HomepageCommercial LawPrivate LawPublic Law & Human RightsCriminal LawEU & International LawCareers

Accessibility

Have Irlen Syndrome, or need different contrast? Click the button below for options.

Background Colours

Subscribe

Enter you email address below to subscribe to free customisable article notifications.

Alternatively, click the button below for our various RSS Feeds (available journal wide, or per section).

Is Mass Surveillance Safer in the Hands of Parliament?

Article Cover Image

About The Author

Rebecca Von Blumenthal (Former Regular Writer)

Rebecca graduated from King's College London in July 2014 with a 2.1 LLB with European Legal Studies. Rebecca has a deep-rooted interest in human rights, criminal law, public law and clinical negligence. Her desire to scrutinise and proliferate accurate information concerning these topics has lead her to pursue a career combining writing with law reform on a practical and significant level.

The Government has now published the draft Investigatory Powers Bill that it hopes to see through Parliament by December 2016. If it becomes law, the Bill will replace much, but not all, of the Regulation of Investigatory Powers Act 2000 (RIPA), as well as the Data Retention and Investigatory Powers Act 2014.

The Bill aims to provide a comprehensive overhaul of Britain’s fragmented surveillance laws, which currently are opaque and lacking in effective safeguards against abuse. It proposes to give certain powers of the intelligence and security services a (new) legal basis in statute – it will not extend those powers, rather it will put them into the light.

It is also the Government’s response to the Edward Snowden revelations of the scale of secret mass surveillance of the global traffic in confidential personal data carried out by Britain’s GCHQ and the US’s National Security Agency (NSA).  The scope of the effectiveness of these powers is covered in a previous two-part Keep Calm Talk Law article; the first covering the NSA and the second the GCHQ.  

The Bill explicitly includes in statute for the first time powers for the bulk collection of communications and other personal data by MI5, GCHQ, MI6 and for their use of ‘equipment interference powers’ – the ability to hack computers and phones around the world – for purposes of national security, serious crime and economic well-being (so far as such interests are relevant to national security).

The Snowden revelations raised a number of serious questions about such Governmental mass surveillance, which the Bill attempts to resolve. It again emphasises the requirement for a balance to be drawn between the urgent need of the intelligence agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression.

However, three different parliamentary committee reports – passing 200 recommendations between them - claim the Bill is flawed, unclear and needs a serious rewrite. With such fundamental freedoms at stake, it is necessary to make the information contained in the lengthy and rather inaccessible Bill and reports understandable, particularly as to how it affects our privacy and future technological landscape.

What does the new Bill contain?

The Bill includes provisions on each of the key capabilities available to the intelligence agencies and others: communications data; interception; and equipment interference.

There is too much in the Bill to cover in its entirety here, however there are two key aspects that continuously resurface in professional and media debate. These include the reintroduction of the mass collection of large volumes of personal communications data (internet connection records- ICRs) and the judicial authorisation of warrants.

Three damning judgements

Throughout February this year, three parliamentary committees published reports on a draft of the Bill that landed with a heavy hand. Each had a strong tone of criticism of both the powers proposed and the way they are set out.   

The first report of the Science and Technology Committee criticises the lack of clarity in the Bill regarding the nature of ICRs, making businesses particularly vulnerable to confusion and skirting defining technical terms. The second report came from the Intelligence and Security Committee. At only 13 pages long, the Bill is described as a ‘missed opportunity to provide the clarity and assurance which is badly needed.’ Similarly, it claims that the provisions in relation to three of the key agency capabilities – including communications data – are too broad, lack sufficient clarity, are inconsistent and largely incomprehensible. This becomes evident upon a reading of the Bill, which uses terms that are intelligible to all but a tiny band of experts. The old approach, namely to be so obscure in order to block any public understanding of the agencies “techniques,” seems to be happening all over again. Fundamental aspects of it, such as defining what an ICR should constitute, are not properly covered.

Finally, the third report by the Joint Committee, gave a lengthy 86 recommendations. The criticism in this report is more measured, however very much the same: ‘[t]he Committee can see the desirability of ICRs, but has not been persuaded that enough work has been done to conclusively prove the case for them.’

The underlying message that emanates from the reports is one of deep concern of the ever increasing likelihood that it may not be possible to fix the Bill by the end of 2016. All three call on the government to address criticisms, specifically voicing concern over the technicalities of the Bill, namely that ‘more effort should be made to reflect not only the policy aims but also the practical realities of how the internet works on a technical level.’  

If the criticism is taken into account and substantial changes are made to the draft Bill, it will undoubtedly leave us in a better situation than we are now, far removed from the likes of RIPA, which gives widespread uncodified powers in ways that were never intended. Security can be improved and privacy can be better protected. However, the task for the Home Office seems almost unfeasible for the time span that they have (it aims to receive the royal assent by the end of 2016), and it begs the question as to how it will be achieved adequately.  

All three independent reports are unanimous that new legislation is necessary. However, opinion will remain divided as to whether they should exist at all.

Surveillance of internet activity

There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.

The Home Secretary Theresa May, speaking in November 2015 on the draft Bill’s first introduction, immediately established a stance that suggested the new draft bill would provide world-leading oversight to a regime that provides more transparency and stringent safeguards than anywhere else in the world. Her confidence is inspired by the promise that the draft Bill will have more limited powers than the failed draft Communications Data Bill 2012 (the ‘Snooper’s Charter’) that caused a torrent of concern.

The controversial web monitoring proposals in the draft bill (that also came in the firing line in the 2012 Snooper’s Charter) require internet and phone companies to keep records of every citizen’s web and mobile phone use, including social networking sites, and store them for 12 months. The collection of these ICRs is justified by claiming that in the face of changing methods of communication, the Bill merely seeks to ensure that there are no “no go” areas of the internet for law enforcement. May claims that they are ‘simply the modern equivalent of an itemised phone bill.’

Although the records would not contain the content of a person’s internet browsing history, they would contain information on the site that has been visited and in the case of communication sites, the identity of the sender and recipient of a message, time of sending, billing address and potentially the geographical location (page 287 of the Bill). For example, it would trace that a person had visited the BBC website, but not the articles that were read. While far less intrusive than extensive data collection on browsing history, the website address, such as addiction support groups, can prove to be sensitive information in itself. Furthermore, with the collection of such a large amount of data, it is reasonable to conclude that the risk of leak is greater; far more employees will be privy to the information.

The ‘double-lock’ proposal

Interception, one of the most acute powers in the draft Bill, is described by the Home Office as ‘the making available of the content of a communication – such as a telephone call, email or social media message – in the course of its transmission or while stored on a telecommunications system.’

Section 14 of the draft Bill sets out the Secretary of State’s power to issue interception warrants. Authorisation is obtained from the Secretary of State where she considers that it is necessary and proportionate to do so, where general safeguards exist, and where (save in urgent cases) there has been approval by a Judicial Commissioner.

The Bill states that there will be seven Judicial Commissioners, all of whom will have served as high court or appeal judges, headed by a high-profile and Investigatory Powers Commissioner (IPC) with an ‘active media and online presence’ so that he or she is ‘quickly established as an authoritative source of advice and information.’

The need for warrants to be approved by Judicial Commissioners as well as ministers – referred to by Theresa May as a “double-lock” – claims to: put more effective safeguards on the authorisation of the most intrusive investigatory powers; increase democratic accountability, through the Secretary of State; ensure our intelligence agencies operate in the interests of the citizens of this country; and, provide public reassurance of independent, judicial authorisation.

The double-lock is lauded as a huge step forward for surveillance laws: it’s the first time in more than 300 years that judicial involvement can hinder the issue of an interception warrant. Such an approach has been recommended for some time, most notably by the Anderson Report  (which argues that judges, not politicians, should be in charge of signing interception warrants) and the Royal United Service Institute Report, which recommends a model similar to the hybrid model that the government has chosen.

However, on closer analysis, the promise of the judicial oversight safeguard appears to lack proper substance and may instead operate as a rubber stamp. Although May claims that it will be for the Judicial Commissioner to decide whether the warrant is necessary and proportionate, section 19(2) of the Bill tells the Judicial Commissioners that they have to make decisions based on judicial review principles, not on the basis of the evidence.

This is not quite the protection it was represented as; their role is to review a decision already taken and not to take the decision in the first place. The Judicial Commissioner must consider the warrant’s necessity, and its proportionality, and must apply the same principles as on an application for judicial review. Traditionally, as stated by Lord Diplock in the GCHQ case, there are three grounds for judicial review: illegality, irrationality and procedural impropriety.

Rather than the Judicial Commissioner checking the evidence, they will in fact be checking that the correct procedure has been followed. This twist - to review rather than decide - is crucial. For example, if a Judicial Commissioner were to rely on the ground of irrationality, the Home Secretary would have to behave in an extraordinary manner not to get his or her warrant approved. Yet there is likely to be considerable deference shown to the Home Secretary’s judgement in the fields of national security - the Secretary of State has greater institutional competence in the form of the collective knowledge - which means that the Secretary of State would retain significant autonomy in authorising warrants. A Judicial Commissioner may be reluctant to overturn a decision already taken, which raises the question as to which principles of judicial review would realistically apply.

A balancing Act

On speaking of the justification for mass surveillance laws, the same rhetoric is repeated; it is clear that Britain needs to introduce legislation which responds to the threats it faces in the digital age, protects both the privacy and security of the public, and provides world-leading oversight and safeguards. It was reported that in 2015 alone British intelligence services have foiled seven terror attacks.

It is convincing, particularly after years of hyperbolic claims made over the level of the threat facing Britain. Undoubtedly, a level of threat is experienced by the UK at any one time but it is simply unquantifiable for a citizen to measure that threat with no privileged knowledge. Yet it does no harm to approach this impeding threat with caution.

Collecting information on every internet user’s activity for the next 12 months imposes a significant burden for communication service providers (CSPs), who will be drawing a tentative line between managing the Bill’s requirements and conflicting data protection and privacy law.

The risk to the citizen is profound. We are assured that the content of our browsing will not be accessed, but the remaining aspects of our daily communications that are made available will still enable the state to build an intricate and intimate picture of our digital life. With ever increasing relationships being built online, this poses a huge risk that jeopardises our personal freedom and fundamental right to privacy.

Police and security services have disregarded oversight in the past and have outright abused its mass surveillance activities. With such little verification and concealed behaviour, it comes as no surprise that public trust has been lost. There should be no dispute over the need to maintain national security, but it seems dubious that this should equate to recording, storing and sharing every Briton’s phone call, email and website activity with the security services, the police and public officials. The scales are not tipped in favour of our privacy.

Conclusion

It is laudable that the draft Bill finally puts Parliament in charge and power out of the security service’s hands. For the first time, a Bill exists that sets out, for public and political debate, the totality of the investigatory powers used or aspired to by police and intelligence agencies.

While writing this article, further amendments had been made to the Bill, which technically is no longer a Bill, rather a draft Act. It has reached its final stages and now it is for Parliament to decide in an extraordinarily short time scale. Almost all substantive criticisms were rejected and police powers were extended. In response to the minimal amendments, a number of MPs, academics and professionals have signed an open letter calling for a longer consultation period. 

The real issue is whether licensed and legal access to records by the state is really the answer to a more secure state. Digital data storage is notoriously prone to breaking down and leaking: NHS patient data, police crime data and British Gas are just some examples of serious cases of leaked sensitive data, either by disloyal staff or hackers. If the government can hack citizen’s records, the floor is opened to even more mass invasions of private data; suddenly thousands more people are privy to other people’s secrets. And with developing technology comes an increasing use of the “dark web” and creativity by hackers. Rather than attempting to future-proof the powers, Parliament should be taking greater care to strike the right privacy/intrusion balance.

The idea that more surveillance equates to more security is tenuous, particularly in a borderless online world. There must be surveillance to some extent, and the Bill has taken on some of the excellent recommendations from previous reviews, but the regime will only work with truly rigorous oversight that goes beyond the questionably effective double-lock. Above all, it must be conducted fully in the eyes of the public.

For the latest articles straight to your inbox, you can subscribe for free. Alternatively, follow @KeepCalmTalkLaw on Twitter or Like us on Facebook.

Tagged: Anti-Terror, Human Rights, Privacy Law

Comment / Show Comments (0)

You May Also Be Interested In...

Dead on Arrival: The Investigatory Powers Act 2016

29th Sep 2017 by Alexios Ektor Koursopoulos

On Her Majesty’s Secret Service: UK mass-surveillance

27th Jul 2015 by Rowan Clapp

For your eyes only: Down the rabbit-hole of mass-surveillance - USA

3rd Jul 2015 by Rowan Clapp

Statelessness is Not a Solution to Extremism

9th Mar 2015 by Samuel Cuthbert

Our Liberties in Anti-Terror Law

5th Jan 2015 by Francesca Norris

From DRIP to an ocean of trouble for the UK Legislature

6th Aug 2014 by Thomas Horton

Section Pick June

Heathrow Expansion: A Potential Developmental Delusion

Editors' Pick Image

View More

KCTL News

Changing of the Guard: Moving Keep Calm Talk Law Forward

12th Aug 2018

An Anniversary or Two: Four Years of Keep Calm Talk Law

11th Nov 2017

Rising from the Ashes: The Return of Keep Calm Talk Law

18th Nov 2016

Two Years On, Keep Calm Talk Law’s Legacy is Expanding

11th Nov 2015

Keep Calm Talk Law's First Birthday

11th Nov 2014

Twitter

Javascript must be enabled for the Twitter plugin to function. Click below to visit us on Twitter.

Free Email Subscription

Subscribe to Keep Calm Talk Law for email updates, and/or weekly roundups. You can tailor your subscription on activation. Both fields are required.

Your occupation / Career stage is used to tailor your subscription and for readership monitoring.

Uncheck this box if you do not want to receive our monthly newsletter.

By clicking the Subscribe button, you agree to our privacy policy and terms of service. Please ensure you read these in full.

Free Subscription