UK Government Told to Revise Spy Lawby
Bill shouldn't disadvantage British business, committee says
More clarity needed on requirements, costs of proposed rules
The U.K. government should revise a proposed spying law so it doesn’t hurt British businesses, a Parliamentary committee reviewing the legislation said.
The committee, one of at least four parliamentary bodies scrutinizing the surveillance legislation, echoed concerns raised by major technology and telecommunication companies. In written comments to Parliament, Apple Inc., Vodafone Group Plc and others have said the law under consideration would force them to become enablers of mass government monitoring, undermine customers’ trust in their brands and impose excessive costs and administrative burdens.
"While we well understand the security challenges of communications data," the House of Commons Committee on Science and Technology wrote in a report released Monday, "we strongly believe U.K. businesses must not be placed at a commercial disadvantage by measures to tackle security risks."
While the committee was primarily focused on the law’s effect on British business, major U.S. tech companies have also expressed concern about how they would be affected in the U.K.
The committee agreed with tech and telecom firms’ worry that obligating them to help U.K. intelligence agencies hack their systems would undermine public trust in these companies.
"We believe the industry case regarding public fear about ‘equipment interference’ is well founded," the committee said. The government should report to the public on the extent to which it uses such hacking, it said.
The U.K. government should cover the cost for companies to comply with the law, according to the report. The government has set aside 174.2 million pounds ($249 million) over 10 years to reimburse Internet service providers for the expense of retaining a record of all the websites customers visit for a year, a new requirement of the proposed law. But tech and telecom companies say the mandate would also force them to re-engineer networks and software to allow for greater government surveillance, pushing the total compliance costs into the billions of pounds.
"Government must work with industry to improve estimates of all the compliance costs associated with measures in the draft bill," the committee wrote, adding that the government should "pay the full costs incurred by compliance."
The report recommends the government revise the draft bill to clarify its view of end-to-end encryption. Apple in particular has written Parliament to warn that the proposed law would weaken encryption so that security services could more easily decode communications, but that such measures would only put its customers’ data at risk from cybercriminals.
While not addressing this point directly, the committee said that the government shouldn’t require telecom and Internet service providers to decode communication that they didn’t directly encrypt.
"As ever, the fight against serious crime should be appropriately balanced with the requirement to protect and promote the U.K.’s commercial competitiveness," the committee wrote.
The government, which introduced the Draft Investigatory Powers Bill in November, is under no obligation to follow the committee’s recommendations. The bill is expected to come to a vote this spring and, if passed, will take effect from January 2017. Home Secretary Theresa May has told Parliament that the law is necessary to fight terrorism and to provide a legal framework for existing intelligence practices.
“We will consider this report,” Security Minister John Hayes said in a statement. “We are mindful of the need for legislation to provide law enforcement and the security and intelligence agencies with the powers they need to deal with the serious threats to our country in the modern age, subject to strict safeguards and world-leading oversight arrangements.”
Opposition to the proposed law has united tech companies and telecom providers with privacy rights groups that often find themselves at odds on other issues, such as the companies’ use of customer data. Groups ranging from Human Rights Watch and Open Rights Group to the United Nations have voiced objections that the surveillance measures called for would trample privacy rights and have a chilling effect on free speech and free assembly rights.
The bill also created alliances between erstwhile business rivals, with Facebook Inc., Alphabet Inc., Microsoft Corp., Twitter Inc. and Yahoo! Inc. joining forces to submit evidence objecting to the proposed laws. They’re concerned the law would be in conflict with requirements in other countries and add to an increasingly confusing web of privacy and surveillance legislation worldwide.