JRB - Fotolia
Technology firms are urging further improvements to the UK government’s controversial Investigatory Powers Bill as it enters the next phase in the journey to becoming law.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The bill passed its second reading by 281 votes to 15 on 15 March 2016 and was referred to the House of Commons Public Bill Committee for detailed examination.
The committee will scrutinise the bill line by line in April, and is scheduled to complete its work no later than Thursday 5 May.
Legal and judicial experts, civil liberties groups, child protection groups, and representatives of law enforcement have begun giving oral evidence to the committee.
After the second reading, the Scrutiny Unit of the House of Commons called for written submission to thecommittee.
In a written submission published as the committee began hearing oral evidence, technology firms Apple, Facebook, Google, Microsoft, Twitter and Yahoo reiterated their concerns.
“As we made clear in our evidence to the joint committee, the actions the UK government takes here could have far-reaching implications – for British citizens, our users and for the future of the global technology industry.
“Decisions made today about UK legislation will set precedents which may be copied elsewhere and have wider ramifications for all parties, both in the UK and overseas,” the tech firms said.
Read more about the Investigatory Powers Bill
- The Home Office has tweaked the draft Investigatory Powers Bill to take on committee recommendations, but questions remain.
- Bulk data collection provided by the UK’s draft Investigatory Powers Bill is unnecessary for security and law enforcement surveillance, according to Erka Koivunen, cyber security adviser at F-Secure.
- The draft Investigatory Powers Bill could have major implications for telecommunication companies operating in the UK.
- Facebook, Google, Microsoft, Twitter and Yahoo say they are particularly concerned about six key aspects of the UK’s draft Investigatory Powers Bill.
While the companies welcomed the commitment to putting all surveillance powers into a single bill, they said further improvement could be made without jeopardising its effectiveness.
They said important amendments are required to ensure the bill is “worthy of emulation” around the world, does not “further exacerbate” the challenges communications companies outside the UK face, and protects user trust.
The submission summarises the concerns that were not addressed by the revised bill, and details areas where the tech firms believe amendments to the bill are required.
The areas of concern include the bill’s extra-territorial jurisdiction, the lack of clarity around encryption, judicial authorisation, bulk collection, transparency, judicial process, oversight, and network integrity and cyber security requirements.
On the hot topic of encryption, the tech firms said: “Encryption is a fundamental security tool, important to the security of the digital economy as well as crucial to ensuring the safety of web users worldwide.
“The bill provides for the power to issue technical capability notices requiring, among other things, the removal of electronic protection where reasonably practicable.
“The bill should be amended so that there is an explicit threshold: where a service is encrypted end-to-end, the bill should recognise it will not be reasonably practicable to provide decrypted content, rather than leave this to be established on a case-by-case basis,” the submission said.
In summary, the tech firms said required amendments are:
- the prohibition of the execution of a warrant that would result in an interruption of service to users of the targeted system
- the introduction of statutory provisions recognising the importance of network integrity and cyber security
- the provision of reassurance on the face of the bill that there is no conflict with communication service providers’ statutory obligations to keep user data and infrastructure secure
- a requirement for UK authorities to notify any relevant company of vulnerabilities when a warrant either expires or is cancelled