Privacy Safeguards Left Out of Proposed UK Surveillance Law

Tracking, hacking and lip service to safeguards: Liberty’s analysis of the UK government's draft Investigatory Powers Bill.
The bill contains extensive new powers to track and hack – but few privacy safeguards.
Liberty launches eight-point Safe and Sound plan for a secure and private Britain.

The UK government recently announced the draft Investigatory Powers Bill, containing sweeping new powers for public bodies to track and hack British people’s communications – while failing to include the most basic privacy safeguards.

'World-leading oversight'?

The bill represents a once-in-a-generation opportunity for parliamentarians to introduce surveillance legislation that keeps British people safe in the digital age, while also protecting their privacy and internet security.

However – despite government claims it would contain “world-leading oversight” – the bill published by the British Home Secretary proposes unprecedented and unnecessary new surveillance powers, while lacking fundamental privacy protections.

  • Despite a growing consensus among experts and cross-party MPs, the bill does not contain powers for substantive judicial approval of surveillance warrants. It instead proposes a highly limited form of judicial review which will – in practice – be a rubber-stamping exercise.
  • The bill proposes a new power for blanket retention of “internet connection records,” covering everything from opening apps and uploading photos to iCloud to visiting websites. The information this can reveal is highly intrusive and, for this reason, suspicion-less compulsory retention of internet connections is not allowed in any other EU or Commonwealth countries, nor comparable democracies like the US and Canada. Australia recently prohibited it in law.
  • It seeks to create powers to hack into our devices and networks, extending these to all police forces, and places new obligations on communication service providers to assist with hacking warrants. Hacking is the most intrusive form of surveillance imaginable. It can do unlimited damage to the security of devices and networks and make people vulnerable to abuse by third parties and criminal networks.
  • Far from attempting to create a more targeted and effective system, the bill places the broad mass surveillance powers revealed by Edward Snowden on a statutory footing, including mass interception, mass acquisition of communications data, mass hacking and retention of databases on huge swathes of the population. (Liberty is currently challenging mass, speculative surveillance at the European Court of Human Rights.)

'Breath-taking attack on security'

"After all the talk of climbdowns and safeguards, this long-awaited bill constitutes a breath-taking attack on the internet security of every man, woman and child in our country," said Shami Chakrabarti, the director of Liberty. "We must now look to Parliament to step in where ministers have failed and strike a better balance between privacy and surveillance."

Protecting security, defending privacy

Liberty has published an eight-point plan detailing clear safeguards to ensure necessary, proportionate and accountable surveillance and defend privacy, and will urge parliamentarians to push for their inclusion in the bill. These are:

  1. Prior judicial authorization of all surveillance requests.
  2. No blanket powers forcing communications companies to store more personal data.
  3. Surveillance conducted for tightly defined reasons such as the investigation of serious crime and preventing loss of life, with requests and warrants targeting individuals on the basis of suspicion in criminal activity.
  4. Improved redress and increased transparency for those who have been under unlawful surveillance or are no longer under suspicion.
  5. Use of intercept evidence in court to bring perpetrators to justice.
  6. Data-sharing arrangements between UK and other countries made public and set out in law.
  7. Legislative protection against the breaking of our country’s encryption standards.
  8. Recognition of the unique threat posed by hacking to British people’s security.