- Draft bill would let police hack into millions of devices
- Lawmakers criticize the bill for being overly intrusive
As opposition to a proposed U.K. Internet surveillance law mounts, British lawmakers want the government to change some of the measure’s most onerous requirements, though even a watered-down version will place Britons among the world’s most spied-upon people.
A parliamentary committee studying the draft on Thursday criticized the bill for being overly intrusive in detailing a user’s full Internet history and said so-called backdoors for police to access encrypted information shouldn’t be allowed. The committee also said judges should be more involved in authorizing warrants to permit snooping.
The report joins a chorus of concern over a bill some lawmakers and critics have dubbed the “Snooper’s Charter,” which as originally envisioned would have required Internet and phone companies to collect and store data on the surfing habits of millions of people and give intelligence agencies powers to remotely access smartphones and other devices.
“There is much to be commended in the draft bill, but the Home Office has a significant amount of further work to do before Parliament can be confident that the provisions have been fully thought through,” Paul Murphy, the chairman of the joint committee, said on Thursday.
Vodafone Group Plc, Google Inc. and Facebook Inc. have united in their opposition to the measure, on topics ranging from the costs of capturing and storing data on millions of people to the undermining of customer trust. The law could also require companies to create ways for the government to intercept and decode encrypted communication and allow police to hack into smartphones and computers.
Even though momentum for the law has been fueled by an elevated terror threat level in Europe and a number of attacks across the continent, critics are slamming the bill for invading privacy and even hurting freedom. The Chinese government late last year pointed to the U.K.’s draft in defending its own anti-terror law, which in part requires Internet and phone companies to decrypt data.
“Does the U.K. really want the dubious honor of introducing powers deemed to intrusive by all other major democracies, joining the likes of China and Russia in collecting everyone’s browsing habits?” said Anne Jellema, the head of the World Wide Web Foundation, a non-profit set up by Web inventor Tim Berners-Lee to promote free access to the Internet.
“The elephant in the room remains the government’s desire to introduce mass surveillance by default,” Jellema said in a statement.
British lawmakers on Thursday said while they support the bill, it needs “significant amendments and further work.” The report makes 86 detailed recommendations such as a requirement that judges take a more prominent role in authorizing warrants to snoop, a ban on encryption systems designed to grant authorities access to private data, and a “more robust” justification of the requirement that companies store customers’ surfing data.
Home Secretary Theresa May has characterized the law as the equivalent of an “itemized phone bill,’’ though one of the government committees drafting recommendations said it would compromise privacy by giving intelligence agencies too much access to personal information. Another parliamentary committee this month called the draft confusing, and said it could place the U.K.’s tech industry at a commercial disadvantage with its measures to tackle security risks.
In the U.K. draft, the government has set aside 174 million pounds ($250 million) to pay for implementation, but the U.K.’s Internet Service Providers Association (ISPA) said the true cost will probably exceed 1 billion pounds and that their members expect to be reimbursed for all expenses related to the law.
“Cost recovery acts as a clear safeguard by providing a link between public expenditure and the use of powers,” James Blessing, the chairman of ISPA, said in a statement on Thursday.
Apple Inc. wrote to the U.K. government in December expressing concern over weakened encryption, which the company said could be manipulated by hackers. Others have said the government’s heavy hand in monitoring communications will drive many Internet users to seek out more anonymous ways to surf the Web, such as using the Tor browser, which makes the user almost untraceable.
Proponents say the bill is a justified response to the menace of terrorism. Current rules need to be updated as they were written before the explosion in use of smartphones, said Anthony Glees, director of the center for security and intelligence studies at the University of Buckingham and a supporter of the bill.
“Interception does not undermine liberty,” Glees said. “It sustains it from people who want to destroy it.”
Of particular concern to Internet companies are questions about keeping browsing histories safe from cyber-attacks and ensuring that data like credit card details and legal and medical information remain encrypted. They are also concerned the proposed draft will confuse issues of territoriality that could harm British businesses.
The draft includes powers that assert U.K. jurisdiction overseas, according to Antony Walker, the deputy CEO of the trade body techUK. That, he said, could “create conflicting legal obligations for companies, infringe on the sovereign rights of other governments, and risk retaliatory action against U.K. companies operating abroad.”