Made with racontr.com
alt
alt
alt

1. It aims to clarify outdated legislation



The laws that govern how government agencies can investigate crime in the internet age are outdated. The last major evolution in these laws dates back to the Regulation of Investigatory Powers Act of 2000. Technology has changed and thus the rules governing how the government uses that technology to change need to change too, according to all sides in this debate.

 

Theresa May said: “we are setting out a modern legal framework which brings together current powers in a clear and comprehensible way.” In her words, she wants the powers that authorities have to be transparent and strong enough that they can utilize all means necessary to prevent crime. 

 

One of the features of the Bill is that the government is trying to make it vague enough that it is not out-dated by the time the next IPhone comes out.

 

However, the bill has been heavily scrutinized for missing the opportunity to provide clear direction on the UK laws. 

 


 

 


 

2. Internet Connection Records

 

 

 

 

While the showdown between Apple and the FBI did not inevitably occur, the IP Bill would give UK authorities largely the same power being requested by the FBI.

 

The Investigatory Powers Bill has taken harsh criticism from people in the tech community because its language seemingly implies that tech companies will have to break their own encryption to give away data.

 

In written testimony to the Joint Committee Apple said: “The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too.”

 

A second draft of the bill attempted to clarify what companies would be asked for. It said that companies would only be forced to give access to encryption when it was necessary and proportionate and that cost and feasibility would be taken into account.

 

However, the Intelligence and Security Committee and the Joint Committee asked for more clarification on “End to End” encryption, but the government did not put in the bill whether companies would be forced to break this.

 

Eerke Boiten, a Senior Lecturer on Cyber Security at the University of Kent, argued that the draft of the Investigatory powers bill created two separate in roads that would erode the protection of encryption. First, it would compel companies to instal back doors as long as it is feasible to do so. Second, it would compel companies to find a way to allow the government to monitor “end to end” encryption. 

 

“End to End” encryption is used on communication software like iMessage and Whatsapp. Essentially, it scrambles the message sent while it is being transmitted and the only device that has the key to unscramble it is the phone it sends it to. It is suppose to be a safe way to send messages. But the bill has not clarified whether it would force companies to put a backdoor on it, yet.

 


3. It remains unclear what companies will be forced to decrypt

4 IMPORTANT ASPECTS OF THE INVESTIGATORY POWERS BILL

Internet Connection Records (ICRs), as they are officially called, will be stored by internet providing companies for 12 months, if the Investigatory Powers Bill becomes law. However, the functionality of this approach has been criticized both for privacy concerns and the security of the data.

 

The government case for storing ICRs is that it is necessary for the government to be able to identify who is sending what on the internet. Similar to how the police can do that with phone records, although this analogy has fallen short. Over the internet, it can be more difficult because you have to identify an IP address. Holding onto the ICRs will fix this problem.

 

Michael Atkinson, Secretary to the National Police Council’s Data Communications Group, said:  “I have spent several hours in one of the UK CSPs for mobile phones … What I can say is that they are assuring me that, without the retention of ICRs, they will not be able to solve internet protocol resolutions. They also tell me that we will not get the evidence that we need in order to undertake further investigations of people who may be of interest to us.”

 

In theory, holding on to this data will mean that members of the government will be able to comb through internet data on specific users if a warrant is issued. Important to note, the government will only be able to tell, which website you went to, but not specifically which page you visited. So they will be able to see that you were on footfetish.com, but not that you clicked on the big toe amputation page.

 

Dr Tom Hickman said: “A key danger in enabling access to ICR is that it could allow authorities to identify suspect web-browsing patterns, perhaps in combination with other communications data, in order to identify suspect categories of person (internet records includes information about the “pattern” of communications). This is different from using such data to identify known (but unidentified) suspects.”

 

Moreover, there is large concern over how all of this data will be stored. Both the government and those against the bill concede that this is an enormous amount of power. The former, however, believes that the IP bill appropriately uses that power and provides safeguards for privacy. Yet, what if that power gets into the hands of another person?

 

JISC said to parliamentary committee: “retaining extra communications data will increase the impact of security breaches as well as creating a more attractive target for fraudsters and other hackers; systems to facilitate law enforcement access to communications may be discovered and exploited by criminals, as lawful intercept systems on mobile phone networks and master keys for luggage have been in the past.”

A cyber security expert, whose job is to test these systems by trying to personally hack them, Brian Hogan, says that there is no way for the government to ensure this data stays safe. While these companies pour millions of pounds into security protection, they are still often playing catch up to cyber thieves that only have to find one small flaw to exploit the system. Sometimes, that flaw can be a reckless employee clicking an attachment they shouldn’t have. Recent examples, like TalkTalk, show that thieves can steal this information. The only difference after the legislation is that there is a lot more of it to steal. 

 

The Bill sets up the framework for the government to hack into devices in order to obtain information. It can do this in two ways. First, targeting equipment interference can be used to go after the devices of one person or a group of known persons. Second, only for people not in the UK, bulk interference can be used when the specific target is not known.

 

Big Brother Watch said: “Equipment Interference is the term given in the Investigatory Powers Bill to describe the act of hacking. If the Bill becomes law, the police and the intelligence agencies; MI5, MI6 and GCHQ, will be legally allowed to hack a device, system or network to watch, change, destroy or obtain data in secret without the user knowing.”  

 

Furthermore, the bill could compel companies to assist in the hacking of their own devices.

 

Professor Boiten has seen this as a major dilemma for the use of law enforcement. In a trial, the authorities must be able to demonstrate how evidence was obtained in order to prove the veracity of that evidence.  If you get an alcohol blood test, those tests have to be able to be proven to work in court. Similarly, if authorities use technology that scoops up information, they would need to be able to demonstrate that it works in a way that isn’t abused.

 

However, the ability to hack devices would need to remain a secret.

 

The Joint committee also raised this point in saying that allowing the evidence to admissible without being able to prove its authenticity could be a recipe for disaster.

 

All of the power is in the hands of the person doing the hacking. It is not inconceivable that evidence could be placed on a computer while it is hacked in order to lead to a conviction. 

4. Equiptment Interference ie Hacking

Advert from campaign group Liberty against the 'Snoopers Charter'

Theresa May before the House of Commons