The Investigatory Powers Bill, also known as the Snoopers’ Charter, was passed by the House of Lords last week. This means that service providers will now need to keep – for 12 months – records of every website you visit, (not the exact URL but the website itself), every phone call you make, how long each call lasts, including dates and times the calls were made. They will also track the apps you use on your phone or tablet.
The idea behind the Bill is to prevent terrorism and organised crime, which, it goes without saying, we all fully support. What it will also obviously do is to place massive amounts of personal information into the hands of the government and other bodies for that 12-month period. And there has been and will continue to be a huge debate over whether and to what extent this is a breach of our privacy.
This Bill will also allow the police and authorities to look at a specific location and see which websites are highly used in that area, and even who is visiting that area. Dozens of public organisations and departments, such as HMRC, the Food Standards Agency and Gambling Commission, will also be able to access this information without needing evidence for ‘reasonable doubt’ to do so.
What has not changed is that security services still have the ability to hack in to your communications, and eavesdrop into your calls, read your texts and emails, only as long as they have the required warrant to do so. So in theory your actual conversations are still safe unless there is a reason to believe you are involved in something you shouldn’t be.
All this is very well, but is the Bill self-defeating? Doesn’t it just encourage the use of VPNs which will bounce your IP around the world so you can’t be traced? If you were doing something you didn’t want officials to know about, isn’t that just what you’d do?
Food for thought here is that the UK will expect companies like Google, Facebook and Apple to unencrypt some of their software so that the UK can gain access to those records. These companies aren’t British companies. So can they refuse? The thing that worries me is that if they do refuse, would they be tempted to pull out of working with the UK completely? In which case, what does the government want more – the business and jobs these companies provide or the data they hold?
Not only that, but we are now living in the age where Yahoo can lose half a billion accounts, a Three Mobile breach can put millions of customers at risk, and thousands of Tesco customers can have money simply removed from their bank accounts. And the list goes on. Is not keeping all this data stored for 12 months just like a huge red target for hackers? Even though this Bill is driven by national security, the risk is that it still leaves an ocean of information that can be dipped into, hacked and misused.
I feel caught between a rock and a hard place. I have no issues with the government bodies looking through my history should they choose to, but is it right that they can? And then you have to wonder … has anything really changed that much? Hmmm…
What do you think? None of this will go away. Our children will inherit this Bill and will grow up with all of its implications.
Written by Charlotte Seymour – November 2016
Pingback: Data Compliant’s Weekly Round Up | The Data Compliant Blog