The Investigatory Powers Act 2016, dubbed the “Snoopers Charter” received Royal Assent on 29 November 2016 following extensive scrutiny from a joint committee. The controversial Act provides a framework to govern existing law enforcement, security and intelligence agency surveillance powers. The Act also changes how these powers are authorised and managed and aims to introduce safeguards and strengthen privacy protection.
The legislation has been labelled as the biggest reform of British surveillance in decades, with Amber Rudd, the Home Secretary, stating that it is ‘World leading legislation’. The legislation has been largely criticised by many, including the human rights group Liberty who have successfully challenged the Act and been given permission by the High Court to have the Act reviewed by way of Judicial Review. A petition was also launched which received over 200,000 signatures demanding that the Act be repealed. But what is making everyone so nervous?
Primarily, the powers of surveillance and interception of the general public’s communications data is making people uneasy. The Act gives the Secretary of State the power, with approval of a Judicial Commissioner, to require telecommunications operators to install specified technical facilities in their systems. These facilities ensure that if the operator subsequently receives an interception warrant, it can comply. Telecommunications operators are widely defined in the Act to include not only telecoms companies and internet service providers, but also web e-mail, social media platforms, cloud hosts, and over-the-top communications providers like WhatsApp and Skype.
The Act provides a non-exhaustive list of obligations on operators, including the removal of electronic protection – interpreted to mean the ability to decrypt data. Although it is stated that the Act can only ask providers to remove encryption that they have applied themselves and where it is practicable to do so, without any clarification on ‘reasonably practicable’ how far this will reach is yet to be seen.
Data encryption has increasingly been in the public eye in the wake of recent terror attacks that have taken place across the UK and the rest of the world. Concerns are growing over how technology is being used to facilitate communications between terrorists and criminal organisations. This was highlighted in the Westminster Bridge attack in London where a WhatsApp message was sent by the attacker two minutes before the attack occurred. Security agencies wanted to retrieve the message to establish any links to terrorists groups, however WhatsApp currently has end-to-end encryption on its messages and as such these messages cannot be accessed by WhatsApp or any third parties. This prompted the Home Secretary to state that end-to-end encryption is ‘completely unacceptable’ and that access to this data is needed to successfully fight terrorism. However, by allowing a way in to encrypted data, this would create a ‘back door’ that could enable hackers to also access the data which is exactly what the tech giants are looking to prevent and reassure the public will not happen. So, what is the answer?
In an effort to bolster confidence in the efforts being taken, the world’s most powerful technology companies including Facebook, Microsoft, Twitter and YouTube formed the Global Internet Forum to Counter Terrorism in June. These tech giants have all been under increased scrutiny for providing platforms that have the potential to facilitate criminal and terrorist activity. The companies will join forces over several meetings, the first of which took place on the 1 August 2017 in Silicon Valley, to drive collaboration and share best practices about tackling online terrorist content. The Forum will also host several workshops in partnership with the Counter-Terrorism Committee Executive Directorate and the ICT4Peace Foundation.
As national security and data privacy priorities continue to collide, it appears that the major tech companies are taking a more proactive role in demonstrating their commitment to support national security policy in order to appease governments and avoid unwanted intervention.