Home Secretary Theresa May has confirmed that a draft version of the new Investigatory Powers Bill is to be released today containing, among other things, the requirement that ISPs store a year's worth of browsing history on their users for official access.
Designed to replace the defeated Communications Data Bill
of 2012, which May pledged to bring back in May
, the Investigatory Powers Bill is being introduced as a means for UK security and law enforcement agencies to protect the country against terrorism. To do that, it will include a clause requiring all internet service providers with customers in the UK to store a complete history of their web browsing for a rolling twelve month period, accessible upon authorised access requests from the police and national security services.
To head off the inevitable privacy uproar, May has indicated that access to these records will be strictly limited. Councils will not be able to access them, and requests from other authorities can be referred to a panel of ten judges who will be able to overrule any governmental requests as they see fit. The Bill also introduces a new criminal offence, of 'knowingly or recklessly obtaining communications data from a telecommunications operator without lawful authority,
' for accessing the data outside its remit and which will carry a maximum sentence of two years.
Another aspect of the Bill is expected to introduce requirements, telegraphed by comments made by Prime Minister David Cameron earlier this year
, that prevent the use of strong end-to-end cryptography, requiring communications providers and other technology companies to instead perform man-in-the-middle (MITM) attacks on their own customers so that data can be decrypted and supplied to the authorities upon request. Full details of this section of the Bill have not been released at the time of writing, but the very proposal threatens the UK's place in the technology industry - and could, at worst, result in companies like Google, Apple, and Microsoft withdrawing their affected services completely from the region.
Even before the publication of the draft Bill, a petition
describing it as a 'breach of our privacy, [...] against the idea of democracy [and] a waste of tax payers' money in light of cuts to the public budget in health and social care
' has attracted nearly 51,000 signatures.
The draft Bill is now live on GOV.UK
, and it claims to 'not impose any additional requirements in relation to encryption over and above the existing obligations in RIPA [Regulation of Investigatory Powers Act.
' It does, however, include a section extending the right of 'equipment interference
' - modifying or otherwise attacking computers, smartphones, tablets, and other communication equipment for the purpose of eavesdropping or mass communication capture - beyond the security services to law enforcement and the armed forces.