‘Strengthened safeguards’ in revised version of Investigatory Powers Bill

Published: Tuesday 1st March 2016 by The News Editor

Comments (0)

Technology firms will not be forced to weaken security by undermining encryption under proposed new spying laws, the Government will insist today.

Officials said a revised version of the Investigatory Powers Bill will put beyond doubt that companies can only be asked to remove encryption that they themselves have applied, and only where it is “practicable” for them to do so.

It comes after Apple was embroiled in a legal battle with the FBI in the US over access to an iPhone linked to one of two assailants who killed 14 people in a shooting in California in December.

The clarification on the approach to encryption is one of a string of changes to the Bill after three parliamentary inquiries on the first draft sparked calls for Home Secretary Theresa May to return to the drawing board.

One revision will see another purpose for which authorities can use web data added.

They will now be able to access internet connection records – which detail services a device connects to but not users’ full browsing history or the content of a communication – for pursuing “investigative leads”.

Senior law enforcement officers had argued that proposed rules around ICRs appeared to preclude access to details that could be valuable in missing people inquiries and human trafficking investigations.

For the first time the Government will also publish an operational case for bulk powers, giving unprecedented detail on why the agencies need existing powers to hoover up large volumes of data and how they are used.

The revised bill, which will be laid in Parliament on Tuesday, is expected to reflect the majority of the recommendations made by three committees.

Where recommendations have not been accepted, the Government argues they would compromise the capabilities of law enforcement and intelligence services.

Officials say it is clearer, with tighter technical definitions and strict codes of practice; i ncludes stronger privacy safeguards including a requirement for security services, as well as the police, to obtain a senior judge’s permission before accessing communications data to identify a journalist’s source and explicitly; and e xplicitly prevents UK agencies from asking foreign intelligence bodies to undertake activity on their behalf unless they have a warrant approved by a secretary of state and judicial commissioner.

New safeguards for interception and equipment interference warrants – used to hack into suspects’ devices – will be introduced.

This will reduce the period of time within which urgent warrants must be reviewed by a judicial commissioner from five to three days.

A source said: ” We have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements.

“This is world-leading legislation, setting out in unprecedented detail the powers available to the police and security services to gather and access communications and communications data, subject to a robust regulatory regime.

“Terrorists and criminals are operating online and we need to ensure the police and security services can keep pace with the modern world and continue to protect the British public from the many serious threats we face.”

On bulk powers, the source said: ” The Parliamentary committees that have scrutinised the draft Bill have seen how important these powers are to our national security – including fighting crime here in the UK and protecting our troops overseas.

“The security and intelligence agencies are now going further than ever to ensure the public share that understanding.”

Unveiled by the Government last year, the Bill is an attempt to bring surveillance tactics used by police and intelligence agencies in the digital age under one legal umbrella.

The Government has always said no additional requirements will be imposed in relation to encryption over and above the existing obligations.

Officials said the Bill will spell out the current position more explicitly, making clear that the “reasonably practicable” test must include a consideration of the technical and cost implications of removing encryption.

Published: Tuesday 1st March 2016 by The News Editor

Comments (0)

Local business search