Tuesday, 1 March 2016

Revised Snooper's Charter to be published today

Big Brother logoThe UK Home Secretary, Theresa May, will today release a revised version of the Snooper's Charter, which she claims address criticisms from MPs and peers.  Three parliamentary committees made a total of 129 recommendations and the Home Office says that the majority of these are reflected in the revised bill.

That does not immediately inspire confidence, especially since some of the recommendations were about tightening up language and definitions.  'Majority'?  'Reflected'?  That's not at all the same as saying that they've implemented most of the recommendations.

According to The Guardian, the revisions include:
The Home Office’s proposed changes include

  • Six codes of practice setting out how the security services will use the powers in the bill, including access to personal communications data, state computer hacking and bulk acquisition of data.
  • Stronger privacy safeguards including the need for a senior judge to approve security service access to a journalist’s communications data. The Home Office said this was needed to ensure the willingness of sources to provide information to journalists.
  • A “double-key” ministerial warrant backed by judicial approval when UK security services ask foreign intelligence agencies to undertake work on their behalf.
  • A pragmatic approach to encryption that will require technology companies to remove encryption that they have themselves applied where it is practicable for them to do so.
  • The period for “urgent” warrants issued for the most intrusive surveillance without judicial approval is to be reduced from five to three days.
The Home Office says:
We have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements.
That remains to be seen.  It seems quite clear, however, that the revisions won't address the main concerns, of which there are many.  For example, government and security services' access to citizens' 'Internet Connection Records' (which, as far as I'm aware, still hasn't been properly defined) requires the say-so of a minister rather than a judge, unless that citizen is a journalist wishing to protect a source.  It seems likely that 'technology companies' will be forced to implement broken encryption and to decrypt their customers' data when asked (asked by whom is not clear).  And, of course, it is unlikely to explain what constitutes a 'terrorist threat', how the bill will help to prevent terrorist attacks or how the public will be able to decide whether any results are worth the privacy hit.

We'll see what emerges later today, but I don't have much confidence that the major concerns will be addressed.  What we know for sure is that the bill will be rushed through as quickly as possible to meet the sunset deadline of December 2016, when the DRIPA sunset clause expires.

No comments:

Post a Comment