There are lots of reasons why the Investigatory Powers Bill is terrible. There is debate over how effective it will be in combating terrorism, and the old ‘Freedom versus Security’ one, which is always dumbed downed (you can’t have one without the other – freedom to be robbed isn’t really freedom, and security has to be the security of something worth keeping secure). And of course there is security from different things. Assuming, and it’s a massive assumption, that the Bill did improve counter-terrorism security, it would still make us vulnerable in a host of other ways. We’re going to focus on one such vulnerability.
One of the things the Bill will do is oblige communications companies to hold connection records for a year after the fact. So, for example, a mobile phone provider will have to keep a record of the webpages you’ve visited on your 4G. In an attempt to make this Bill more stomachable, Theresa May has added in lots of restrictions and processes to prevent the police or spooks from misusing the data – safeguards for “sensitive professions” (journalists, for example) would be written into law, the PM would have to be consulted regarding intercepting MPs communications, law enforcement agencies wouldn’t be allowed to request a warrant to see if someone had visited a medical website, and judge blah blah this, “double lock” oversight blah blah that.
Assuming that these measures have no ulterior motives and that these safeguards are enough to prevent any inappropriate use of these powers, again: MASSIVE assumptions, the Bill is still a terrible idea.
Remember that mobile phone company that we mentioned earlier? The Bill would also extend that obligation to any telecom and/or broadband provider. So, a company like recently and repeatedly hacked TalkTalk. In the most recent TalkTalk hack (there have been three within a year), financial data from their customers was reported to be for sale on Black Market internet forums within 72 hours, and that the potentially compromised data included names, addresses, dates of birth, and email addresses on top of bank and credit card details.
There was also the recent Ashley Maddison hack, which saw the details of people signed up to the extramartial affair website released onto the web. Aside from the no doubt great distress this caused, France24 reported 1,200 Saudi Arabian .sa email address were leaked. Adultery can be punishable by death in Saudi Arabia. And then last year there was the celebrity photo hack, which saw hundreds of private (often nude) photos of (mostly female) celebs leaked online, following a suspected hack of Apple’s iCloud.
My point is that private companies don’t have a good record of keeping our data very safe, and that this virtual data can have some very real world implications. Even if I wasn’t worried about the Government snooping on my online activity, I sure am about someone else. Think of every web page you’ve accessed in the last year. Bank details and medical information; if you’re a lawyer/doctor communications between you and your clients, communications between journalists and their sources, public/private sector whistle blowers, everything.
Even if the mantra of “if you’ve got nothing to hide, you’ve got nothing to fear” were true, which it’s not, you’d still have everything to fear. The Home Secretary placed all those safeguards to prevent herself and successors, and her/their agents, from accessing certain information, tacitly admitting that said information is rightly private. But by mandating that this information is stored for a year, it exposes it far greater risk of being compromised – making it, and therefore all of us, far less safe from cyber-crime.
Postscript: Lauri Love is currently fighting extradition to USA where he is accused of hacking multiple government agencies (including NASA and the FBI), following the Crown Prosecution Service not pressing charges due to lack of evidence. He interests me for two reasons: a) the US government seeking extradition is a tacit admission that their agencies can be hacked, so no safety for our data in the hands of the government, and b) because he spoke very well on the matter we have been discussing today on Channel 4 News on the 4th November. I recommend finding the video on YouTube.