You are using an older browser version. Please use a supported version for the best MSN experience.

UK surveillance bill’s logging of web activity a huge risk to privacy, peers warn

TechCrunch TechCrunch 27/06/2016 Natasha Lomas

A former senior chief in the UK’s Met Police and now a Lib Dem peer in the House of Lords has warned over major risks to the privacy of web users’ personal data from a provision in the Investigatory Powers bill that would require ISPs to retain information on the websites and services accessed by their users for a full 12 months — so called Internet Connection Records (ICRs).

Lord Paddick noted that the provision is not being requested by the security services, who have additional investigatory tools to obtain the data they need, so is purely a power on the police’s wish-list — going on to argue that the catch-all nature of ICRs is disproportionate given the warrantless access the bill affords police to this personal data on all UK web users.

“Unless there is no other means of achieving the objective, intrusion into innocent people’s privacy should not be allowed — other than in exceptional circumstances,” he argued. “Even then it should be subject to the highest levels of oversight. Innocent people’s privacy should not otherwise be put at risk, let alone be intruded into.

“Internet Connection Records, the only virgin territory in the bill, are going to intrude into innocent people’s privacy.”

Paddick, who at one time was the highest ranking openly gay police officer in the UK, invoked his own experience of previously being married to a woman at a time when he thought he might be gay to illustrate the potential risks to personal privacy from the cache of web access data required to be logged under the proposed legislation.

“What if someone today was in that position and wanted to research using the Internet to get some help and guidance for fear of talking to anyone and letting the cat out of the bag? Like I was in those days,” he said. “This bill requires ISPs to record every website, everyone in the UK visits. To store that data for 12 months and reveal those details to the police without a warrant, if they suspect someone of a crime.”

Any “reasonably high profile individual” could be at risk of being accused of a crime they did not commit — resulting in their entire personal web access history being handed to the police, Paddick went on to argue.

“It would not be too far a stretch to think I had better not seek confidential advice on the Internet — in case it did become public,” he added.

Paddick said that although he supports many of the provisions in the bill, he has yet to be convinced of the necessity and proportionality of ICRs. He further noted that the security services are “duty bound” to help the police in serious crime matters — once again pointing out that these agencies have other powers at their disposal, making ICRs redundant.

The Lib Demo peer was speaking during the second reading of the Investigatory Powers bill in the UK’s second chamber, the House of Lords, after the draft legislation passed the House of Commons earlier this month with the help of the main opposition Labour party.

The latter lent the government its support after trumpeting winning some concessions from the Home Secretary — including that an overarching privacy clause be baked into the legislation. However digital and privacy rights organizations remain hugely critical of the proposals, even with the additional tweaks. And just last week another parliamentary committee warned specifically on the data security threats of ICRs.

The draft bill has still to go through committee and report stages, so is certain to be subject to further amendments. And given the government’s tight timetable to legislate by the end of this year — not to mention the possibility that a post-Brexit General Election might well be called as the domestic political landscape is rapidly reconfigured by the UK’s shock referendum vote to leave the EU — peers in the House of Lords could well play a significant role in tempering some of the bill’s more controversial elements via some well thought through amendments.

Lib Dem peers are certainly mounting a concerted effort to tackle some of the more controversial elements of the bill, with Lord Strasburger also speaking out against ICRs during today’s debate, noting that a similar move was abandoned in Denmark in 2014 and warning the bill creates a “new theft risk” for Internet users.

The Labour party has also voiced concerns about ICRs but only over the threshold whereby law enforcement would be allowed to access the records — wanting this raised from ‘any’ to only ‘serious’ crimes. The party has not opposed collecting the data in the first place, leaving it up to Peers to tackle this issue.

“Internet Connection Records are highly intrusive, difficult and expensive to implement, and of no interest whatsoever to security services,” argued Strasburger, adding: “It’s my view that ICRs need to be deleted from this bill.”

He also argued that amendments agreed in the House of Commons ostensibly aiming to add a ‘privacy backbone’ to the bill do not go far enough, noting that the chair of the Intelligence and Security Committee — one of multiple highly critical committees that have scrutinised the bill — has called for these clauses to be made clearer.

Strasburger also warned on the ongoing “threat to encryption” from the vague wording in the bill — something other parliamentary committees have been critical of.

Other elements concerning the Lib Dem peers at this stage include threats to privileged communications, such as between lawyers and their clients; so called ‘request filters’ which imply a behind the scenes attempt by the government to build a searchable database of citizen data (including pulling in data from ICRs); the “vexed question” (as Strasburger put it) of bulk powers — currently under independent review by QC David Anderson, which was another concession pushed for by the Labour party; inconsistencies in authorization mechanisms for intercept warrants; and the need to ensure judicial commissioners, who are set to approve and review warrants, are rigorously independent of the government that appoints them.

Strasburger also pointed to the current turmoil in the UK political landscape following the Brexit vote, noting “how quickly ruthless politicians can replace leaders” and warning of associated risks to freedom and democracy if such intrusive legislation pass onto the statute books unamended.

“In the hands of an extreme government the IP bill is a toolkit for tyranny,” he warned.

More from TechCrunch

image beaconimage beaconimage beacon