Voice of disapproval around so-called snoopers' charter
Amendments to the proposed Investigatory Powers (IP) Bill, popularly known as the Snoopers’ Charter, have been criticised by the Information Commissioner’s Office (ICO) for its approach to data encryption and communication data storage.
The ICO has joined the likes of Apple, Google, Facebook, Twitter, Yahoo and Microsoft in criticising the IP Bill, which is one of the most controversial proposed changes to British law of recent years.
While different parties have focused on a whole range of issues related to the Bill, the ICO paid particular interest to the government’s request for weakened encryption to allow for surveillance of individuals, as well as the requirement for communications firms to store all customer data for 12 months.
While the Bill only explicitly mentions encryption infrequently, it refers to the removal of ambiguous “electronic safeguards”, the ICO has warned that if the clauses include “the weakening or circumvention of encryption then this is matter of real concern”.
It stressed the importance of encryption for individuals “to guard against the compromise of personal information”.
“Weakening encryption can have significant consequences for individuals,” the ICO told The Guardian. “The constant stream of security breaches only serves to highlight how important encryption is towards safeguarding personal information.”
“Weakened encryption safeguards could be exploited by hackers and nation states intent on harming the UK’s interests.”
As it stands, the Bill proposes that authorities would gain the power to issue warrants requiring companies such as Apple and Facebook to break the end-to-end encryption measures in place and allowing authorities to access the contents of private messages.
This would reduce the overall strength of encryption for telecommunications, thereby placing users in danger of attacks from cyber criminals and fraudsters.
The ICO also said there was “little justification” for asking telecoms firms to store data on their customers’ interactions. This requirement has been another topic of frequent criticism for the Bill, with some questioning if the collection of data on this scale is even possible, let alone useful.
The Bill has previously been attacked for the risk that changes would introduce to individuals’ information safety, as well as receiving criticism from human rights groups and privacy advocates over the surveillance powers that it would grant the government.