Open Rights Group

Home Blog The Investigatory Powers Bill: PR myth list

10 Dec 2015 Ruth Coustick-Deal GCHQ

The Investigatory Powers Bill: PR myth list

So we’ve broken down some of the lines that you might have seen used by the Government and those who are pro surveillance:

1. The line: This is not a Snoopers’ Charter

What they said: “neither a Snooper’s Charter nor a plan for mass surveillance” – Andy Burnham [1]

Our view: This new will Bill put into law the capabilities and powers revealed by Snowden and more.

Specifically, the Bill extends the state’s powers by forcing Internet Service Providers like TalkTalk, Sky and Virgin to store a record of every website and app we’ve visited in the last 12 months for the police to use. We will be the only EU or Commonwealth country to force ISPs to create and retain people’s Internet browsing history.

The idea that the Investigatory Powers Bulk is somehow not mass surveillance is also undermined by the word ‘bulk’. Bulk collection, bulk hacking, bulk interception, bulk retention: the Bill uses this word exactly 400 times. Privacy? It only crops up 17 times.

2. The line: There is strong accountability

What they said: “This will be one of the strongest authorisation regimes anywhere in the world.” – Theresa May [2]

Our view: The Government assures us that this Bill offers a “double lock”, by which they mean that Judicial Commissioners will check warrants for the bulk interception of data after they have been signed off by the Secretary of State.

But Judicial Commissioners will not check whether surveillance is necessary and proportionate, they will check whether the Secretary of State acted in good faith and followed the right procedures. It is unlikely that a Judicial Commissioner would challenge any decision on these grounds but if they do, the Secretary of State can go over their head to the Investigatory Powers Commissioners and ask them to approve the warrant.  This looks more like a rubber-stamping exercise than judicial authorisation.

3. The line: We won’t attack encryption

What they said: “it will not ban encryption or do anything to undermine the security of people’s data” – Theresa May [3]

Our view: The Government have gone round in circles on this. In January, the Prime Minister David Cameron said that we must not allow a means of communication which could not be read. [4] Now the Government is trying to assure us that they are not going to do any such thing: this isn’t a ban on encryption, but they do want it weakened a little bit.

The Bill sets out vague powers to compel communications providers to help with demands for interception. In practice this may involve obliging companies to compromise their software and make their encryption less effective. The end result of course being that we are all more vulnerable to criminal hacks and data leaks. If a weakness is there for the Government, it’s there for everyone.

4. The line: If you have nothing to hide, you have nothing to fear

What they said: “if you have nothing to hide, you have nothing to fear” – Richard Graham, Conservative MP [5]

Our view: That isn’t true. It’s clear that surveillance affects a broad group of people, with real painful consequences for their lives. We’ve seen journalists being monitored, lawyers having their client confidentiality broken, victims of police misconduct being spied on and environmental campaigns infiltrated.

We also published a blog post here which gives a thorough rebuttal of this cliched argument.

5. The line: We need to sacrifice our privacy for security

What they said: Actually, Theresa May didn’t mention the word privacy once in her speech.

Our view: We are being asked to give up our right to privacy in the name of security but it is possible to value both principles as important, to have privacy AND security. And some of the proposals in this Bill could make us less secure. Activities such as hacking can undermine Internet security and can have consequences for people who are not suspected of any crime. We all have a right to privacy and it should only be invaded if we are suspected of a crime. This is no simple trade-off equation and privacy needs to be valued by all the decision makers in the process.

6. The line: GCHQ have to collect everything so they can find the needle in the haystacks

What they said: “It is impossible to provide a defensive cyber-security apparatus without operating first at the level of bulk, then to winnow out the chaff.” – Sir Iain Lobban, former head of GCHQ [6]

Our view: There is no evidence that mass surveillance is more effective than targeted surveillance when it comes to tackling terrorism and serious crime. Collecting, analysing and keeping everyone’s data reverses the presumption of innocence until proven guilty. Surveillance should only be used when there is reasonable suspicion.

7. The line: We need to keep everyone’s data in order to catch criminals

What they said:”communications data is absolutely crucial not just to fight terrorism but finding missing people, murder investigations” – David Cameron [7]

Our view: We agree that keeping specific communications data can help the police to tackle serious crimes, such as terrorism and child abuse. However, a ruling in the Court of Justice of the European Union (CJEU) outlined the threshold for deciding to retain that data. For example, if a serious crime is committed, data could be retained for a particular geographical region to support a criminal investigation. This means that the police could still retain data for specific investigations, rather than the blanket surveillance of all citizens.

The CJEU ruling was clear that blanket data retention interfered with our right to privacy and our right to a private family life. Other European countries, including Austria, Belgium, Bulgaria, Germany, Greece, Romania and Sweden, have agreed to this. These countries continue to tackle serious crime without undermining their citizens’ civil liberties through blanket data retention.

References

[1] Andy Burnham, http://www.theguardian.com/world/2015/nov/04/theresa-may-surveillance-measures-edward-snowden

[2] Theresa May, https://www.gov.uk/government/speeches/home-secretary-publication-of-draft-investigatory-powers-bill

[3] Theresa May, https://www.gov.uk/government/speeches/home-secretary- publication-of-draft-investigatory-powers-bill

[4] David Cameron, http://www.bbc.co.uk/news/uk-politics-30778424

[5] Richard Graham, Conservative MP for Gloucester, on the day the Bill was announced, and previously by William Hague http://i100.independent.co.uk/article/tory-mp- richard-graham-accused-of-quoting-joseph-goebbels-in- defence-of-new-surveillance-bill–bklSCE9nOg

[6] Iain Lobban, http://www.theguardian.com/uk-news/2015/nov/05/former- head-gchq-sir-iain-lobban-adviser-shell-hakluyt

[7] David Cameron, http://www.theguardian.com/uk-news/2015/jan/12/uk-spy-agencies-need-more-powers-says-cameron-paris-attacks