KatsBits Community

General Category => Blog => Topic started by: kat on December 25, 2015, 06:15:02 PM

Title: Draft Investigatory Powers Bill (as passed "Investigatory Powers Act 2016")
Post by: kat on December 25, 2015, 06:15:02 PM


The "Draft Investigatory Powers Bill" passed into law Nov 2016 as the "Investigatory Powers Act 2016 (http://www.legislation.gov.uk/ukpga/2016/25/contents/enacted)".

[...]

The UK Government released a draft (Oct/Nov 2015) of the "Investigatory Powers Bill (https://www.gov.uk/government/publications/draft-investigatory-powers-bill)" [alt source (https://wiki.openrightsgroup.org/wiki/Investigatory_Powers_Bill#cite_note-1)] that will (apparently) shake up online law enforcement, with specific emphasis on prosecuting "cyber bullies and trolls (http://www.dailymail.co.uk/news/article-3373981/Theresa-says-new-spying-powers-used-bring-cyberbullies-online-trolls-justice.html)". Apparently that needs 200 pages of legislation (see below).

Quote
- Interception involves making available the content of a communication to someone other than the sender or intended recipient during the course of its transmission.  In practice that means listening to a phone call or reading an email. 

- Interception can only be undertaken by a limited number of agencies, in limited circumstances, when a warrant is in place. It is a vital tool
for law enforcement and the intelligence agencies to protect the public and prevent or detect serious crime.

- Interception warrants will be subject to a ‘double-lock’ authorisation process of Secretary of State issued warrants approved by a Judicial Commissioner before coming into force.

- Only  nine  agencies  can  apply  for  an  interception  warrant.  These  include  the  Security  and  Intelligence Agencies, five Law Enforcement Agencies and the armed forces (GCHQ, SIS, MI5, the Ministry of Defence, Her Majesty’s Revenue and Customs, the National Crime Agency, the Police Service Northern Ireland, Police Scotland and the Metropolitan Police Service).

- As  is  currently  the  case,  the  Bill  makes  clear  that  targeted  interception  warrants  can  be  served  on Communications Service Providers (CSPs) who offer services to customers in the UK irrespective of where they are based in the world.  CSPs have a duty to give effect to a warrant
if required to do so [source (https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473739/Factsheet-Targeted_Interception.pdf)]

The remit of the proposed legislation has nothing to do with keeping the individual from harm, cyber bullying and trolling has nothing to do with the stated purposes of the Bill, in it's own langauge (assuming one isn't claiming cyber-bullying and trolling to be in the interests of National Security, is a "serious crime", or has anything that could be considered a significant threat to the "economic well-being on the UK").

Quote
What can it do?
For three specific purposes: in the interest of national security, for the prevention or detection of serious crime; safeguarding the economic well-being of the UK (for national security).[source (https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473739/Factsheet-Targeted_Interception.pdf)]

In effect what the legislation appears to be doing is setting up a framework that facilitates "retroactive justice" - by requiring Service Providers keep Customer records for extended periods instead of Government doing that, there are no legal ramification on Government for the unlawful collection and use of data (Government cannot collect data without specific, articulated reason - this is part of our right to go about our daily business unmolested). In other words, the warrants issued against an individuals data traffic is not actually that, i.e. to 'collect' their traffic, rather they are search warrants to inspect data third-parties are mandated to collect on behalf of the Government.

Additional Reading
Draft Investigatory Powers Bill: overarching documents (https://www.gov.uk/government/publications/draft-investigatory-powers-bill-overarching-documents)

Title: Re: Draft Investigatory Powers Bill
Post by: ratty redemption on December 25, 2015, 06:24:02 PM
have you read all of that? can you summarize key points for us?
Title: Re: Draft Investigatory Powers Bill
Post by: kat on December 25, 2015, 07:21:12 PM
The post above will be modified (https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473739/Factsheet-Targeted_Interception.pdf) as the information is parsed, there's a lot of it to get through (300 pages including ancillary materials).
Title: Re: Draft Investigatory Powers Bill
Post by: ratty redemption on December 25, 2015, 07:34:37 PM
understood and good luck.
Title: Re: Draft Investigatory Powers Bill
Post by: kat on December 26, 2015, 01:45:16 AM
OK... the crux of the matter is this; the Home Secretary (Ms. May) apparently wrote in a letter to MP James Cartlidge (http://www.jamescartlidge.com/) (context unknown/unclear) that indicated the upcoming Investigative Powers Bill (http://www.katsbits.com/smforum/index.php?topic=53.msg4263#msg4263) would "support the effort of police to tackle cyber-bullying and trolling" (what the DM and others are reporting) because Service Providers would be required to collect "interconnection records" to comply with the IPB.

Unfortunately for Ms May, that statement is an obfuscation at best, an outright lie at worst as the language and context of the IPB specifically deals with issues of National Security, data collection and use there-in. Period. There are NO allowances within the proposed law for collected data to be used OTHER THAN AS EXPLICITLY STATED, i.e. contextually that it should be done so; 1) in the interest of national security, 2) for the prevention or detection of serious crime and 3) safeguarding the economic well-being of the UK. There are NO allowances for data to be collected OR used without specific reason passed and authorised by a judge (an order from the (Office of the) Home Secretary signed off by a judge).

In other words, what the Home Secretary is suggesting is colossal over-reach, one the proposed legislation does not grant the Office of HS the authority or support to do - the bill in fact even goes so far as to strengthen an over-sight committee to ensure operation complies to the letter of the (proposed) law - cyber-bullying and trolling has no business being conflated with issues of serious crime (fraud etc.) or National Security.
Title: Re: Draft Investigatory Powers Bill
Post by: ratty redemption on December 26, 2015, 10:42:02 AM
is that good news for us internet users?
Title: Re: Draft Investigatory Powers Bill
Post by: kat on December 26, 2015, 07:15:39 PM
In the general spirit of the proposed law, yes, because it's actually set up to mitigate over-reach of exactly the kind of goal-post moving Ms May is suggesting, it has nothing to do with 'small crime' (cyber-bullying and online trolling etc.), it, in fact, expressly disallows data gathered under the auspices of the Investigatory Powers Bill (IPB) to be re-purposed for anything other than that datas intended (ordered) purpose - data can only be collected from Service Providers for a specific Court Ordered purpose, similarly data pertaining to Individuals can only be gathered once a specific Court Order has been issued - no-where does the bill grant a blanket authority to simply collect/access/use/[insert suitable adjective here] data simply because it can be. What it does do is make a requirement that Service Providers hold on to data for 12 months (they are already obligated to hold data for 6 months under Regulation of Investigatory Powers Act 2000 (http://www.legislation.gov.uk/ukpga/2000/23/contents) or voluntarily for 12 months under Data Retention and Investigation Powers Act 2014 (http://www.legislation.gov.uk/ukpga/2014/27/contents/enacted)).

To be frank, it's a complete mystery as to why the Home Secretary would even be saying the things she is given the fact that the Home Office is the Office from which IPB Orders are to be issued... if she doesn't know what the draft entails she should be removed from that Post forthwith - it has nothing to do with cyber-bullies or trolling no matter the number of articles published by the press calling people that engage in that type of activity 'terrorists' (their conflating the two is profoundly ignorant and fundamentally disrespectful to the individuals that have lost their lives, willingly and unwillingly, as a consequence of fighting real terrorism in the World). There are better and more immediate ways to deal with the former (cyber-bullies and trolls) that don't necessitate the use of a 50 tonne Steam-roller to crack open a sesame seed.
Title: Re: Draft Investigatory Powers Bill
Post by: ratty redemption on December 26, 2015, 10:10:43 PM
interesting and agreed.
Title: Re: Draft Investigatory Powers Bill
Post by: kat on November 20, 2016, 11:15:02 AM
The Investigatory Power Bill (https://www.gov.uk/government/collections/investigatory-powers-bill) has passed and is, at time of writing, awaiting Royal Assent (signing into force). Bill documents (http://services.parliament.uk/bills/2015-16/investigatorypowers/documents.html).
Title: Re: Draft Investigatory Powers Bill
Post by: kat on November 26, 2016, 07:23:04 AM
News coverage on this that's more than a little misleading. For example; Revealed: "The 48 organisations that can see your entire online browsing history, even if you delete it (http://www.dailymail.co.uk/sciencetech/article-3971214/The-48-organisations-entire-online-browsing-history-delete-it.html)" (DailyMail), "A list of everyone who can see your entire internet browsing history (https://www.indy100.com/article/snoopers-charter-investigatory-powers-bill-browsing-history-7437176)"  (Indy100/Independent). The headlines imply the agencies named are able to actively monitor anyone's communications. They have access to, but are not permitted to simple monitor communications without the authority to do so.

As mentioned in the OP authorised agency's are able to access communications using a special and specific investigatory warrant that's  authorised by a Court and The Office of the Home Secretary. This requires access requests be reasonably articulated (by British Law standards there has to be a "articulable reasonable suspicion/justification" for a request to be made).

The broader purpose of the Bill isn't the investigatory aspect however, it's the shifting of onus onto Service Providers with respect to data collection and management, obligating them by law to properly complying with requirements of the legislation, rather than the authorities having to do so. In other words, although access can be granted to anyone (subject to Home Office authorisation), it still has to be justified and articulated.

With that said, it is still a gross over-extension of 'snooping'.
Quote
"If there's nothing to hide, there's nothing to fear there's no reason to look."
Title: Investigatory Powers Act 2016
Post by: kat on June 04, 2017, 08:04:50 PM
The "Draft Investigatory Powers Bill" passed into law Nov 2016 as the "Investigatory Powers Act 2016 (http://www.legislation.gov.uk/ukpga/2016/25/contents/enacted)".