Scottish PEN's Nik Williams takes a look at the latest development in the IP Bill debate
THERE was a substantial amount of hope that the review of bulk powers undertaken by the independent reviewer of terrorism legislation, David Anderson QC, would force the government’s hand, calling for reform of the Investigatory Powers Bill (IP Bill).
With minimal recommendations, it seems the review has instead given the government something it can ignore but also hide behind when questioned.
Proving the operational case for three bulk powers in the Bill, the review sidestepped the fourth, bulk equipment interference (EI), only stating that there is "a distinct (if not yet proven) operational case for bulk EI". This has largely left the government case intact, leaving very few options available to those seeking reform.
These powers are not insignificant; they go further than any otherwestern democracy and threaten to drastically transform the relationship between the public, technology providers and the state.
These powers are not insignificant; they go further than any other western democracy and threaten to drastically transform the relationship between the public, technology providers and the state.
As the review’s terms of reference were so narrow, omitting any analysis on the grounds of human rights and issues that fell outside of the question of utility, it would be a grave mistake to suggest that this is the definite review of the Bill.
In Matthew Ryder QC’s words, the report "only answers the [sic] most basic starter question: has Govt [sic] even made out prima facie 'operational case' for it ever to use bulk powers".
The House of Lords has looked beyond the question of utility to raise a number of concerns around the necessity of intrusive powers such as the forced retention of internet connection records, as well as whether the protections in the Bill are robust enough (by looking at the narrowness of the definition of 'journalist' for example, there is some distance to go). The review’s report should not be used to ignore these valid concerns in the name of expediency.
Another core concern relates to the recent breach at NSA that exposed a number of the agency’s hacking tools, "which can exploit weaknesses in a number of network hardware platforms and other devices". This capacity is found in the IP Bill, both in equipment interference (government hacking) and the technical capability notices that can pass on obligations to operators to "provide any assistance which the operator may be required to provide".
As the review’s terms of reference were so narrow, omitting any analysis on the grounds of human rights and issues that fell outside of the question of utility, it would be a grave mistake to suggest that this is the definite review of the Bill.
Vaguely defined, this power is only limited by issues of practicality, leading many to believe that this could be used to construct back doors in online platforms and remove electronic protections, such as encryption "applied by or on behalf of that operator".
But this is a dangerous request, as pointed out in a tweet about the NSA hack by Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU):
Apple: If we're forced to build a tool to hack iPhones, someone will steal it.
FBI: Nonsense.
Russia: We just published NSA's hacking tools
(Note: It is still unclear as to the origin of the hack, some believe it was undertaken by a foreign state such as Russia and others believe it was leaked by an NSA staffer or contractor.)
The legal battle between Apple and the FBI over decrypting a suspect’s iPhone has been widely criticised by privacy activists, but we should count ourselves lucky that it happened in public; due to the gag orders written into the IP Bill, the UK Government can make similar requests in total secrecy.
This cautionary tale should be followed with great interest by the UK Government before the IP Bill is written into law. On both sides of the Atlantic there have been calls for a skeleton key to decrypt data on demand, which have been routinely rebuffed as unworkable; the keys to a government backdoor seldom stay in the hands of the state alone.
The people of the UK deserve surveillance powers that do not sacrifice security or liberty for a vague notion of safety.
Tim Cook, the CEO of Apple, stated: "Any back door is a back door for everyone … opening a back door can have very dire consequences." With NSA’s toolbox partially revealed, it is not hard to see how back doors and other tools can fall into the wrong hands.
This approach appears to highlight a tension between security and safety; to be safe is to be insecure, to communicate, browse, bank and shop insecurely in the name of national security. The irony appears to be lost on Theresa May’s government.
But this is not a battle waged in the UK alone. Both France and Germany are calling for the EU to mandate for backdoors in communications platforms to decrypt data as part of the upcoming e-privacy directive review.
This runs counter to the European data protection supervisor (EDPS), Giovanni Buttarelli, who stated that end-to-end encryption without "backdoors" should be protected, going further to state that "decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited".
While it is unclear as to which point of view will win out, the UK’s push for enhanced surveillance capabilities will surely give succour to the movement towards weakened communications platforms in the name of national security.
There are a number of pending questions that need to be answered by the state before the Bill makes any more progress. The review of bulk powers cannot be used by the state to shut down debate and force the Bill through parliament.
The people of the UK deserve surveillance powers that do not sacrifice security or liberty for a vague notion of safety. Beyond that, we deserve a government that answers every question and fights for the strongest laws.
Picture courtesy of Yuri Samoilov
Check out what people are saying about how important CommonSpace is. Pledge your support today.
