U.K. Civil Liberties Group to Challenge U.K. Mass Surveillance Act

iStock_000017197899_Large

The High Court in London, England, has given Liberty, a U.K. civil liberties and human rights organization, permission to challenge parts of the UK’s Investigatory Powers Act. The 2016 law, which Liberty has called an “authoritarian regime,”[1] gives the state unprecedented powers to monitor the U.K. public, and to collect and retain bulk personal and communications data. Specifically, Liberty is challenging the provisions in the act that allow the bulk interception of communications content, bulk personal datasets, and thematic hacking (allowing state actors to covertly access, control and alter electronic devices if their owners are suspected of involvement in crime).

Prime Minister Theresa May claimed that the act introduced only one new power: “requiring communications service providers to retain Internet connection records when given a notice by the Secretary of State.” This power means that internet service providers (ISPs) and Wi-Fi hotspot providers will be ordered to log all websites visited by all people in the U.K., with the time of visit and the identity of user.[2] Police, local councils, intelligence and government agencies, among many, would all be authorized to request this data.[3]

The act requires all Internet service providers (ISPs) and Wi-Fi hotspot providers to log all websites visited by all people in the U.K., with the time of visit and the identity of user.[4] Police, local councils, intelligence and government agencies, among many, would all be authorized to request this data by sending the provider a “technical capacity notice.”[5] Providers on the receiving end of these notices would then be obligated follow various requests, including removing “electronic protection” of encrypted communications, disclosing information of internet communications, and providing stored data requested.[6] These obligations can be seen in the excerpted part of the act below:

The main safeguard the act contains is in ss. 254–256, and it largely amounts to a judgment call by a Secretary of State. A Secretary of State must sign off on all “technical capability notices,” by considering whether ” the conduct required by the notice is proportionate to what is sought to be achieved”[7] and by consulting the Technical Advisory Board and people who are “likely to be subject to any obligations specified in the regulations.” After the secretary approves the notice, a judge must then approve the secretary’s action, considering whether “the same principles as would be applied by a court on an application for judicial review.” However, even if the judge disapproves of the notice, his or her decision can be overridden by the new Investigatory Powers Commissioner. Essentially, the safeguards slow down and narrow the government’s ability to access private information, but does not prevent it.

Liberty launched its legal challenge against the act after a landmark EU ruling that access to retained data must be restricted to the purpose of preventing and detecting serious crime.[8] This means that governments may only collect data in a targeted way – and not collect and retain data indiscriminately on a population scale. As the U.K. act gives the government unprecedented power to monitor all of the public, it appears to violate the EU ruling. Liberty is supported by the public in its case against the U.K. Investigatory Powers Act, as seen in its crowdfunding campaign that has so far raised almost $87,000.[9]

Supporters of the law believe that the government’s ability to retain communications data is crucial to preventing and detecting crime and terrorist activity. In contrast, opponents believe that retained web browsing histories and phone records is unconstitutional and non-democratic, as it gives government agencies too much power to monitor its citizens. Further, they believe that these measures are ineffective and counter-productive. According to Bella Sankey, the policy director of Liberty, “the Government has a duty to protect us, but these measures won’t do the job. Instead they open every detail of every citizen’s online life up to state eyes, drowning the authorities in data and putting innocent people’s personal information at massive risk.”[10] Opponents also believe that the vast retention of data is dangerous for all U.K. citizens, referencing the WannaCry cyberattack which took businesses and public bodies across the world to their knees.[11] These cyberattacks are made all the more dangerous when governments store vast amounts of sensitive information about every one of their citizens. Finally, customers will not even be made aware of whether their own communications and private web traffic are being intercepted and examined, as this would all take place behind closed doors.[12]

 

[1]https://www.theregister.co.uk/2017/06/30/liberty_gets_green_light_to_challenge_snoopers_charter/

[2] These records include the top level of the URLs visited – such as theregister.com – rather than the full URLs, when the site was accessed, and by whom http://www.theregister.co.uk/2016/11/29/investigatory_powers_act_2016/

[3] http://www.theregister.co.uk/2016/11/29/investigatory_powers_act_2016/

[4] These records include the top level of the URLs visited – such as theregister.com – rather than the full URLs, when the site was accessed, and by whom http://www.theregister.co.uk/2016/11/29/investigatory_powers_act_2016/

[5] http://www.theregister.co.uk/2016/11/29/investigatory_powers_act_2016/

[6] s. 254, 5(c) of the Act https://www.theregister.co.uk/2016/11/30/investigatory_powers_act_backdoors/

[7] A Secretary of State shall also consider the likely benefits of the notice, the number of users, the technical feasibility and cost of complying, and “any other effect of the notice on the person.”

[8] https://www.documentcloud.org/documents/3245181-C-203-15-amp-C-698-15-Arre-T-En.html

[9]https://www.crowdjustice.com/case/snoopers-charter/

[10] http://www.theregister.co.uk/2016/11/29/investigatory_powers_act_2016/

[11] http://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/

[12] https://www.theregister.co.uk/2016/11/30/investigatory_powers_act_backdoors/

 

This blog post was written by a CCLA summer student. Views expressed do not necessarily reflect the view of the CCLA.