The Investigatory Powers Bill, fittingly nicknamed the called the Snoopers Charter has passed through the House of Lords this week and it’s quite scary. The policy which very much relies on the ‘if you have nothing to hide, you have nothing to fear’ sets quite a dangerous precedent (due to the breaking of client confidentiality in legal situations and monitoring of what journalists are writing about).
The whole bill seems quite poorly planned, with the government requiring the ISPs to retain user data for up to a year and potentially costing ISPs up to £1 billion for retention of metadata for all customers, causing price hikes to be passed onto consumers and the £174 million the Home Office set aside to reimburse all ISPs for 10 years of collection will only just cover BT’s own infrastructure initial installation, and not actually maintaining the equipment. It’s going to be very hard to actually do anything with the amount of data actually collected though with all domains visited collected on a per-customer basis, how they are going to actually dig through this to catch criminals is beyond me.
Whether ISPs actually have the competence to store this information is also a concern, with the huge TalkTalk hack of November 2015 and leak of unencrypted personal information could be devastating and the prospect of every website you’ve ever visited being shared online isn’t a great one. As well as the obvious cases where a person faces potential blackmail for this information, it could show who your email provider is, who you bank with and your utility companies are, opening you to further attacks.
The only mention of encryption in the law is in the way it states from RIPA that companies must “remove any encryption” which does pretty much negate the use of encryption in the first place if it can be easily broke. If you’re letting the good guys in through a back door, chances are that the bad guys are coming in the same way.
It seems that the main point of the law is legalising something that has been happening for at least the last decade with GCHQ intercepting fibre optic cables and collecting data from them, as well as expanding their reach to more information and legitimising hacking webcams and microphones to record conversations. It’s going to be a concerning time with the policy being in law, and I’m sure there will be a spike in VPN usage over concern caused.