Draft Investigatory Powers Bill will require ISPs to record websites users visit, but drops encryption ban

New powers for security services to bulk-collect personal communications data

The draft Investigatory Powers Bill or so-called snoopers' charter, published this afternoon, will require internet service providers to store records of websites visited over every account and explicitly authorises security services' powers to bulk-collect personal communications data.

The new Bill will also make it illegal to even ask in court whether evidence was obtained via bulk surveillance.

The government is justifying the new Bill by arguing that current powers are needed in the "fight against crime". In its report, released with the Bill, it cites the child abuse case against Lostprophets lead singer Ian Watkins, claiming that communications data was central to the early stages of the investigation into his activities.

"In the early stages of the inquiry neither child had any physical injuries consistent with sexual abuse; there were no witnesses and no substantive evidence to support charges for the serious sexual offences that were suspected. Communications data was used alongside other investigative techniques which identified a clear conspiracy between all three defendants to abuse children sexually," claims the report.

It continues: "In one case, communications data was used to identify the sender of emails containing child abuse images and to establish the physical address of one of the co-defendants, who was subsequently arrested and her 16-month old daughter taken into care."

However, the police investigation into Watkins would have begun sooner if police had responded to suspicions reported to them by an ex-girlfriend four years before he was jailed.

The Bill will also consolidate the powers currently available to law enforcement, security and intelligence agencies to obtain communications, and data about communications. "It will make these powers - and the safeguards that apply to them - clear and understandable," according to the overview of the Bill.

It continues: "The draft Bill will radically overhaul the way these powers are authorised and overseen. It will introduce a ‘double-lock' for interception warrants, so that, following Secretary of State authorisation, these - and other warrants - cannot come into force until they have been approved by a judge. And it will create a powerful new Investigatory Powers Commissioner (IPC) to oversee how these powers are used."

Intriguingly, that Office appears already to have been created in advance of the passing of the Bill with the establishment of the Interception of Communications Commissioner's Office (IOCCO), with the Right Honourable Sir Stanley Burnton appointed the Commissioner. This before Members of Parliament have even had the opportunity to vote on the Bill or decide how the Commissioner should be appointed and by whom.

Finally, the Bill will "make sure powers are fit for the digital age", by making "provision for the retention of internet connection records (ICRs) in order for law enforcement to identify the communications service to which a device has connected. This will restore capabilities that have been lost as a result of changes in the way people communicate".

Those "internet connection records" will, effectively, be metadata such as websites visited, but not the content of those communications.

The overview of the Bill also indicates that warrants for interceptions - the tapping of communications so that the content can be seen or heard - will only be lawful for tackling "serious crime, national security or EWB", with EWB being "the economic well-being of the UK", although no definition of what constitutes that is not provided.

Marc Dautlich, a partner at law firm Pinsent Masons, described the decision to drop the proposed "ban" on encryption as positive, "but we need to decipher what this really means and whether service providers will indirectly be forced down this route."

He continued: "Similarly, the bill refers to a ‘double lock' for interception warrants, which requires authorisation by both Secretary of State and a judge. However we need to unpack what the ‘urgency procedure' that would enable the Secretary of State to authorise without the [authorisation of a] judge means in practice.

"If, by the time the judge arrives, the data has already been obtained and the judge would not have authorised the warrant in question, this solution has a big flaw in it. The circumstances in which the ‘urgency procedure' could be applied and how it will work in detail need to be looked at."