British spies will be allowed to legally hack into smartphones and computers under the Tory government’s new surveillance law.
Telecoms firms will be forced to help MI5, MI6 and GCHQ to use James Bond-style “equipment interference" – to remote access phones and use them as listening devices - as part of the draft Investigatory Powers Bill.
Setting out the most sweeping data gathering powers of any Western country, Theresa May also confirmed for the first time that MI5 had been using an old piece of legislation to justify the bulk collection of communications data from suspects.
A little-known section of the 1984 Telecommunications Act has been used by successive governments since 2001 to allow the intelligence agency to scoop up mass data sweeps of phone call and email records, including of innocent people.
In the past, telecoms firms have voluntarily allowed spies to remote access users' phones or computers, but under the new law they will be legally required to do so.
The new bill will require internet firms to hold for a year a list of the main browser history of every UK web user.
No warrant will be needed, although only main domains will be listed rather than individual web pages within a site.
In a concession to lobby groups, Mrs May unveiled a framework of safeguards which will allow a panel of judges to act as a legal backstop to intercept or bugging warrants approved by the Home Secretary.
The so-called ‘Wilson Doctrine’ – that suggested no MPs phones could be bugged - was also given a proper legal footing for the first time, with the Prime Minister’s permission now needed as well as a legal warrant for any surveillance of MPs, peers, MEPS and other politicians.
Labour’s Andy Burnham stunned some civil liberties groups by swiftly welcoming the new bill, declaring that it was “neither a snooper's charter nor a plan for mass surveillance”.
But leading data transparency campaigners from Ed Snowden to Glenn Greenwald and Liberty’s Shami Chakrabarti lined up to warn that the Government’s new powers represented an unprecedented breach of the privacy of individuals.
The UK’s leading terror watchdog, David Anderson QC, welcomed the way the bill was finally ‘putting Parliament in charge’ of practices that were for years hidden from view, though he added that ‘not everyone will be happy about these powers’.
In her Commons statement, Mrs May revealed for the first time that successive governments since 2001 have authorised secret directions to telecoms firms to allow intelligence agencies to collect communications data in bulk under the Telecommunications Act 1984.
Few people knew of the programme run by MI5, even within the agency.
MI5, GCHQ and other agencies have also been allowed to identify "subjects of interest" in the UK and overseas and hack into their phones and computers to collect huge swaths of data.
Mr Anderson, the independent reviewer of terror legislation, said that her words were ‘a significant and necessary’ move to put in the public domain the activities of the intelligence agencies, putting them on a clearer statutory footing.
He said that the use of the 1984 Telecoms Act "wasn't illegal in the sense that it was outside the law, it was just that the law was so broad and the information was so slight that nobody knew it was happening".
“Whatever the content of the eventual UK law, it will no longer be possible to describe it as opaque, incomprehensible or misleading,” he said.
The watchdog added that he was pleased that for the first time in 300 years, no intercept or tapping warrant would be allowed without ‘judicial approval’.
Yet he also questioned ‘whether these safeguards go far enough’ and said judges would need to be ‘well supported’ to avoid becoming ‘rubber stamps’ for ministers’ decisions on who to bug or not.
Mrs May said that the new safeguards that gave judges a role in approving ministerial warrants for bugging amounted to a ‘double lock’ to reassure the public.
She said that the new requirement on firms to hold 12 months of browsing history was the internet equivalent of an itemised phone bill.
But criticism on twitter was swift.
Mrs May's phone bill example prompted Home Affairs Committee chairman Keith Vaz to say "there is a lot of information in an itemised bill. If I was to look at her itemised telephone bill and she was to look at mine, she might be surprised at who were were phoning."
Mrs May laughed off the point, joking that one of her colleagues had said 'speak for yourself!', which she said was the "right response".
The Home Secretary said that the ‘mythology’ of the Wilson doctrine had grown up which had wrongly suggested MPs’ communications could not be put under surveillance.
But former Shadow Home Secretary David Davis seized on a detailed line in the new bill which made clear that the new “judicial commissioners” will have to make decisions based on judicial review principles, not on the basis of the evidence.
“In other words the home secretary would have to behave in an extraordinary manner not to get his or her warrant approved. This is not the judge checking the evidence, it is the judge checking that the correct procedure has been followed.”
He also questioned whether the Wilson Doctrine would interfere with MPs’ ability to help whistleblowers in future, who feared their contacts would be monitored.
Ms Chakrabarti, the director of Liberty, was scathing about the whole bill.
“After all the talk of climbdowns and safeguards, this long-awaited Bill constitutes a breath-taking attack on the internet security of every man, woman and child in our country.
“We must now look to Parliament to step in where Ministers have failed and strike a better balance between privacy and surveillance.”
She said the safeguard system set out by Mrs May was “a very, very limited role for judges in a rubber-stamping exercise”
“They have spun it as a double lock, but the second person, the judge, does not actually have a key.”