The Investigatory Powers Act will come into force at the start of 2017, and will cement ten years of illegal surveillance into law.
It includes state powers to intercept bulk communications and collect vast amounts of communications data and content. The security and law enforcement agencies – including government organisations such as HMRC (Her Majesty’s Revenue and Customs) – can hack into devices of people in the UK.
Under this law, the intelligence agencies can use bulk hacking powers to hack devices and networks outside the UK. They can also access and analyse entire databases, whether they are held by private companies or public organisations – even though they have admitted that most people on them will not be suspected of any crimes.
One of the new and most intrusive powers is that Internet Service Providers (ISPs) can be compelled to collect a record of our web browsing activity and this can be accessed by the police and 48 government departments, including the Food Standards Agency and the HMRC.
No changes after Snowden
When Edward Snowden revealed the massive scale of US and UK surveillance, many people thought it would be a chance to revise the law and constrain the blanket collection of data from people who were not suspected of criminal activity.
After all, the British Parliament had not voted for blanket collection of phone and internet data. The laws appeared to imply a rather different approach. Surely members of Parliament would realise the agencies had pulled the wool over someone’s eyes?
Not a bit of it. The government started by saying it would “neither confirm nor deny” anything. It would make repeated claims that everything was done lawfully and would refuse to comment further, except to question Edward Snowden’s motives.
Months of revelations showed that the Government Communications Headquarters (GCHQ) had hacking powers, were prepared to take over foreign ISPs, were collecting 30 percent of UK traffic to the US; were breaking into Google’s private cable networks and stealing information in bulk; and even experimented in collecting webcam traffic, until they found that a large proportion of the image captures were “inappropriate”.
They revealed that GCHQ and the National Security Agency are virtually inseparable, with near total sharing of raw data and the backbone technologies for acquisition, storage and search.
Parliamentary debate showed that the oversight committee had the thinnest of knowledge of what had happened. However, the obvious democratic failures did not create parliamentary or press outrage. A large section of the public has been, and remain, outraged, but somehow have never been given a chance to press their MPs on the issues.
The press have been very unsympathetic to the complaints against GCHQ and the government. Perhaps many papers feel that their audience are in favour of legislation that works against terrorism; maybe they are more trusting of the government now that it is Conservative-led.
A series of reports commissioned by the government focused on changes to oversight and tightening up on the authorisation of surveillance. They all recommended a new bill. Meanwhile, legal challenges to UK surveillance proceeded.
None of them attempted to ask the difficult question about NSA-GCHQ integration. With the election of a Trump administration that has touted the reintroduction of torture, cooperation with Putin and potentially very different foreign policy objectives, that now looks a little remiss.
Chance for a repeal
Cases brought by Privacy International in particular revealed that hacking, bulk personal datasets and other practices revealed by Snowden were effectively illegal, on the simple basis that there was no clear legislation to permit them.
The critical moment in parliament was in May and June this year, when the press and public were rather distracted by Brexit. House of Lords debates failed to gain press interest. And then, at the final moment, as the bill was passed into law, press coverage picked up.
Bulk surveillance, and new police powers to use “bulk” style powers to access 12 months of “Internet Connection Records” finally started to create public outrage. A petition asking for repeal of the law has gained 150,000 signatures in a matter of days.
This means that parliament must consider debating the law – although it is not obliged to do so and may say that there has been sufficient debate already. It should take the time to debate, not least because there are court judgements due which may force a rethink; parliament should consider whether changes may be needed.
All may not be lost, therefore. These are troubled times, and it is often hard to keep people’s attention on complex matters such as surveillance. But the dangers make it all the more important, rather than less.
Jim Killock is Executive Director of Open Rights Group, which campaigns for privacy and free speech.
The views expressed in this article are the author’s own and do not necessarily reflect Al Jazeera’s editorial policy.