The large crowd that filled the Committee Room for the second reading the Investigatory Powers Bill in the House of Lords on Monday suddenly began to thin. Another cabinet statement on the historic Brexit vote to leave the European Union was being issued and no one wanted to miss it.
The domestic and international fixation on the government’s reaction to voters surprise decision to leave the EU is completely understandable. But the business of Parliament will continue ,and privacy advocates have to be afraid that Monday’s reading will be symbolic for the final stages of the bill’s passage.
We can’t let this crucial bill slip into law as everyone rushes around trying to make sense of chaos. The current political strife cannot be an excuse for a bad bill that would grant law enforcement wide, new unnecessary powers.
The good news is the government is finally seeking legal authority for powers that government has already assumed. Unfortunately, in Western democracies — except, perhaps, Finland — this has become the norm. But there are a few areas that the powers being sought are excessive and likely to be abused.
Foremost, Internet Connections Records provision should be stripped from the bill.
“Targeted requests by intelligence agencies provide a much more limited scope for potential surveillance without creating the technical and security challenges that come with maintaining a database chock full of citizens private data that would likely be targeted by the same state-backed groups that recently hacked the Democratic National Committee,” explains F-Secure cyber security advisor Erka Koivunen.
Lord Strasburger also pointed out “threat to encryption” in the bill.
Any attack on end-to-end encryption would be a serious attack on privacy and a blow to Britain’s tech industry in a period of severe financial uncertainty.
“Likewise, the odd use of the term ‘Communication Service Provider’ portends to extending surveillance powers beyond telecoms and into the ICT industry, which could further incentive hacking by state-backed interests such The Dukes gang exposed by F-Secure Labs,” Koivunen says.
Finally, we understand that members of both Houses of Parliament are intent on preceding with bulk collection after classified testimony that assured them that collection would be effective, proportionate and necessary.
In a democratic republic, we have to rely on our representatives to make such decisions based on information that’s not suitable for the broader public. However, this makes a lively and informed public debate on the issues that are still being settled even more essential.
At the very least, the public needs to know what sort of information is being collected by whom and why.
[Image by frankieleon | via Flickr]
You rarely have to go looking for cyber security news anymore. Whether it's WannaCry, NotPetya…
August 9, 2017