The Parliament committee tasked with studying the British government’s new draft surveillance law echoed other committees’ concerns and recommended substantial revisions.
In a lengthy report released on Thursday, the joint committee of the British Parliament’s two chambers, the House of Lords and the House of Commons, criticized the Investigatory Powers Bill‘s provisions on hacking into commercial hardware, bulk collection of domestic Internet records, and requiring access to encrypted communications, but it did so in terms that disappointed many privacy advocates.
The report was perhaps most emphatic on the subject of encryption, a heated subject in many Western countries at a time when intelligence officials are warning that terrorists are using it to hide their planning.
The committee acknowledged the need for investigators to be able to decrypt suspects’ protected data, but it urged Home Secretary Theresa May, who has spearheaded the campaign for the bill, to clarify that the government would not force tech companies to design their encryption with guaranteed-access schemes, which critics call “backdoors.”
“The Government still needs to make explicit on the face of the Bill that [companies] offering end-to-end encrypted communication or other un-decryptable communication services will not be expected to provide decrypted copies of those communications if it is not practicable for them to do so,” the committee warned.
The report offered only mild criticism of the hacking provision, which would let the government break into commercial technology products to gather information on suspects using them. The bill refers to hacking by the euphemism “targeted equipment interference.”
“We agree that targeted equipment interference has the potential to be very intrusive,” the committee said. “There is nevertheless a substantive case for the targeted equipment interference power.”
Its only major suggestion was that the British government “produce more specific definitions of key terms in relation to EI to ensure greater confidence in the proportionality of such activities.”
On the controversial subject of “Internet connection records”—logs of website and application usage by individual machines as identified by their IP addresses—the committee again tried to strike a middle ground. Even as it said that “there is a case for Internet Connection Records as an important tool for law enforcement,” it warned that the government needed to address “concerns about the definitions and feasibility of the existing proposal.”
For example, an IP address can represent either a single person’s home Internet connection or an entire restaurant full of smartphone-toting diners. The government, according to the committee, did not explain how it would address this problem.
Privacy advocates have said that Internet connection records represent a dangerous step beyond the traditional Internet and phone “metadata”—information about who contacted whom, when they spoke, and for how long—that intelligence agencies have long collected.
Deputy Prime Minister Nick Clegg, the leader of the U.K.’s opposition party, told the BBC that the new powers reminded him of a totalitarian state, saying, “Very few other countries other than Russia take this dragnet approach.”
With its forceful condemnation of backdoors and minor technical critiques of other provisions, the joint committee’s analysis echoed what Parliament’s technology and intelligence committees said in a recent report on the bill.
Civil-liberties groups praised the joint committee for insisting that the government swear off of encryption backdoor mandates, but they criticized what they saw as a rubber-stamping of other provisions.
“The committee acknowledges that it is ‘inarguable that citizens’ private lives and inner thoughts are now captured in communications technology to a far greater extent than previously’ and then goes on to condone the government’s invasion of this private sphere,” Estelle Massé, a policy analyst at the open-Internet group Access, said in a statement. “This bill is a wish list for law enforcement. It will be up to the the people’s representatives in parliament to defend the people’s interests.”
Sarah St.Vincent, human-rights and surveillance legal fellow at the Center for Democracy and Technology, called the report “far from perfect” but said its “frank recognition of the ways these powers can threaten privacy rights, as well as its clear concern about government overreach, are on the right track.”