JRB - Fotolia
Amenesty International has joined calls for improvements to the UK’s planned surveillance legislation, following the release of three critical parliamentary reports.
A report by parliament’s Science and Technology Committee said the draft Investigatory Powers Bill is too vague and needs to be redrafted to avoid economic damage; an Intelligence and Security Committee (ISC) report called for “substantive amendment” regarding privacy protections, equipment interference, bulk personal datasets and communications data; and a report just released by the Joint Committee appointed to examine the bill said important clarity is lacking in a number of areas.
"Given the tsunami of criticism the government has faced from such unusual bedfellows as the UN, Apple, the Intelligence and Security Committee, Amnesty and now its own joint committee, over its plans to expand its surveillance empire, it's clear the Home Office needs to go back to the drawing board,” said Rachel Logan, Amnesty UK's legal programme director.
"This confused and incoherent power-grab needs careful rethinking to place proper safeguards on people's privacy and restore public confidence in the way the spooks work," she said.
According to Logan, the redrafting of the surveillance bill was a huge missed opportunity to tighten up surveillance laws, rein in spies and restore public confidence through proper judicial oversight of the whole system.
“This poorly drafted bit of legislation fulfils none of those hopes,” she said.
Read more about the draft Investigatory Powers Bill
- Bulk data collection provided by the UK’s draft Investigatory Powers Bill is unnecessary for security and law enforcement surveillance, according to Erka Koivunen, cyber security adviser at F-Secure.
- The draft Investigatory Powers Bill could have major implications for telecommunication companies operating in the UK.
- Facebook, Google, Microsoft, Twitter and Yahoo say they are particularly concerned about six key aspects of the UK’s draft Investigatory Powers Bill.
- The BCS believes criminalising reckless disclosure would reassure the public in how data is managed under planned surveillance laws.
TechUK raises encryption concerns
In particular, TechUK is concerned about the economic consequences if the government fails to put into the bill its commitment not to weaken encryption, or restrict the use of end-to-end encryption.
“The draft bill includes powers that broadly and unilaterally assert UK jurisdiction overseas, create conflicting legal obligations for companies, infringe on the sovereign rights of other governments and risk retaliatory action against UK companies operating abroad,” said Antony Walker, deputy CEO of TechUK.
Jacob Ginsberg, senior director at encryption company Echoworx, said technology firms are particularly concerned about the severe lack of clarity around encryption and bulk data collection in draft bill.
“Businesses need to be reassured that backdoors will not be built into end-to-end encryption. If this is not clearly defined, there will huge financial implications on the UK economy as cloud and hosting companies will simply move their data to jurisdictions that the bill cannot influence,” he said.
Bill threatens UK storage market
According to Ginsberg, whose company has made contingency plans to move operations to Ireland if necessary, failure to ensure the final version of the legislation provide enough assurances around privacy could destroy the UK’s data storage market, driving out over £10bn worth of business.
“Serious thought needs to be given to the retention of bulk data. Having access to the subjects people are curious about, or websites that they have stumbled on, opens up avenues to prosecution and can only be described as thought crime,” he said.
“If somebody has committed a crime, there are mechanisms in place for the government to investigate it. Protecting citizens’ rights should be top of mind, not re-opening debates around citizens’ privacy that were settled decades ago.”