Go to the profile of Eoin Meehan
Eoin Meehan
Long time IT guy. MSc CITP FICS. Co-founder of Sprism - innovative data analytics. Lecturer at National College of Ireland

UK Investigatory Powers (IP) Bill

I guess we are lucky here in Ireland. Our politicians don’t appear to the have the Orwellian tendencies of some other jurisdictions.

And by “other jurisdictions” I mean the US and the UK. But that doesn’t mean we should be complacent, or think laws in other jurisdictions don’t affect us in Ireland.

The Home Secretary of the UK, Theresa May, has just put the Investigatory Powers Bill before their Parliament. She appears to want this passed despite three different parliamentary committees criticising it and proposing over 80 amendments.

I have already written about this in December, about an earlier version of the legislation, where Apple felt the need to make a submission to the UK Government,

The best description of it is by Edward Snowden who tweeted,

“By my read, #SnoopersCharter [The Draft Investigatory Powers Bill] legitimises mass surveillance. It is the most intrusive and least accountable surveillance regime in the West.”

In summary the IP powers bill:

  • Orders Internet Service Providers (ISPs) to keep Internet Connection Records (ICRs) of their users for 12 months. This in its simplest form is a record of a domain visited, but the act is vague on exactly what data should be kept.
  • Means ISPs and mobile carriers will have to implement the changes necessary to record these ICRs. The UK government has budgetted £174m but this is widely seen as inadequate, so customers will have to carry the extra cost.
  • Allows for the government to order ISPs to “decrypt” data, but again is vague on the details, and ignorant of how encryption works.
  • Has legitimised “equipment interference” or hacking, with appropriate warrants, which effectively brings in state-sponsored hacking.
  • Major tech companies who have bases outside the UK, are now fearful that this Bill will put them in conflict with local laws — meaning they have to break either the UK law or the local law. As most of the big tech companies have their European headquarters in Ireland, this puts us on a collision course with the UK
  • Includes an “urgent” case over-ride: Where time is of the essence, a minister can authorise a warrant without judicial approval with immediate effect.
  • Authorises bulk data collection for the first time. Although warrants will still be needed to access the data, it allows for major slurping of, for example, NHS records.
  • Offers limited protection for “privileged communications” for instance, between doctors/patients, lawyers/clients, MPs/Constituents, Ministers of Religion, journalists/sources. The key word here is “limited”.

If this bill passes in the UK (and it’s looking more likely) then two of our biggest trading partners, the US and the UK, will have draconian electronic surveillance measures in law. It is only a matter of time before this will, again, put Ireland in the firing line for data protection and EU citizens’ right to privacy.

Remember: EU data protection legislation and the great work done by our Data Protection Commissioner, explicitly excludes issues of national security, so when this bunfight starts, we’re going to be on our own!

Don’t you think we need someone at the heart of our Oireachtas who knows something about this stuff?

Originally published at www.eoinmeehan.com.