Draft Investigatory Powers Bill
Peter Fairbrother
zenadsl6186 at zen.co.uk
Wed Nov 4 17:38:20 GMT 2015
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf
I have had a quick look, nothing direct about banning encryption. The
requirements for "relevant operators" maintaining a "technical
capability" have changed though, worryingly so. A "relevant operator" is
"any person who provides, or is proposing to provide [...]
telecommunications services.
189 (c) "The obligations that may be imposed by regulations under this
section include, among other things obligations relating to the removal
of electronic protection applied by a relevant operator to any
communications or data"
hmmm, "applied by a relevant operator" ? Does Apple apply the
encryption, or does the user? "among other things"??
Otherwise it seems largely to repeat the (already-found illegal) status
quo of DRIPA, RIPA 2000, Police Act, ACTSA 2001, JSA 2013, Intelligence
Services Act 1994 etc, but with two main additions:
Part 6 chapter 2 Bulk acquisition warrants. These are warrants to demand
comms data for UK subject in bulk [1]. Combined with the extended power
in Part 4 to require ISPs to retain comms data, which it has been
announced will be applied to weblog data, they allows warrants to be
issued for GCHQ to demand, collect and examine [2] all weblog-level data
in the UK and elsewhere.
Which, if it isn't being done now, would be a large _increase_ in the
invasions of privacy UK investigatory powers law imposes on the
innocent, while both UK and EU Courts have said they are already too
invasive...
There are some other newish bits about equipment interference (hacking)
and bulk personal datasets (?telephone directories? - doesn't seem to
have much to do with comms though), but on a quick look I found no real
surprises there.
Other major niggles and worries (so far - the Bill is 192 pages long!):
No longer only one set of premises or person per domestic interception
warrant [RIPA 8,1], - under 13.2 a domestic warrant can be applied to a
"group of persons who share a common purpose or who carry on, or may
carry on, a particular activity" - muslims, as in people who go to mosques?
Draft bill redefines content - but not unambiguously. Definition is also
flawed regarding last slash in weblogs, 193(6) "anything in the context
of web browsing which identifies the telecommunications service
concerned is not content" - there should be an "only" or "solely"
between "which" and "identifies".
s.188 national security notices
they haven't yet regularised ntl warrants while they have the chance
-- Peter Fairbrother
[1] RIPA pt1 Ch2 authorisations and notices could in theory be used for
bulk acquisition of traffic data, but in practice I don't think they are
- any old policeman, council parking inspector, uncle Tom Cobbley and
all can issue them.
There are also powers in Intelligence Services Act 1994 and ACTSA 2001
and [...] regarding bulk collection of comms data and comms data
retention, but again I do not think they have as yet been used for eg
weblog-scale data retention.
In other words, I don't think mass collection of UK weblog-scale data by
GCHQ is actually happening right now. I might be wrong.
[2] draft bill, s.187(a)
More information about the ukcrypto
mailing list