polygraphus - Fotolia
TechUK said three parliamentary reports have raised serious concerns with the draft bill.
A report by parliament’s Science and Technology Committee said the bill is too vague and needs to be redrafted to avoid economic damage; an Intelligence and Security Committee (ISC) report called for “substantive amendment” regarding privacy protections, equipment interference, bulk personal datasets and communications data; and a report just released by the Joint Committee appointed to examine the bill said important clarity is lacking in a number of areas.
“On vital issues like encryption, internet connection records, bulk equipment interference powers and extraterritorial reach, all three reports have said there are still too many aspects that are unclear, poorly defined or just wrong,” said Antony Walker, deputy CEO of TechUK.
“The Home Office must recognise this and address the fundamental concerns raised by expert witnesses, MPs and Lords,” he said.
TechUK said it fully supports the objective to create a clear legal framework for investigatory powers that is worthy of emulation around the world.
“This is achievable only if the government takes on board some of the key recommendations that have been set out by these three parliamentary reports. However, with an additional recess now expected for an EU referendum, there is a real concern about the time left to get this right and ensure the proper parliamentary scrutiny,” said Walker.
Internet connection records
All three reports acknowledged that it is not clear what internet connection records (ICRs) are and that there are significant security risks in retaining such sensitive data.
“The Home Office needs to provide a much clearer definition so that parliament can make a proper assessment of the technical feasibility and proportionality of these significant and intrusive powers,” said Walker.
TechUK has welcomed the government’s commitment not to weaken encryption, or restrict the use of end-to-end encryption, but Walker said this must be laid out in the bill, as recommended by all three parliamentary committee reports.
“The draft bill includes powers that broadly and unilaterally assert UK jurisdiction overseas, create conflicting legal obligations for companies, infringe on the sovereign rights of other governments and risk retaliatory action against UK companies operating abroad.
“The provisions in the bill are not consistent with the recommendations made in the report to the prime minister by special envoy on law enforcement data sharing Nigel Sheinwald, and the Joint Committee is right to urge the government to re-double its efforts to implement his recommendations,” he said.
Bulk equipment interference
All three committees have raised concerns about equipment interference, and the ISC said such powers are not necessary and should be removed from the bill.
“The Home Office must look again at the case for bulk equipment interference and the risks these powers could present for the UK’s wider cyber security,” said Walker.
Codes of Practice
All three parliamentary committees have supported TechUK’s call for Codes of Practice to be published alongside the bill.
“This is vital if the tech industry is to fully understand what is being asked of them and how it will impact their customers and their business,” said Walker.
Read more about the draft Investigatory Powers Bill
- Bulk data collection provided by the UK’s draft Investigatory Powers Bill is unnecessary for security and law enforcement surveillance, according to Erka Koivunen, cyber security adviser at F-Secure.
- The draft Investigatory Powers Bill could have major implications for telecommunication companies operating in the UK.
- Facebook, Google, Microsoft, Twitter and Yahoo say they are particularly concerned about six key aspects of the UK’s draft Investigatory Powers Bill.
- The BCS believes criminalising reckless disclosure would reassure the public in how data is managed under planned surveillance laws.