John Naughton 

Farewell FaceTime? That’s in store if the UK’s new snooper’s charter becomes law

The improved surveillance bill would force tech firms to tell the government about any new security measures – before they are introduced. Strangely, Apple won’t stomach it
  
  

a closeup of the facetime app icon on an apple smartphone
Apple has threatened to withdraw FaceTime from the UK rather than weaken its security measures. Photograph: Lee Hudson/Alamy

Way back in 2000 the Blair government introduced the regulation of investigatory powers bill, a legislative dog’s breakfast that put formidable surveillance powers on the statute book. This was a long time before Edward Snowden broke cover, but to anyone who was paying attention it indicated that the British deep state was tooling up for the digital age. Because the powers implicit in the bill were so sweeping, some of us naively assumed that it would have a tempestuous passage through the Commons.

How wrong can you be? It turned out that the vast majority of MPs whom we canvassed seemed blissfully uninterested in it. It was, one remarked, “just a measure designed to bring telephone tapping into the digital age”. Of our 659 elected representatives, only a handful – and certainly no more than 10 – seemed at all concerned about what was being proposed. The most intriguing thing about the process, though, was that most of the work to improve the bill on its way through parliament was done, not by elected representatives, but by a handful of peers (some of them hereditary) in the House of Lords, who put in a lot of late-night work and trimmed some of the excrescences off the bill, which became law (nicknamed Ripa) in July 2000.

Ripa was a flawed statute, and in 2014 the government asked David Anderson QC (now KC) to have a look at how it was working, and he recommended a new law to clarify the questions that it was throwing up. The home secretary, Theresa May, introduced the new investigatory powers bill into the Commons in 2015, where it was scrutinised by a joint committee of the Lords and Commons. The bill was partly a tidying-up operation to remedy some of Ripa’s deficiencies. But it also greatly extended the bulk surveillance powers of the state (including the ability to log the URL of every website visited) and even gave legal sanction to MI5/6 for what was euphemistically termed “equipment interference”, ie hacking into selected targets. The bill passed into law as the Investigatory Powers Act (or “snooper’s charter”) in November 2016. The following month, the European court of justice ruled that the generalised retention of information legitimised by the act was unlawful. Dog’s breakfast No 2.

In 2022, the Home Office instituted a review of how the act was working. It concluded that the act had “largely achieved its aims” but that further significant reform was needed “in view of developing technology and the evolving requirements of protecting national security and tackling serious crime”. Translation: the spooks were finding it harder to do their jobs because of the way the tech industry was implementing measures such as end-to-end encryption to protect people’s privacy. They need legislative help and more duly authorised wriggle room.

Which brings us to the investigatory powers (amendment) bill, which is now before their lordships in Westminster. “The world has changed,” says the blurb. “Technology has rapidly advanced, and the type of threats the UK faces continues to evolve.” The new bill will “enable the security and intelligence agencies to keep pace with a range of evolving threats, against a backdrop of accelerating technological advancements that provide new opportunities for terrorists, hostile state actors, child abusers and criminal gangs”. And, of course, for this is global Britain, “the world-leading safeguards within the IPA will be maintained and strengthened”.

Quite so. But upon closer inspection, the proposed means to those laudable ends do not exactly inspire confidence. For example, the bill proposes that the security services should have much more latitude in building and exploiting so-called “bulk datasets of personal information”, ie data about individuals who “have a low or no expectation of privacy”. This could allow the collection and use of CCTV footage, or the 20bn facial images scraped from the internet by Clearview, on the grounds that those of us who appear in such datasets have “no expectation of privacy”. The Open Rights Group points out that the bill permits “the harvesting and processing of internet connection records [ie metadata – the numbers you called, your location, the app you used…] for generalised, massive surveillance”. And so on.

But the weirdest thing in the bill is a measure that would force technology companies, including those based overseas, to inform the UK government of any plans they might have to improve security or privacy measures on their platforms before those changes are implemented. Reading this, one wonders what the drafter of the text had been smoking. Someone in Apple HQ in Cupertino must have been thinking the same. To Apple, the clause represented “an unprecedented overreach by the government” that could allow the UK to “attempt to secretly veto new user protections globally, preventing us from ever offering them to customers”. The company “will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon”.

Dog’s breakfast No 3? But at least it’s a hat-trick for global Britain.

What I’m reading

Gut level
Cory Doctorow’s Marshall McLuhan lecture on enshittification, or the way digital platforms tend to get worse. Transcript of what must have been a memorable occasion.

X factor
A brilliant blogpost by Charles Arthur, former technology editor of the Guardian. Summary: think before you tweet. Or better still, don’t.

Apocalypse again
A sobering Politico column by Jack Shafer about the recent waves of sackings at US news outlets.

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*