Parliament’s Intelligence and Security Committee (ISC) has called for greater clarity in a report on the draft Investigatory Powers Bill.
The ISC report has been welcomed by technology firms and civil liberties groups that have also voiced concerns about the lack of clarity in the draft bill.
The legislation is aimed at providing greater transparency around the investigatory powers of agencies, but the draft bill fails to cover all the intrusive capabilities of UK intelligence agencies, according to the ISC, which has responsibility for overseeing the UK intelligence community.
ISC chairman Dominic Grieve said: “This means that the various powers and authorisations remain scattered throughout different pieces of legislation and, as a result, the draft bill is limited in the extent to which it can provide a comprehensive legal framework.
“Taken as a whole, the draft bill fails to deliver the clarity that is so badly needed in this area.”
Grieve said it was not clear what all the provisions under the bill were intended to achieve.
The ISC cautioned against rushing the draft legislation into law, and said that even though there are time constraints set by the sunset clause in the Data Retention and Investigatory Powers Act (Dripa) 2014, the government should take the time necessary to construct a comprehensive and clear legal framework for authorising the actions of the intelligence agencies.
The government hopes to have the new law in place by the time the Dripa legislation expires at the end of 2016, in line with the sunset clause agreed in return for quick parliamentary approval.
The report also calls for “substantive amendment” regarding privacy protections, equipment interference, bulk personal datasets and communications data.
“We had expected to find universal privacy protections applied consistently throughout, or at least an overarching statement at the forefront of the legislation,” said Grieve.
“Instead, the draft bill adopts a rather piecemeal approach, which lacks clarity and undermines the importance of the safeguards associated with these powers.”
The ISC report calls for a new section of the bill dedicated to overarching privacy protections, the removal of bulk equipment interference warrants, the removal of class bulk personal dataset warrants that would allow the agencies to obtain any number of personal datasets, and the application of the same safeguards to all communications data.
The report also calls for changes regarding operational purposes, timeframes and the extra-territoriality of the draft bill.
“We consider these changes necessary if the government is to bring forward legislation which provides the security and intelligence agencies with the investigatory powers they require, while protecting our privacy through robust safeguards and controls,” said Grieve.
Technology association TechUK has welcomed the ISC report findings, which focused on aspects of the draft bill that relate to the intelligence agencies’ investigatory powers.
Antony Walker, deputy CEO of TechUK, said: “The report again makes it clear that the bill lacks clarity on fundamental issues, such as core definitions of key terms within the draft bill, encryption and equipment interference.
“Our members are unsure exactly what is meant by internet connection records (ICRs), how they will be gathered, stored and accessed. This kind of detail is crucial to understanding the impact of the proposed bill.”
Walker said anything that forces companies to create or allow vulnerabilities in their systems is a huge concern and could damage public trust and have a direct impact on global perception of the UK as a home for innovation and investment.
“These concerns are reinforced by the ISC report, which calls for clarity on the effect on end-to-end encryption, and we urge the Home Office to take its findings on board,” he said.
UK jurisdiction overseas
Walker said the ISC is right to call on the government to address crucial issues, such as the powers that broadly and unilaterally assert UK jurisdiction overseas and infringe on the sovereign rights of other governments, risking retaliatory action against UK companies operating abroad.
“The codes of practice can deliver all the additional detail that the tech industry is crying out for,” he said. “That’s why it is vital that these are published alongside the bill, to provide reassurance and confidence in the UK as a world-leading digital economy.”
According to TechUK, the bill represents the opportunity to develop world-leading legislation, but Walker added: “As the ISC report rightly points out, proper parliamentary scrutiny is vital to delivering against this objective.”
Open Rights Group executive director Jim Killock praised the ISC for highlighting the draft bill’s failure to apply privacy protections consistently.
Commenting on reports that a revised draft of the bill will be published by the end of February, he said that two weeks was not enough time to carry out this process properly.
“Theresa May must ensure that the ISC’s very serious and considered demands are dealt with in full,” said Killock. “Rushing through legislation has to stop. It is time for a proper debate about whether bulk surveillance powers are acceptable in a democracy like the UK.”
The ISC report comes a week after a report by parliament’s Science and Technology Committee said the draft bill is too vague and needs to be redrafted to avoid economic damage, and just days before the Joint Committee charged with investigating the bill publishes its findings.
This means legislators will have three parliamentary reports to consider in drafting a final text for new UK surveillance legislation.