Government’s Investigatory Powers Bill To Require ISP Storage Of Browsing History

The controversial Investigatory Powers Bill will force Internet Service Providers (ISPs) to store the details of people’s online activity for a year, under the government’s proposed new spying laws that will be published today.

It comes after Home Secretary Theresa May insisted earlier this week that the more “contentious” aspects of its 2012 predecessor, the infamous “snooper’s charter”, had been dropped

Spying Powers

The Home Secretary claimed that the new bill would no longer require communications service providers to store Internet traffic from companies abroad, and she insisted it includes “strong” warrant authorisation requirements for authorities wanting to gain access to a user’s detailed Internet browsing history.

Yet despite this government assurance of strict safeguards, including a ban on councils accessing people’s internet records, there remains plenty of highly controversial aspects to the new bill.

Campaigners fear that the legislation will give security services’ carte blanche to hack, bug and spy on people’s online habits, with judicial oversight that is still to be determined.

There is little doubt that the government wants ISPs to keep the meta data of all their customers’ use of the web, including their phones and social media interactions for 12 months. It should be noted that this meta data will not include the content, which has to be authorised by a ministerial intercept warrant.

And there are also concerns that while the government doesn’t want to ban encryption altogether, it does want to stop companies using ‘strong’ encryption that it cannot break. It is thought that companies will have to be able to unlock encrypted messages if asked by the security agencies.

If the government does propose banning end-to-end encryption, which places a higher level of protection on data and messages than regular encryption, it could place it on a collision course with the likes of Apple, Google and others.

End-to-end encryption means that only two respective parties (the sender and the receiver) can open and read the encrypted messages. Apple iMessages and WhatsApp messages for example are secured like this.

In the summer a group of major American technology companies warned President Obama to respect the privacy rights of consumers by not weakening encryption systems

But authorities are increasingly concerned at the growing use of encryption. The chief of Europol has previously said that the increasing prevalence of encrypted Internet communications is a major difficulty for law-enforcement and national security efforts.

And in April this year the leading counter-terrorism policeman in the UK said that some tech firms were helping militants avoid detection by developing systems that are “friendly to terrorists.”

In January Prime Minister David Cameron said that he wanted British intelligence agencies to be able to monitor the encrypted communications of terror suspects.

Personal Privacy

Amid this backdrop of government surveillance powers, experts are warning that if the government is going to collect people’s data, it needs to ensure this data is fully protected.

“No-one can argue with the fact that if the police were able to enter and search any house, at any time, they would catch more criminals,” said Greg Aligiannis, Senior Security Director, Echoworx, the message encryption provider. “But should they? Does the value of the information stood to be gained outweigh that of personal privacy. The government is proposing to watch citizens as if they were criminals.”

“In addition to the concerns of privacy we must also consider how this may put people at risk,” said Aligiannis. “History has shown that the government is subject to attacks just as much, if not more so than other organisations that look after data for their customers. All of the data collected by the government will need to be stored somewhere, what’s to stop someone hacking into and exposing that data?”

“In the UK, its still illegal to open post that’s not addressed to you, but we’re talking about the government having access to all electronic mail – that doesn’t add up,” said Aligiannis. “Cyber-surveillance is no different than old school wire-tapping. However, the government requires court approval for a wiretap, which would only be granted after evidence of reasonable suspicion is examined.”

“In the past, these laws were put in place to protect the average law-abiding citizen from unjust intrusion, so why is it any different now?” he added. “No-one is arguing that we wouldn’t catch more criminals, but there’s a fine line and this is crossing it. There is a balance that needs to be struck. If this bill does go through (and it looks like it will), it’s vital there is appropriate judicial oversight balancing the use of these powers.”

The exact nature of the Investigatory Powers Bill will become clearer after it discussed in parliament on Wednesday.

Are you a security pro? Try our quiz!