Updated legislation will remove the current requirement for NCA and intelligence services to provide details of a named individual or a specific time of connection in order to access records
Proposed changes to surveillance laws are set to widen authorities’ access to the internet records of citizens.
Internet connection records (ICRs) do not comprise a full browsing history, but contains information of all websites visited or apps accessed by a user, as well as details of the device used and the time of the visit – although without the detail of what individual webpages were visited. Customer account information from the telecoms provider in question is also embedded in the records, as is the user’s IP address.
Authorisation to obtain this information is generally only granted on a narrow basis, and requires the authority seeking access to provide one or both of: a specific online service or site and the precise time of connection; or the identity of a specific person or organisation known to be using online services to commit crime or otherwise imperil national security.
Proposed amendments to the Investigatory Powers Act – often referred by its critics as the Snoopers’ Charter – would remove the need for the National Crime Agency and the UK’s security services to provide such specifics.
Rather, access to internet connection data could be granted to the NCA, MI5, MI6, or GCHQ in order for officers to “identify which persons or apparatuses are using one or more specified internet services in a specified period”, according to the updated text of the legislation.
It is not clear whether there are any limits on how long such a “specified period” could last.
In a policy paper explaining the proposed legal changes, the Home Office said that the current need for ICR data to be limited to “’known’ elements of [and] investigation… limits the ability of operational partners to use ICRs to detect previously ‘unknown’ criminals online”.
- Government report claims authorities’ bulk data collections are stymied by ‘disproportionate safeguards’
- High court gives government six months to amend data-retention law
- Proposed law tweak advises police that cloud firms should not be served warrants for customer data
“The proposed measure aims to allow greater detection of high-impact offenders by removing the requirement to unequivocally know a specific time or times of access, and service in use, and instead allows these factors to be ‘specified’ within the application,” the paper added. “Examples of this may be where investigators receive intelligence, perhaps from forensic examination of a seized device, about a previously unknown terrorist website, or one providing access to indecent images of children. In such circumstances investigators would wish to detect other potential subjects accessing those internet resources but would lack unequivocal knowledge that the sites were being accessed by others, or exactly when. This additional access condition would allow investigators to progress this investigation using ICRs where currently they could not.”
The proposed expansion of access to ICR data would apply only to the NCA and the security services – and not to territorial police forces or any other public authorities.
PublicTechnology exclusively revealed last year that government was planning to create a national digital service through which authorities can search for and obtain citizens’ ICR information from communications firms. The plans were not publicly announced in any context other than a procurement notice seeking a tech firm to support the development of the service.
Following publication of the notice, PublicTechnology contacted the Home Office, the National Crime Agency, and the Investigatory Powers Commissioner’s Office, as well as each of the UK’s 16 leading broadband providers and mobile network operators, and the primary trade body serving ISPs. Not one representative of these organisations commented for our story. The £2m deal to developing to the digital search service was ultimately awarded to defence contractor BAE Systems.
After the new plans to tweak the Investigatory Powers Act were revealed, Silkie Carlo, director of privacy campaign group Big Brother Watch, said the changes would “add yet more spying powers” to the law and grant government “powers [that] would be more extreme than even the world’s most despotic regimes”.
“This would be yet another Bill that would exert extraordinary control to treat private companies as extensions of the state in order to conduct mass surveillance of millions of law-abiding citizens,” she added. “It would be a major blow to the population’s security.”