The UK government’s new Investigatory Powers Bill will significantly affect businesses and consumers alike if it becomes law.
That’s why many IT consultants in the South East are evaluating the impact it will have and advising their business customers to plan ahead. It’s been criticised by many and earned the nickname of the ‘Snooper’s Charter’. But is it really that bad?
The government’s official statement about the Bill says it will provide security and intelligence agencies with the investigatory powers they need to keep us safe and fight crime in the digital age.
A key provision in the Bill is the proposed retention of internet connection records (ICRs) for up to one year.
It would be the responsibility of the internet service provider to retain these records. The Home Secretary’s statement on 4 November says that law enforcers’ access to this information would be on a case-by-case basis and limited to three rigidly-defined purposes. The records would show what internet sites have been visited but not the full browsing history.
Is end-to-end encryption threatened?
Before the new Bill was announced, some commentators feared that end-to-end encryption was also under threat. The government has argued that the encrypted cyber space is where terrorists can communicate undetected. While this might help security agencies catch criminals, it would have been a serious security threat for many online services that rely on end-to-end encryption – such as internet banking.
This threat to encryption seems to have subsided. According to the Daily Telegraph “The plans do not include any move to ban or restrict encryption, despite warnings that security services face being locked out of some parts of cyber space because of advanced security measures.”
However, there are many other aspects of the legislation that would directly affect UK businesses. For example, giving the government’s security agencies the power to acquire and use data in bulk. Could this have serious implications in terms of data protection and the trust between customers and businesses over how personal records are stored and used
Planning ahead for Investigatory Powers legislation
If the legislation becomes law, all businesses in Sussex, Hampshire and Kent will have to develop new operational processes to comply with it.
Gary Jowett from Computer & Network Consultants in Brighton says: “Whatever your views about the Bill, it’s clearly unwise to sit on your hands and ignore it. Contingency planning is always prudent for all businesses. So it’s advisable to fully understand how the new legislation may affect your company and set aside resources to ensure your business isn’t caught out in the future.”