What’s in the New UK Surveillance Bill?

Uploaded on 2015-06-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

images?q=tbn:ANd9GcTSqv1kpm2ddXNQ3s0fC9jkCGtd__Rgz5NsKQPDTjFtiDtxn8u6

The UK government intends wholesale reform, but will it perpetuate a dark history of invasion of privacy or follow the US example, and end invasive surveillance?

American opposition to mass surveillance is almost as old as the country itself: rejection of the use of “general warrants” to rummage through private homes was “the first act of opposition to the arbitrary claims of Great Britain”, according to John Adams, the US founding father. That sentiment came full circle when US surveillance powers were reduced for the first time this millennium, in the expiry of Patriot Act clauses used to justify the bulk collection of Americans’ phone records.

True to 18th-century form, Britain continues to use its modern “general warrants” to intercept digital communications en masse and has no intention of reducing powers anytime soon. In fact, chances are that we’ll soon see a new law in the UK extending, rather than reducing, surveillance powers.

It is now clear that the government intends to pursue wholesale reform of surveillance law in the UK in the guise of the investigatory powers bill, which the government, would like to see passed within a year. In some ways, this is a positive development: after two years of intense scrutiny by courts and committees, Britain’s legal framework for surveillance has been found desperately wanting, and a decision to overhaul surveillance law, rather than simply extend powers by attempting a revival of the snooper’s charter, raises the prospect that the government may be taking heed of some of the criticisms it has received.

On the other hand, the investigatory powers bill could well turn out to be the government’s attempt to correct the technical legal failings of the current framework, insulating it from the inevitable criticism of the European court of human rights, while acquiring even more invasive surveillance powers.

It is certainly not encouraging that the government has begun drafting the bill before publishing the report of David Anderson QC, an independent reviewer they themselves commissioned to assist in guiding surveillance law reform in Britain. This suggests that few of the criticisms levelled at the government, at the lack of transparency, disdain for accountability and disregard for democratic processes inherent in the current surveillance system, have been heeded.

Anderson’s report will be critical to this debate and expectations are high that it will propose bold reforms to surveillance law in Britain. There are at least five areas in which it is hoped Anderson, and ultimately the investigatory powers bill (which should reflect his recommendations) will suggest serious changes be made to the law of surveillance and investigatory powers in Britain.

Section 8(4) of the current law regulating surveillance, the Regulation of Investigatory Powers Act 2000, paired with other provisions is the law which – according to the intelligence and security committee (ISC) and the investigatory powers tribunal – allows the British government to conduct mass surveillance of every communication entering and leaving its shores. What the ISC terms “bulk interception” and believes is perfectly justifiable is, in fact, mass surveillance, indiscriminate monitoring of people in Britain and abroad, and must be halted.
Currently any proposed surveillance action is required to be signed off by a minister or his/her delegate, on the application of the intentions from a police or intelligence agent. Unlike many other countries surveillance in Britain is not overseen by a judge or a court of law, either of which, potentially brings an independent eye to bear on the exercise, of what can be and often are highly intrusive powers. According to the ISC’s February 2015 report, there are currently 19 warrants in place that cumulatively authorise the interception of billions of communications each day. None of those warrants were independently authorised prior to their issuance.

It is simply insufficient to accept that every decision to commence surveillance is ultimately a political one, requiring political judgment. The ultimate calculation of whether to commence surveillance, and thus interfere with privacy, must be a legal one, made by a competent, impartial judicial authority.

It should be well established by now that metadata, information about communications, is as valuable to the government as the content of those communications; on occasion it is even more so. Those who have attested to the value of metadata include the NSA’s general counsel Stewart “we kill people based on metadata” Baker, and the court of justice of the European Union. Accordingly, metadata must be afforded the same protections that are afforded to content; its collection should be viewed as akin to the interception of emails and the tapping of phones.

Using this as a premise, surveillance law reforms should roll back data retention, as mandated by the Data Retention and Investigatory Powers Act 2014, and refrain from enacting new communications data laws that would require communications service providers (CSPs) to collect third-party communications data (as was proposed in the previous snooper’s charter).
British law does not currently require the police or intelligence agencies to articulate any reason, beyond reference to broad goals of protecting national security or preventing crime and disorder, to commence interception of communications, either in a targeted or blanketed manner.

The fundamental starting point for any surveillance should always be the presence of a reasonable suspicion that a person or people are in some way deserving of having their rights violated. People should not be treated as suspects merely because they use the Internet; suspicion must come prior to interferences with privacy.

It will be a challenge but also a historical opportunity, a decisive moment in which Britain can follow the example of the US, and put an end to an era of pervasive surveillance, or continue to relive its dark history of general warrants and arbitrary invasions of privacy. If it chooses the latter, the government should again expect a revolt.

Guardian:  

« Got Good Cyber Insurance Cover? Beware of Holes in Your Policy.
Understand Mobile Deep Linking »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer is a global law firm with a track record of successfully supporting the world's leading corporations, financial institutions and governments.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Nicoll Curtin

Nicoll Curtin

Nicoll Curtin is a global company with over 20 years of experience in connecting outstanding talent with industry leading companies within Technology, Change and Cyber Security.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.

Lumos

Lumos

Lumos, the Unified Access Platform to manage all access to apps and data.

CyberHive

CyberHive

CyberHive offer a complete suite of threat protection modules that seamlessly integrate to block current, as well as future threats.

Pellera Technologies

Pellera Technologies

Pellera Technologies is by a singular purpose: to empower organizations with innovative IT solutions that unlock potential, drive progress, and fuel transformation.