The draft version of the U.K. government’s new Investigatory Powers Bill was published today, which, if passed into law, will establish a new set of surveillance powers and allow security and intelligence agencies to have greater insight to the websites visited by Internet users.
As TechCrunch reported today, with the Investigatory Powers Bill in place, the U.K. government will have the authority to require U.K. ISPs to keep a running log of all digital activities and the information gathered from them. This could include everything from media consumption habits and banking activity, to health concerns and political affiliations.
Home Secretary Theresa May introduced the bill to Parliament today, and said the amended bill is expected to go through a Parliamentary and committee review process before being finalized and added onto the statute books before the end of next year.
According to May, the aim of the bill is to draft a new law “consolidating and updating our investigatory powers, strengthening the safeguards and establishing a world-leading oversight regime,” TechCrunch reported.
While speaking in parliament, Prime Minister David Cameron explained how necessary the new powers are in helping police and security agencies continue to fight crime in today’s modern digital era.
“But we are not banning encryption,” May clarified. “We recognize that encryption plays an important part for people in keeping their details secure.”
“The draft bill we are publishing today is not a return to the draft Communications Data bill of 2012. It will not include powers to force U.K. companies to capture and retain third-party Internet traffic from companies based overseas; it will not compel overseas communications service providers to meet our domestic retention obligations for communications data,” she said.
The U.K. government has made it clear its intention with the Investigatory Powers Bill is to plug what it considered to be “capability gaps” in the intelligence gathering abilities of its law enforcement and security agencies, but many critics see the push for mass surveillance as a threat to the privacy protections of individuals.
Stateside, a similar tug-of-war over the data retention capabilities and the extent of digital privacy has taking place over the U.S. government’s much-debated and long-delayed Cybersecurity Information Sharing Act (CISA).
The controversial cybersecurity bill intends to make it easier for corporations and the federal government to defend against data theft through the sharing of information, which has drawn a strong objection from those with concerns about the bill’s lack of adequate privacy protections.
If enshrined into law, the bill will offer expanded legal liability protections to companies sharing data in the hopes that American businesses will be less hesitant in the future to share information about security breaches with each other and government agencies as soon as possible.
CISA was passed last week by the U.S. Senate, leaving many of opponents of the bill, including some tech giants who publicized concerns over the bill in its current version, weary about the potential loss of civil liberties that could come with CISA.
“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” Bijan Madhani wrote in blog post for Computer & Communications Industry Association (CCIA), an industry organization representing major telecom and eCommerce companies.
“In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties,” Madhani added.
For more on the digital identity ecosystem, click here to take a look at our Identity Tracker, which helps identify the issues and trends that arise around the digital identity ecosystem.