Eimi Harris Society, Culture, and Security

The UK Investigatory Powers Bill: Codifying Surveillance

Alongside the on-going Apple v. FBI debate in the United States, the United Kingdom is also having its own privacy versus security debate with the Investigatory Powers Bill, which is seeking to reform current UK surveillance practices. While the bill passed through the House of Commons on Tuesday, March 15, 2016, it has been criticized both domestically and internationally for its failure to protect privacy for UK citizens.

The Investigatory Powers Bill was supposed to reform the UK’s laws regarding electronic surveillance practice, an issue that many people in the UK agreed needed to be updated after the Snowden revelations in 2013. While many were hoping for provisions that would directly protect consumer privacy, the bill that passed through the House of Commons focuses more on codifying current surveillance practices, even those that actually invade privacy.

The Investigatory Powers Bill’s proposals would require that: internet companies collect all users’ data and store it for 12 months, technology companies bypass encryption software, and companies allow government security bodies to ‘bug’ communications technology (like computers and smartphones). While the bill does include regulations on how a government agency could access the data collected, ministers will still be able to easily grant warrants to engage in the surveillance of an individual (with the approval of a judge), while the police will also be able to easily access the data. Considering the nature of these practices, it is not surprising that the Investigatory Bill has been dubbed the ‘snooper’s charter.’

Despite assurances from the bill’s main spokesperson, MP Theresa May, that “privacy is hardwired into the Bill,” there has been domestic backlash to the Investigatory Powers Bill. 200 lawyers in the UK signed a letter stating that the Investigatory Bill was “not fit for [its] purpose” of surveillance regulation and that the bill may violate both the fundamental right to privacy and international standards regarding surveillance. James Blessing, the chair of the UK Internet Service Providers’ Association, agreed, adding “we are a long way from having a bill that is clear and workable.”

Similar concerns have come from the international community. Joseph Cannataci, the first UN Special Rapporteur on the right to privacy, has voiced opposition to the Investigatory Powers Bill, indicating a concern that the UK’s legislation would be a step back from privacy achievements made in Europe so far, such as the European Court of Justice’s judgements on Safe Harbour and a case in Russia challenging the state’s surveillance program.

Given the domestic and international disapproval of the proposed bill, it is surprising that the Investigatory Powers Bill managed to pass through the House of Commons. However, lawmakers in the UK had to acknowledge the symbolic relevance of this bill politically.

Citing their disappointment with the lack of privacy and information security measures written into the bill, the Labour Party vowed to abstain from voting on the bill. Abstaining was not enough to stop the bill from passing in the House of Commons, but the intention was never to completely stop what the bill stands for. As Andy Burnham, leader of the Labour Party and Shadow home secretary, explained, “Britain needs a new law in this area. Outright opposition, which some are proposing tonight, risks sinking this Bill and leaving the interim laws in place.”

Burnham brings up a fascinatingly frustrating reality: we need reform, but reform that completely overrides current surveillance practice will take a very long time. Lawmaking is a laborious project, and implementation/enforcement is equally time-consuming. That is the case with the Investigatory Powers Bill – what small improvements it does make in terms of surveillance access and approval will take time (and money) to be put into practice.

At the same time, it is important to look at the more immediate effect of these policy proposals: norm development. As pointed out above, a lot of what was in the UK’s bill reinforces the UK’s current surveillance tactics. By codifying practices such as data retention and encryption weakening, the UK is saying those practices and its effects are legitimate – that despite the numerous possibilities for privacy infringement they open up, they are okay.

We have to ask ourselves ‘is this okay?’ Before the Snowden revelations many of us could claim ignorance to these sort of policies and were thus justified in expressing anger and betrayal at the government for secret surveillance initiatives (if we felt that way at all). That is not the case today – these surveillance ‘reforms’ and proposals are now debated much more openly than before. So if we know what the government seeks to do with our information and our communications, and we choose not to stop them, can we still protest when the very infringements we fear actually happen?

Keep that in the back of your mind as the Apple v. FBI case unfolds.

Eimi Harris
Eimi Harris is a student working towards her undergraduate degree in International Relations and Economics at the University of Toronto. Her main focus in international affairs is cybersecurity, particularly diplomatic relations and normative development in the cybersphere. On the side, she enjoys watching films and is also working towards her Cinema Studies degree.