Fears Over ‘Mass Surveillance’ With Bill Changes

Industry group techUK along with a wide range of think tanks, academics and civil liberties groups have expressed “grave concerns” about proposed amendments to the Investigatory Powers Act, which has been called a “snooper’s charter”.

They said the changes, due for debate in Parliament on Monday, risk opening the way for generalised, mass surveillance and are not being given sufficient scrutiny.

The criticisms follow Apple’s warning in January that the changes could effectively give government a “secret veto” on updates to security technology by requiring tech firms to give advance notice of updates.

The government responded to techUK’s remarks by saying it “does not recognise” the organisations claims.

‘Targeted changes’

“The Investigatory Powers (Amendment) Bill will make urgent, targeted changes to reflect the reality of modern threats to national security whilst utilising the necessary tools to keep the public safe, underpinned by world-leading safeguards and oversight,” a government spokesperson said.

The bill has been independently reviewed and will be “subject to robust debate”, the person said.

Under the 2016 Investigatory Powers Act internet service providers can be required to keep records of users’ internet connection records (ICR) for a period of 12 months.

The proposed amendments would change the way “less sensitive data” such as ICRs are handled, and would change the bulk personal dataset regime in order to ensure UK intelligence agencies “can more effectively make use” of such data.

Mass surveillance

The techUK-led joint statement said there were serious concerns that this would expressly permit the harvesting and processing of internet connection records for generalised, mass surveillance.

The changes could also weaken safeguards around the use of bulk datasets of personal information, potentially enabling the harvesting of millions of facial images and social media data, the statement said.

Other concerns include that the changes could expand the range of politicians who can authorise the surveillance of parliamentarians; could impede companies’ ability to innovate and advance the data protection, data security, and data minimisation efforts expected by users, governments and regulators globally; and could restrict the use of security-enhancing technologies, resulting in increased government intrusion into citizen confidentiality and privacy.

The statement’s signatories warned the changes could introduce systemic vulnerabilities, and could make the UK the weak link in the chain of global online security, so that in turn UK-developed products and services could become less appealing.

‘Rigorous scrutiny’

The signatories include the Computer and Communications Industry Association, the Information Technology and Innovation Foundation and the Internet Society as well as human rights groups such as Liberty and Privacy International.

“We continue reiterating the critical need for rigorous scrutiny, to ensure all concerns are addressed, as is appropriate for a Bill with such significant impacts,” the statement says.