The Investigatory Powers Act 2016, also known as the ‘Snooper’s Charter’ has received Royal Assent in the face of opposition from privacy campaigners and technology companies, including Apple and Twitter and has now passed into UK law. The Act introduces new surveillance powers.
Controversially it will compel communication service providers (CSPs) to keep records of all websites their UK customers visit, which will be retained for a year, and those records will be available to a wide range of government agencies upon the issue of a warrant. Opponents of the IPA argue firstly, that this is a gross invasion of privacy on the part of the Government upon its citizens regardless of whether or not they are suspected of having committed any crime and secondly, that this raises security concerns as customer data could be vulnerable to being stolen and leaked given the number of high profile CSP hacks in recent history.
Surveillance agencies will also be given the power to hack into individual’s phones and computers to obtain their messages in bulk, including journalists’ call and web records upon issue of a warrant although the latter also requires judicial authority. It also forces technology companies, such as Apple, to help hack into their customer’s phones upon the issue of a warrant to assist Government agencies to collect more information than ever before.
The Government has hailed passing of the landmark Bill on the basis that it is in the interests of National Security to introduce these powers and the public will be safer as result. The new powers will be used to fight crime and disrupt terrorism in the digital age.
Thousands signed a petition opposing the Act and whilst the petition is unlikely to have a substantive effect, the matter must now be considered by Parliament. A legal challenge, initially brought by David Davis and Tom Watson, is also underway in the European Court of Justice in relation to the data retention scheme.
Many provisions in the Act will not be enacted for some time however the provision requiring CSP’s to retain data pertaining to websites visited by their customers will come into force on 31st December 2016 when the Data Retention and Investigatory Powers Act 2014 expires.