UK ministers want to extend the Investigatory Powers Act, better known as the Snooper’s Charter, even further, according to draft legislation that would gift phone-hacking and web-history combing capabilities to five new public bodies, in addition to the more than 50 that already have access to the sprawling surveillance powers.
The bodies poised to receive new comms-hacking powers are a motley crew consisting of the Pensions Regulator, the Civil Nuclear Constabulary (the armed police force in charge of protecting civil nuclear sites), the Environment Agency, the Insolvency Service, and the UK National Authority for Counter Eavesdropping (UKNACE) – an anti-espionage service that can’t stick to its own principles.
The IPA dictates that internet and phone companies store everyone’s web browsing histories for a year and give the police, security services and official agencies access to the data. In addition, it allows authorities to hack into computers and phones and to gather bulk communications data. Edward Snowden called the law the “most extreme surveillance in the history of Western democracy”.
The draft legislation says that the new snooping powers need to be handed over because these bodies are “increasingly unable to rely on local police forces to investigate crimes on their behalf”. Rather than strengthening the resources of local police forces, mass surveillance has been deemed the most appropriate solution. “Well, it’s cheaper,” points out Lilian Edwards, professor of Law, Innovation & Society at Newcastle Law School.
Those that already have access to data under the Investigatory Powers Act include intelligence agencies, law enforcement, HMRC, and bodies with statutory duties to investigate crimes such as the Department for Health, the Home Office, DWP, Food Standards Agency and the Gambling Commission.
With regards to the new additions, the memo reads that the Civil Nuclear Constabulary “does not expect to make large numbers of communications data requests” but that “it requires powers to investigate threats to the most sensitive nuclear sites in the UK”.
The rationale for including the Environment Agency, is that “They are responsible for investigating over 400 different types of offence, which result in over 40,000 suspected offences each year”, according to the memo. This is something that Michael Gove made the case for in his role as the Secretary of State for the Environment in June 2018, concluding an independent review into waste crime with “the Home Office should provide regulations under Part 3 of the Investigatory Powers Act 2016 to allow the Agency to acquire communications data to tackle serious and organised waste crime”.
According to the memo, the Insolvency Service, a body that investigates fraudulent trading by company directors and cases involving breaches of company director disqualification orders, “assess that by acquiring communications data and being able to attribute subscribers to telephone numbers and analyse itemised billings, significant weight will be added to evidence that can be gathered”.
In the case of UKNACE, the memo reads that the body “detects hostile technical espionage activities and eavesdropping activity against UK assets in UK government buildings, secure environments, embassies and other UK controlled overseas environments that process sensitive material”. Obviously, the only way to do this is to eavesdrop in turn.
The Pensions Regulator requires these new powers because it has “become responsible for enforcement of employer automatic enrolment duties”, a role in which the body has seen it “putting more emphasis on prosecution as a means of securing compliance and punishing wrongdoing”, according to the memo.
A Home Office spokesperson told the Guardian: “To protect national security and investigate serious crimes, law enforcement and relevant public authorities need the ability to acquire communications data.
“These powers are only used where it is absolutely necessary and proportionate and are independently authorised by the Office for Communications Data Authorisations, except in urgent or national security cases.”
“This is a deeply inappropriate moment to add organisations to those authorised to request detail and intrusive communications data,” says Jim Killock, director of Open Rights Group. “The government should also clarify how long it will be for the Office for Communications Data Authorisations to be fully operational. We welcome its hard-won role in providing independent authorisation as a result of legal action we took in the European courts. The government has yet to implement other safeguards, particularly limits on what is retained, and notification of people whose data is accessed.”
At present, the Investigatory Powers Commission is responsible for monitoring how the law is used in practice. A 2018 report found all to be well, with the Investigatory Powers Commissioner Sir Brian Leveson saying: “Overall, investigatory powers are used responsibly within the UK.” This is despite the fact that the law had to be adapted during that year because it didn’t restrict the public authorities’ access to retained communications data solely for the purpose of fighting serious crime – something that was found to be illegal.
Beyond the pervasive surveillance of citizens, the newly proposed additions to the IPA may also pose the problem of data. Edwards points out that if public bodies are instructed to police crime independently through surveillance means that could result in “the lack of complete data as to how much of it is going on”. “That’s the problem with bypassing the conventional means of enforcement,” she says.
Before the proposed legislation becomes law, it will have to pass through both Houses of Parliament.
The post UK government plans to grant phone-hacking powers to the Pensions Regulator (and others) appeared first on NS Tech.