Academic, technical experts and civil liberty groups are giving evidence to the Joint Committee on the Draft Investigatory Powers Bill inquiry.
The draft legislation is aimed at providing a framework for the use of investigatory powers by law enforcement and security and intelligence agencies, as well as other public authorities.
The legislation includes provisions for the interception of communications, the retention and acquisition of communications data, the use of equipment interference and the acquisition of bulk data for analysis.
The Joint Committee was appointed to consider the Draft Investigatory Powers Bill, published on 4 November 2015, and will report in February 2016.
On Monday 7 December 2015, the enquiry heard evidence from David Omand, commissioner for the Global Commission on Internet Governance; Ross Anderson, professor of security engineering at the computer laboratory, University of Cambridge; Mark Ryan, professor in computer security at the school of computer science, University of Birmingham, and Paul Bernal, lecturer in information technology, intellectual property and media Law at the University of East Anglia School of Law.
The first session focused on the more technical aspects of the draft legislation, while the second session examined issues such as oversight, with evidence from Owen Paterson MP and David Blunkett, former Home Secretary.
Trust in police
Ross Anderson said if surveillance technologies are used in ways that do not have public support, it undermines trust between citizens and police.
“Revelations like the Snowden revelations are extraordinarily damaging because they show that the government has been up to no good, and even though the government may come up with complicated arguments about why bulk equipment interference is alright… it is not the right way to do things,” he said.
Anderson said if surveillance powers are abused or they are seen to be open to abuse, there could be exceptionally serious damage to British industry.
“If people come to the conclusion that if they buy a security product from a British firm, it may have a GCHQ-mandated backdoor in it, they will buy from a German firm instead,” he said.
However, David Omand said the draft bill could be argued to contain the basis of a “gold standard” for Europe. “This is how you get both security and privacy,” he said.
According to Omand, the checks and balances, and oversight regimes in the draft bill will ensure that none of what Anderson described need happen.
David Blunkett and Owen Paterson agreed that the draft bill was necessary to update existing legislation for the digital age.
“It is necessary to bring the powers of our agencies up to technological speed with our opponents. I have no doubt of the real danger posed to our citizens on a daily basis, and I think it is only right that we give the brave people who work in our agencies every necessary tool to beat them,” said Paterson.
On 9 December 2015, the first two sessions are expected to look at the practicalities of data storage and data security challenges faced by internet service providers, as well as topics such as the economic impact of the Draft Bill and customer trust.
The committee will hear evidence from Mark Hughes, president of BT Security; Adam Kinsley, director of policy and public Affairs at Sky; Hugh Woolford, director of operations at Virgin Media; James Blessing, chair of the Internet Services Providers’ Association (ISPA) and CTO of Keycom; and Adrian Kennard, managing director of internet service provider Andrews & Arnold Ltd.
The third session will explore issues around civil liberties, safeguards, authorisation and oversight, and whether the witnesses believe a case has been made for the most intrusive powers.
The committee is to hear evidence from Jim Killock, executive director of the Open Rights Group; Shami Chakrabati, director of Liberty; Caroline Wilson Palow, legal officer at Privacy International; and Renate Sampson, chief executive at Big Brother Watch.
In parallel with the hearings by the joint committee, the House of Commons Science and Technology Committee is running an inquiry into the technology aspects of the Draft Investigatory Powers Bill, hearing evidence from several of the same people.
The inquiry focuses on the technical feasibility and costs of meeting the obligations imposed by the bill, the impact on communications service providers and related businesses, and the likely consequences for citizen use of ICT services.
More specific issues of interest to the committee include technologies that have a direct bearing on the operation and effectiveness of the measures in the draft bill including encryption, bulk data collection, cloud computing, deep packet inspection and anonymous internet communication systems.
The committee took oral evidence on 10 November 2015 from Matthew Hare, CEO of internet service provider Gigaclear; John Shaw, vice-president of product management at information security firm Sophos; and James Blessing, chair of ISPA.
The committee is scheduled to hear further oral evidence session on 8 December 2015 from representatives of businesses offering internet services, the Home Office and cyber security experts.
Those giving evidence include Mark Hughes, president of BT Security; Antony Walker, deputy chief executive officer at TechUK; Bernard Silverman, chief scientific adviser to the Home Office; Richard Alcock, programme director of the Communication Capabilities Directorate at the Home Office, and Robert Nowill, Cyber Security Challenge UK chairman and consulting director at Herne Hill Consulting.
In its written submission to the inquiry, TechUK said several key issues are important to its members. These include:
Clear definitions of terms such as “telecommunications service”, “relevant communications data”, “communications content”, “equipment interference”, “technical feasibility” and “reasonably practicable”;
Clarity around obligations that the draft Bill places on Communication Service Providers (CSPs), particularly overseas providers;
Further clarification on encryption and equipment interference;
The technical feasibility of obligations regarding internet connection records.