Sergey Nivens - Fotolia
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The committee said it supports the intention behind the draft bill, which is to bring together the numerous provisions in statute governing intrusive powers which already exist into one clear piece of legislation, but that important clarity is lacking in a number of areas.
Topping the list is the controversial obligation on communications service providers to collect and retain users’ internet connection records (ICRs).
The committee said in its much-awaited report that, while it was satisfied that the potential value of ICRs could outweigh the intrusiveness involved in collecting and using them, witnesses expressed strong concerns about the lack of clarity over what form the ICRs would take and about the cost and feasibility of creating and storing them.
“The Home Office has further work to do before parliament can be confident that the scheme has been adequately thought through,” the committee said.
“We urge the government to undertake further consultation with communications service providers, oversight bodies and others to ascertain whether the definitions are sufficiently clear to those who will have to use them.”
Approach to encryption needs clarifying
On the topic of encryption, the report notes that the home secretary Theresa May has assured the committee that the bill’s approach to encryption is not designed to compromise security or require the creation of “backdoors”.
The committee said it welcomes this clarification, but is concerned that this needs to be made clear in the drafting of the legislation.
The committee also recommends that the government should publish advice in a Code of Practice alongside the bill on how data controllers should seek to minimise the privacy risks of subject access requests for ICRs under the Data Protection Act 1998.
Interception power must be subject to warrants
The report also highlighted concerns over the provisions in the bill for bulk powers to intercept, to acquire communications data, and to interfere with equipment.
“The public debate over these powers is a healthy one. The Home Office should ensure that it and the security and intelligence agencies are willing to make their case strongly in the months ahead,” the committee said.
The committee recommends that if bulk powers are to be included in the bill, a fuller justification for each should also be published alongside the bill.
While the committee said it agreed that targeted interception power should be part of the bill, it said such interception must be subject to “appropriate warrant authorisation arrangements”.
Judicial body ensures human rights compliance
The major change that would be brought about by the draft bill, the report said, is the creation of a new judicial oversight body and the much greater involvement of judges in the authorisation of warrants allowing for intrusive activities.
“Making this change will reduce the risk that the UK’s surveillance regime is found not to comply with EU law or the European Convention on Human Rights,” the committee said, noting that the report makes 86 detailed recommendations aimed at ensuring the system delivers the increased independence and oversight that have been promised.
The recommendations are also aimed at ensuring that the powers in the bill are workable, can be clearly understood by those affected by them and have proper safeguards, the committee said.
Codes of Practice
The report notes that much of the important detail about the way the legislation will work is to be contained in a set of Codes of Practice.
“We call on the government to ensure these codes are published alongside the bill to inform the further scrutiny the bill will receive from the two houses,” the committee said.
The report calls for a post-legislative review by parliament five years after its enactment to be included in the bill. It also makes a number of other detailed recommendations, including those aimed at ensuring that vital protections for lawyers and journalists are not compromised.
“There is much to be commended in the draft bill, but the Home Office has a significant amount of further work to do,” said committee chair Paul Murphy.
“The next stage will be for the two houses to consider the bill proper when it is introduced. We hope that both houses and the public find our report a useful start to the parliamentary debate,” he said.
Emphasis on privacy
The Joint Committee report is the third parliamentary investigation into the draft Investigatory Powers Bill that legislators have to consider in drafting a final text for new UK surveillance legislation.
The report by parliament’s Science and Technology Committee said the draft bill is too vague and needs to be redrafted to avoid economic damage. The Intelligence and Security Committee (ISC) report called for “substantive amendment” regarding privacy protections, equipment interference, bulk personal datasets and communications data.
According to some commentators, the most important critique is the one made by the ISC because of the emphasis on protecting privacy.
The legislation is aimed at establishing a framework for the use of investigatory powers by law enforcement and security and intelligence agencies, as well as other public authorities.
The draft bill includes provisions for the interception of communications, the retention and acquisition of communications data, the use of equipment interference, and the acquisition of bulk data for analysis.
It will repeal and replace the Data Retention and Investigatory Powers Act 2014 (Dripa), which expires at the end of 2016. It will also repeal and replace Part 1 of the Regulation of Investigatory Powers Act 2000 (Ripa).
Read more about the draft Investigatory Powers Bill
- Bulk data collection provided by the UK’s draft Investigatory Powers Bill is unnecessary for security and law enforcement surveillance, according to F-Secure.
- The draft Investigatory Powers Bill could have major implications for telecommunication companies operating in the UK.
- Facebook, Google, Microsoft, Twitter and Yahoo say they are particularly concerned about six key aspects of the UK’s draft Investigatory Powers Bill.
- The BCS believes criminalising reckless disclosure would reassure the public in how data is managed under planned surveillance laws.