Why you need to keep an eye on the UK's Investigatory Power Bill

10 March 2016 |


In the UK, a draft Investigatory Powers Bill – nicknamed the Snooper’s Charter – has been in the pipeline for some years now.

It is designed to modernise laws surrounding communications data, and will give the police and other intelligence bodies the ability to access all aspects of communications on ICTs, whether a citizen is suspected of a criminal offence or not. 

It essentially formalises a number of surveillance practices that governments have been engaging in for years, which were famously uncovered by the Snowden files in 2013. 

A publication of the draft bill was released in December last year and, by February, it was the subject of a highly critical report from the UK science and technology committee. 

The report cites concerns over the impact the legislation could have on the UK’s technology sector, particularly equipment interference powers and a lack of clarity when it comes to the issue of encryption.

“Why it becomes controversial and why it is important from a global perspective, is that this law is opening up what the industry calls ‘back doors’,” says John Shaw, vice president of product management at cybersecurity specialist Sophos Labs. 

What is a back door, I hear you ask? A back door is essentially an intelligence service asking a service provider to decrypt encrypted information, such as emails or instant messages. 

There have been similar murmurings to allow ‘back doors’ in the US, where California is exploring legislation – bill 1681 – that would potentially ban devices that come with unbreakable encryption. 

If the bill were to become law, there would be a ban on nearly all iPhones and many devices that run Google’s Android software across the state.

“There is a big debate raging about whether this is OK or not,” says Shaw. “I argue that it is not. By allowing 
back doors, you weaken any form of encryption. As soon as you have techniques for decrypting traffic, you’re effectively weakening it for everyone.”

From banking services through to purchasing goods online, the whole commercial use of the internet in fact relies on strong encryption. “It puts a big onus on carriers. If you are allowing customers to communicate using encryption and then suddenly you have these back doors, it puts you in a vulnerable position with your customer,” adds Shaw. 

Why you also need to keep an eye on the EU-US Privacy Shield