Britain this week moved a step closer to passing a controversial surveillance law that would give authorities sweeping power to tap into and monitor British citizens' digital communications while forcing tech companies, including U.S. titans like Apple, Google and Facebook, to turn over customer data on demand. The battle between security hawks and privacy advocates over the so-called Snooper's Charter, introduced after the November terrorist attacks in Paris, mirrors the legal contretemps in the U.S. surrounding the FBI's efforts to force Apple to decrypt an iPhone belonging to one of the San Bernardino, California, killers.
Here's what's in the bill, and what's at stake.
What is the Snooper’s Charter?
Officially known as the Draft Investigatory Powers Bill, but widely and somewhat derisively referred to as the Snooper’s Charter, the proposed law was first published in November by Home Secretary Theresa May. She revealed at the time that many of the powers contained in the bill were already being used by the government’s spying arm, Government Communications Headquarters (GCHQ), but would be explicitly stated in the new legislation for the first time.
May said the legislation was necessary to combat the increased threat of terrorism in light of the Paris attacks, saying: “There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.”
What new powers will it enable?
There's a wide range of new powers being proposed in the legislation, but the main points are:
- Enshrined in law for the first time will be powers for the police and security services to hack — referred to in the bill as “equipment interference” — into people’s communications through surveillance techniques, such as remotely “monitoring, observing or listening to a person’s communications or other activities.”
- Entities described as “telecommunications providers” — which covers everything from internet service providers (ISPs) to mobile phone networks and even companies like Apple and Facebook — will be obligated to provide access to encrypted user data, unless “not reasonably practicable.”
- ISPs and phone companies will have to store records of websites visited by every citizen for 12 months for access by police, security services and other public bodies.
- Places judicial oversight in the hands of a single commissioner who is appointed by the prime minister and sits for three-year terms. The home secretary needs only the approval of this commissioner to obtain a warrant to hack someone’s communications.
Will it become law?
Since the draft proposal was published in November, three parliamentary committees have looked at the bill and issued recommendations. Now, following its second reading in the House of Commons on Tuesday and passing a vote, the bill will proceed to the Public Bill Committee, where it will be examined clause-by-clause and evidence heard.
The committee will report the bill and any amendments back to the House of Commons, who will have the opportunity to debate the legislation once again.
A third reading of the bill will then take place in the House of Commons, and if it passes a vote, the bill will then proceed to the House of Lords, where it will be further debated, voted on and potentially become law.
Why the rush?
The Conservative government, which has a slender majority of 12 in the House of Commons, has been criticized for rushing the bill through Parliament. The reason for this is that the current emergency surveillance legislation expires at the end of 2016, so David Cameron is eager to have the Snooper’s Charter on the books before the new year begins.
Is there opposition to the Snooper’s Charter?
Yes. Lots of it.
In November, following the publication of the first draft of the bill, Edward Snowden set the tone for most of the criticism of the Snooper’s Charter when he tweeted: ”By my read, #SnoopersCharter legitimizes mass surveillance. It is the most intrusive and least accountable surveillance regime in the West.”
By my read, #SnoopersCharter legitimizes mass surveillance. It is the most intrusive and least accountable surveillance regime in the West.
— Edward Snowden (@Snowden) November 4, 2015
Since then three parliamentary committees have reviewed the proposals. The Intelligence and Security Committee published a highly critical report of the bill, calling it “inconsistent and largely incomprehensible.”
The Science and Technology Committee said the bill could damage the country’s technology sector and customers’ trust in those companies, adding that putting the new measures in place could cost taxpayers an additional 2 billion pounds ($2.88 billion) per year to implement, at a time when the government is pushing austerity measures.
The recommendation of the Joint Select Committee was to allow the new measures, but only after a significant amount of work was done to clarify the powers being proposed.
With so much opposition, how did it pass the vote?
On Tuesday, during the debate in the House of Commons, Andy Burnham, shadow Home Secretary, said: “The Home Secretary said that privacy protection was hardwired into the bill. I find it hard to accept that statement; I see the changes on this point as more cosmetic.”
However, rather than vote against the bill, Burnham announced that members of the Labour Party would abstain from the vote, saying: “The simple fact is that Britain needs a new law in this area. Outright opposition, which some are proposing tonight, risks sinking the bill and leaving the interim laws in place.”
The Scottish National Party, the second-biggest opposition party in Britain, also abstained from voting, citing “grave concerns” about the bill and claiming it needed an “extensive” overhaul.
What's the view from outside the government?
In a recent report, the United Nations’s special rapporteur on privacy, Joseph Cannataci, asked the British government to “outlaw rather than legitimize” the bulk surveillance and hacking provisions it includes. Cannataci asked May to “desist from setting a bad example to other states” and prohibit the Investigatory Powers Bill’s provisions for bulk surveillance and bulk hacking.
Other countries have already cited the Snooper’s Charter when drafting new surveillance legislation. In late 2015, the Chinese government referenced the proposed legislation while defending its anti-terror law, particularly in relation to requiring internet and phone companies to decrypt data.
“Does the U.K. really want the dubious honor of introducing powers deemed intrusive by all other major democracies, joining the likes of China and Russia in collecting everyone’s browsing habits?” said Anne Jellema, the head of the World Wide Web Foundation.
What about U.S. tech companies?
While Apple has not been as vocal in criticizing the Snooper’s Charter as it has been when battling the FBI, it has made its position clear on the proposed legislation.
“The fact is, to comply with the government’s proposal, the personal data of millions of law-abiding citizens would be less secure,” the iPhone maker said in written evidence submitted to a parliamentary committee.
Elsewhere a group of U.S. tech giants including Google, Facebook, Twitter and Yahoo said: “The actions the U.K. government takes here could have far-reaching implications — for our customers, for your own citizens, and for the future of the global technology industry.”
In a statement to International Business Times following Tuesday’s vote, a Microsoft spokesperson said: “The legislation must avoid conflicts with the laws of other nations and contribute to a system where like-minded governments work together, not in competition, to keep people more secure. We appreciate the government’s willingness to engage in an open debate and will continue to advocate for a system that is workable on a global basis.”