Some of the world’s biggest tech companies have drawn up a list of grievances with Britain’s proposed new spying law.
The Investigatory Powers Bill, currently making its way through the British Parliament and labelled by its critics a “Snoopers’ Charter,” attempts to unify Britain’s laws on surveillance and spying and make them fit for the twenty-first century.
But it has come under extremely heavy criticism: The Conservative Government has been accused of trying to rush it through Parliament, and three Parliamentary committees have savaged drafts of the bill.
Alongside civil liberties groups, some tech companies have expressed concerns about the bill — particularly its lack of clarity around the legality of uncrackable encryption, and “equipment interference” (AKA state-sanctioned hacking).
In written evidence submitted Thursday, Apple, Facebook, Google, Microsoft, Twitter, and Yahoo have together highlighted what they regard as problems that have previously been highlighted with the bill, and not yet adequately addressed.
- Encryption. “Clarity on encryption is still required,” the evidence says. “Our companies believe that encryption is a fundamental security tool, important to the security of the digital economy as well as crucial to ensuring the safety of web users worldwide. The Bill provides for the power to issue technical capability notices requiring, among other things, the removal of electronic protection where reasonably practicable. The Bill should be amended so that there is an explicit threshold: where a service is encrypted end-to-end, the Bill should recognise it will not be reasonably practicable to provide decrypted content, rather than leave this to be established on a case-by-case basis.”
- Oversight. The companies call for stronger oversight of the powers the bill will grant law enforcement, “to build public trust and set an example worthy of global emulation.”
- Protecting networks. The companies want to make sure that law enforcement activities do not harm their infrastructure, and that they will be kept in the loop when vulnerabilities in their software are discovered. The evidence reads: “There are no statutory provisions relating to the importance of network integrity and cyber security, nor a requirement for agencies to inform companies of vulnerabilities they identify and may be exploited by other actors. We urge the Government to make clear that actions taken under authorization do not introduce new risks or vulnerabilities for users or businesses, and that the goal of eliminating vulnerabilities is one shared by the UK Government.”