MPs have advised the government to make the taxpayer subsidize the costs of its expensive data-harvesting program under the Draft Investigatory Powers Bill (IPB), while at the same slamming the legislation for lacking clarity.
In a report published by the UK’s Science and Technology Select Committee, MPs argued that the costs of complying with the bill – dubbed the snoopers’ charter – would be so much that British internet companies would be at a disadvantage against foreign competitors.
The committee also described the legislation as lacking clarity and causing confusion among tech firms about the extent to which “internet connection records” will be collected.
The IPB has been created to give the security services more surveillance powers. Home Secretary Theresa May insists the bill is integral to preventing terrorism and catching criminals by tracking their internet and communications data.
The legislation was drafted after NSA whistleblower Edward Snowden’s 2012 revelations, which showed that the UK had been illegally gathering data for years.
If the legislation comes into force, internet companies will be required to store “internet connection records” – a list of every website visited by every customer for a period of 12 months. According to the home secretary, the logs would only record the website domain visited and not the individual pages.
Committee chair Nicola Blackwood MP said the greatest concern over the bill was the “the feasibility of collecting and storing Internet Connection Records (ICRs), including concerns about ensuring security for the records from hackers.”
“The bill was intended to provide clarity to the industry, but the current draft contains very broad and ambiguous definitions of ICRs,” wrote Blackwood, echoing the sentiments of the submissions her committee had received from almost every party except from the Home Office itself.
The bill’s lack of clarity is evident in the confusion around what an ICR will actually be.
Some internet service providers (ISPs) giving evidence to the committee admitted they had no idea what the Home Office meant by the term, while others denied they even existed.
Blackwood writes in the report that there are “widespread doubts over the definition, not to mention the definability, of a number of the terms used in the draft bill,” adding there are “questions as to how collecting and storing ICRs is technically possible, and whether Data Retention Notices to retain all user ICRs are ‘necessary and proportionate.’”
The report also notes confusion over how the bill will impact “end-to-end encrypted communications, where decryption might not be possible by a communications provider that had not added the original encryption.”
Blackwood said the government needs to reassure businesses and the public that the IPB will not put an end to encryption.
“Encryption is important in providing the secure services on the internet we all rely on, from credit card transactions and commerce to legal or medical communications.
“It is essential that the integrity and security of legitimate online transactions is maintained if we are to trust in, and benefit from, the opportunities of an increasingly digital economy. The government needs to do more to allay unfounded concerns that encryption will no longer be possible.”
MPs assessed the bill only in terms of its feasibility and cost. A second assessment which will examine whether its legal powers are proportionate to the threats they intend to address will be published by the Joint Committee on the Draft Investigatory Powers Bill within the next two weeks.