Spy Agencies Will Be Given Power To Access Your Internet History
Theresa May has confirmed the browsing history of UK internet users will now be available without a warrant, although most interception will require the approval of a judge.
British spy agencies will be given the power to access the internet history of all UK web users without a warrant under plans unveiled by the government on Wednesday.
Home secretary Theresa May told the House of Commons that her new draft investigatory regulatory powers bill will require internet providers to retain a list of websites visited by all customers over the preceding 12 months, in order to aid the police and other law enforcement agencies.
The details available without a warrant will include a list of domains visited by web users – "buzzfeed.com", for example – but not the address of the specific page visited.
"If someone has visited a social media website, an internet connection record will only show that they accessed that site, not the particular pages they looked at, who they communicated with, or what they said," May told MPs. "It is simply the modern equivalent of an itemised phone bill.
"They would only be able to make a request for the purpose of determining whether someone had accessed a communications website, an illegal website, or to resolve an IP address where it is necessary and proportionate to do so in the course of a specific investigation."
May's proposals follow Edward Snowden's revelations of large-scale monitoring of communications data by security agencies. The proposed legislation will grant the security agencies the formal legal power to undertake mass collection of data for the first time.
The home secretary also confirmed that rules covering "the acquisition of bulk communications data, both relating to the UK and overseas" will now be set out law in order to give "explicit provision for all of the powers available to the security and intelligence agencies to acquire data in bulk". The bill can also compel UK telecommunications companies to assist the government on interception and hacking of customers for the purposes of obtaining data.
However, May, who repeatedly insisted that the new measures did not amount to mass surveillance, also pledged to introduce additional checks on the authorisation of targeted intercept powers, requiring both the secretary of state and a judge to approve any warrant.
"This will place a 'double lock' on the authorisation of our most intrusive investigatory powers," said May. "Democratic accountability, through the secretary of state, to ensure our intelligence agencies operate in the interests of the citizens of this country, and the public reassurance of independent, judicial authorisation."
Despite this, ministers will still be able to push ahead and authorise intercepts without judicial approval if they believe a request is "urgent". In these cases, the judicial approval must come as soon as possible afterwards.
There will be separate protections for intercepts of communication between journalists and their sources, although May confirmed that these safeguards could also be circumvented if the home secretary believes lives are under threat. The draft legislation would also ensure that the prime minister is consulted before the security agencies intercept the communications of any MP.
The legislation is May's second attempt to introduce new powers for security agencies. The first attempt ended in failure when 2012's draft communications bill, dubbed the "snoopers' charter" by opponents, was blocked by the Liberal Democrats during the coalition government.
Labour shadow home secretary Andy Burnham welcomed the new bill: "The government has been listening carefully. This is neither a snoopers' charter or a plan for mass surveillance."
However, Shami Chakrabarti of civil rights group Liberty said it was "a breathtaking attack on the internet security of everyone in this country".
Anne Jellema, chief executive of the Web Foundation, an organisation founded by web inventor Sir Tim Berners-Lee, said the bill would "hurt UK businesses, create new vulnerabilities for criminals to attack, and ride roughshod over the right to privacy".
"By retaining the top-level internet address of every website visited by every UK resident - accessible without a warrant - it will be possible to paint an incredibly detailed picture of a person’s hopes, fears and activities, and will create a data pool rife for theft, misuse or political persecution."