What is snooper’s charter law
Everything you need to know about the most interesting new technology trends and events.
What is it? The Snooper’s Charter is a new law that allows a host of government bodies and lawenforcement agencies to request access to our online data. It is formally known as the Investigatory Powers Act 2016 (bit.ly/ipa413) and was passed in November following a prolonged and highly controversial parliamentary battle. The Act represents the biggest change to the UK’s surveillance powers in more than 10 years.
What does the new law do?
Internet service providers and telephone companies now have to keep a full record of every site you visit and phone call you make for a period of 12 months. They will be forced to make this data available to any authorised organisation that puts in a request and will also be obliged to decrypt the data if need be. On top of that, the security services and police will be able to hack phones and computers to collect their own communications data.
Whose idea was this?
The law was first put forward in 2012 by Theresa May when she was Home Secretary and has been seen through by her successor, Amber Rudd. The claim is that by replacing the Regulation of Investigatory Powers Act, the law will make us safer by allowing the authorities to catch wrongdoers. In particular, Rudd says GCHQ and law enforcers will be better able to tackle the “new opportunities” that the internet has created for terrorists.
But who can access this data?
Aside from GCHQ, 47 other organisations and departments can potentially access your browsing records, including the military, the taxman, the Gambling Commission, the NHS and even the Food Standards Agency (see the box on the opposite page for the full list). Opponents of the law have questioned why many of the departments need to see this data. The government has promised to keep the list under review.
So basically anyone can access my data? No. Schedule 4 of the Act lists the minimum office or rank of the people authorised to make a request from each department. Only higher or senior officers in HMRC, for instance, or someone on or above the level of inspector or superintendent in the police, will be able to request data. A warrant is required if the security services wish to bug computers and phones, though. This will need to be authorised by ministers and then go before the Investigatory Powers Commissioner and a panel of judges who have the power of veto.
Why do they want this information? According to the government, requests for data can help locate a missing person. Call records may establish a link between suspect and victim, while online information could be used to track paedophiles and fraudsters. Other examples given by proponents of the law suggest digital records can support or disprove alibis or be used to tie suspects to crime scenes. Inevitably, supporters say that if you’ve done nothing wrong then you have nothing to fear, but there are still many privacy concerns.
It does sound scary. What can be viewed? Records kept by ISPs will detail the websites and instant-messaging apps you visit and use. Clearing the cache or your browser history won’t make any difference because this data is held remotely. However, the logs won’t reveal specific pages – such as an article about terrorism or The authorities won’t know which incriminating videos you’ve watched a video featuring DIY disasters – only that you visited BBC News and YouTube.
What do the critics say? The privacy website Don’t Spy On Us (www.dontspyonus.org.uk) points out that ISPs and telephone companies will be collecting our information regardless of whether we are a criminal suspect or not. It also says hacking undermines our security. The Open Rights Group, Liberty and Privacy International all say the law is intrusive and oppose “mass surveillance”. Big Brother Watch (www.bigbrotherwatch .org.uk) points out that companies with more than 10,000 users can be asked to build “back doors” into their system, so that data can be analysed.
Is it too late to stop the Act? Not necessarily. An official petition calling for the law to be repealed (bit.ly/ petition413) has been signed by close to 154,000 people at the time of going to press, which means that Parliament must consider debating it. In truth, the likelihood of a repeal (given the Bill went through on the third time of asking) is very slim. In fact, the government has responded by saying, “the Bill was subject to unprecedented scrutiny prior to and during its passage.” For them, it’s done and dusted.
Were there any amendments to the Bill, though? Yes. Since we looked at the Snooper’s Charter in Issue 385 (bit.ly/webuser385), more than 1,700 amendments to the Bill have been tabled and debated in Parliament. The scope for equipment interference was widened, for instance, so that it wasn’t solely about preventing and detecting serious crime but also any cases where death or damage to health was at stake. A serious crime was also defined as one that carries a minimum penalty of a six-month custodial sentence.
But what if the law is misused? There is always a risk that the new powers could be wrongly exploited but the Act threatens “tough sanctions” for those who do and it has made misuse a criminal offence. Yet James Blessing, the chairman of the Internet Service Providers’ Association, told the BBC: “It only takes one bad actor to go in there and get the entire database.” He worries “mistakes will happen”. There is also concern about bulk hacking – where large numbers of devices in a specified location are targeted – which could result in the harvesting of innocent people’s data, such as NHS health records.
Can I get around all of this? You can. If you sign up to a Virtual Private Network (VPN), your ISP will only know that you have visited a proxy server and it won’t see any websites you open. Since the law only obliges ISPs to hand over data, anything you view from that point is encrypted and hidden within the VPN. NordVPN (nordvpn.com) says it has already seen a significant rise in people signing up. See our main cover feature on page 38 for more about deleting your personal info from the web.
So is all of this in place now? The Act was given Royal Assent on 29 November, which means the powers are now in effect and ISPs are already retaining records. That said, the government believes some of the powers need to be tested and that this may not happen for a while.
WHO CAN POTENTIALLY SEE MY DETAILS?
■ The Metropolitan Police Service
■ City of London Police
■ Police forces maintained under section 2 of the Police Act 1996
■ Police Service of Scotland
■ Police Service of Northern Ireland
■ British Transport Police
■ Ministry of Defence Police
■ Royal Navy Police
■ Royal Military Police
■ Royal Air Force Police
■ Security Service
■ Secret Intelligence Service
■ Ministry of Defence
■ Department of Health
■ Home Office
■ Ministry of Justice
■ National Crime Agency
■ HM Revenue & Customs
■ Department for Transport
■ Department for Work and Pensions
■ NHS trusts and foundation trusts in England that provide ambulance services
■ Common Services Agency for the Scottish Health Service
■ Competition and Markets Authority
■ Criminal Cases Review Commission
■ Department for Communities in Northern Ireland
■ Department for the Economy in Northern Ireland
■ Department of Justice in Northern Ireland
■ Financial Conduct Authority
■ Fire and rescue authorities under the Fire and Rescue Services Act 2004
■ Food Standards Agency
■ Food Standards Scotland
■ Gambling Commission
■ Gangmasters and Labour Abuse Authority
■ Health and Safety Executive
■ Independent Police Complaints Commissioner
■ Information Commissioner
■ NHS Business Services Authority
■ Northern Ireland Ambulance Service Health and Social Care Trust
■ Northern Ireland Fire and Rescue Service Board
■ Northern Ireland Health and Social Care Regional Business Services Organisation
■ Office of Communications
■ Office of the Police Ombudsman for Northern Ireland
■ Police Investigations and Review Commissioner
■ Scottish Ambulance Service Board
■ Scottish Criminal Cases Review Commission
■ Serious Fraud Office
■Welsh Ambulance Services NHS Trust