MPs have criticised the government for the vague and unclear plans put forward in the Draft Investigatory Powers Bill, warning in a report that it has the potential to damage the technology sector and the UK economy in its current form.
The Science and Technology Committee issued the report having heard evidence from a string of leading technology firms and organisations, from Mozilla and TechUK, to Apple, Microsoft, Facebook and Google, over the past few months.
It has now issued a 42-page report detailing the evidence and summing up its stance on key proposals in the bill such as bulk data collection and encryption.
The issue of encryption and how it will be governed by the new law is one of the most contentious aspects of the draft bill, many claiming that it is unclear exactly what the government is hoping to achieve.
A key problem relates to whether firms that use end-to-end encryption that cannot be decrypted will be required to build in backdoors that can be used to access data as and when required, or whether such services would even be outlawed.
The report said that the government must clarify this, and urged it not to meddle in the use of such technology.
“There is some confusion about how the draft bill would affect end-to-end encrypted communications, where decryption might not be possible by a communications provider that had not added the original encryption,” the report stated.
“The government should clarify and state clearly in the Codes of Practice that it will not seek unencrypted content in such cases, in line with the way existing legislation is currently applied.”
Bulk data collection
Another key issue is proposals that communications providers such as BT, Virgin Media, O2 and Sky will have to keep internet communication records (ICRs) on all customers for 12 months.
This has led to major concerns, ranging from the ethical implications for citizens’ privacy, to the security risk of storing such huge amounts of data given how often hackers break into corporate systems.
The committee agreed that the government has failed properly to communicate exactly why it wants this information stored for so long, and exactly what obligations will be on communications providers to collect and store this data.
“Given the volume of data involved in the retention of ICRs and the security and cost implications associated with their collection and retention ... it is essential that the government is more explicit about the obligations it will and will not place on the industry as a result of this legislation,” said the report.
Equipment interference worries
A third aspect of the bill that has caused concern is so-called 'equipment interference'. This essentially allows security services to access information, such as from social sites or phones, often with the knowledge of the creator of the product.
The report relayed concerns raised by some companies that this is becoming a more common tactic of security agencies, as well as being made more public, and that citizens could lose faith in digital services.
“So called ‘equipment interference’ may occasionally be necessary for law enforcement agencies to do their job effectively, but the tech industry has legitimate concerns about the reaction of their customers to the possibility that electronic devices could be hacked by the security services," the report said.
Nicola Blackwood MP, chairwoman of the Science and Technology Committee, said in summing up the report as a whole that the UK cannot afford to create laws that damage the growing technology sector.
“The current lack of clarity in the Draft Investigatory Powers Bill is causing concern among businesses. There are widespread doubts over the definition, not to mention the definability, of a number of the terms used in the draft bill," she said.
“The government must urgently review the legislation so that the obligations on the industry are clear and proportionate.”
Home Office response
Home Office security minister John Hayes said in response that the department will consider the report and its recommendations, but outlined the government's intention to get the law passed before the end of the year.
“We are mindful of the need for legislation to provide law enforcement and the security and intelligence agencies with the powers they need to deal with the serious threats to our country in the modern age, subject to strict safeguards and world-leading oversight arrangements," he said.
“The government will introduce its final proposals to Parliament in the spring with a view to the bill becoming law before the end of the year. I welcome the full, open and frank consideration of the powers at the heart of this legislation so vital to our national interest.”
Tech groups urge action
Tech industry groups also responded to the report. The Internet Service Providers' Association (ISPA) urged the Home Office to take on board the feedback in the committee's report.
“We are pleased that parliament recognises that the bill, as drafted, risks undermining the competitiveness of the UK tech sector," said ISPA secretary general Nicholas Lansman.
"We now expect the Home Office to take on board these recommendations, along with those of the upcoming Joint Committee report, to produce a bill that is clear, technically feasible, proportionate and maintains trust in online services."
Meanwhile Antony Walker, deputy CEO of techUK, which gave evidence to the Science and Technology Committee and was cited several times in the report, also said that the government should pay heed to the concerns.
“We need more clarity on fundamental issues, such as core definitions, encryption and equipment interference," he said.
"Without that additional detail, too much of the bill will be open to interpretation, which undermines trust in the legislation and the reputation of companies that have to comply with it."
Scientists believe there could be other hydrides or superhydrides with super conducting properties
Resetting the telemetry circuits and associated boards brought the instrument back to operations mode
Fortnite news and updates: Flaw in Fortnite authentication could have helped attackers steal player login credentials
Attackers could have used Fortnite security flaw to buy in-game currency on players' stored credit cards
New photos show cotton seeds sprouting in sealed container - with other plants expected to sprout within days