What’s in the New UK Surveillance Bill?

Uploaded on 2015-06-19 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Law

images?q=tbn:ANd9GcTSqv1kpm2ddXNQ3s0fC9jkCGtd__Rgz5NsKQPDTjFtiDtxn8u6

The UK government intends wholesale reform, but will it perpetuate a dark history of invasion of privacy or follow the US example, and end invasive surveillance?

American opposition to mass surveillance is almost as old as the country itself: rejection of the use of “general warrants” to rummage through private homes was “the first act of opposition to the arbitrary claims of Great Britain”, according to John Adams, the US founding father. That sentiment came full circle when US surveillance powers were reduced for the first time this millennium, in the expiry of Patriot Act clauses used to justify the bulk collection of Americans’ phone records.

True to 18th-century form, Britain continues to use its modern “general warrants” to intercept digital communications en masse and has no intention of reducing powers anytime soon. In fact, chances are that we’ll soon see a new law in the UK extending, rather than reducing, surveillance powers.

It is now clear that the government intends to pursue wholesale reform of surveillance law in the UK in the guise of the investigatory powers bill, which the government, would like to see passed within a year. In some ways, this is a positive development: after two years of intense scrutiny by courts and committees, Britain’s legal framework for surveillance has been found desperately wanting, and a decision to overhaul surveillance law, rather than simply extend powers by attempting a revival of the snooper’s charter, raises the prospect that the government may be taking heed of some of the criticisms it has received.

On the other hand, the investigatory powers bill could well turn out to be the government’s attempt to correct the technical legal failings of the current framework, insulating it from the inevitable criticism of the European court of human rights, while acquiring even more invasive surveillance powers.

It is certainly not encouraging that the government has begun drafting the bill before publishing the report of David Anderson QC, an independent reviewer they themselves commissioned to assist in guiding surveillance law reform in Britain. This suggests that few of the criticisms levelled at the government, at the lack of transparency, disdain for accountability and disregard for democratic processes inherent in the current surveillance system, have been heeded.

Anderson’s report will be critical to this debate and expectations are high that it will propose bold reforms to surveillance law in Britain. There are at least five areas in which it is hoped Anderson, and ultimately the investigatory powers bill (which should reflect his recommendations) will suggest serious changes be made to the law of surveillance and investigatory powers in Britain.

Section 8(4) of the current law regulating surveillance, the Regulation of Investigatory Powers Act 2000, paired with other provisions is the law which – according to the intelligence and security committee (ISC) and the investigatory powers tribunal – allows the British government to conduct mass surveillance of every communication entering and leaving its shores. What the ISC terms “bulk interception” and believes is perfectly justifiable is, in fact, mass surveillance, indiscriminate monitoring of people in Britain and abroad, and must be halted.
Currently any proposed surveillance action is required to be signed off by a minister or his/her delegate, on the application of the intentions from a police or intelligence agent. Unlike many other countries surveillance in Britain is not overseen by a judge or a court of law, either of which, potentially brings an independent eye to bear on the exercise, of what can be and often are highly intrusive powers. According to the ISC’s February 2015 report, there are currently 19 warrants in place that cumulatively authorise the interception of billions of communications each day. None of those warrants were independently authorised prior to their issuance.

It is simply insufficient to accept that every decision to commence surveillance is ultimately a political one, requiring political judgment. The ultimate calculation of whether to commence surveillance, and thus interfere with privacy, must be a legal one, made by a competent, impartial judicial authority.

It should be well established by now that metadata, information about communications, is as valuable to the government as the content of those communications; on occasion it is even more so. Those who have attested to the value of metadata include the NSA’s general counsel Stewart “we kill people based on metadata” Baker, and the court of justice of the European Union. Accordingly, metadata must be afforded the same protections that are afforded to content; its collection should be viewed as akin to the interception of emails and the tapping of phones.

Using this as a premise, surveillance law reforms should roll back data retention, as mandated by the Data Retention and Investigatory Powers Act 2014, and refrain from enacting new communications data laws that would require communications service providers (CSPs) to collect third-party communications data (as was proposed in the previous snooper’s charter).
British law does not currently require the police or intelligence agencies to articulate any reason, beyond reference to broad goals of protecting national security or preventing crime and disorder, to commence interception of communications, either in a targeted or blanketed manner.

The fundamental starting point for any surveillance should always be the presence of a reasonable suspicion that a person or people are in some way deserving of having their rights violated. People should not be treated as suspects merely because they use the Internet; suspicion must come prior to interferences with privacy.

It will be a challenge but also a historical opportunity, a decisive moment in which Britain can follow the example of the US, and put an end to an era of pervasive surveillance, or continue to relive its dark history of general warrants and arbitrary invasions of privacy. If it chooses the latter, the government should again expect a revolt.

Guardian:  

« Got Good Cyber Insurance Cover? Beware of Holes in Your Policy.
Understand Mobile Deep Linking »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Bsquare

Bsquare

Bsquare DataV software and engineering services help enterprises implement business-focused Internet of Things systems.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

Taqnia Cyber

Taqnia Cyber

Taqnia Cyber specializes in the fields of cyber security, intelligence, operations, and training. It offers its services and consultations to both public and private sectors.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

VIBE Cybersecurity International

VIBE Cybersecurity International

VIBE’s certificate-less authenticated encryption enables scalable, flexible key exchange, and other advanced cryptographic functions using identity-based elliptic curve cryptosystems (ECC).

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

McAfee

McAfee

McAfee is a worldwide leader in online protection. We’re focused on protecting people, not devices. Our solutions adapt to our customers’ needs and empower them to confidently experience life online.

Phylum

Phylum

Phylum provides powerful, automated software supply chain risk analysis that protects organizations, defends developers and enables secure innovation.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

Treacle Technologies

Treacle Technologies

Treacle Technologies are a Cyber Security startup with a focus on Defensive Security.