This week parliament quietly passed the Investigatory Powers Act 2016 (a.k.a. the Snooper’s Charter).
It’s been described as the most intrusive system of any democracy in history and a privacy disaster waiting to happen. It is a bill giving the UK intelligence agencies and police the most sweeping surveillance powers in the western world & has passed into law with barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside.
The Act makes broad provisions to track what you do online. Amongst a raft of new surveillance and hacking powers, it introduces the concept of an internet connection record… a log of which internet services – such as websites and instant messaging apps – you have accessed. Your internet provider must keep these logs in bulk and hand them over to the government on request, whether you want them to or not.
So long right to privacy……
This is a truly appalling development, but all is not quite lost: there are still legal actions pending against the UK’s mass surveillance powers, and you can visit Don’t Spy on Us to find out more.
The Bill will affect
- Our right to privacyOur communications, Internet use and personal data will be collected, stored and analysed, even if we are not under suspicion of a crime.
- Our right to freedom of expressionFreedom of expression relies on the freedom to explore and express ideas without the threat of arbitrary, unnecessary, and disproportionate interference. The IP Bill will have a chilling effect on our freedom to share and discuss.
- Investigative journalismThe Bill lacks sufficient guarantees for the protection of journalists and their sources. It also fails to require authorities to notify journalists before hacking into their devices.
- The security of the InternetBulk hacking powers could undermine the security of the Internet for everyone.
- Intelligence sharingThe Bill fails to restrain the sharing of data and integration of technology between the UK and US.
In the meantime, read on to find out who exactly will be able to see what you’ve been up to online.
Who can view my stuff?
A list of who will have the power to access your internet connection records is set out in Schedule 4 of the Act. It’s longer than you might imagine:
- Metropolitan police force
- City of London police force
- Police forces maintained under section 2 of the Police Act 1996
- Police Service of Scotland
- Police Service of Northern Ireland
- British Transport Police
- Ministry of Defence Police
- Royal Navy Police
- Royal Military Police
- Royal Air Force Police
- Security Service
- Secret Intelligence Service
- Ministry of Defence
- Department of Health
- Home Office
- Ministry of Justice
- National Crime Agency
- HM Revenue & Customs
- Department for Transport
- Department for Work and Pensions
- NHS trusts and foundation trusts in England that provide ambulance services
- Common Services Agency for the Scottish Health Service
- Competition and Markets Authority
- Criminal Cases Review Commission
- Department for Communities in Northern Ireland
- Department for the Economy in Northern Ireland
- Department of Justice in Northern Ireland
- Financial Conduct Authority
- Fire and rescue authorities under the Fire and Rescue Services Act 2004
- Food Standards Agency
- Food Standards Scotland
- Gambling Commission
- Gangmasters and Labour Abuse Authority
- Health and Safety Executive
- Independent Police Complaints Commissioner
- Information Commissioner
- NHS Business Services Authority
- Northern Ireland Ambulance Service Health and Social Care Trust
- Northern Ireland Fire and Rescue Service Board
- Northern Ireland Health and Social Care Regional Business Services Organisation
- Office of Communications
- Office of the Police Ombudsman for Northern Ireland
- Police Investigations and Review Commissioner
- Scottish Ambulance Service Board
- Scottish Criminal Cases Review Commission
- Serious Fraud Office
- Welsh Ambulance Services National Health Service Trust
Who else can view my stuff?
Bulk surveillance of the population and dozens of public authorities with the power to access your internet connection records is a grim turn of events for a democracy like ours.
Unfortunately, bulk collection and storage will also create an irresistible target for malicious actors, massively increasing the risk that your personal data will end up in the hands of:
- People able to hack / infiltrate your ISP
- People able to hack / infiltrate your Wi-Fi hotspot provider
- People able to hack / infiltrate your mobile network operator
- People able to hack / infiltrate a government department or agency
- People able to hack / infiltrate the government’s new multi-database request filter
We’d bet none of these people have your best interest’s at heart!
Sadly, if the events of the past few years are anything to go by, it won’t take long for one or more of these organisations to suffer a security breach. Assuming, of course, that the powers that be manage not to just lose all of our personal data in the post, or on a train..
Read more about the Investigatory Powers Act is a privacy disaster waiting to happen here.
We would always recommend the use of a VPN to guarantee you’re online traffic remains 100% Private.