The UK has finally released the first draft of its controversial Investigatory Powers Bill, a massive document that attempts to update and clarify what rights authorities have to access public data in the interest of combating crime.
The document’s main goal is to make the argument that since authorities already have the right to access information regarding that private phone calls people have made, it follows suit for them to also have the right to find out what websites and chat apps people use.
They wouldn’t be able to see exactly what content was being made at whatever web addresses, but they would know what websites a person visited and at what time. For example, they could know if a person visited Instagram or Facebook, but not which specific web pages the person viewed or whether or not that person sent a message or left a comment.
They would access this information via network providers. The bill would require provider to maintain connection records for a year and then wipe those records clean immediately after a year has passed. Providers would need to create a log of IP addresses so that they can track and organize which devices participate in what activity.
Service providers aren’t crazy about the idea. Adrian Kennard, director of Bracknell-based internet provider Andrews & Arnold, had this to say:
“It is going to be costly and require a lot of equipment, but the big issue is that this is mass surveillance of the public.”
A warrant would remain necessary in the case of authorities wanting more specific browser history, such as which Facebook pages were looked at. Law enforcement officials would also be restricted in terms of determining whether someone had visited a medical website or mental health website. Even information about what news someone gets would necessitate a warrant.
“They would only be able to make a request for the purpose of determining whether someone had for example accessed a communications website, an illegal website or to resolve an IP address where it is necessary and proportionate to do so in the course of a specific investigation,” explained Home Secretary Theresa May.
Privacy-advocates take issue with the bill for a number of reasons. Not only are they disturbed by the push for such large-scale public surveillance by the government, but they’re afraid of the information being stored in the first place.
The bill would create files where data is stored regarding the pornography sites a person might visit, for example. Other examples of potentially sensitive browser history includes pirated media websites or political and religious sites.
If the information is being stored somewhere by service providers, realistically more than the government could potentially access it. Cryberattacks are on the rise, and cybercriminals tend to enjoy releasing private information to the embarrassment of their victims.
Take the hack on Ashley Madison for example. Hackers stole information regarding members of the adultery-enabling dating website and threatened to release it if the website didn’t shut down completely. Ashley Madison didn’t comply, and the emails and personal information of its users were eventually released publically.
Most hacks aren’t so ethics-based, so just storing such sensitive information could put even honorable people at risk.