The Investigatory Powers Bill (otherwise known as the Snoopers’ Charter) is finally here and there’s absolutely nothing we can do about.
Within its pages contain some of the most drastic surveillance measures this country has ever seen including the bulk collection of personal data and the forced hacking of personal devices.
One of the most controversial features is the requirement that all Internet Service Providers like Virgin, Sky, TalkTalk and more must now keep 12 months of our browsing history stored for use by government agencies.
In case you’re wondering which government agencies then here’s the full list courtesy of Uber Manager and blogger Chris Yiu who took the time to examine all of the bill:
- Metropolitan Police Service
- City of London Police
- Police forces maintained under section 2 of the Police Act 1996
- Police Service of Scotland
- Police Service of Northern Ireland
- British Transport Police
- Ministry of Defence Police
- Royal Navy Police
- Royal Military Police
- Royal Air Force Police
- Security Service
- Secret Intelligence Service
- Ministry of Defence
- Department of Health
- Home Office
- Ministry of Justice
- National Crime Agency
- HM Revenue & Customs
- Department for Transport
- Department for Work and Pensions
- NHS trusts and foundation trusts in England that provide ambulance services
- Common Services Agency for the Scottish Health Service
- Competition and Markets Authority
- Criminal Cases Review Commission
- Department for Communities in Northern Ireland
- Department for the Economy in Northern Ireland
- Department of Justice in Northern Ireland
- Financial Conduct Authority
- Fire and rescue authorities under the Fire and Rescue Services Act 2004
- Food Standards Agency
- Food Standards Scotland
- Gambling Commission
- Gangmasters and Labour Abuse Authority
- Health and Safety Executive
- Independent Police Complaints Commissioner
- Information Commissioner
- NHS Business Services Authority
- Northern Ireland Ambulance Service Health and Social Care Trust
- Northern Ireland Fire and Rescue Service Board
- Northern Ireland Health and Social Care Regional Business Services Organisation
- Office of Communications
- Office of the Police Ombudsman for Northern Ireland
- Police Investigations and Review Commissioner
- Scottish Ambulance Service Board
- Scottish Criminal Cases Review Commission
- Serious Fraud Office
- Welsh Ambulance Services National Health Service Trust
So now we know who can access this data, it’s not entirely surprising that some are now wondering if there’s anything we can do to keep our personal data private from the government and how we would go about doing it.
To address some of these concerns we spoke to John Shaw, VP Product Management at Sophos for the cold, hard truth.
The Investigatory Powers Bill is nothing new....
Since the Snowden revelations, it is not news to anyone that GCHQ and other government agencies are spying on UK citizens’ online activities.
The Investigatory Powers Bill has mainly formalised a lot of things that the UK government was already doing, and put more structure and control around them.
Yes it makes some people, especially strong privacy advocates, uncomfortable, but as a whole UK citizens have been far less bothered by these revelations than say the Germans, French or Spanish.
How bad is it though?
The new Bill does extend the powers that the government has, especially with the requirement for all internet service providers (ISPs) to keep a years’ worth of records about our surfing habits – the requirement is in theory for them to keep details of the pages we visit but not the content of those pages – although any technologist will tell you that the distinction between the two is becoming increasingly blurred. Either way they will hold a lot of sensitive data about all us – business and personal.
Will downloading a VPN actually do anything to help protect your privacy from ‘government snooping’?
Yes, using private VPN services can to some degree hide your ultimate destination from the ISP, and thus from the government. Of course it only hides it from that initial 12 month data set that is held on all internet users.
However the Bill allows agencies to gain far more access to your online habits if it has good reason to investigate further. Once the investigator is on your computer, the fact that you have been using a VPN is not going to help you hide.
Do you expect to see a big uptake in people using VPN services?
I doubt it. Any even vaguely tech-savvy criminal or terrorist is already using encryption to conceal the content of any communication from government snoopers – for example using Whatsapp, or The Onion Router (TOR)
And for the rest of us, maybe we might feel a bit of discomfort that some big brother employee can find out where we bank.
We should perhaps be more nervous that a hacker might break into the store of data held by your ISP and sell it on. Especially after the revelations about TalkTalk, one of the ISPs that will need to store the data. The government’s advisers claim that there will be very strict controls on the storing and security of the data. But I for one feel nervous about that, and that is the thing that might cause me to use a VPN.
Is there anything else we can realistically do to feel like our information is secure?
For a typical citizen it is far more important to worry about cybercriminals hacking into your computer or social engineering you into revealing data , than to worry about government snoopers – unless of course you are a criminal yourself.
However it happens that making it hard for cybercriminals to hack you will also make it harder for spies to do so.
Although there have been attempts by the FBI for example to ask for “backdoors” in security software , Sophos and others in the industry have been adamant that this is the wrong thing to do for everyone – a backdoor will let a criminal in as well as letting a government investigator in.