Regulation of Investigatory Powers Act: What is the Snoopers Charter?
The ‘snoopers charter’ or regulation of investigatory powers act has been passed in the house of parliament and will become law once it has received royal assent, this is the final stage required to pass a law.
The bill has been very controversial and received criticism from many major tech firms who say it will be near impossible to enforce and could seriously affect customer’s security.
Luckily for all of you concerned British citizens the bill was also opposed by a selection of MP’s who demanded that changes be made before the bill passed…what did amendments did they request?
That’s right, they added a clause to specify that the powers could not be used to spy on MP’s.
The bill has all the right intentions but many will still be very skeptical, the government say the purpose of the bill is to protect us against paedophiles and terrorists online but at what cost?
What do the changes to the ‘snoopers charter’ mean?
The amendments made to the regulation of investigatory powers bill will give governments more power to intercept communications. This still sounds very vague so I’ll break down the main points and put them in layman’s terms.
Snoopers Charter in Layman’s Terms
Your Internet Service Provider will keep a record of your browsing history for 12 months
Your internet service provider will be required to keep a log of your browsing history for 12 months, in theory this should help the police and government in prosecuting people for illegal activity carried out over the internet. It means that there will be a backup other than just stored on the device so no matter how many times they delete their history or wipe their computer – there will still be a record kept, these records are known as internet connection records (ICR).
What is an Internet Connection Record (ICR)?
An internet connection record is a record comprised of a number of items of communication, communications that happen between a device and a particular website smartphone app. The ICR will include account information, information about the device being used, the I.P address, the time and date of browsing, the amount of data that is downloaded or shared and who are what devices you are connecting to. The ICR won’t be as detailed as your local browsing history, there will not be a record of every page visited as the information after the forward slash is not permitted. This essentially means that the domains are recorded but not the individual pages as to preserve some mild form of privacy.
http://www.this-part-is-recorded.com/Nothing after this slash is recorded
At this point many people will be saying well if you’ve got nothing to hide this shouldn’t be a concern to you but it’s the security risk of keeping your browsing history safe causing problems. It wasn’t long ago that major ISP TalkTalk were hacked which leaked over 150,000 users personal details and an estimated 15,000 of those included bank account and sort code details.
Talk Talk Hacking Case
Looking at this browsing history they will be able to see which sites you visit and which social media sites you use but they still wont be able to read your chat history.
Who will be able to look at my browsing history?
If the government are going to force your ISP to keep a record of your internet browsing history for 12 months you are probably curious to know who has access to it. There is a full list of all the agencies/bodies who will have access to this information and among them there are some of the names you would expect to see such as ‘GCHQ’, ‘Secret Intelligence Service’ and the ‘Ministry of defence’ however there are some names that will raise eyebrows,
I mean do the ‘Food standards agency’ really need to see what i’ve been looking at while I wait for a train? That’s right the Food standards agency are amongst the names of agencies who will have access to our browsing history, thankfully someone has taken the time to compile a handy list of all the names mentioned in the investigatory powers bill. List created by Chris Yiu
[accordions][accordion title=”Who can see my browsing history?”]
Metropolitan Police Service
City of London Police
Police forces maintained under section 2 of the Police Act 1996
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Secret Intelligence Service
Ministry of Defence
Department of Health
Ministry of Justice
National Crime Agency
HM Revenue & Customs
Department for Transport
Department for Work and Pensions
NHS trusts and foundation trusts in England that provide ambulance services
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department for Communities in Northern Ireland
Department for the Economy in Northern Ireland
Department of Justice in Northern Ireland
Financial Conduct Authority
Fire and rescue authorities under the Fire and Rescue Services Act 2004
Food Standards Agency
Food Standards Scotland
Gangmasters and Labour Abuse Authority
Health and Safety Executive
Independent Police Complaints Commissioner
NHS Business Services Authority
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust
There will be more pressure on Tech firms to provide a ‘backdoor’
The government will have power to put pressure on tech companies to provide some sort of ‘backdoor’ which will allow them a way to ‘hack’ users devices and monitor their communications.
A ‘backdoor’ is a vulnerability that is intended to be kept secret and only used in extenuating circumstances to bypass the usual security the device offers however history shows that they have been a phenomenally bad idea. Earlier this year it was revealed that Microsoft had a hidden ‘golden key’ or ‘backdoor’ that would allow users to bypass some of the security in place when a device boots but it was leaked. Windows ‘Golden Key’ Leaked
Imagine creating a skeleton key that opened every door in your city and then losing it…
Entire towns can be hacked rather than specific targets
Security and intelligence agencies will now have more power to investigate and intercept communications outside of the U.K. In large operations they will have the power to monitor communications or intercept data of entire areas if they believe that there are individuals of concern within that region.
The primary use of this will be in detecting and preventing terrorism by monitoring ‘a large number of devices in a specified location’, essentially they can specify a particular location and providing they can justify the reason they will be able to monitor the activity of all devices within that location.
There are many other changes and amendments such as the creation of new roles specifically to oversee and approve warrants arising from issues generated by these new powers but I have covered the issues on most peoples minds. I’m sure many people still have one vital question:
Can the government spy on me?
The simple answer is yes but that doesn’t mean you should throw your phone into a lake and cover your walls in tin foil simple because you sent somebody in the office a flirty text.
The government needs to be able to justify their actions so unless you are a person of significant interest or are involved in drug trafficking, paedophilia or terrorism you probably haven’t made it high enough on their list to become a target of the new snooping powers.
Snoopers Charter Roundup
The reasons for concern are pretty obvious and we have seen time and time again that even the most secure of systems often have a flaw or vulnerability hidden somewhere within the code and this bill is being rushed through the process meaning that the companies affected probably won’t have as much time as they would like to implement new practices around data storage and security.
On the plus side it means that there will probably be an awful lot more paedophiles and terrorists getting arrested before they get a chance to make it into the public eye or main stream media. Almost all security measures have an affect on our privacy, CCTV cameras film millions of people carrying out their own business without their explicit consent but they also provide vital evidence in many cases and help prevent crime. This security measure has got people asking the question – do the benefits outweigh the costs?