GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
The U.K. House of Commons on Tuesday passed a controversial bill giving spy agencies the power to engage in bulk surveillance and computer hacking, but ceded some ground to protests from the technology industry and civil liberty groups.
The bill, which was introduced by the Conservative Party-led government in March after modifications to address concerns from tech companies and privacy advocates, passed by a vote of 444 to 69. Most of the opposition Labour Party voted with the conservative majority to advance the bill to the House of Lords, while the opposition Scottish National Party, citing concerns about privacy and civil rights, voted against it.
Many of the surveillance techniques — such as scooping up the metadata of communications and using malware to gain access to the computers and mobile phones of terrorism suspects — have already been in use by U.K. spy agencies and the law now gives them explicit authority.
The legislation was sharply criticized by global technology companies when it was first proposed last year. Apple Inc. Chief Executive Officer Tim Cook warned of “dire consequences” if the bill passed with language weakening encryption. And Facebook Inc., Alphabet Inc.’s Google, Microsoft Corp. Twitter Inc. and Yahoo! Inc. said the law would undermine customers’ faith in their products and brands. Meanwhile, Vodafone Group Plc, the U.K. mobile company, said it was worried about the cost of modifying its systems to comply with the new law and that allowing the government to hack into its network might compromise its stability and integrity.
The version of the bill passed Tuesday makes clear that companies aren’t required to build backdoors to their encryption and will only be required to remove such code in response to a government request if doing so is technically feasible and not unduly expensive.
When Apple was battling with the U.S. Federal Bureau of Investigation over breaking the encryption on the iPhone of the attacker in a mass shooting in San Bernardino, California, the company said it would require a dedicated team of engineers working for at least a month to figure out how to crack it or modify the lock screen to allow unlimited attempts to open the device. If this U.K. bill becomes law, it would be up to a British judge to decide if that kind of effort met the “technical feasibility and reasonable cost” test.
The bill also makes clear that the government will likely reimburse communications companies, including mobile operators, for the cost of complying with the new legal obligations, such as the requirement to retain records of all the websites its customers visit for at least a year.
Civil rights and privacy advocates have also opposed the bill and the revisions the government made in the final version hasn’t mollified them. “Minor botox has not fixed this bill,” Shami Chakrabarti, the director of the civil rights group Liberty, said when the final version was introduced in March.
The House of Lords will now consider the proposed law, known as the Investigatory Powers Bill. The legislation, which some critics have branded a snooper’s charter, will also be analyzed by a panel of legal experts chaired by David Anderson QC, the U.K.’s independent reviewer of terrorism legislation. Anderson will issue a report on the bill — including an opinion on whether the bulk surveillance powers the government is asking for are justified — in time for the Lords final vote on the bill sometime in the fall. If it passes, the law will go into effect in January 2017.