Draft Investigatory Powers Bill

Peter Fairbrother zenadsl6186 at zen.co.uk
Wed Nov 4 17:38:20 GMT 2015


I have had a quick look, nothing direct about banning encryption. The 
requirements for "relevant operators" maintaining a "technical 
capability" have changed though, worryingly so. A "relevant operator" is 
"any person who provides, or is proposing to provide [...] 
telecommunications services.

189 (c) "The obligations that may be imposed by regulations under this 
section include, among other things obligations relating to the removal 
of electronic protection applied by a relevant operator to any 
communications or data"

hmmm, "applied by a relevant operator" ? Does Apple apply the 
encryption, or does the user?  "among other things"??

Otherwise it seems largely to repeat the (already-found illegal) status 
quo of DRIPA, RIPA 2000, Police Act, ACTSA 2001, JSA 2013, Intelligence 
Services Act 1994 etc, but with two main additions:

Part 6 chapter 2 Bulk acquisition warrants. These are warrants to demand 
comms data for UK subject in bulk [1]. Combined with the extended power 
in Part 4 to require ISPs to retain comms data, which it has been 
announced will be applied to weblog data, they allows warrants to be 
issued for GCHQ to demand, collect and examine [2] all weblog-level data 
in the UK and elsewhere.

Which, if it isn't being done now, would be a large _increase_ in the 
invasions of privacy UK investigatory powers law imposes on the 
innocent, while both UK and EU Courts have said they are already too 

There are some other newish bits about equipment interference (hacking) 
and bulk personal datasets (?telephone directories? - doesn't seem to 
have much to do with comms though), but on a quick look I found no real 
surprises there.

Other major niggles and worries (so far - the Bill is 192 pages long!):

No longer only one set of premises or person per domestic interception 
warrant [RIPA 8,1], - under 13.2 a domestic warrant can be applied to a 
"group of persons who share a common purpose or who carry on, or may 
carry on, a particular activity"  - muslims, as in people who go to mosques?

Draft bill redefines content - but not unambiguously. Definition is also 
flawed regarding last slash in weblogs, 193(6) "anything in the context 
of web browsing which identifies the telecommunications service 
concerned is not content" - there should be an "only" or "solely" 
between "which" and "identifies".

s.188 national security notices

they haven't yet regularised ntl warrants while they have the chance

-- Peter Fairbrother

[1] RIPA pt1 Ch2 authorisations and notices could in theory be used for 
bulk acquisition of traffic data, but in practice I don't think they are 
- any old policeman, council parking inspector, uncle Tom Cobbley and 
all can issue them.

There are also powers in Intelligence Services Act 1994 and ACTSA 2001 
and [...] regarding bulk collection of comms data and comms data 
retention, but again I do not think they have as yet been used for eg 
weblog-scale data retention.

In other words, I don't think mass collection of UK weblog-scale data by 
GCHQ is actually happening right now. I might be wrong.

[2] draft bill, s.187(a)

More information about the ukcrypto mailing list