What’s in the New UK Surveillance Bill?

Uploaded on 2015-06-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

images?q=tbn:ANd9GcTSqv1kpm2ddXNQ3s0fC9jkCGtd__Rgz5NsKQPDTjFtiDtxn8u6

The UK government intends wholesale reform, but will it perpetuate a dark history of invasion of privacy or follow the US example, and end invasive surveillance?

American opposition to mass surveillance is almost as old as the country itself: rejection of the use of “general warrants” to rummage through private homes was “the first act of opposition to the arbitrary claims of Great Britain”, according to John Adams, the US founding father. That sentiment came full circle when US surveillance powers were reduced for the first time this millennium, in the expiry of Patriot Act clauses used to justify the bulk collection of Americans’ phone records.

True to 18th-century form, Britain continues to use its modern “general warrants” to intercept digital communications en masse and has no intention of reducing powers anytime soon. In fact, chances are that we’ll soon see a new law in the UK extending, rather than reducing, surveillance powers.

It is now clear that the government intends to pursue wholesale reform of surveillance law in the UK in the guise of the investigatory powers bill, which the government, would like to see passed within a year. In some ways, this is a positive development: after two years of intense scrutiny by courts and committees, Britain’s legal framework for surveillance has been found desperately wanting, and a decision to overhaul surveillance law, rather than simply extend powers by attempting a revival of the snooper’s charter, raises the prospect that the government may be taking heed of some of the criticisms it has received.

On the other hand, the investigatory powers bill could well turn out to be the government’s attempt to correct the technical legal failings of the current framework, insulating it from the inevitable criticism of the European court of human rights, while acquiring even more invasive surveillance powers.

It is certainly not encouraging that the government has begun drafting the bill before publishing the report of David Anderson QC, an independent reviewer they themselves commissioned to assist in guiding surveillance law reform in Britain. This suggests that few of the criticisms levelled at the government, at the lack of transparency, disdain for accountability and disregard for democratic processes inherent in the current surveillance system, have been heeded.

Anderson’s report will be critical to this debate and expectations are high that it will propose bold reforms to surveillance law in Britain. There are at least five areas in which it is hoped Anderson, and ultimately the investigatory powers bill (which should reflect his recommendations) will suggest serious changes be made to the law of surveillance and investigatory powers in Britain.

Section 8(4) of the current law regulating surveillance, the Regulation of Investigatory Powers Act 2000, paired with other provisions is the law which – according to the intelligence and security committee (ISC) and the investigatory powers tribunal – allows the British government to conduct mass surveillance of every communication entering and leaving its shores. What the ISC terms “bulk interception” and believes is perfectly justifiable is, in fact, mass surveillance, indiscriminate monitoring of people in Britain and abroad, and must be halted.
Currently any proposed surveillance action is required to be signed off by a minister or his/her delegate, on the application of the intentions from a police or intelligence agent. Unlike many other countries surveillance in Britain is not overseen by a judge or a court of law, either of which, potentially brings an independent eye to bear on the exercise, of what can be and often are highly intrusive powers. According to the ISC’s February 2015 report, there are currently 19 warrants in place that cumulatively authorise the interception of billions of communications each day. None of those warrants were independently authorised prior to their issuance.

It is simply insufficient to accept that every decision to commence surveillance is ultimately a political one, requiring political judgment. The ultimate calculation of whether to commence surveillance, and thus interfere with privacy, must be a legal one, made by a competent, impartial judicial authority.

It should be well established by now that metadata, information about communications, is as valuable to the government as the content of those communications; on occasion it is even more so. Those who have attested to the value of metadata include the NSA’s general counsel Stewart “we kill people based on metadata” Baker, and the court of justice of the European Union. Accordingly, metadata must be afforded the same protections that are afforded to content; its collection should be viewed as akin to the interception of emails and the tapping of phones.

Using this as a premise, surveillance law reforms should roll back data retention, as mandated by the Data Retention and Investigatory Powers Act 2014, and refrain from enacting new communications data laws that would require communications service providers (CSPs) to collect third-party communications data (as was proposed in the previous snooper’s charter).
British law does not currently require the police or intelligence agencies to articulate any reason, beyond reference to broad goals of protecting national security or preventing crime and disorder, to commence interception of communications, either in a targeted or blanketed manner.

The fundamental starting point for any surveillance should always be the presence of a reasonable suspicion that a person or people are in some way deserving of having their rights violated. People should not be treated as suspects merely because they use the Internet; suspicion must come prior to interferences with privacy.

It will be a challenge but also a historical opportunity, a decisive moment in which Britain can follow the example of the US, and put an end to an era of pervasive surveillance, or continue to relive its dark history of general warrants and arbitrary invasions of privacy. If it chooses the latter, the government should again expect a revolt.

Guardian:  

« Got Good Cyber Insurance Cover? Beware of Holes in Your Policy.
Understand Mobile Deep Linking »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

VNT Software

VNT Software

VNT's vision is to change the way complex IT problems are resolved by predicting business disruptions before they occur.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

CTERA Networks

CTERA Networks

CTERA provides cloud storage solutions that enable service providers and enterprises to launch managed storage, backup, file sharing and mobile collaboration services using a single platform.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

360 Advanced

360 Advanced

360 Advanced is a relationship-focused cybersecurity and compliance firm offering integrated compliance solutions customized to meet your business’ needs.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.