Charlotte Bowyer, a digital policy researcher at the Adam Smith Institute. ‘Donut’, says Yes
Let’s be clear: the draft Investigatory Powers Bill remains a “Snooper’s Charter”, and its proposals present a serious threat to the privacy and security of UK citizens. The bill requires internet companies to keep records of all the apps and websites a user accesses, across all devices, for an entire year.
These records create rich profiles of individuals, including where they bank, their hobbies, health issues and sexual preferences – and will be accessible to police and security services without a warrant.
Theresa May claims this is the modern equivalent of an itemised phone bill, but the practice is deemed so invasive that it’s outlawed in the US and EU. “Nothing to hide, nothing to fear” just doesn’t hold here.
The retention of such data risks every UK citizen’s digital identity being targeted, stolen and abused by foreign governments, fraudsters, and other criminals. With companies like TalkTalk already struggling to keep users’ data secure, this bill leaves citizens’ data vulnerable both to an overreaching state and the rest of the world.
Alex Krasodomski-Jones, a digital researcher at Demos, says No
The law must be brought up to date to reflect the profound impact the digital revolution has had on the security landscape. For years, our internet browsing history has been harvested by dozens of private companies, which collate and sell it on under no oversight.
We seem comfortable turning a blind eye to the actions of strictly profit-making organisations, and yet are quick to balk at government efforts to build a secure legal framework for how our security services practice surveillance.
There is no doubt that the language around the Bill has been carefully sanitised. “Only metadata”, for instance, loosely translates to “only more-or-less-everything”. It is particularly disappointing to see bulk collection powers extended.
This, and the vagaries around the bill, are likely to push more UK citizens into taking steps to protect their data. But we cannot expect our security services to keep us safe while damning their attempts to keep up with the pace of change.