A new law setting out what powers the UK state will have to monitor communications between citizens has been unveiled. What are the key elements of the Investigatory Powers Bill?
What does this bill do?
The Investigatory Powers Bill aims to completely overhaul the laws governing how the state, police and spies can gather private communications or other forms of data to combat crime, terrorism and other threats to national security and the UK's economic wellbeing.
Both security chiefs and privacy campaigners agree the current rules are completely out of date and last year a massive review of powers by an independent watchdog called for a complete rethink.
How do agencies collect data at the moment?
There are two basic types of information they collect:
- Communications data - this is information about the manner in which a communication has happened, including a record of a phone call or the sending of an email.
- The content of those communications - what the person actually said or sent - such as the conversation of the phone call or words in an email.
Existing law is complicated, buried in different Acts and ambiguous. Very few people outside of the intelligence agencies properly understand it - and most of it was written in the pre-internet era. For instance, the public did not know until the publication of this bill that MI5 not only has permission to scoop up and analyse "bulk data" from the internet - but that permission comes under legislation passed before the invention of the world wide web.
What new powers are being proposed?
Communications firms - such as your broadband or mobile phone providers - will be compelled to hold a year's worth of your communications data. This new information will be details of services, websites and data sources you connect to when you go online and is called your "Internet Connection Record". For instance, it could be your visit to the BBC website from a mobile phone at breakfast and then how you used an online chat service at lunch. It does not include the detail of what you then did within each service. There is no comparable legal duty to retain these records in the rest of Europe, the USA, Canada or Australia - this appears to be a world first.
In simple terms, police say they want to be able to get at these records, going back a year, so that if they get a lead on a suspect, they can establish more about their network or conspiracy.
Under existing law, agencies can already ask firms to start collecting this data - but they can't access historic information because companies don't keep it. Police argue that this means many investigations into crime with an online element go cold because they can't link activity to specific people or devices.
How do these powers compare to those that already exist?
Police or other agencies can already access communications data such as historic phone bills - but there is a ban on them asking firms to hold and hand over information detailing which online services have been used.
What other powers are covered by the bill?
The bill brings together all other investigatory powers which involve intrusion into communications or private lives, including:
- The interception and reading of communications - this can only be carried out if approved in person by the Home Secretary.
- "Interference" with computers - including hacking - to acquire information or for some other investigative reason.
- A legal obligation on companies to assist in these officially sanctioned hacking operations.
- The collection of massive amounts of internet or phone data so that it can be later sifted looking for leads and patterns of criminality.
Does the bill outlaw encryption?
No. The legislation includes an existing power to compel a company in the UK to hand over an encryption key so that scrambled messages can be read - where there is a legal reason for the police or other agencies to access that message. This could include, for example, asking a company to help unscramble chat messages which may reveal where a missing person - or their kidnapper - can be found.
However, this legal duty cannot be imposed on overseas companies, such as Apple, that use a form of encryption which they say they cannot themselves breach.
What safeguards will there be against abuses?
Ministers are proposing a new "investigatory powers commission" led by senior judges.
- They will act as a "double lock" on interception warrants. When a minister signs off an application to monitor communications, the operation won't begin until the commissioners have also agreed. Critics say this is insufficient - but the government says it's an unprecedented level of oversight seen nowhere else in the world.
- The commission will take over inspecting the secret workings of MI5 and other agencies.
- Finally, the IPC will be expected to be public and explain how powers are used.
If the new commission finds a serious error in how powers have been used, the Investigatory Powers Tribunal, a special semi-secret court, could then rule that the targeted individual has the right to know.
While councils can request some communications data, they will be banned from accessing internet connection records. A new offence of unlawfully accessing internet data will be created - and it will also be a crime for someone who works for a communications firm to reveal data has been sought.