowden. The case was started in 2013 by campaign groups Big Brother Watch, English PEN, Open Rights Group and computer science expert Dr
Constanze Kurz following Mr Snowden's revelation of GCHQ mass spying.
Documents provided by Mr Snowden revealed that the UK intelligence agency GCHQ were conducting population-scale interception, capturing the communications of millions of innocent people. The mass spying programmes included TEMPORA, a bulk data
store of all internet traffic; KARMA POLICE, a catalogue including a web browsing profile for every visible user on the internet; and BLACK HOLE, a repository of over 1 trillion events including internet histories, email and instant messenger
records, search engine queries and social media activity.
The applicants argued that the mass interception programmes infringed UK citizens' rights to privacy protected by Article 8 of the European Convention on Human Rights as the population-level surveillance was effectively indiscriminate, without
basic safeguards and oversight, and lacked a sufficient legal basis in the Regulation of Investigatory Powers Act (RIPA).
In its judgment, the ECtHR acknowledged that bulk interception is by definition untargeted ; that there was a lack of oversight of the entire selection process, and that safeguards were not sufficiently robust to provide adequate
guarantees against abuse.
In particular, the Court noted concern that the intelligence services can search and examine "related communications data" apparently without restriction -- data that identifies senders and recipients of communications, their
location, email headers, web browsing information, IP addresses, and more. The Court expressed concern that such unrestricted snooping could be capable of painting an intimate picture of a person through the mapping of social networks,
location tracking, Internet browsing tracking, mapping of communication patterns, and insight into who a person interacted with.
The Court acknowledged the importance of applying safeguards to a surveillance regime, stating:
In view of the risk that a system of secret surveillance set up to protect national security may undermine or even destroy democracy under the cloak of defending it, the Court must be satisfied that there are adequate and effective guarantees
The Government passed the Investigatory Powers Act (IPA) in November 2016, replacing the contested RIPA powers and controversially putting mass surveillance powers on a statutory footing.
However, today's judgment that indiscriminate spying breaches rights protected by the ECHR is likely to provoke serious questions as to the lawfulness of bulk powers in the IPA.
Jim Killock, Executive Director of Open Rights Group said:
Viewers of the BBC drama, the Bodyguard, may be shocked to know that the UK actually has the most extreme surveillance powers in a democracy. Since we brought this case in 2013, the UK has actually increased its powers to indiscriminately
surveil our communications whether or not we are suspected of any criminal activity.
In light of today's judgment, it is even clearer that these powers do not meet the criteria for proportionate surveillance and that the UK Government is continuing to breach our right to privacy.
Silkie Carlo, director of Big Brother Watch said:
This landmark judgment confirming that the UK's mass spying breached fundamental rights vindicates Mr Snowden's courageous whistleblowing and the tireless work of Big Brother Watch and others in our pursuit for justice.
Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding democracy itself and the rights of the British public. This judgment is a vital step towards protecting millions
of law-abiding citizens from unjustified intrusion. However, since the new Investigatory Powers Act arguably poses an ever greater threat to civil liberties, our work is far from over.
Antonia Byatt, director of English PEN said:
This judgment confirms that the British government's surveillance practices have violated not only our right to privacy, but our right to freedom of expression too. Excessive surveillance discourages whistle-blowing and discourages investigative
journalism. The government must now take action to guarantee our freedom to write and to read freely online.
Dr Constanze Kurz, computer scientist, internet activist and spokeswoman of the German Chaos Computer Club said:
What is at stake is the future of mass surveillance of European citizens, not only by UK secret services. The lack of accountability is not acceptable when the GCHQ penetrates Europe's communication data with their mass surveillance techniques.
We all have to demand now that our human rights and more respect of the privacy of millions of Europeans will be acknowledged by the UK government and also by all European countries.
Dan Carey of Deighton Pierce Glynn, the solicitor representing the applicants, stated as follows:
The Court has put down a marker that the UK government does not have a free hand with the public's communications and that in several key respects the UK's laws and surveillance practices have failed. In particular, there needs to be much
greater control over the search terms that the government is using to sift our communications. The pressure of this litigation has already contributed to some reforms in the UK and this judgment will require the UK government to look again at
its practices in this most critical of areas.