The Investigatory Powers Bill became Law earlier this week. Interestingly the noise and criticism was turned up after the Royal Assent and a Government Site petition opposing the Law reached 1500,000 signatures in a week. I had reason to perform some research on what the Law actually says, and here are my notes and links.
- The Investigatory Powers Act 2016, full text at legislation.gov.uk
- And in .pdf by Neil
- The Code of Practice, home page, the Interception of Communications Code of Practice, text. (I think this is it, updated in Oct 2016 at the time I posted).
- House of Commons Briefing Paper: Investigatory Powers Bill Committee Stage Report, i.e. the House of Commons Committee stage report.
- The Intelligence and Security Committee report on the IPB
- Written for a conference, a bibliography of the Independent Reviewer of Terrorism’s contributions to the debate
- The Independent Reviewer on (Anti-)Terrorism Legislation’s last words on the IBA, as passed.
- The Home page of the Independent Reviewer on (Anti-)Terrorism’s evidence to the HOuse of Commons Public Bill Committee.
I found the following commentary exceptionally useful,
- E. King and D. Lock, ‘Investigatory Powers Bill: Key Changes Made by the Lords’, U.K. Const. L. Blog (1st Dec 2016)/
- The Guardian reports that the Investigatory Powers Tribunal finds GCHQ’s secrecy violates Human Rights Law, the IPT declares that the secrecy surrounding the UK & US surveillance regimes was illegal in the UK and Europe. Evidence that the security state, notice how similar it sounds to securitaté, behaved illegally for 7 years. I think we would say in a civil and commercial domain that the compliance department was found to be wanting.
Have they mandated backdoors?
- The Register exposes the powers of technical notices probably based on
- PI exposes the requirement to pre-announce telco products
- Section 253 as enacted
- Edward Snowden tweets … although his reference seems to be out of date.
- Section 2.2 of the Code of practice defines what a CSP is. It’s a service provider and so can be a software are only provider, think facebook, although most IP service providers have hardware also. (Looks like we need to develop a peer to peer chat server although that will run on vulnerable systems.)
- Section 8.4 of the Code of practice restricts the removal of encryption to technologies they have installed themselves.
- Section 8.31 of the Code of Practice requires CSPs under a technical notice to give prior notice of major changes that might/will disrupt any previously installed backdoors.
or is it 8.29