On January 6, a retired 36-year veteran of the National Security Agency turned whistleblower, William Binney, cautioned United Kingdom lawmakers against legalizing mass surveillance in the proposed Draft Investigatory Powers Bill. Binney told the parliamentary committee appointed to scrutinize the bill that “bulk data overcollection from Internet and telephone networks undermines security” because it overwhelms analysts, making it more difficult to identify threats.
“Britain should not go further down this road and risk making the same mistakes as [the United States] did, or they will end up perpetuating the loss of life,” Binney argued. Instead, he urged security agencies to prioritize more targeted forms of surveillance.
In its current form, the UK’s draft Investigatory Powers Bill could usher in an era of breathtaking mass surveillance and undermine the privacy of potentially millions of people not suspected of wrongdoing. The bill would legalize mass global surveillance by UK security agencies. It would allow bulk hacking of computers, phones, and networks and extraterritorial surveillance warrants served on tech companies outside the UK. Internet service providers would have to keep records of all websites and online applications visited by users for an entire year. It would also set a worrying precedent that other governments, including abusive regimes, might follow.
Many of the provisions are vaguely and broadly drawn, leaving the public unsure of their scope and scale or how their data will be affected. The bill does improve current safeguards by introducing a limited role for judicial review and allowing people to appeal decisions by the secretive Investigatory Powers Tribunal. However, these changes fall gravely short in preventing unjustified or disproportionate breaches of rights and in providing transparency, adequate oversight, or access to effective remedies.
In December, Human Rights Watch communicated these concerns
to the parliamentary committee, which is scheduled to submit recommendations on the bill to Parliament in February.
We called on the committee to incorporate the following in its findings and recommendations:
Require meaningful, prior judicial authorization for all powers.
Recognize that bulk data collection and interception are fundamentally disproportionate.
Refrain from undermining encryption and digital security.
State that provisions to allow authorities to hack into computers and phones would be far more intrusive than traditional wiretaps and require more scrutiny before the bill moves forward.
Recommend that extraterritorial warrants set a dangerous precedent and should be forbidden.
Access to remedy and oversight remains inadequate under the bill and should be strengthened.
In introducing the bill, Home Secretary Theresa May described it as “world-leading.” Yet it is hard to overstate how expansive, intrusive, and arbitrary the surveillance apparatus envisioned under the draft bill would be. This is not the example the UK should be setting for the rest of the world.