(Image Credit: iStockPhoto/Adam Smigielski)
First privacy campaigners raised alarms, then numerous technology companies voiced objections, and now members of the defence and aerospace sectors have joined those warning that the UK’s proposed Investigatory Powers Bill could create serious problems.
In written evidence to a parliamentary scrutiny committee reviewing the draft bill, a coalition representing the British aerospace, defence, security and space industries warned that many communications service providers are effectively “dumb pipes” that merely pass along data they cannot inspect or interpret.
They added that this reality does not require a radical overhaul of the draft law, but it does mean the legislation may have a limited useful lifespan. Rapid changes in the technology landscape will likely force further revisions in the near future.
Their caution is milder than the stark warning issued earlier by a group of major technology companies — including Google, Facebook, Twitter, Yahoo and Microsoft — which urged then home secretary Theresa May to reconsider substantial parts of the proposed surveillance law.
The coalition’s submission (IPB0116) highlights several key concerns:
- User trust underpins the ability of technology companies to innovate and deliver products and services that empower people in their personal and professional lives.
- Even transparent, legally authorised government surveillance can erode users’ confidence in the security of products and services.
- Provisions enacted in the UK are likely to be adopted or mirrored by other countries, affecting the data of UK citizens abroad.
- Imposing obligations on overseas providers unilaterally risks creating conflicts with those providers’ legal duties in other jurisdictions.
- An increasingly fragmented international legal environment could place companies in the impossible position of choosing which laws to breach, and might encourage data localisation measures.
Privacy advocates have long argued that such legislation could stifle innovation, and some technology firms have even avoided doing business in the UK because of the potential obligations around encryption and access. Other persistent worries include the risk to individual privacy and the potential for the bill to be used for wide-ranging data collection about citizens.
UK telecommunications operator Vodafone has echoed these concerns, warning that new statutory requirements could “significantly undermine trust.” The company opposes any obligation to hand over data transiting their networks when that data originates outside the UK.
The effectiveness of bulk surveillance has also been challenged by former NSA Technical Director William Binney. He has argued that the fundamental problem with agencies like the NSA and GCHQ is their reliance on mass data collection: dumping huge volumes of information on analysts makes those teams less effective and has led to repeated failures since long before 9/11.
Reflecting on the 6,000 analysts he supervised in 1997 working with phone and internet data, Binney says that vast quantities of raw data simply overwhelm analysts and produce little useful intelligence. A more successful approach, which he says is no longer used, involved building a focused “social network” from metadata to identify known targets and to create “zones of suspicion” around them.
“This focused data, collected around known targets plus potential developmental targets, represented a much smaller set of content for analysts to review. That made the task more manageable and improved the chances of analysts succeeding,” Binney explains.
The parliamentary committee has a tight timeframe — roughly two weeks — to take evidence and prepare recommendations for Parliament. Its report is scheduled to be published on February 11.
What do you think about the Investigatory Powers Bill proposal? Share your views in the comments below.