As regular readers will know, the British Parliament has recently passed its Snoopers Charter; a hurried piece of legislation formally known as the Investigatory Power Bill.
The new law has been described as the most intrusive online surveillance law of any democratic nation and as Renate Samson, Chief Executive of the campaign group Big Brother Watch has said: “None of us online are now guaranteed the right to communicate privately and, most importantly, securely.”
Yet the law has passed with surprisingly little controversy and media coverage, and it is only now that people are beginning to realise the scale of what is to be introduced.
One of the most controversial provisions in the new law is a requirement it places upon ISPs to retain data on all users internet records for a period of one year and make this data available to the Government upon request.
The assumption appears to have always been that access will be used for law enforcement and intelligence purposes and indeed many advocates of the new law have been peddling the old adage of ‘if you have nothing to hide, you have nothing to fear’.
However, the media have now, belatedly, taken a look at the details of the legislation and uncovered the number, and indeed variety, of different Government bodies who will, in fact, be able to access the data. And it goes way beyond law enforcement and intelligence agencies.
Who can see your data?
The information, which is actually published in Schedule 4 of the Bill, lists no fewer than 48 separate public bodies which will be able to access the data. Many of these are groupings (such as NHS Trusts) meaning the actual number is well in excess of 100.
There are more than a few surprising names on the list including the Food Standards Agency, the Gambling Commission, and the Health and Safety Executive. You can view a full list here.
Whilst it is true that the legislation does specify a level within the hierarchy of each organisation which can access this data, the fact remains that this means your personal online data can be handed round a quite astonishing number of public servants.
Ignoring the privacy implications of this for a moment (let’s face it, they are pretty obvious) this has some major security implications too.
At the moment, my online data is at risk if I am hacked directly, or if my ISP or mobile network provider is, assuming they are keeping some records of my activity at present.
Under the new laws, all ISPs will definitely have a years’ worth of my data, so if they are hacked that data will be lost. But also, if any of these Government departments are hacked, my data will also be lost; and the British Government’s record of data protection is far from perfect.
The government’s new multi-database request filter is another vulnerability, and the conclusion has to be that online personal data is now going to be a lot less secure and a lot more vulnerable than it was before.
Despite all the doom and gloom, there is a glimmer of an opportunity, however. A petition on the Parliament website calling for the repeal of the new laws has passed 100,000 signatories.
This means that Parliament is obliged to consider debating it. There is no guarantee that they will, and even if they do, it does not mean the law will necessarily be changed in any way.
But given the lack of public debate that has taken place around the new law and its implications, it would be wise for them to give the matter proper consideration again. If they fail to do so, the Government can expect various legal challenges to follow.
But for the time being, with the law still expected to come into effect early next year, users would be wise to take steps to protect their online security and privacy from the numerous prying eyes that can now see what they are doing.
Signing up to a secure and reputable VPN, such as IPVanish and ExpressVPN, is a good place to start as these will encrypt all your online data. But even VPN users have to be hoping that the Government sees sense and looks again this most draconian and intrusive of laws.