A bill setting out the rules for such a sensitive issue as tapping people's emails and internet usage was never going to get a smooth ride. But the Regulation of Investigatory Powers (RIP) Bill, which passed its report stage earlier this month, has been surrounded by controversy since it began its progress through the Houses of Parliament.
Civil liberties groups have been up in arms about changes that give the UK Government and police greater powers, and internet service providers (ISPs) have complained of the costs they will incur to provide access to communications traffic.
In the initial stages of the Bill, the Government was keen to talk down the costs involved in monitoring data. A report commissioned by ISP Demon Internet stated that the costs could run into millions of pounds. This was an internal document and was only shown to ministers dealing with the Bill. A Demon spokesperson explained: "We wanted to work with the Government. The results of the Bill will affect our core business and we didn't want the report in the public domain."
To respond to Demon's report, Parliament set up its own inquiry headed by the Smith Group. Unfortunately for the Government, this report actually upped the cost predictions, settling on an overall figure of £34m.
Caspar Bowden, of the Foundation for Information Policy Research (FIPR), said: "The Government had said that the ISP's figures had been padded, but then its own consultants came back with more."
The Government's scheme involves installing 'black boxes' to intercept traffic at all ISPs, as well as constructing a £25m internet spy centre to read and decrypt this data. The Government Assistance Technical Centre will be run by the National Criminal Intelligence Service, which is controlled by the Home Office.
The Smith Group estimated the cost of providing information to this centre to be £113,000 in the first year and £44,700 for each consecutive year for large ISPs. For smaller ISPs, it will cost £44,700 in the first year, and £19,400 per year thereafter.
The thorny question of who will bear the full cost of these changes still has to be answered but, since it will ultimately rest with either ISPs or the tax payer, the final decision will be controversial either way.
Part of the £34m cost includes development, testing and project management for the software that will track the traffic. Initially, the Government wanted ISPs to shoulder this cost, estimated between £210,000 and £500,000 depending on the monitoring system chosen.
However, the Smith Group suggested in its report that the Government should bear the responsibility for this area, but this has raised fears of its own. FIPR's Bowden said: "If the Government pays for the software that selects target mail, it will take the responsibility for writing it. That will need a lot of trust, as no-one will know what the software is doing. If any future government decides to abuse it, who would know?"
Civil liberties groups have also highlighted individual aspects of the Bill which make it easy for the police to read users' emails. "Under the new bill, the Government considers a log of email addresses and a web log to be communications data, not content," said Bowden. "If you visit sites or get mail from users that the police think are dodgy, then that will be reason enough to get a warrant."
The police would still need a court order to access content, such as reading users' email or tapping a phone line, but a user's communications data could be used to justify a court order to a judge.
This was backed up by the Data Protection Registrar (DPR). "One form of data could be used to inform the decision to intercept another. There's nothing in the new bill to suggest that it couldn't," said Phil Jones, assistant commissioner at the DPR.
Civil liberties groups' biggest fear is that removing the need to convince an ISP or a judge that the request is valid will result in inquiries going unchecked.
Yaman Akdeniz, of Cyber Rights & Cyber Liberties, said: "We have always argued for judicial involvement, as judges will look at requests with more legal scrutiny. There is a threat that the new legislation will be systematically abused, and warrants will end up being issued without good reason."
On the other hand, the DPR felt that removing the choice from ISPs and telcos was not a bad thing. "You could argue that there's a lot of moral pressure on companies about whether to provide information to the police," said Jones. "The new bill reverses this responsibility. It makes sense from that viewpoint, as it seems odd to think that BT, for example, would be held accountable for its decision to hand over the information."
The Government has countered claims that the legislation will be misused by creating the role of Interception Commissioner to police this area. However, the move has been criticised by the industry as a token effort.
"There will be an Interception Commissioner, but there will also be thousands of people appointed by the Home Secretary, and he or she won't be able to police them all," said Bowden.
Having passed the report stage, the Bill will now progress to its third reading in both Houses, with the date yet to be decided. It must then progress to the Final Assent before becoming law.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws