What’s in the New UK Surveillance Bill?

images?q=tbn:ANd9GcTSqv1kpm2ddXNQ3s0fC9jkCGtd__Rgz5NsKQPDTjFtiDtxn8u6

The UK government intends wholesale reform, but will it perpetuate a dark history of invasion of privacy or follow the US example, and end invasive surveillance?

American opposition to mass surveillance is almost as old as the country itself: rejection of the use of “general warrants” to rummage through private homes was “the first act of opposition to the arbitrary claims of Great Britain”, according to John Adams, the US founding father. That sentiment came full circle when US surveillance powers were reduced for the first time this millennium, in the expiry of Patriot Act clauses used to justify the bulk collection of Americans’ phone records.

True to 18th-century form, Britain continues to use its modern “general warrants” to intercept digital communications en masse and has no intention of reducing powers anytime soon. In fact, chances are that we’ll soon see a new law in the UK extending, rather than reducing, surveillance powers.

It is now clear that the government intends to pursue wholesale reform of surveillance law in the UK in the guise of the investigatory powers bill, which the government, would like to see passed within a year. In some ways, this is a positive development: after two years of intense scrutiny by courts and committees, Britain’s legal framework for surveillance has been found desperately wanting, and a decision to overhaul surveillance law, rather than simply extend powers by attempting a revival of the snooper’s charter, raises the prospect that the government may be taking heed of some of the criticisms it has received.

On the other hand, the investigatory powers bill could well turn out to be the government’s attempt to correct the technical legal failings of the current framework, insulating it from the inevitable criticism of the European court of human rights, while acquiring even more invasive surveillance powers.

It is certainly not encouraging that the government has begun drafting the bill before publishing the report of David Anderson QC, an independent reviewer they themselves commissioned to assist in guiding surveillance law reform in Britain. This suggests that few of the criticisms levelled at the government, at the lack of transparency, disdain for accountability and disregard for democratic processes inherent in the current surveillance system, have been heeded.

Anderson’s report will be critical to this debate and expectations are high that it will propose bold reforms to surveillance law in Britain. There are at least five areas in which it is hoped Anderson, and ultimately the investigatory powers bill (which should reflect his recommendations) will suggest serious changes be made to the law of surveillance and investigatory powers in Britain.

Section 8(4) of the current law regulating surveillance, the Regulation of Investigatory Powers Act 2000, paired with other provisions is the law which – according to the intelligence and security committee (ISC) and the investigatory powers tribunal – allows the British government to conduct mass surveillance of every communication entering and leaving its shores. What the ISC terms “bulk interception” and believes is perfectly justifiable is, in fact, mass surveillance, indiscriminate monitoring of people in Britain and abroad, and must be halted.
Currently any proposed surveillance action is required to be signed off by a minister or his/her delegate, on the application of the intentions from a police or intelligence agent. Unlike many other countries surveillance in Britain is not overseen by a judge or a court of law, either of which, potentially brings an independent eye to bear on the exercise, of what can be and often are highly intrusive powers. According to the ISC’s February 2015 report, there are currently 19 warrants in place that cumulatively authorise the interception of billions of communications each day. None of those warrants were independently authorised prior to their issuance.

It is simply insufficient to accept that every decision to commence surveillance is ultimately a political one, requiring political judgment. The ultimate calculation of whether to commence surveillance, and thus interfere with privacy, must be a legal one, made by a competent, impartial judicial authority.

It should be well established by now that metadata, information about communications, is as valuable to the government as the content of those communications; on occasion it is even more so. Those who have attested to the value of metadata include the NSA’s general counsel Stewart “we kill people based on metadata” Baker, and the court of justice of the European Union. Accordingly, metadata must be afforded the same protections that are afforded to content; its collection should be viewed as akin to the interception of emails and the tapping of phones.

Using this as a premise, surveillance law reforms should roll back data retention, as mandated by the Data Retention and Investigatory Powers Act 2014, and refrain from enacting new communications data laws that would require communications service providers (CSPs) to collect third-party communications data (as was proposed in the previous snooper’s charter).
British law does not currently require the police or intelligence agencies to articulate any reason, beyond reference to broad goals of protecting national security or preventing crime and disorder, to commence interception of communications, either in a targeted or blanketed manner.

The fundamental starting point for any surveillance should always be the presence of a reasonable suspicion that a person or people are in some way deserving of having their rights violated. People should not be treated as suspects merely because they use the Internet; suspicion must come prior to interferences with privacy.

It will be a challenge but also a historical opportunity, a decisive moment in which Britain can follow the example of the US, and put an end to an era of pervasive surveillance, or continue to relive its dark history of general warrants and arbitrary invasions of privacy. If it chooses the latter, the government should again expect a revolt.

Guardian:  

« Got Good Cyber Insurance Cover? Beware of Holes in Your Policy.
Understand Mobile Deep Linking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

NGS (UK)

NGS (UK)

NGS (UK) Ltd are independent, vendor agnostic, next generation security trusted advisors, providing all-encompassing solutions from the perimeter to the endpoint.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

RISE

RISE

RISE is an independent, State-owned research institute, which offers unique expertise and over 100 testbeds and demonstration environments for future-proof technologies, products and services.

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

Nukke

Nukke

Nukke offers advanced cybersecurity software and tailored solutions for your business.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.