This article is published in partnership with the Don't Spy On Us coalition
Over the next month, the entire legal basis for surveillance by police and intelligence agencies in the UK will be up for debate, in the shape of Theresa May’s proposed Investigatory Powers Bill.
The bill, if enacted, will consolidate for the first time all of the agencies’ surveillance powers under one law – one bill to rule them all, as it were – and as drafted will make explicit a number of surveillance powers that have never openly been laid before MPs and peers before, arising instead through interpretations of numerous previous laws.
The bill is contentious. Civil liberties groups have warned it extends mass surveillance powers while providing only a simulacrum of privacy protections. Technology companies have warned the powers are vaguely defined (and so capable of being extended) and aim to extend Britain’s legal reach well beyond its own borders.
Even the Intelligence and Security Committee, traditionally seen as friendly to the agencies, warned the bill “lacks clarity”, is “inconsistent and confusing”, and adopts at best a “piecemeal approach” to privacy protections.
The bill is a once-in-a-generation opportunity for security agencies and privacy advocates alike: the home secretary has suggested she will ignore any calls for sunset clauses (meaning a bill needs to be re-debated after a period of years), suggesting that whatever is codified into law will – barring legal challenge – set out surveillance powers for a political generation.
"We discovered GCHQ had built up one of the world’s largest porn collections"
For that reason, there’ll be a series of articles here setting out what exactly is in the bill, the specifics reasons for pushback, and the legal challenges Theresa May and GCHQ hope the bill will neuter. But before all that it’s important to look at the strange confluence of events that made the bill come into being.
1. Edward Snowden happened: compared to the response of the USA – and much of the world – there’s no doubt the public reaction in the UK to the revelations from documents leaked by Edward Snowden was muted. But it was still substantial and significant. For the first time, the activities of GCHQ under the existing legal framework were revealed.
Before this time we suspected, but didn’t know, Ripa allowed for bulk collection and storage of communications, including those of UK citizens. We learned about UK involvement in the USA’s PRISM programme. We discovered GCHQ had – largely accidentally – built up one of the world’s largest porn collections. And – crucially, it turned out – we saw GCHQ lawyers privately boasting the UK had a “light oversight regime” with “exceptionally…understanding” regulators.
2. The surveillance rules faced significant legal challenge: even before the Snowden revelations, key elements of UK surveillance law looked largely untenable. The UK’s rules on retention of call records – metadata of all calls stored for a year and accessible without judicial warrant – by phone providers was dealt a crippling blow by the European Court of Justice, who found it failed to meet privacy safeguards. In 2014, the Liberal Democrats were still in government, and blocked a so-called “Snoopers’ Charter” aiming to reinstate the measure into law, but allowed the passing of Dripa, a slightly watered-down version of the same provisions – but this bill expires at the end of 2016, and it is not clear whether it would survive legal challenge.
In the wake of the Snowden revelations, multiple other legal challenges have been launched, both at European courts and with UK regulators, with several of the latter already ruling against the security services. With the higher risk of defeat (and the more severe consequences for the agencies) of defeat in the slower European courts, new legislation would serve to make the cases largely moot – removing a risk for the agencies.
3. The agencies want (some) reform: RIPA was the last major piece of UK surveillance legislation, and it’s 16 years old. The world has changed, the UK’s threat landscape has changed, and the internet has changed even faster. Pretty much all sides of the debate agree the laws on surveillance need to change too, even if they agree on little of the detail – almost no-one is trying to defend the status quo.
4. Three parliamentary inquiries also suggested reform: Parliament’s Intelligence and Security Committee suggested the UK needed new legal basis for surveillance. A review led by David Anderson QC suggested the UK needed new legal basis for surveillance. A third review commissioned by Nick Clegg and carried out by RUSI suggested the UK needed new legal basis for surveillance. There was, for once, quite a degree of consensus.
And that takes us close to today: intelligence agencies, parliamentarians, and civil liberties groups all agreed new legislation is needed. For different reasons – and to different degrees – they generally agree the legislation needed to be clear, relevant to the Internet era, and to better explain and expand privacy protections. It’s safe to say there’s not much agreement on whether they do that.
Were the Investigatory Powers Bill a Star Wars film (and why not – the prequels focused on a trade tariffs dispute, after all), this is the point where the yellow scrolling text ends and the fighting starts: this was how we got to here – next time we look at what the bill actually does.