Surveillance legislation proposed by the UK last November has been examined in detail by the country's politicians, with a new report recommending 86 alterations, but broadly approving the powers requested by the government. The parliamentary committee scrutinizing the draft Investigatory Powers Bill said that companies like Apple and Facebook should not be required to decrypt messages sent on their services, but approved plans to record every UK citizen's browsing history for 12 months. The committee also gave a thumbs up to the bulk retention of data, and the targeted hacking of individuals' computers, known as "equipment interference."
Confusing wording like "data includes any information that is not data"
The Investigatory Powers Bill will be the first legislation to fully codify digital surveillance in the UK, and has been dubbed the "snoopers' charter" by critics (a name used to refer to similar laws rejected a few years ago). The Bill has been attacked by ISPs, privacy advocates, the UN, and the world's largest tech companies, with critics agreeing that the Bill is being rushed into law and that its wording is confusing. Critics point to portions of the law like the statement that "data includes any information that is not data." The UK's home secretary and the Bill's principal architect, Theresa May, later explained that this was supposed to refer to things like paper.
This latest report repeats these complaints, stressing the need for clarity in the Bill's language. However, it also gives its approval to a number of controversial items. The report's authors says that the bulk interception and surveillance should be "fully justified" in a rewrite of the legislation, and notes that although these powers might contravene the EU's right to privacy, "security and intelligence agencies would not seek these powers if they did not believe they would be effective." This is despite the fact that this sort of mass surveillance (already in place, of course, just not officially legislated) has often proven to be ineffective, as with last year's terrorist attacks in Paris.
"The potential value of [internet records] could outweigh the intrusiveness."
Similarly, the committee found no faults with the government's plans to force ISPs to store users' web history for 12 months at a time. This information (known as Internet Connection Records or ICRs) would be available to police without a warrant, with the report noting: "We heard a good case from law enforcement and others about the desirability of having such a scheme. We are satisfied that the potential value of ICRs could outweigh the intrusiveness involved in collecting and using them."
Evidence submitted to the committee pointed out that these records would reveal "sensitive information" about citizens' political, religious, and sexual preferences, as well their health and daily activities, while ISPs noted that storing this data securely would be a "technical challenge." Experts also testified to the difficulty of sorting this data, as many apps like Facebook and Twitter keep a near-constant connection to the internet, and internet users can access sites they're not aware of. One expert noted that he created a blog with a "tiny one-pixel image in the corner" that showed up as Pornhub.com on visitors' internet history.
Good news for American tech giants
By comparison, the committee were much more wary of the UK's desire to access encrypted data, including chat logs from apps like Apple's iMessage and Facebook's WhatsApp. "The Government still needs to make explicit on the face of the Bill that [internet companies] offering end-to-end encrypted communication or other un-decryptable communication services will not be expected to provide decrypted copies of those communications if it is not practicable for them to do so."
Facebook, Microsoft, Google, Yahoo, and Twitter all submitted evidence to the committee saying the proposed legislation would be harmful, impacting individuals' privacy while emboldening more authoritarian regimes like Russia and China to demand similar access to users' data. Apple submitted evidence separately, although CEO Tim Cook also took the time to personally criticize the Bill, saying: "If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It’s the good people. The other people know where to go."