Encryption News

Draft Overhaul of Surveillance Bill UK

By 11th November 2015 No Comments

Draft Overhaul of Surveillance Bill UK

The beginning stages of the drafted changes to the UK Surveillance Bill have begun.  The bill discussions began November 4th regarding a range of aspects of data surveillance, investigatory powers and security of data.  There has been much discussion and mixed opinions surrounding data and the right to privacy and security of data, nevertheless the security draft Bill aims to ensure that data remains accessible to deter criminal activity and terrorism.

The UK government have been criticised for their lack of transparency, contempt for liability and indifference towards democratic processes central to the current surveillance system portrayed in the present Bill.  The aim is to overhaul the surveillance law (which is necessary) so that it is inline with current needs as presently the legal framework for surveillance in UK is lacking and out of date.  The potential new Bill defends surveillance powers and encourages the amplification and extension of these powers.

It is suggested that certain changes be made to some aspects of the current Surveillance Bill and then there are changes that the UK government will want to address and include in the new Surveillance Bill.  Some of these drafted changes may be difficult to convince all involved that it is the best way forward-it will be challenging and we can expect a long process before anything new is passed or voted in.

The new Bill should be voted in sometime next year, 2016.

Changes highlighted by independent review

Highlighted areas where changes to the current Bill are necessary (independent review of current Bill) include:

  • Mass surveillance provision

Presently British government are permitted to conduct mass surveillance of all communications arriving and leaving Britain.  It is alleged that this type of mass monitoring of individuals should not be legal.

  • Authorisation of surveillance

Presently a minister or a delegate can authorise surveillance and this is not overseen by a legal entity (judge or court).  The lack of the independent legal view enables potential abuse of the surveillance system.  The decisions to access an individual’s communications should be a legal one and not a political one and should not be authorised at whim.

  • Communications content and communications data should get equal protection

Presently this is not the case.  The information about communications (metadata) is as valuable as the content of the communication.  Metadata must be given the same security as other forms of communications.  This said, communication service providers should not be made to collect third-party communication data (as proposed previously).

  • Surveillance without suspicion

Presently surveillance can be undertaken in the UK without valid reason or suspicion.  It should not be legal for interception of communication without supplying a valid reason or evidence as to why the individual’s communications should be intercepted or monitored.  The law should be addressed so that valid reason and suspicion is necessary before surveillance is allowed.  Everyone can not be a suspect.

  • Discriminatory privacy safeguards

British government is allowed by law to intercept communications of anyone (foreign or not) and globally, if those communications happen to pass through the UK.  Mostly people do not have control over where their communications go and are being deprived of privacy if their communications happen to pass a country that observes mass surveillance, like the UK.  This should not be allowed.

Draft changes highlighted by the UK government

These are some of the aspects highlighted by the UK government to be addressed in the new Bill.

  • Encryption

The government have suggested that they want to address encryption in the new Bill.  They have implied that new laws will not ban encryption or restrict companies from using encryption (as this is necessary for security within banks etc.) but rather will be placing a ban on ‘strong’ encryption.  This will allow access to communications if need be and security services will retain the capacity to intercept data when required.  This approach to encryption seems to defeat the purpose as not allowing a strong encryption technology is the same as locking your front door but giving the criminal a copy of your key, to come in whenever they feel it is necessary.  Making companies utilise an encryption technology as such, is making companies refrain from securing their data or their users data.   The encryption is either strong and secure or it is insecure- making it accessible means the data is no longer secure.

The new bill suggests a ban on using encryption technologies that does not allow accessibility to communications, namely end-to-end-encryption where access can only be afforded to sender and receiver.

Law enforcement find it challenging to obtain all the data that they require for investigations and government wants to be sure that companies offering an encryption service are able to decrypt the communications or data when asked to do so.

  • Surveillance powers

The powers of surveillance are also being addressed in the new proposed Bill.  Government would like arms of the state (police and security services) to be able to access online communications.

The Bill proposes that companies, by law, hold internet records (web browsing data of individuals) for 12 months for surveillance reasons if required.

The draft Bill does not suggest compelling oversees companies to conform with these orders.

The cost and time that it will take to implement the Bill is large, on both counts, and only in 10 years will the Bill be functioning as intended, if agreed and legislated.

  • Authorisation of surveillance

The current bill allows ministers to agree communication interception if they believe it is warranted.  The new draft Bill will encourage a move to a greater judicial role, with judges or the court signing off this form of surveillance.  This will involve a judicial verses ministerial debate.

Conclusion

These are a few of the proposed changes.   The initial publication of the bill is only the beginning. It will be a lengthy and challenging process over the next number of months with discussions and scrutiny by both houses of parliament, modifications will be made and aspects are likely to be removed, before any part of the revised bill becomes legislative.

Many companies and individuals will not agree with all of the proposed changes, large companies are likely to protest when it comes to the data they encrypt, hold and do not hold.

Many may think the changes are representative of another snooper’s charter and will not give in without a fight. This is by no means an open-and-shut-case and we can expect to see many happenings over the next number of months, especially from the consortium backing the right to privacy for the people.

 

The Guardian:

http://www.theguardian.com/commentisfree/2015/jun/05/what-to-look-out-for-britain-new-surveillance-bill

BBC:

http://www.bbc.co.uk/news/uk-34690943

http://www.bbc.co.uk/news/uk-politics-34697535

http://www.bbc.co.uk/news/uk-34700067

http://www.bbc.co.uk/news/uk-politics-34715872

The Telegraph:

http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11970391/Internet-firms-to-be-banned-from-offering-out-of-reach-communications-under-new-laws.html