LONDON — The United Kingdom, already equipped with some of the world’s most extensive surveillance laws, is accelerating efforts to enhance them, causing unease among technology companies. The move seeks to build upon the contentious Investigatory Powers Act, commonly referred to as the “snooper’s charter” since its introduction in 2016.
Originally crafted in response to Edward Snowden’s revelations about mass state surveillance, the Investigatory Powers Act aimed to bring accountability to the sprawling intelligence agencies’ surveillance activities by formalizing broad powers to intercept emails, texts, web history, and more.
The recent introduction of the Investigatory Powers (Amendment) Bill has sparked renewed criticism from both industry leaders and privacy advocates. They argue that the proposed legislation could hinder initiatives aimed at safeguarding user privacy.
TechUK, a prominent industry body, has expressed its concerns in a letter addressed to Home Secretary James Cleverly. The letter contends that the amendment poses a threat to technological innovation, compromises the sovereignty of other nations, and may have severe consequences if it triggers a chain reaction internationally.
Of particular concern to tech companies is a proposed change granting the Home Office the authority to issue notices preventing them from implementing technical updates that might impede information-sharing with UK intelligence agencies.
TechUK asserts that, in conjunction with existing powers, these changes would effectively “grant a de facto power to indefinitely veto companies from making changes to their products and services offered in the U.K.”
Meredith Whittaker, president of the secure messaging app Signal, emphasized the potential misuse of this power, stating that it could prevent the implementation of new end-to-end encryption or impede developers from patching vulnerabilities.
Despite industry and campaigner objections, the British government is fast-tracking the bill through parliament, drawing concern from lawmakers. Efforts to refine the bill in the House of Lords have been blocked so far, but industry representatives are appealing to Members of Parliament in the hopes of mitigating its impact in the House of Commons.
The broader context of this debate includes the encryption discussions during the passage of the Online Safety Act, which raised concerns about compelling companies to break encryption for online safety purposes. Apple, WhatsApp, and Signal have threatened to withdraw their services from the UK if required to undermine encryption under UK laws.
In addition to the notice regime, rights campaigners are troubled by provisions in the bill allowing more permissive use of bulk data for various purposes, including training AI models, where there are “low or no” expectations of privacy.
The bill’s handling of internet connection records, potential surveillance of parliamentarians, and the rejection of proposed amendments by peers at the committee stage have further fueled the ongoing debate. The bill is set to return to the House of Lords on January 23 for the next stage of the legislative process before reaching the House of Commons for further debate by MPs.
TechUK, in its letter, emphasizes the need for thorough discussions on these proposed changes, citing their international precedent and significant potential impacts. Privacy advocates express concerns that these legislative measures collectively signal a move towards transforming private tech companies into extensions of a surveillance state.