- Billie Eilish fans think they figured out who stole her ring 4 Years Ago
- ‘Give me candy’: Hailey Bieber mocked for defense of celebrating Halloween as a Christian Today 10:28 AM
- Aaron Paul predicted Jesse Pinkman’s fate on Reddit years ago Today 8:53 AM
- Netflix’s ‘Eli’ is a satisfyingly nasty blend of haunted houses and medical horror Today 7:00 AM
- Why 8chan’s founder is fighting to keep the infamous message board dead Today 6:30 AM
- How to stream NFL Sunday Ticket without DirecTV Today 5:00 AM
- How to watch Arizona State vs. Utah Today 4:00 AM
- How to watch Michigan vs. Penn State Today 4:00 AM
- How to watch Florida vs. South Carolina Today 4:00 AM
- How to stream Manchester City vs. Crystal Palace Today 1:00 AM
- How to stream Tottenham Hotspur vs. Watford Friday 9:00 PM
- How to stream Barcelona vs. Eibar Friday 6:00 PM
- How to stream ‘Bigfoot’ Silva vs. Gabriel Gonzaga in BKFC Friday 6:00 PM
- Demi Lovato’s nude photos allegedly leaked on Snapchat Friday 3:07 PM
- NBA TV is the new streaming service for basketball fanatics Friday 3:02 PM
U.K. intelligence committee urges major changes to surveillance bill
The report called one key measure ‘inconsistent and largely incomprehensible.’
A second committee of the U.K. House of Commons has issued a critical report on the British government’s controversial surveillance legislation.
In a report issued Tuesday, Parliament’s Intelligence and Security Committee warned that the Investigatory Powers Bill, proposed by Home Secretary Theresa May, contained vague privacy language, worrisome provisions about legal government hacking and the bulk collection of data, and unclear obligations for tech companies.
“It appears that the draft Bill has perhaps suffered from a lack of sufficient time and preparation,” the report said, “and it is important that this lesson is learned prior to introduction of the new legislation.”
The bill, designed to enhance U.K. counter-terrorism powers, has faced scathing criticism for empowering British officials to engage in controversial new activities without clear-cut safeguards. Parliament’s technology committee raised its own concerns in a report issued last week.
The committee’s report did not suggest that all of these new powers—including hacking into commercial equipment and collecting Internet communications records in bulk—were inappropriate. But it identified several areas where the transparency of the process and the limitations on intelligence officials were severely lacking.
The bill creates two categories of warrant requests for hacking, which is referred to in the bill as “equipment interference.” Targeted warrants cover equipment that is linked based on its location or owners, such as all computers controlled by a particular terrorist network. The committee criticized this category for being too broad and noted that the government couldn’t even describe a situation that would require a bulk warrant.
“The Committee acknowledges that the Agencies need the capability to undertake Equipment Interference as necessary,” the report said. “However, the Committee has not been provided with sufficiently compelling evidence as to why the Agencies require Bulk Equipment Interference warrants, given how broadly Targeted Equipment Interference warrants can be drawn.”
The report also suggested that the bill be rewritten to require a hacking warrant for overseas operations; it currently only requires one for hacking conducted in the United Kingdom.
Another controversial provision in the bill lets the government request a warrant to obtain large swaths of information connected only by theme, such as travel records, without regard to the individuals targeted. The committee urged the government to drop this provision and stick with the other, narrower type of warrant that only targets a specific database or group of records.
Committee members also criticized the “inconsistent and largely incomprehensible” restrictions on collecting and analyzing Britons’ communications data, including both the content of messages and “metadata” about them, such as who contacted whom, when the communication occurred, and how long it lasted.
One contradiction drew particular scorn: British spies cannot search the communications of U.K. residents that they accidentally collect in the process of unrelated operations, but they can search the metadata that describes those communications.
“The Committee recommends that the same process for authorizing the examination of any Communications Data (including [metadata]) is applied, irrespective of how the Agencies have acquired the data in the first instance,” the report said. “This must be clearly set out on the face of the Bill: it is not sufficient to rely on internal policies or Codes of Practice.”
The committee also noted tech companies’ concerns about a provision allowing the government to regulate the technical specifications of commercial code. “Some [companies] have expressed serious concern as to this seemingly open-ended and unconstrained power, suggesting that this may lead to banning end-to-end encryption,” the report said. “The Home Office must ensure that the legislation provides clarity as to the nature and scale of these obligations.”
Through this provision, the United Kingdom joined the list of countries considering legislation with encryption mandates. U.S. lawmakers are preparing a bill that could require tech companies to design their encryption so that government agents would be able to pierce it for investigations. Technical experts warn that such guaranteed-access schemes would undermine the strength of the encryption by presenting new avenues for hackers.
Photo via David Martyn Hunt/Flickr (CC BY 2.0)
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.