A news item that is proving to be quite concerning for many at the moment is a proposal from UK Home Secretary Theresa May, that if passed, will provide British police and security services additional access to information about people’s use of the Internet.
The bill proposes authorities will be given the right to retrospectively check people’s internet connection records without having to obtain a warrant.
Since the bill was announced, there has been a great deal of hot air about the matter, much of it exaggurating the reality of what the bill is proposing in order to scare monger the public in Daily Mail-esque fashion.
Reading on a major news outlet earlier, I read that this new bill, should it be passed, would allow police and security services to access personal information on individuals’ home devices (i.e. files on hard drives) and to control machines, allowing for audio microphones and/or webcams to be switched on and off. This is complete hogwash.
What the bill is actually proposing is that British internet service providers (ISPs) will be forced to keep a record of the websites their customers have visited for up to 12 months. These records could then be requested by law enforcement, security and intelligence agencies to identify which services a person or device has been accessing.
The logs would not reveal every webpage an individual has visited, but just what websites have been accessed – the current proposal would only allow for law enforcement to see websites visited before the first forward slash – so no details like website sections, specific pages etc. would be viewed.
Since the introduction of the 2015 Counter-Terrorism and Security Act, ISPs have been required to retain data that could link specific devices and their usage to IP addresses. This allows for a high-level understand of an individuals Internet use, but does not allow for internet connection logs – i.e. what sites have been accessed – to be retained.
The Investigatory Powers Bill, currently in draft-stage, would allow internet connection records to be treated as communications data – which will hold data as to who, when, where and how – when a message was sent, where it was sent to etc. It will not allow for the content of messages or data that is transmitted across the Internet to be accessed.
As it stands at the moment, communications data can be requested by around 600 organisation throughout the UK – most of them are local authorities. This data would no longer be accessible by local authorities if this bill were to be passed.
The draft bill is seen by many as a spiritual successor to the Draft Communications Data Bill, proposed in 2012. It was coined by the media as the Snoopers’ Charter and did not come to pass. Retaining internet connection records were part of the bill, but most other elements do not stand in the latest proposal.
Information that would be accessed under this new bill may not seem as much of a privacy concern as the current media storm on this topic would have you believe, but there are still some concerns as to how the data would be used.
The proposal has been drafted in order to tackle major cyber crime incidents like the organisation of terrorist activites, but with access to this data – the transition across into the tracking of individuals who, let’s say, are suspected of a crime, could be quite an easy one.
Make of it what you wish, but on paper – the bill doesn’t pose an increased threat to people’s everyday Internet usage. Using methods such as Virtual Private Network would bypass this, as the internet connection records retained by ISPs would only show miscellanious traffic going from a customer’s WAN IP to their VPN server.