On Tuesday a letter signed by myself and 38 other leading academics and researchers was sent to all 650 UK MPs. In this post I want to explain why we did it and what we hope to achieve.
The letter, which may be read in full below, calls "on all members of the House of Commons, new and returning, and of all political persuasions to support us by ensuring Parliamentary scrutiny is applied to all developments in UK surveillance laws and powers as proposed by the current Government."
You may wonder why this is necessary, surely it is automatically the job of MPs to scrutinise Government proposals and to uphold the Rule of Law? This is true, but it is our belief that during the last Parliament amendments were made to the law which allowed the police and the intelligence services, far greater and more invasive powers than had previously been allowed and that often these extensions of the law were not subject to proper Parliamentary scrutiny. It is easiest to explain why we think this by reason of an example:
In February 2015, the Home Office published the draft Equipment Interference Code of Practice. The draft Code was the first time the intelligence services openly sought specific authorisation to hack computers both within and outside the UK. Hacking is a much more intrusive form of surveillance than any previously authorised by Parliament. It also threatens the security of all internet services as the tools intelligence services use to hack can create or maintain security vulnerabilities that may be used by criminals to commit criminal acts and other governments to invade our privacy. The Government, though, sought to authorise its hacking, not through primary legislation and full Parliamentary consideration, but via a Code of Practice.
It has been argued by some experts, and by the Government, that what they actually did via the Code was merely clarify pre-existing powers found under ss.5 & 7 of the Intelligence Services Act 1994. The Code is on this reading merely an elaboration of the detail underpinning such authorisations, which became necessary as a consequence of the Investigatory Powers Tribunal decision in December 2014 concerning the level of detail required for such activities to be 'in accordance with law'. I'm afraid I cannot agree that this is all the Code of Practice did. I think s.5 is inherently and maybe deliberately vague and was used to authorise the hacking of computers when it was either clearly not originally designed for this, or if it was, it was designed to be so vague as to be misleading. The language of the Computer Misuse Act 1990 was available to the drafters of the Intelligence Services Act, if this was their intent to explicitly cover hacking in s.5 the word "access" could and should have been used. The fact that the government brought in both the Code of Practice and s.44 of the Serious Crime Act 2015 (discussed below) show they too acknowledged this.
Another example of a lack of proper Parliamentary scrutiny, in my view, is s.44 of the Serious Crime Act 2015. This amends s.10 of the Computer Misuse Act 1990 to allow law enforcement officers (including the intelligence services), to hack into computer systems (or to impair their operation) under any piece of Primary or subordinate legislation (such as s.5 of the intelligence services Act 1994 when coupled with the Code of Practice). This is, in my view, a massive extension of the original purpose and meaning of s.10 which was essentially to allow police forensic investigators to gain access to a seized computer without the permission of the owner. You may think well this is okay as this was passed as Primary Legislation, an Act of Parliament. True but read the explanatory notes, which also were attached to the Bill when it was considered by Parliamentarians: "The amendment to section 10 of the 1990 Act made by this section is a clarifying amendment." As you have seen in my view it is much much more than merely a clarification of the law, it is an extension of it. This has also impacted on the ongoing cases Privacy International v Secretary of State for Foreign and Commonwealth Affairs and GreenNet et al. v Secretary of State for Foreign and Commonwealth Affairs.
To be clear we do not want the Government to be unable to secure the safety of the UK and its citizens. We are, as the letter records, "people from both sides of this issue - those who believe that increased powers are a reasonable response to an emerging threat, and those who think them an unjustified extension of state interference." We do not want the Government to be unable to carry out reasonable surveillance to protect the state and all those resident in the UK. We have written this letter to ensure proper Parliamentary scrutiny of any such provision and to ensure the Rule of Law is followed.
First Published on The IT Lawyer on Tuesday 26 May.