The Investigatory Powers Bill, better known as the “Snooper’s Charter”, is here. Right now, it’s the pinnacle of mass state surveillance with its most notable feature forcing telecommunications companies to keep all data about its customers for at least 12 months.
And having to hand them over to public bodies without the latter’s justification.
While “bigger” news like Brexit and Donald Trump dominated headlines, the Investigatory Powers Bill has been rushed through under a veil of scare-mongering. Even the atrocities of the Paris terror attacks last year were used as a reason to force it through parliament.
— Red Moon #FBPE (@Undercover_mole) November 18, 2016
You might think it only affects the UK, but you’d be wrong. This affects everyone across the whole world.
Who Can Look at Your Data?
Former Deputy Prime Minister Nick Clegg and his Lib Dem party blocked it during the 2012–2013 legislative session, and objections abound. But since the Conservatives won last year’s general election and its core advocate, Theresa May, became Prime Minister, it comes as no surprise that the Bill is now law, pending inevitable Royal Assent.
Convinced? If used to fight terrorism, there’s nothing wrong with the secret intelligence services seeing which websites you frequent. It is, however, shocking to see the list of agencies who can now read a year’s worth of your browsing history, calls, and messages, courtesy of blogger, Chris Yiu:
- Security Service
- Secret Intelligence Service
- Ministry of Defence
- Metropolitan police force
- City of London police force
- Police forces maintained under section 2 of the Police Act 1996
- Police Service of Scotland
- British Transport Police
- Ministry of Defence Police
- Royal Navy Police
- Police Service of Northern Ireland
- Royal Military Police
- Royal Air Force Police
- Department of Health
- Home Office
- Ministry of Justice
- National Crime Agency
Now, at this stage, you might think “That’s fair enough.” These are all recognized security agencies, after all. But that’s not the full list. Gambling, tax revenue, even food agencies have all been granted warrant-free access to Britain’s browser history:
- HM Revenue & Customs
- Department for Transport
- Department for Work and Pensions
- NHS trusts and foundation trusts in England that provide ambulance services
- Common Services Agency for the Scottish Health Service
- Competition and Markets Authority
- Criminal Cases Review Commission
- Department for Communities in Northern Ireland
- Department for the Economy in Northern Ireland
- Northern Ireland Health and Social Care Regional Business Services Organisation
- Department of Justice in Northern Ireland
- Financial Conduct Authority
- Fire and rescue authorities under the Fire and Rescue Services Act 2004
- Food Standards Agency
- Food Standards Scotland
- Gambling Commission
- Gangmasters and Labour Abuse Authority
- Health and Safety Executive
- Independent Police Complaints Commissioner
- Information Commissioner
- NHS Business Services Authority
- Northern Ireland Ambulance Service Health and Social Care Trust
- Northern Ireland Fire and Rescue Service Board
- Office of Communications
- Office of the Police Ombudsman for Northern Ireland
- Police Investigations and Review Commissioner
- Scottish Ambulance Service Board
- Scottish Criminal Cases Review Commission
- Serious Fraud Office
- Welsh Ambulance Services National Health Service Trust
Why Is This Worrying?
This is an attack on privacy. EU courts deemed it unlawful on Humanitarian grounds. Human rights expert Paul Bernal has warned:
The biggest dangers come from the possibility of political change — we’re putting in powers and infrastructure that could easily be badly misused by a future government… These powers are actually better suited for monitoring and controlling political dissent than catching criminals and terrorists — they’re ideal for an authoritarian clampdown should a government wish to do that. A future government might well.
Suddenly, the world of George Orwell’s 1984 is closer than ever.
Police and intelligence services like GCHQ are a given… but why would the Food Standards Agency, Department of Health, and ambulance services across the UK need to know which sites you’ve visited, and who you’ve spoken to, either on the phone or through messaging apps?
Mass surveillance records are also a big target for hackers. Imagine how tempting it is for cybercriminals sending malware (knowing which sites you go on will increase their hit rates when sending fake emails and falsified pages), or intent on sextortion. Even Personally-Identifiable Information (PII) is worth something on the Dark Web. Similarly, hackers target medical institutions due to the wealth of valuable data they hold.
Further breaches in your privacy may come from attacks on your internet Service Provider (ISP), cell phone network provider, servers of governmental bodies, and the new database Request Filter.
How Could This Affect “The Five Eyes”?
Effectively formed following the Second World War, the so-called “Five Eyes” is an alliance of intelligence services in the US, Canada, Great Britain, Australia, and New Zealand. A major extension of UK surveillance law would likely affect its allies.
The surveillance laws have been described as being worse than China's, yet is passed incredibly easily. 2016.
— Matt Burgess (@mattburgess1) November 16, 2016
A court ruled that the National Security Agency (NSA)’s collection of phone records was illegal. A recent study by the University of Pennsylvania’s Annenberg School for Communication concluded that, despite this, Americans are resigned to giving up their privacy. The NSA already wants “front door” access to encrypted information.
After the 2013 revelations by whistleblower, Edward Snowden, Section 215 of 2015’s USA Freedom Act enforced limitations on the NSA’s retention of phone records, but telecommunication firms must still collect metadata (including when and where messages are sent, and to whom) of their customers. Government agencies still have access to this, but on a case-by-case basis. This is regulated by the Foreign Intelligence Surveillance Court (FISC), so it would be up to the NSA to prove that such information is required for counter-terrorism.
Similarly, Canada’s Communications Security Establishment (CSE) and Canadian Security Intelligence Service (CSIS) have got into hot water for retaining phone records — and sharing them with foreign surveillance agencies. Such unwarranted collection of metadata is a violation of the Charter of Rights and Freedoms.
Nonetheless, the UK’s Snooper’s Charter was an extension of the expired Data Retention and Investigation Powers Bill (DRIP). It wouldn’t be out of the question for legislation in the USA and Canada to be amended to include activities they’re already undertaking.
That’s essentially what’s happened in Australia. Mandatory retention laws were introduced last year: these force telecommunication companies and ISPs into keeping metadata for up to two years, obtainable by official bodies (and occasional private agencies) without a warrant, and Snowden adds:
It’s called pre-criminal investigation, which means they are watching everyone all the time. They can search through that information not just in Australia but also share with overseas governments such as the US and UK. And it happens without oversight.
Meanwhile, Privacy International has raised concerns about the seeming-ambiguity of New Zealand’s Telecommunications Interception Capability and Security Act 2013 (TICSA), which informs firms to collect “call associated data.” The actual definition, however, is arguably too loose, but seems to allow the Government Communications Security Bureau (GCSB) to intercept metadata.
How Could This Affect the Wider World?
Needless to say, this could start a chain reaction. Tim Berners-Lee, creator of the World Wide Web, says this is a worldwide issue:
This discussion is a global one, it’s a big one, it’s something that people are very engaged with, they think it’s very important, and they’re right, because it is very important for democracy, and it’s very important for business.
The Indian Government is already pushing for a data retention act similar to the UK’s, reportedly redrafting Section 67C of the Information Technology Act, 2000, so ISPs, email providers, and social media apps must retain data. We’re yet to determine what information this entails, but it’s likely metadata.
Going one step further, Russia’s Yarovaya Law passed earlier this year, as an anti-terrorism measure, requiring telecommunication companies to store voice messages for up to six months, alongside metadata. It also limits evangelism, and lengthens the jail sentences to up to 10 years for anyone found guilty of extremism online or protesting without permission.
More than 622,000 citizens signed a petition that argues this so-called Big Brother Law contradicts the Constitution of Russia.
China is well-known for its Golden Shield Project, which blocks many websites including Facebook and Twitter. The government there has introduced its own Snooper’s Charter, which allows them to decrypt messages held by ISPs, once more supposedly to combat terrorism.
If we consider the EU, things get trickier. Their Data Retention Directive was found to be in violation of our fundamental rights by the European Union Court of Justice. Fortune’s David Meyer summed up the situation:
Most EU countries were left with national data retention laws that were based on an EU law that no longer existed. Citizens challenged those laws and, in many countries such as Belgium and Austria, got them struck down too.
This led to individual countries introducing their own retention laws — hence the UK’s Investigatory Powers Bill.
Make no mistake: this is simply the beginning for data retention legislation across the world.
What Can You Do?
If you’re concerned about your privacy, you’ve got to do everything you can to protect those rights. This includes writing to your local senator or MP, participating in petitions, and backing up the groups fighting on your behalf.
The answer to evading mass surveillance might be the implementation of a Virtual Private Network (VPN), a type of encryption that’s supposed to offer a level on online anonymity. That’s not always the case, of course, but they do generally hide data from ISPs and so by extension the government. Here’s a list of the best VPN services right now. If you use WhatsApp or Facebook Messenger, you already use encryption regularly.
— Rachael Swindon (@Rachael_Swindon) November 26, 2016
But if you’re of particular interest to the intelligence services, VPNs certainly won’t hold them back from finding out information about you, for example, through a Domain Name System (DNS) leak.
The NSA will be monitoring you simply because you’re reading this. In fact, the NSA target anyone who has taken an interest in their own privacy.
Are you concerned about governmental invasions of privacy? Or should we instead focus on fighting hackers?
Image Credits: CREATISTA/Shutterstock