Theresa May: Snoopers’ Charter won’t ban encryption, but companies must provide data
Theresa May has sought to clarify the draft Investigatory Powers Bill’s stance on encryption, telling the select committee in charge of scrutinising the bill that the proposed legislation does not require companies to install “backdoors” into software.
“We believe encryption is important. We are not proposing to make any changes to encryption and the legal position around that.”
May went on to say that, although the government doesn’t seek to ban encryption, it will require companies to hand over decrypted messages if given the lawful warrant.
“Where we are lawfully serving a warrant on a provider […] they are required to provide certain information to the authorities. The company should take reasonable steps to ensure they are able to comply with the warrant. That is the position today and it will be the same tomorrow under the new legislation,” she said.
Elsewhere in the hearing, May told the committee that small-scale networks, such as those found in cafés, hospitals and libraries, would need to comply with the legislation and hand over customer or patient data when served with a notice. “I do not think it would be right for us to exclude any networks,” she said. “If you look at how people do their business these days, it is on the move.”
May also rejected calls for a “sunset clause” on the legislation that would allow it to be revisited in five to seven years to handle the rapid pace of technological change. She said that the bill was “technology-neutral” to allow for future developments.
Draft Investigatory Powers Bill: What is it?
State surveillance ahoy! In November 2015, home secretary Theresa May announced plans for legislation – dubbed the draft Investigatory Powers Bill – that would force phone and internet companies to store details of the websites, emails and texts sent and visited by customers for a minimum of 12 months.
There has since been a great deal of reaction to the proposed bill, from cries against bulk collection of data to warnings that it will leave information open to third-party hacking.
The bill is being proposed on its alleged ability to tackle issues such as terrorism and child pornography, but it ultimately represents a seismic shift in how the state can access your online life. Does this sound scary? Yes. But what does the process involve and what does it mean for your emails and web history?
Draft Investigatory Powers Bill: At a glance
- Security services will have full access to every site visited per user for a minimum of 12 months.
- Content of communications will require a “double lock” warrant signed by a secretary of state and a judge.
- Judicial oversight can be bypassed in “urgent cases”, with a secretary of state signing a warrant and a judge subsequently confirming it.
- The legislation would enforce an obligation for technology firms to provide unencrypted communications for government and law agencies if the latter were in possession of a warrant
Draft Investigatory Powers Bill: Current status
Theresa May’s draft Investigatory Powers Bill is currently being scrutinised by Parliament’s Science and Technology Committee, following concerns from internet service providers (ISPs) over the scale of data storage required by the revamped Snoopers’ Charter.
An official committee is conducting a “short inquiry” into the practicality of the proposed bill, hearing evidence from a range of technical experts, civil liberty groups and academics. This follows oral evidence given by the chair of the Internet Services Providers’ Association, James Blessing.
“We are very concerned,” James Blessing said at the time. “The whole idea of an internet connection record does not exist as far as internet service providers are concerned. We do not have an internet connection record.”
“We do not store information about what our customers do online in this particular way. It is not clear from the bill what constitutes a connection record.”
The committee claims it is investigating “the extent to which communications data and communications content can be separated and the extent to which this is reflected in the draft Bill”. Amongst those giving evidence is Mozilla, which called the draft legislation a “harmful step backwards” and warned that the mandatory data retention at the heart of the legislation runs the risk of making private data vulnerable to attack.
Tech UK’s Anthony Walker has also given evidence to the committee, warning that smart toys, such as Hello Barbie and My Friend Cayla – both talking, Wi-Fi-enabled dolls – could be used to gain information by intelligence agencies. Apple has also provided evidence, as we’ve outlined on the previous page.