from the ALL-ACCESS-PASS dept
The UK's "Snooper's Charter" was already terrible. The draft bill, finally released earlier this month, confirmed the UK government would be mandating encryption backdoors and requiring the retention of citizens' web browsing history. On top of that, the bill confirmed dragnet surveillance by UK agencies was already in place (unbeknownst to its "oversight") and, in fact, is looking to legalize the snooping after the fact.
The Investigatory Powers Act, as can be inferred by its name, would obviously allow any number of intelligence and law enforcement agencies to access the data and communications retained by ISPs. But it's not just GCHQ, M16 and various police forces being granted access to UK internet users' web browsing history. As Joseph Cox at Motherboard points out, it's also several agencies with seemingly no need for additional access to communications data.
On page 210 of the draft Investigatory Powers Bill, a planned piece of UK surveillance legislation that was announced earlier this month, is a table of “relevant public authorities.” These authorities would “have the power to obtain communications data,” according to a briefing paper on the Bill.Despite the parade of child-murdering, drug-dealing, criminal-masterminding horrors that serve as slightly-less-dry interludes to the bill's text, access to "all" retained data will be provided to a long list of mundane regulatory agencies, presumably for the sake of the children.
As you might expect, the list includes various police forces, the Secret Intelligence Service (MI6), the UK's signals intelligence agency GCHQ, and the Ministry of Defence. However, it also includes agencies such as the Department of Health, the Department for Work and Pensions, and the Department for Transport, whose need for such surveillance data is less obviously clear.
Most of these agencies are granted access to all "communications data." The justification for this is laid out in the table starting on page 210 of the pdf, with most of these agencies utilizing Section 46(7)(b) ("for the purpose of preventing or detecting a crime or of preventing disorder").
- Her Majesty’s Revenue and Customs
- Department for Transport
- Department of Enterprise, Trade and Investment in Northern Ireland
- A fire and rescue authority under the Fire and Rescue Services Act 2004
- Food Standards Agency
- Gambling Commission
- Gangmasters Licensing Authority
- Health and Safety Executive
- National Health Service Business Services Authority
- Duty Manager of Ambulance Trust Control Rooms
- Northern Ireland Ambulance Service Health and Social Care Trust
- Northern Ireland Fire and Rescue Service Board
But the bill contains several other justifications for the obtaining of user data, not all of which seem severe enough to warrant special legislation -- like "collecting any tax, duty, levy or other imposition" or "exercising functions relating to financial stability."
Not exactly the terrorist-hunting, child kidnapper-finding wonderbill it's being depicted as -- often in its own pages. Worse, the stuff authorized here is already in place and has already been used. Jim Killock, executive director of the Open Rights Group:
“This is already happening under RIPA—there were around half a million data requests made last year. Many of these were by the police but also by organisations such as Royal Mail, the Department of Work and Pensions, and local authorities.” RIPA, or the Regulation of Investigatory Powers Act 2000, is another controversial piece of UK surveillance legislation.In other words, the new bill is codification redundancy. The UK government is hoping to ensure the snooping it's been doing for years, via a variety of agencies, will be solidly in place for years to come.