LONDON – The British government plans to make telecommunications firms keep records of customers’ Web histories and help spies hack into computers and phones under a new cyber-snooping law unveiled Wednesday.
The draft Investigatory Powers Bill is intended to replace a patchwork of laws, some dating from the Web’s infancy, and set the limits of surveillance in the digital age.
Home Secretary Theresa May said the new rules would give security services a “license to operate” in the Internet era, but privacy groups called them a license to snoop.
If approved by Parliament, the bill will let police and spies access Internet connection records — a list of websites, apps and messaging services someone has visited, though not the individual pages they looked at or the messages they sent.
Communications companies will be required to hold onto the records for up to a year, and police can seek warrants to look at them as part of criminal or terrorism investigations.
May said the data was “simply the modern equivalent of an itemized phone bill.”
“It cannot be right that today the police could find an abducted child if the suspects were using mobile phones to co-ordinate their crime, but if they were using social media or communications apps then they would be out of reach,” she said.
Civil liberties groups said the proposed law marked a big expansion of snooping powers.
“Your phone bill 10 or 20 years ago would have had a handful of calls,” said Jim Killock, executive director of the Open Rights Group. “Now it’s your reading record, it’s your library card, it’s your shopping, it’s your social life, it’s your health.
“It’s such a huge shift we’ve had in communications —comparing it with phone records completely underestimates what’s in there.”
Killock also expressed concern about the bill’s suggestion that records of web activity could be stored in searchable databases — a move some fear is both intrusive and vulnerable to hacking.
Privacy groups said they wanted more details about the bill’s requirement that communications service providers must “provide wider assistance to law enforcement and the security and intelligence agencies in the interests of national security.”
The bill gives explicit legal blessing to intelligence agencies’ long-secret powers to intercept communications on a vast scale — details of which were made public by U.S. National Security Agency leaker Edward Snowden.
It allows for “equipment interference” — scooping data straight from computers and smartphones — as a crime-fighting tool, and says service providers will be legally obliged to assist authorities in getting access to customers’ devices.
It also allows spy agencies to engage in bulk collection of communications data, both in Britain and overseas, “in the interests of national security.”
Both the home secretary and a judge will have to approve warrants for that kind of serious intrusion — one of several new measures May said would provide “some of the strongest protections and safeguards anywhere in the democratic world.”
May also said there would be additional protections against intrusion for people in sensitive professions, including doctors and journalists. And spying on lawmakers would require the approval of the prime minister.
The bill will be reviewed by a committee of legislators before it’s submitted to Parliament for approval. A previous version of the legislation was thrown out by lawmakers in 2013 as overly intrusive.
This bill also is likely to face opposition, though the opposition Labour Party was broadly supportive Wednesday. Labour law-and-order spokesman Andy Burnham said the bill was “neither a snoopers’ charter nor a plan for mass surveillance.”
But Shami Chakrabarti of rights group Liberty said the legislation was “a breathtaking attack on the Internet security of every man, woman and child in our country.”